|
|
|
|
|
|
by orblivion
3526 days ago
|
|
|
You can call that "getting the government involved" but it's allowing suing for damages due to negligence, which is a fairly basic form of involvement, the sort of thing at the base of the market to begin with. That is to say, it's a bit strange to call this a market failure, because the market will (imo) take care of it once you can assign liability. |
|
|
The people who bought the IoT devices probably don't even know that their device has been hijacked in a lot of cases and therefore have no incentive to sue the manufacturers.
The people being hit by the DDoS have a tricky attribution problem to prove which manufacturers are to blame and then the manufacturers could, in many cases, shift the blame to users who didn't read instructions/change default passwords/apply available security patches.
Also you have the problem of complex supply chain. A lot of the people selling these devices are just white-labelling someone else's product, so who's to blame there, the vendor or the ODM?
Lastly you have shrink-wrap style licenses that disclaim liability for flaws the the software market has been relying on for many many years to avoid any liability when their products misbehave...
Personally I don't see the market sorting this, its a classic case of negative externality where government regulation is the most appropriate way to rectify the problem