Why Do Builders Install Fire Safety Systems?

You know why they install them, don't you?

• For safety
• To attract the right buyers
• Because they don't want to see their work destroyed in fire

No, none of these reasons is why.

OK, so why am I writing about this as a cybersecurity, privacy, and linux writer? Well, obviously to draw some similarities and make a point. Smoke/fire alarms and cyersecurity have very little to do with each other directly - except in the case of networked alarm/reaction systems and fire suppression systems specifically in data centers. So yes, there will be an analogy here, but before we can get to it we have to look at the story of fire safety code, especially that for residential buildings.

You Knew Mrs. O'Leary's Cow Was Involved, Right?

The Great Chicago Fire is often seen as a key motivator for residential fire safety standards. Given that yes, the fire did start in the O'Leary's barn, it could be that a cow kicking over a lantern was the root cause, but then again the official report was unable to determine the exact cause - apparently the CSI teams back then weren't as sophisticated as most of CBS's prime-time programing for the past 20 years. The family's decedents state that it was actually a person looking for beer for a party that knocked over a lamp and started the whole thing, in case you were wondering.

In October of 1871 that three day fire left more than 100,000 people homeless, yet somehow only managed to kill 300 - and destroyed 17,000 structures. Think about that in terms of modern day fires: outside of wildfires, when is the last time you've heard/read about a residential fire that destroyed more than 2 or 3 buildings at once even in a densely packed urban area? Many changes over the years have been critical to preventing such a massive fire ever again, not the least of which are residential fire and smoke detection and alarm systems.

The TLDR History of Smoke Detectors

Smoke detectors, as we know them, are based on the work of a Swiss physicist in the 1930s. By the 1960s, both ionization and photoelectric versions were commercially available, But it wasn't until 1969 that battery powered smoke detectors were available. These were the first ones available to be easily installed in homes that weren't pre-wired for them to run off of household power.

In 1976 it became mandatory in most of the US to have at least one smoke detector installed in every home, new construction or not. So the modern residential smoke detector as we know it has been mandated for only 50 years. Yes, this ubiquitous technology really is that young.

So for 50 years we've had a mandate throughout (at least most of) the US that we must have smoke detectors in residential buildings. Those requirements have been further refined to require detectors to "communicate" with each other, so that if a detector goes off in the basement the one on the 2nd floor will also alarm. We've further required hard-wired systems in multi-family dwellings and hotels, running off of AC power, with even more specific alarm and alerting capabilities. We've even integrated carbon monoxide detection into many of them, and those are now required by code as well.

But Fire Code Isn't Generally Written By Governments

The building code (inside of which is most fire code content) is written by standards development organizations and adopted by governments. Insurance companies have a hand in these as well, influencing if not directly impacting code development as well.

So not to disparage insurance companies, but they're not really motivated by safety, they're motivated by profitability. So their influence on fire safety code is really focused on making sure their liability is as limited as possible in the event of a fire. That means they want you to have a building that won't burn readily - by requiring fire resistant building materials. They want you to have as much warning as possible to ensure you can escape should a fire start in your home. And they want you to have quick response from the fire department - even to the point of adjusting your insurance premiums based on the fire department in the area and even the location of the nearest hydrant. (Don't believe me? Ask them yourself)

Your Builder Isn't Interested In Safety Either

Sorry to burst your bubble, but your builder is also profit motivated. They want to erect your home as inexpensively as possible, sell it to you for as much as possible, and move on to the next transaction. We call it capitalism folks, and this is the system we've inherited and continued to build.

So I put it to you that your builder will choose the least expensive solutions when they choose building materials, fixtures, and even labor that they can get away with. That means that if it wasn't for building code - which is influenced by insurance companies who are focused on profitability - builders wouldn't bother with using expensive materials and fixtures. Let's face it, have you ever compared two otherwise similar homes and said "we'll go with the one that is less likely to burn down?" So if the builder can't charge a premium for the fire system they have no reason to spend more on it than they have to. After all, we have whole "grades" of construction materials that start with "contractor grade," which usually means the least expensive stuff that just meets code, all the way up to "custom grade," which implies an expensive material to be selected by those who choose to pay for them.

All of that is OK, so long as we all understand it and are willing to work within those constraints, and with that knowledge. Maybe not ideal, but workable.

That's All Well and Good, But You Write About Cybersecurity!

Thanks for calling attention to that, voice in my head that I use for writing those headings! Yes, I do write about cybersecurity, so we should perhaps get to my point for taking us all on this little tour of residential fire safety stuff.

My point is this, tech companies, cyber insurers, credit card companies, banks, and everyone else who interacts with your data or your person are not in the business of keeping you secure, they're in the business of making profits. There ARE a subset of companies who make their profits off of (the attempt at) keeping you secure either physically or digitally, but even these have a spotty record at that - use your favorite search engine and plug in the phrase "directory traversal" and enter in your favorite firewall, VPN, or other security appliance vendor and you're likely to see stories about their products being vulnerable to this most basic of security foul-ups.

I would suggest that it is long past time for us to introduce cybersecurity standards bodies to perform functions similar to those who write building and fire codes. Cyber insurers are starting to make some small inroads here, but we're still at what I'd call late 1800's fire code but with 1970's technology - we have the technology and knowledge to do so much more, but we're still waiting for that really REALLY big fire before we get serious about it.

What's an even bigger shame about that state of being is that I really don't know what bigger "fires" could happen in cybersecurity: every major cellular provider has been breached and their customer data copied, nearly every hotel and casino on the Las Vegas strip has had the same thing happen, and we've even had the social security administration's data handed off to some billionaire to do with as he pleases as if that's somehow acceptable. The problem seems to be that we can all readily understand the destruction caused in something like a fire - there is real estate, physical property, and immediate, quantifiable harms associated with the loss of a residence, and the costs associated with temporary housing and rebuilding. The cost of a data breach is far more nebulous, and harder for any of us to truly comprehend. It is difficult to put a price on the loss of some bits and bytes that we can generally agree upon, and that's rendered the insurance industry's focus and influence in this space less impactful.

So my cracked crystal ball suggests that unless the cybersecurity industry comes up with a "building code" solution to our less than optimal cybersecurity reality we won't see meaningful improvement, full stop.

Are we ready to dig in and and do this?