IETF Logo Mail Archive

Re: [perpass] US intelligence chief says we might use the IoT to spy on you

"Olle E. Johansson" <oej@edvina.net> Fri, 12 February 2016 16:24 UTC

Return-Path: <oej@edvina.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F4031A6F2B for <perpass@ietfa.amsl.com>; Fri, 12 Feb 2016 08:24:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.55
X-Spam-Level:
X-Spam-Status: No, score=-1.55 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LmoTg2gVsXLN for <perpass@ietfa.amsl.com>; Fri, 12 Feb 2016 08:24:29 -0800 (PST)
Received: from smtp7.webway.se (smtp7.webway.se [212.3.14.205]) by ietfa.amsl.com (Postfix) with ESMTP id 2836D1A219F for <perpass@ietf.org>; Fri, 12 Feb 2016 08:24:28 -0800 (PST)
Received: from [192.168.40.16] (h87-96-134-129.dynamic.se.alltele.net [87.96.134.129]) by smtp7.webway.se (Postfix) with ESMTPA id 7E80D93DE5C; Fri, 12 Feb 2016 16:23:32 +0000 (UTC)
Content-Type: multipart/signed; boundary="Apple-Mail=_281D60DB-D8AE-48E6-A7A4-15C4F4F373DB"; protocol="application/pkcs7-signature"; micalg="sha1"
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
From: "Olle E. Johansson" <oej@edvina.net>
In-Reply-To: <760A207E-F060-4347-92C0-EA5E8AA11EF9@isoc.org>
Date: Fri, 12 Feb 2016 17:24:21 +0100
Message-Id: <EE755B4B-D18D-4AAE-ACB5-481149059B67@edvina.net>
References: <D2E1E4F0.3C6A1%harper@isoc.org> <946B2223-C0BD-4AFE-AE76-99478609104F@vigilsec.com> <56BCA55E.2020205@cs.tcd.ie> <0cbc01d164fb$88b09da0$9a11d8e0$@huitema.net> <56BCD7B9.9070902@dcrocker.net> <CAPt1N1nTZwzTQxFk7FjASo0qL_U_aSh=N2wX2rkrh=xbz5pRCg@mail.gmail.com> <56BDED05.4030102@dcrocker.net> <760A207E-F060-4347-92C0-EA5E8AA11EF9@isoc.org>
To: Dan York <york@isoc.org>
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/perpass/ABbcMB7ZF05gLr3E-fVsDq_k9KQ>
Cc: perpass <perpass@ietf.org>, Olle E Johansson <oej@edvina.net>, "dcrocker@bbiw.net" <dcrocker@bbiw.net>
Subject: Re: [perpass] US intelligence chief says we might use the IoT to spy on you
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Feb 2016 16:24:34 -0000

> On 12 Feb 2016, at 17:14, Dan York <york@isoc.org> wrote:
> 
> Dave,
> 
>> On Feb 12, 2016, at 9:32 AM, Dave Crocker <dhc@dcrocker.net <mailto:dhc@dcrocker.net>> wrote:
>> 
>> On 2/11/2016 10:57 AM, Ted Lemon wrote:
>>> To be fair, there is really no way at present for IoT vendors to
>>> deliver service without running the data collection end, unless they
>>> sell you a workstation to do it at home.   If there were a place at
>>> home where data collection apps could run...
>> 
>> I do not know of any reason the model for IoT needs to be different from email.  That is, yes, servers are needed.  They might reside with end-users, but they do not have to.
> 
> On this point, I think RFC 7452 ( https://tools.ietf.org/html/rfc7452 <https://tools.ietf.org/html/rfc7452> ) did a nice job with spelling out the different "communication patterns" seen in IoT deployments.
> 
> To Ted's point, what I think we're seeing is a very large number of vendors pursuing the "Device-to-Cloud" model (section 2.2) of sending all the data back to some central application service provider, versus the "Device-to-Gateway" model (2.3) where there is a local hub in the home.
> 
> You're right, Dave, that this is quite similar to email... people *could* operate their own home email servers, or they could just use some big cloud-based vendor (<insert favorite name here>).
There is a technichal issue that also drives vendors to the cloud. As long as we have NAT, we won’t be able to reach the stuff in the home with apps on a mobile device. We need to come up with some sort of standardized “back to my mac” like platform that works both over IPv4 and IPv6 with a security architecture that is trustworthy.

> 
>> The essential point is to have an open interconnection specification that permits mixing different vendors' products together.  (This is true for mixing IoT end devices, not just IoT data servers.)
> 
> This *is* the ideal I think we want to shoot for, BUT… 
+1

But as stated below, this will not happen without significant market pressure. I work a bit
in the health care area and every vendor is building their own systems, which will drive
public spending up through the roof at the same time as it causes severe issues with
regards to privacy laws - data flowing in uncontrolled ways, ending up on clouds anywhere
on the planet provided by more or less unknown vendors. Hopefully the public sector
can control their spending and force some change in this area.
>> 
>> I think the real issue here is that the vendors have a strong incentive to /retain/ their data acquisition role.  So they won't give it up unless and until there is a strong consumer-driven pressure for it.
> 
> ... I think you're right on target here.  I think with IoT consumer devices we're still in the early deployment stages where the vendors are trying to capture the ecosystem and obtain de facto standards purely by market success.   I think it will take some significant level of consumer frustration with not being able to buy, for instance, two lightbulbs from different vendors and have them work together before there will be enough pressure to get vendors to start interoperating.
Oh yes, as long as there’s money in the big data and selling user’s privacy that will happen.

I think we need a showcase of an architecture that works to show vendors that don’t want to
play that game and as a proof if vendors claim it doesn’t work without their wonderful
superfantastic cloud service connected to Google, Facebook et al. Customers/users need
good examples and today there are not that many out there.

My 2 öre :-)
/O
> 
> My 2 cents,
> Dan
> 
> --
> Dan York
> Senior Content Strategist, Internet Society
> york@isoc.org <mailto:york@isoc.org>   +1-802-735-1624
> Jabber: york@jabber.isoc.org <mailto:york@jabber.isoc.org> 
> Skype: danyork   http://twitter.com/danyork <http://twitter.com/danyork>
> 
> http://www.internetsociety.org/ <http://www.internetsociety.org/>
> 
> 
> 
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass

v2.23.0 | Report a Bug | By Email