IETF Logo Mail Archive

Re: [perpass] US intelligence chief says we might use the IoT to spy on you

Brian Trammell <ietf@trammell.ch> Fri, 12 February 2016 10:11 UTC

Return-Path: <ietf@trammell.ch>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B4201B42B7 for <perpass@ietfa.amsl.com>; Fri, 12 Feb 2016 02:11:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3JX-z9CK1MLa for <perpass@ietfa.amsl.com>; Fri, 12 Feb 2016 02:11:37 -0800 (PST)
Received: from trammell.ch (trammell.ch [5.148.172.66]) by ietfa.amsl.com (Postfix) with ESMTP id E09091B42B1 for <perpass@ietf.org>; Fri, 12 Feb 2016 02:11:36 -0800 (PST)
Received: from nb-10604.ethz.ch (nb-10604.ethz.ch [82.130.102.91]) by trammell.ch (Postfix) with ESMTPSA id 46F521A0492; Fri, 12 Feb 2016 11:11:35 +0100 (CET)
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
Content-Type: multipart/signed; boundary="Apple-Mail=_27692DE5-7E8B-461E-B208-FE971A0B9314"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.5.2
From: Brian Trammell <ietf@trammell.ch>
In-Reply-To: <66E3404F-05D2-4571-B467-F61CDC9B14D1@isoc.org>
Date: Fri, 12 Feb 2016 11:11:35 +0100
Message-Id: <75F0AF43-3B49-45F5-B9D5-B24E32792C2F@trammell.ch>
References: <Your> <message> <of> <"Thu, > <11> <Feb> <2016> <17:13:18> <+0000."> <05998E8F-889F-48E5-A53A-081D0C8A9F47@isoc.org> <20160212035433.E2A87A06E32@palinka.tinho.net> <66E3404F-05D2-4571-B467-F61CDC9B14D1@isoc.org>
To: Robin Wilton <wilton@isoc.org>
X-Mailer: Apple Mail (2.2104)
Archived-At: <http://mailarchive.ietf.org/arch/msg/perpass/KeJMd4O2Su5eR0KlUsELofI4bvc>
Cc: perpass <perpass@ietf.org>, "dan@geer.org" <dan@geer.org>
Subject: Re: [perpass] US intelligence chief says we might use the IoT to spy on you
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Feb 2016 10:11:39 -0000

And why would I (as an intel analyst) care about getting data directly off a bunch of behind-the-firewall devices when I can just compromise the link between the IoT startup and their cloud providers to get *all* the data conveniently packaged and preanalyzed?

On perimeters: I agree, but there's still a lot of scope for reducing the exposure of devices with, shall we say, a relaxed approach to software engineering, operational security, and security vulnerability testing and management. The MUD approach (draft-lear-mud-framework) seems promising for helping to shore up the perimeter of home and enterprise frameworks, but the fact that that needs shoring up is more an implementation-level failure than an "IoT architectural" one. The architectural failure in a world where we care about mass surveillance of civilians is the centralization-eases-monetization pattern, which is the entire thing driving IoT through the hype cycle in the first place.

Cheers,

Brian



> On 12 Feb 2016, at 10:01, Robin Wilton <wilton@isoc.org> wrote:
> 
> True... but as I say, a large proportion of those devices will generate data which comes out from behind the firewall and therefore becomes accessible. Businesses based on the monetization of personal data stand to gain from IoT because it represents a massive increase in the generation of their 'raw material'; but to be useful, that raw material has to get to them and be mined.
> 
> R
> 
> Robin Wilton
> 
> Technical Outreach Director - Identity and Privacy
> 
> On 12 Feb 2016, at 03:54, "dan@geer.org" <dan@geer.org> wrote:
> 
>>> Yup - so much for the dire warnings about the Internet "going dark"...
>> 
>> The IoT will be why the percentage of the network that is dark,
>> that is to say unreachable, will approach 99%.  They will get their
>> addresses from DHCP4/6 and will be behind a firewall that will
>> prevent inbound connections by default.  The default-routable
>> customer network is history.
>> 
>> And if that turns out to not be the case, the world will then truly
>> be the traffic analyst's oyster.
>> 
>> --dan
>> 
> 
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass

v2.23.0 | Report a Bug | By Email