IETF Logo Mail Archive

Re: [perpass] US intelligence chief says we might use the IoT to spy on you

Michael Richardson <mcr+ietf@sandelman.ca> Fri, 12 February 2016 14:25 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC9541A022C for <perpass@ietfa.amsl.com>; Fri, 12 Feb 2016 06:25:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.798
X-Spam-Level:
X-Spam-Status: No, score=0.798 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FrJ7hpeewlJF for <perpass@ietfa.amsl.com>; Fri, 12 Feb 2016 06:25:24 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99D691A01F0 for <perpass@ietf.org>; Fri, 12 Feb 2016 06:25:24 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 3709D2009E for <perpass@ietf.org>; Fri, 12 Feb 2016 09:25:47 -0500 (EST)
Received: from obiwan.sandelman.ca (ip6-localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 472C6637A0 for <perpass@ietf.org>; Fri, 12 Feb 2016 09:25:23 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: perpass <perpass@ietf.org>
In-Reply-To: <CAPt1N1nTZwzTQxFk7FjASo0qL_U_aSh=N2wX2rkrh=xbz5pRCg@mail.gmail.com>
References: <D2E1E4F0.3C6A1%harper@isoc.org> <946B2223-C0BD-4AFE-AE76-99478609104F@vigilsec.com> <56BCA55E.2020205@cs.tcd.ie> <0cbc01d164fb$88b09da0$9a11d8e0$@huitema.net> <56BCD7B9.9070902@dcrocker.net> <CAPt1N1nTZwzTQxFk7FjASo0qL_U_aSh=N2wX2rkrh=xbz5pRCg@mail.gmail.com>
X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.4.2
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Fri, 12 Feb 2016 09:25:23 -0500
Message-ID: <5817.1455287123@obiwan.sandelman.ca>
Archived-At: <http://mailarchive.ietf.org/arch/msg/perpass/LlzmgGSMNn_xKOBv1oRN_bheNc8>
Subject: Re: [perpass] US intelligence chief says we might use the IoT to spy on you
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Feb 2016 14:25:26 -0000

Ted Lemon <mellon@fugue.com> wrote:
    > To be fair, there is really no way at present for IoT vendors to
    > deliver service without running the data collection end, unless they
    > sell you a workstation to do it at home.   If there were a place at
    > home where data collection apps could run, it's not inconceivable that
    > something better could be arranged, but at present there is no basis
    > for vendors of data collection equipment to cooperate with vendors of
    > data aggregation services.   In order for that to change, someone has
    > to lead the way.   It's possible that if someone leads the way, it
    > still won't happen, but without that, it definitely won't happen.

All true, and the privacy situation for Web-Connected Things is going to
continue to be bleak as long as the companies are market verticals, rather
than elements of cooperative interchange.

Or to put it another way: the current Web-Connected Thing market suffers from
all the insecurities due to centralization that the PSTN suffered from, and
the solutions to it are the same e2e principales that the IETF has championed
for decades.


At the pub at the London IETF, ran into former IAB member Jon Crowcroft (he
was like: hey! I recognize those badges!), and he introduced us to his
project:
        hubofallthings.com

Some good videos:
     http://www2.warwick.ac.uk/fac/sci/wmg/research/business_transformation/ssg/research/value/hat/

I think it is has significant potential, and seems to be making a good market
transition, although I haven't followed it as closely as I'd like.

I think that the Thread Group is going in a similar direction as well as OIC,
but with significantly less visibility.

Marshall Rose also leads a project: http://thethingsystem.com/ which has
different aims, seems much more grassroots, which is both good (easy to get
involved), and bad (doesn't seem to have attracted much market interest).
The Thing System seems to be more about adapting itself to stupid devices,
rather than creating better (more secure, more private) standards for devices
to adhere to.  Marshall has the advantage of not needing an income in order
to be able to work on this stuff.





--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email