Re: [perpass] US intelligence chief says we might use the IoT to spy on you

Dan York <york@isoc.org> Fri, 12 February 2016 16:14 UTC

Return-Path: <york@isoc.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 07E711A219C for <perpass@ietfa.amsl.com>; Fri, 12 Feb 2016 08:14:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 882sCf_5BtMC for <perpass@ietfa.amsl.com>; Fri, 12 Feb 2016 08:14:14 -0800 (PST)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0056.outbound.protection.outlook.com [207.46.100.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 661631A21A8 for <perpass@ietf.org>; Fri, 12 Feb 2016 08:14:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isoc.onmicrosoft.com; s=selector1-isoc-org; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=G4nME3cnKRy7690Umpp3pK1lqwH2Z84Tbl234BFRSbI=; b=vnZ3j1l7IIQeuuxwbe7QTQwEw1AcWbfolfYRryVq5YP5+OkGVymPqVLI/VlKVYsWrii1cCJ97IsedwZVbJZXaD4EOzBUxdpHBPvv1ZLhRyKbf2O1NDnJvDtAJrVjlDVkHPkowe5SNHZwXjJ1fn3hS1J+UwAxhArpg1Ls/w9625w=
Received: from SN1PR0601MB1663.namprd06.prod.outlook.com (10.163.203.145) by SN1PR0601MB1662.namprd06.prod.outlook.com (10.163.203.144) with Microsoft SMTP Server (TLS) id 15.1.403.16; Fri, 12 Feb 2016 16:14:12 +0000
Received: from SN1PR0601MB1663.namprd06.prod.outlook.com ([10.163.203.145]) by SN1PR0601MB1663.namprd06.prod.outlook.com ([10.163.203.145]) with mapi id 15.01.0403.017; Fri, 12 Feb 2016 16:14:12 +0000
From: Dan York <york@isoc.org>
To: "dcrocker@bbiw.net" <dcrocker@bbiw.net>
Thread-Topic: [perpass] US intelligence chief says we might use the IoT to spy on you
Thread-Index: AQHRZN700GwtfNxrZEiEw938/BJ9G58nLVAAgAAC0YCAAAIwAIABSGGAgAAcYgA=
Date: Fri, 12 Feb 2016 16:14:12 +0000
Message-ID: <760A207E-F060-4347-92C0-EA5E8AA11EF9@isoc.org>
References: <D2E1E4F0.3C6A1%harper@isoc.org> <946B2223-C0BD-4AFE-AE76-99478609104F@vigilsec.com> <56BCA55E.2020205@cs.tcd.ie> <0cbc01d164fb$88b09da0$9a11d8e0$@huitema.net> <56BCD7B9.9070902@dcrocker.net> <CAPt1N1nTZwzTQxFk7FjASo0qL_U_aSh=N2wX2rkrh=xbz5pRCg@mail.gmail.com> <56BDED05.4030102@dcrocker.net>
In-Reply-To: <56BDED05.4030102@dcrocker.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: bbiw.net; dkim=none (message not signed) header.d=none;bbiw.net; dmarc=none action=none header.from=isoc.org;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [74.69.229.215]
x-microsoft-exchange-diagnostics: 1; SN1PR0601MB1662; 5:k7zzHAfkTYvpQwSQJ+ik7MFURoPKy7IHYZUwpfISXs0Ru0Pzu3XEk5xeRMCZbMkR9O6T2oNhougI6ra2o0x8xUIbHeG9R0GVWuOErax4cFRXBIDyfcXLPZGSjzX5o0Wrfj4a2fHdPrsqUUkUZ87fbw==; 24:1nytWTljnnMgxQTPci94tLJ2P12pqmT4PROfXS3BH+zvux4gG1TxPVrRdcawZ8SSAgVHw/i2MMucmqjkBEfWg7pr0FUMiH8q5c+KxtgnC78=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SN1PR0601MB1662;
x-ms-office365-filtering-correlation-id: 03aa6ce6-ad65-4a4f-0000-08d333c78bce
x-microsoft-antispam-prvs: <SN1PR0601MB1662005C317C7DC0D49FB6A9B7A90@SN1PR0601MB1662.namprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046); SRVR:SN1PR0601MB1662; BCL:0; PCL:0; RULEID:; SRVR:SN1PR0601MB1662;
x-forefront-prvs: 0850800A29
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(24454002)(377454003)(479174004)(2950100001)(5004730100002)(33656002)(36756003)(15975445007)(40100003)(1096002)(77096005)(19617315012)(3280700002)(122556002)(106116001)(19580405001)(16236675004)(2900100001)(2906002)(4326007)(66066001)(10400500002)(11100500001)(19580395003)(15395725005)(1730700002)(3660700001)(5008740100001)(3846002)(82746002)(93886004)(110136002)(5001960100002)(83716003)(189998001)(99286002)(76176999)(586003)(5002640100001)(2351001)(87936001)(92566002)(6116002)(1220700001)(86362001)(102836003)(50986999)(54356999)(2501003)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR0601MB1662; H:SN1PR0601MB1663.namprd06.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_760A207EF060434792C0EA5E8AA11EF9isocorg_"
MIME-Version: 1.0
X-OriginatorOrg: isoc.org
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Feb 2016 16:14:12.3913 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 89f84dfb-7285-4810-bc4d-8b9b5794554f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR0601MB1662
Archived-At: <http://mailarchive.ietf.org/arch/msg/perpass/Ub8SB_6lU1qSLXOI8Jq1Doy7Pfs>
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] US intelligence chief says we might use the IoT to spy on you
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Feb 2016 16:14:17 -0000

Dave,

On Feb 12, 2016, at 9:32 AM, Dave Crocker <dhc@dcrocker.net<mailto:dhc@dcrocker.net>> wrote:

On 2/11/2016 10:57 AM, Ted Lemon wrote:
To be fair, there is really no way at present for IoT vendors to
deliver service without running the data collection end, unless they
sell you a workstation to do it at home.   If there were a place at
home where data collection apps could run...

I do not know of any reason the model for IoT needs to be different from email.  That is, yes, servers are needed.  They might reside with end-users, but they do not have to.

On this point, I think RFC 7452 ( https://tools.ietf.org/html/rfc7452 ) did a nice job with spelling out the different "communication patterns" seen in IoT deployments.

To Ted's point, what I think we're seeing is a very large number of vendors pursuing the "Device-to-Cloud" model (section 2.2) of sending all the data back to some central application service provider, versus the "Device-to-Gateway" model (2.3) where there is a local hub in the home.

You're right, Dave, that this is quite similar to email... people *could* operate their own home email servers, or they could just use some big cloud-based vendor (<insert favorite name here>).

The essential point is to have an open interconnection specification that permits mixing different vendors' products together.  (This is true for mixing IoT end devices, not just IoT data servers.)

This *is* the ideal I think we want to shoot for, BUT...

I think the real issue here is that the vendors have a strong incentive to /retain/ their data acquisition role.  So they won't give it up unless and until there is a strong consumer-driven pressure for it.

... I think you're right on target here.  I think with IoT consumer devices we're still in the early deployment stages where the vendors are trying to capture the ecosystem and obtain de facto standards purely by market success.   I think it will take some significant level of consumer frustration with not being able to buy, for instance, two lightbulbs from different vendors and have them work together before there will be enough pressure to get vendors to start interoperating.

My 2 cents,
Dan

--
Dan York
Senior Content Strategist, Internet Society
york@isoc.org<mailto:york@isoc.org>   +1-802-735-1624
Jabber: york@jabber.isoc.org<mailto:york@jabber.isoc.org>
Skype: danyork   http://twitter.com/danyork

http://www.internetsociety.org/