IETF Logo Mail Archive

Re: [perpass] US intelligence chief says we might use the IoT to spy on you

Ted Lemon <mellon@fugue.com> Thu, 11 February 2016 18:58 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6A471B391F for <perpass@ietfa.amsl.com>; Thu, 11 Feb 2016 10:58:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.279
X-Spam-Level:
X-Spam-Status: No, score=-1.279 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WPDRuTY9bMuP for <perpass@ietfa.amsl.com>; Thu, 11 Feb 2016 10:58:00 -0800 (PST)
Received: from mail-lf0-x233.google.com (mail-lf0-x233.google.com [IPv6:2a00:1450:4010:c07::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 963281B391E for <perpass@ietf.org>; Thu, 11 Feb 2016 10:57:59 -0800 (PST)
Received: by mail-lf0-x233.google.com with SMTP id m1so38043790lfg.0 for <perpass@ietf.org>; Thu, 11 Feb 2016 10:57:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=iC296Fvg/gulBy9bMLSgECyHvzGhY+S0tvA5A9UGIzw=; b=w9Qtz2peoTBTBOCeFOwl0/mJq0TBMbSyPCBDRxieYA3is6h169VOX6zCxFrxUo43p0 xrpfsrAAF1aJRrGpv9KhsCA+uEkQJSo1YGv41zj0XvpUqV0+ZvPMSLv9jlXI87ztUixk 8GfMNT1nmlqIxv37RjTzyKfoGaY48IhV4GAXPGY7pjTzke7DC5w+Aeh06fhzfAoJzAk4 vs2vjT/rFbqPsBa+yfL4LqmeStVVqGqgSv+9LFaAlHwXCRx+rvmoOVhvTn4SOd7cKbwj /QPc+eKbDTsYO7lNVVxXmCGAlnjmH2ZOqJ7+pdlx+56yteSdurtnQUosIcP6jbqm1ry/ O05w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=iC296Fvg/gulBy9bMLSgECyHvzGhY+S0tvA5A9UGIzw=; b=TbOiiYrhieGCQuR2LGpwsUvQ7rPytoxp0IQduOFDr3an4IRfAaYkCYoxYsrtFUcSqD oZgQe1vCQJTEFiwwlC+z+eD0Sq8j19tlfAw+nfF8YjMVSmoZU7AQCnQDQhv4RRZaM+sq SN+M7YmpYaTl0sAGgZwMc2thsRzuHwBBlWU9sT2chkOzxTbI/2zn7hAPZB7I+RbfUrkN A5EoowLHbv78QraA/Xmf3wQji1XVCIZfsnOgTUIPvomEf/4T+fRstyrnyT8eK267MsWX 3+mAd/1DcwxUSPnHlxsWeFEMcKXSvKHwJHU/pqbrH4mAYMGDakRWVtq+7hvJcl0SEWbW ri5g==
X-Gm-Message-State: AG10YOSKevNnsO4QXaXKx2KSxaaO4zbq1rZ3IanF1zcBz5cGO1ju7VxsxyJWu/3Tk9e4+guZnWEjkF8pKPUL2A==
X-Received: by 10.25.20.165 with SMTP id 37mr19080346lfu.53.1455217077713; Thu, 11 Feb 2016 10:57:57 -0800 (PST)
MIME-Version: 1.0
Received: by 10.25.29.149 with HTTP; Thu, 11 Feb 2016 10:57:18 -0800 (PST)
X-Originating-IP: [71.233.41.235]
In-Reply-To: <56BCD7B9.9070902@dcrocker.net>
References: <D2E1E4F0.3C6A1%harper@isoc.org> <946B2223-C0BD-4AFE-AE76-99478609104F@vigilsec.com> <56BCA55E.2020205@cs.tcd.ie> <0cbc01d164fb$88b09da0$9a11d8e0$@huitema.net> <56BCD7B9.9070902@dcrocker.net>
From: Ted Lemon <mellon@fugue.com>
Date: Thu, 11 Feb 2016 13:57:18 -0500
Message-ID: <CAPt1N1nTZwzTQxFk7FjASo0qL_U_aSh=N2wX2rkrh=xbz5pRCg@mail.gmail.com>
To: dcrocker@bbiw.net
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/perpass/no7wOJlidFv9p-qdgngW1yj10Ic>
Cc: Russ Housley <housley@vigilsec.com>, perpass <perpass@ietf.org>, Christian Huitema <huitema@huitema.net>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] US intelligence chief says we might use the IoT to spy on you
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Feb 2016 18:58:01 -0000

To be fair, there is really no way at present for IoT vendors to
deliver service without running the data collection end, unless they
sell you a workstation to do it at home.   If there were a place at
home where data collection apps could run, it's not inconceivable that
something better could be arranged, but at present there is no basis
for vendors of data collection equipment to cooperate with vendors of
data aggregation services.   In order for that to change, someone has
to lead the way.   It's possible that if someone leads the way, it
still won't happen, but without that, it definitely won't happen.

The IETF has the technological basis for working on this problem, but
it would be completely speculative at this point, and probably we'd
get it wrong.   More likely this is something that the open source
community should work on, if we want it to be open.   I think the IETF
could play a role in that process, because otherwise we'll get a
repeat of the dbus fiasco, but we can't really drive the effort--all
we can do is try to document it and address interop problems before
they are cast in concrete.

Customer satisfaction with various laptop<->cloud solutions is quite
low at the moment, BTW.   I am not convinced that this model of
operation is actually the wave of the future.   Maybe they will figure
out how to do it right, but at the moment the jury is out.   A more
open development model probably would have made this better, but
wouldn't have served the interests of the incumbents.

On Thu, Feb 11, 2016 at 1:49 PM, Dave Crocker <dhc@dcrocker.net> wrote:
>
>
> On 2/11/2016 10:39 AM, Christian Huitema wrote:
>>
>> any of the appliances are designed to "report to the cloud," and have
>> a business model based on the "big data" that they acquire. If we
>> design appliances like that, it will be hard to keep "big brother"
>> away.
>
> ...
>>
>> Sure, encrypting the communications between the appliances and the
>> cloud cannot hurt. But we should also look at standardization, so
>> that appliances can communicate directly, or so that people could
>> easily switch the "appliance monitoring" services. In the absence of
>> such standards, we get lots of info concentrated in few places, which
>> becomes of course a target for all kind of spying.
>
>
>
> Yes, but...
>
> First, tablets and, now, PCs are following exactly the same reporting model.
>
> Second, the 'monitoring' is controlled by the original vendor and they have
> no interest in handing that control over to anyone else, no is there any
> groundswell among customers to force the change.
>
> Standards work when there is a very strong market force demanding them.  We
> ain't got that.  Yet(?)
>
> d/
> --
> Dave Crocker
> Brandenburg InternetWorking
> bbiw.net
>
>
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass

v2.23.0 | Report a Bug | By Email