IETF Logo Mail Archive

Re: [perpass] US intelligence chief says we might use the IoT to spy on you

Robin Wilton <wilton@isoc.org> Fri, 12 February 2016 16:29 UTC

Return-Path: <wilton@isoc.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F86A1A6F30 for <perpass@ietfa.amsl.com>; Fri, 12 Feb 2016 08:29:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S6D-U64Kzh8I for <perpass@ietfa.amsl.com>; Fri, 12 Feb 2016 08:29:04 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0099.outbound.protection.outlook.com [65.55.169.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F2EB1A6EF2 for <perpass@ietf.org>; Fri, 12 Feb 2016 08:29:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isoc.onmicrosoft.com; s=selector1-isoc-org; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=QVmK+ycogp17FUTuDvxBam6DR9YwOzlZ/wMr8g+bnqs=; b=XeHJdSOZAToCJP1K/XNbW0tnvOclGIAMhByAx1n0mHKWogjM/Pdh87Gsb/d+jNFE3EB7/y5VbaUgk0COvA5d15FSx5elLi9LL/ktyrZsW9qq0CyW6NJb58UCLEp8c2SvYXXTqjAo+bEH41NY0mMJxeawm4nnaowdeYSn5OYP6iA=
Received: from SN1PR06MB1839.namprd06.prod.outlook.com (10.162.133.18) by SN1PR06MB1839.namprd06.prod.outlook.com (10.162.133.18) with Microsoft SMTP Server (TLS) id 15.1.403.16; Fri, 12 Feb 2016 16:29:01 +0000
Received: from SN1PR06MB1839.namprd06.prod.outlook.com ([10.162.133.18]) by SN1PR06MB1839.namprd06.prod.outlook.com ([10.162.133.18]) with mapi id 15.01.0403.017; Fri, 12 Feb 2016 16:29:01 +0000
From: Robin Wilton <wilton@isoc.org>
To: Dave Crocker <dcrocker@bbiw.net>
Thread-Topic: [perpass] US intelligence chief says we might use the IoT to spy on you
Thread-Index: AQHRZN70h5U8k4yuOkK4RmUO4D57HJ8nLVAAgAAC0YCAAAIwAIABSGGAgAAgWoA=
Date: Fri, 12 Feb 2016 16:29:01 +0000
Message-ID: <46EBBA95-9FDA-4C99-861C-4E9311A1FD0E@isoc.org>
References: <D2E1E4F0.3C6A1%harper@isoc.org> <946B2223-C0BD-4AFE-AE76-99478609104F@vigilsec.com> <56BCA55E.2020205@cs.tcd.ie> <0cbc01d164fb$88b09da0$9a11d8e0$@huitema.net> <56BCD7B9.9070902@dcrocker.net> <CAPt1N1nTZwzTQxFk7FjASo0qL_U_aSh=N2wX2rkrh=xbz5pRCg@mail.gmail.com> <56BDED05.4030102@dcrocker.net>
In-Reply-To: <56BDED05.4030102@dcrocker.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: bbiw.net; dkim=none (message not signed) header.d=none;bbiw.net; dmarc=none action=none header.from=isoc.org;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [94.174.34.240]
x-microsoft-exchange-diagnostics: 1; SN1PR06MB1839; 5:QTqB77kZvnrhboTWUHodvUwsy2f1JVGpOoE2SOFoymSUt9lo7VX5HMl9o0JPnUFv0R3e0+QbuoIv3/l0wpsviL/zsUEKTGORobdzuqkrwQqgmapH2vFkPF7gJWmpST7B8zQq+s+/G7OpOWk1V1lZcg==; 24:R8HjatK8QIJ9vt9vuZ6llR4aixWF0socFAKjDHa/vUuConNvMYl+g1eFlZeAxotFqLU7wtjekuXVfoaF5d6OVjyzQi1lFHK8yESjjqeRvHw=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SN1PR06MB1839;
x-ms-office365-filtering-correlation-id: a244cbb2-9c6a-491d-e056-08d333c99de0
x-microsoft-antispam-prvs: <SN1PR06MB18395F677D6A650D586ACBEBBFA90@SN1PR06MB1839.namprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415293)(102615271)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046); SRVR:SN1PR06MB1839; BCL:0; PCL:0; RULEID:; SRVR:SN1PR06MB1839;
x-forefront-prvs: 0850800A29
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(479174004)(53484002)(469094003)(52034003)(24454002)(377454003)(252514010)(82746002)(83716003)(19580405001)(122556002)(19580395003)(93886004)(5008740100001)(5004730100002)(33656002)(2900100001)(87936001)(86362001)(40100003)(77096005)(92566002)(102836003)(15975445007)(16236675004)(5001960100002)(2950100001)(110136002)(3846002)(11100500001)(66066001)(4326007)(3660700001)(50986999)(76176999)(2906002)(99936001)(10400500002)(3280700002)(99286002)(106116001)(1220700001)(1096002)(106356001)(54356999)(6116002)(189998001)(586003)(5002640100001)(36756003)(104396002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR06MB1839; H:SN1PR06MB1839.namprd06.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; boundary="Apple-Mail=_A2F07E50-FDFC-48B6-8869-AE8CD58D3435"; protocol="application/pgp-signature"; micalg="pgp-sha256"
MIME-Version: 1.0
X-OriginatorOrg: isoc.org
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Feb 2016 16:29:01.8012 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 89f84dfb-7285-4810-bc4d-8b9b5794554f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR06MB1839
Archived-At: <http://mailarchive.ietf.org/arch/msg/perpass/q3yotGET1xjGa6nAwGldMZ1nM_s>
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] US intelligence chief says we might use the IoT to spy on you
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Feb 2016 16:29:10 -0000

Thanks all - really interesting discussion on these points. I’m going to kind of apologise for top-posting, but really wanted to draw out 3 themes which I think stand out from several of the preceding threads… so there wasn’t really a good “in-line” way to do this.

I don’t think my thoughts here are original by the way, I’m just trying to recap the good ideas of others (I’m not proud…)

1 - this isn’t a tech-only or standardisation-only problem: whatever we try and do through IETF will be in the context of the massive economic forces that (currently) favour a model based on cloud, aggregation, and monetization of personal data.

2 - there’s a tech element in that "walled garden” IoT implementations make it much harder for users to see/control what devices are doing “on their behalf”, whereas open source/open standard implementations are more likely to make that possible. Again, the economic factors in (1) currently act in favour of walled gardens.

3 - technically, whatever system component gives effect to users’ wishes and preferences can reside in the home, at the service provider, or somewhere else. Commercially, the question is whether there’s any incentive at all for IoT vendors to include such a component… let alone whether (as per (2) ) they do so on the basis of open interfaces.

I hope this helps tease out some of the issues. I think this is another classic example where it would take the co-operative action of multiple stakeholders in order for users to get a better deal...

Yrs.,
Robin

Robin Wilton
Technical Outreach Director - Identity and Privacy
Internet Society

email: wilton@isoc.org
Phone: +44 705 005 2931
Twitter: @futureidentity

On 12 Feb 2016, at 14:32, Dave Crocker <dhc@dcrocker.net> wrote:

> 
> 
> On 2/11/2016 10:57 AM, Ted Lemon wrote:
>> To be fair, there is really no way at present for IoT vendors to
>> deliver service without running the data collection end, unless they
>> sell you a workstation to do it at home.   If there were a place at
>> home where data collection apps could run...
> 
> I do not know of any reason the model for IoT needs to be different from email.  That is, yes, servers are needed.  They might reside with end-users, but they do not have to.
> 
> The essential point is to have an open interconnection specification that permits mixing different vendors' products together.  (This is true for mixing IoT end devices, not just IoT data servers.)
> 
> I think the real issue here is that the vendors have a strong incentive to /retain/ their data acquisition role.  So they won't give it up unless and until there is a strong consumer-driven pressure for it.
> 
> 
>> The IETF has the technological basis for working on this problem, but
>> it would be completely speculative at this point, and probably we'd
>> get it wrong.
> 
> Well, you are more optimistic than I.  Absent involvement of folk with subject matter expertise, the likelihood of getting the design right is zero, IMO...  That is, 'certainly' rather than 'probably'...
> 
> d/
> 
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass

v2.23.0 | Report a Bug | By Email