Re: [perpass] US intelligence chief says we might use the IoT to spy on you
Robin Wilton <wilton@isoc.org> Fri, 12 February 2016 16:29 UTC
Return-Path: <wilton@isoc.org>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F86A1A6F30 for <perpass@ietfa.amsl.com>; Fri, 12 Feb 2016 08:29:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S6D-U64Kzh8I for <perpass@ietfa.amsl.com>; Fri, 12 Feb 2016 08:29:04 -0800 (PST)
Received: from na01-bl2-obe.outbound.protection.outlook.com (mail-bl2on0099.outbound.protection.outlook.com [65.55.169.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F2EB1A6EF2 for <perpass@ietf.org>; Fri, 12 Feb 2016 08:29:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isoc.onmicrosoft.com; s=selector1-isoc-org; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=QVmK+ycogp17FUTuDvxBam6DR9YwOzlZ/wMr8g+bnqs=; b=XeHJdSOZAToCJP1K/XNbW0tnvOclGIAMhByAx1n0mHKWogjM/Pdh87Gsb/d+jNFE3EB7/y5VbaUgk0COvA5d15FSx5elLi9LL/ktyrZsW9qq0CyW6NJb58UCLEp8c2SvYXXTqjAo+bEH41NY0mMJxeawm4nnaowdeYSn5OYP6iA=
Received: from SN1PR06MB1839.namprd06.prod.outlook.com (10.162.133.18) by SN1PR06MB1839.namprd06.prod.outlook.com (10.162.133.18) with Microsoft SMTP Server (TLS) id 15.1.403.16; Fri, 12 Feb 2016 16:29:01 +0000
Received: from SN1PR06MB1839.namprd06.prod.outlook.com ([10.162.133.18]) by SN1PR06MB1839.namprd06.prod.outlook.com ([10.162.133.18]) with mapi id 15.01.0403.017; Fri, 12 Feb 2016 16:29:01 +0000
From: Robin Wilton <wilton@isoc.org>
To: Dave Crocker <dcrocker@bbiw.net>
Thread-Topic: [perpass] US intelligence chief says we might use the IoT to spy on you
Thread-Index: AQHRZN70h5U8k4yuOkK4RmUO4D57HJ8nLVAAgAAC0YCAAAIwAIABSGGAgAAgWoA=
Date: Fri, 12 Feb 2016 16:29:01 +0000
Message-ID: <46EBBA95-9FDA-4C99-861C-4E9311A1FD0E@isoc.org>
References: <D2E1E4F0.3C6A1%harper@isoc.org> <946B2223-C0BD-4AFE-AE76-99478609104F@vigilsec.com> <56BCA55E.2020205@cs.tcd.ie> <0cbc01d164fb$88b09da0$9a11d8e0$@huitema.net> <56BCD7B9.9070902@dcrocker.net> <CAPt1N1nTZwzTQxFk7FjASo0qL_U_aSh=N2wX2rkrh=xbz5pRCg@mail.gmail.com> <56BDED05.4030102@dcrocker.net>
In-Reply-To: <56BDED05.4030102@dcrocker.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: bbiw.net; dkim=none (message not signed) header.d=none;bbiw.net; dmarc=none action=none header.from=isoc.org;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [94.174.34.240]
x-microsoft-exchange-diagnostics: 1; SN1PR06MB1839; 5:QTqB77kZvnrhboTWUHodvUwsy2f1JVGpOoE2SOFoymSUt9lo7VX5HMl9o0JPnUFv0R3e0+QbuoIv3/l0wpsviL/zsUEKTGORobdzuqkrwQqgmapH2vFkPF7gJWmpST7B8zQq+s+/G7OpOWk1V1lZcg==; 24:R8HjatK8QIJ9vt9vuZ6llR4aixWF0socFAKjDHa/vUuConNvMYl+g1eFlZeAxotFqLU7wtjekuXVfoaF5d6OVjyzQi1lFHK8yESjjqeRvHw=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SN1PR06MB1839;
x-ms-office365-filtering-correlation-id: a244cbb2-9c6a-491d-e056-08d333c99de0
x-microsoft-antispam-prvs: <SN1PR06MB18395F677D6A650D586ACBEBBFA90@SN1PR06MB1839.namprd06.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415293)(102615271)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046); SRVR:SN1PR06MB1839; BCL:0; PCL:0; RULEID:; SRVR:SN1PR06MB1839;
x-forefront-prvs: 0850800A29
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(479174004)(53484002)(469094003)(52034003)(24454002)(377454003)(252514010)(82746002)(83716003)(19580405001)(122556002)(19580395003)(93886004)(5008740100001)(5004730100002)(33656002)(2900100001)(87936001)(86362001)(40100003)(77096005)(92566002)(102836003)(15975445007)(16236675004)(5001960100002)(2950100001)(110136002)(3846002)(11100500001)(66066001)(4326007)(3660700001)(50986999)(76176999)(2906002)(99936001)(10400500002)(3280700002)(99286002)(106116001)(1220700001)(1096002)(106356001)(54356999)(6116002)(189998001)(586003)(5002640100001)(36756003)(104396002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR06MB1839; H:SN1PR06MB1839.namprd06.prod.outlook.com; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; boundary="Apple-Mail=_A2F07E50-FDFC-48B6-8869-AE8CD58D3435"; protocol="application/pgp-signature"; micalg="pgp-sha256"
MIME-Version: 1.0
X-OriginatorOrg: isoc.org
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Feb 2016 16:29:01.8012 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 89f84dfb-7285-4810-bc4d-8b9b5794554f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR06MB1839
Archived-At: <http://mailarchive.ietf.org/arch/msg/perpass/q3yotGET1xjGa6nAwGldMZ1nM_s>
Cc: perpass <perpass@ietf.org>
Subject: Re: [perpass] US intelligence chief says we might use the IoT to spy on you
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Feb 2016 16:29:10 -0000
Thanks all - really interesting discussion on these points. I’m going to kind of apologise for top-posting, but really wanted to draw out 3 themes which I think stand out from several of the preceding threads… so there wasn’t really a good “in-line” way to do this. I don’t think my thoughts here are original by the way, I’m just trying to recap the good ideas of others (I’m not proud…) 1 - this isn’t a tech-only or standardisation-only problem: whatever we try and do through IETF will be in the context of the massive economic forces that (currently) favour a model based on cloud, aggregation, and monetization of personal data. 2 - there’s a tech element in that "walled garden” IoT implementations make it much harder for users to see/control what devices are doing “on their behalf”, whereas open source/open standard implementations are more likely to make that possible. Again, the economic factors in (1) currently act in favour of walled gardens. 3 - technically, whatever system component gives effect to users’ wishes and preferences can reside in the home, at the service provider, or somewhere else. Commercially, the question is whether there’s any incentive at all for IoT vendors to include such a component… let alone whether (as per (2) ) they do so on the basis of open interfaces. I hope this helps tease out some of the issues. I think this is another classic example where it would take the co-operative action of multiple stakeholders in order for users to get a better deal... Yrs., Robin Robin Wilton Technical Outreach Director - Identity and Privacy Internet Society email: wilton@isoc.org Phone: +44 705 005 2931 Twitter: @futureidentity On 12 Feb 2016, at 14:32, Dave Crocker <dhc@dcrocker.net> wrote: > > > On 2/11/2016 10:57 AM, Ted Lemon wrote: >> To be fair, there is really no way at present for IoT vendors to >> deliver service without running the data collection end, unless they >> sell you a workstation to do it at home. If there were a place at >> home where data collection apps could run... > > I do not know of any reason the model for IoT needs to be different from email. That is, yes, servers are needed. They might reside with end-users, but they do not have to. > > The essential point is to have an open interconnection specification that permits mixing different vendors' products together. (This is true for mixing IoT end devices, not just IoT data servers.) > > I think the real issue here is that the vendors have a strong incentive to /retain/ their data acquisition role. So they won't give it up unless and until there is a strong consumer-driven pressure for it. > > >> The IETF has the technological basis for working on this problem, but >> it would be completely speculative at this point, and probably we'd >> get it wrong. > > Well, you are more optimistic than I. Absent involvement of folk with subject matter expertise, the likelihood of getting the design right is zero, IMO... That is, 'certainly' rather than 'probably'... > > d/ > > _______________________________________________ > perpass mailing list > perpass@ietf.org > https://www.ietf.org/mailman/listinfo/perpass
- Re: [perpass] US intelligence chief says we might… Dave Crocker
- [perpass] US intelligence chief says we might use… Russ Housley
- Re: [perpass] US intelligence chief says we might… Joseph Lorenzo Hall
- Re: [perpass] US intelligence chief says we might… Stephen Farrell
- Re: [perpass] US intelligence chief says we might… dan
- [perpass] Minimal benefit from perimeter protecti… Dave Crocker
- Re: [perpass] US intelligence chief says we might… Robin Wilton
- Re: [perpass] US intelligence chief says we might… Christian Huitema
- Re: [perpass] US intelligence chief says we might… Ted Lemon
- Re: [perpass] US intelligence chief says we might… dan
- Re: [perpass] US intelligence chief says we might… Paul Ferguson
- Re: [perpass] US intelligence chief says we might… Robin Wilton
- Re: [perpass] US intelligence chief says we might… Brian Trammell
- Re: [perpass] US intelligence chief says we might… Michael Richardson
- Re: [perpass] US intelligence chief says we might… Dave Crocker
- Re: [perpass] US intelligence chief says we might… Dan York
- Re: [perpass] US intelligence chief says we might… Dave Crocker
- Re: [perpass] US intelligence chief says we might… Olle E. Johansson
- Re: [perpass] US intelligence chief says we might… Robin Wilton
- Re: [perpass] US intelligence chief says we might… Dave Crocker
- Re: [perpass] US intelligence chief says we might… Olle E. Johansson
- Re: [perpass] US intelligence chief says we might… dan