[KI-LC] FTC IoT Request for Input - first draft for discussion

Heather Flanagan heather at kantarainitiative.org
Thu May 16 13:57:34 EDT 2013


Hi Ingo (and LC)

It looks like the FTC is accepting input through 1 June 2013.  I haven't
seen any further discussion on the LC list at this point, so I would
like to add it to the agenda for our next call on 22 May.  Any
objections, or has this already been dealt with offline?

Thanks!
Heather

On 5/15/13 4:20 AM, Ingo.Friese at telekom.de wrote:
>
> Hi,
>
>  
>
> I have been tried to compile few basic bullet points. Please have a
> look and feel free to comment and add.
>
>  
>
> Btw: I'm not sure whether this is the right list to discuss this
> topic....if not please let me know
>
>  
>
>  
>
> *FTC staff seeks input on the privacy and security implications of
> these developments.  *
>
> * *
>
> *What are the significant developments in services and products that
> make use of this connectivity (including prevalence and predictions)?*
>
>  
>
> The next important developments in the internet of things are
> overarching standards, frameworks and infrastructures (apart from the
> internet layer).
>
> Standardized interfaces and protocols enable the connection of now
> still rather isolated solutions. Various services can be combined to
> completely new eco-systems.
>
> Privacy and security risks will increase because knowledge about
> things or even knowledge about the existence of things and their
> identity will be exchanged much more extensive.
>
> That's why we think it needs an "Overall view", standards and
> frameworks how to handle the identity of things.
>
> And this brings also a big chance. If there is privacy ensured and
> secure way to let things, goods and objects communicate with each
> other or with human identities this enables myriads of new apps,
> services and business opportunities.
>
>  
>
> *What are the various technologies that enable this connectivity
> (e.g., RFID, barcodes, wired and wireless connections)?*
>
>  
>
> I'd like to add SIM cards. SIM cards enable connectivity and a secure
> element at the same time. While a barcode is readable for everyone SIM
> cards provide mechanisms to protect their information and allow just
> authorized parties to read information.
>
>  
>
> *What types of companies make up the smart ecosystem?*
>
> /<ideas?...maybe we don not need to answer all questions>/
>
> * *
>
> *What are the current and future uses of smart technology? *
>
>  
>
> Healthcare, smart metering, logistics, manufacturing, security
> industry, retail etc.
>
>  
>
> *How can consumers benefit from the technology? *
>
>  
>
> Consumers will benefit in many ways. They save time and money. Smart
> technology is going make life more convenient.
>
> Maybe it's a good idea to bring examples from different
>
>  
>
> *What are the unique privacy and security concerns associated with
> smart technology and its data?  For example, how can companies
> implement security patching for smart devices?  What steps can be
> taken to prevent smart devices from becoming targets of or vectors for
> malware or adware?*
>
>  
>
> Apart from technical security mechanisms we see object identity
> specific privacy risks:
>
> /<I took the basic points from Kenneth paper and applied it to objects>/
>
> An object is associated with the wrong identity information. This
> could lead to confusion of services up to severe errors. (e.g. results
> are taken from a wrong sensor)
>
> Identity information about an object is inaccurate or out of date.
> (e.g. device cannot communicate anymore)
>
> Identity information of an object is asserted by parties that are not
> considered as authoritative.(e.g. someone proofs that a certain device
> fulfills the requirements that is not entitled to)
>
> Object Identity information may be used by someone other than its
> rightful owner or authorized (e.g. a burglar could request status
> information of a home-automation system in order to see if someone is
> at home)
>
>  
>
> *How should privacy risks be weighed against potential societal
> benefits, such as the ability to generate better data to improve
> health-care decision making or to promote energy efficiency? Can and
> should de-identified data from smart devices be used for these
> purposes, and if so, under what circumstances?*
>
>  
>
> User consent is paramount in this case and makes life much easier in
> such kind of services.
>
> /<Maybe someone from our IAWG can help out here>/
>
>  
>
> *From:*jonibrennan at gmail.com [mailto:jonibrennan at gmail.com] *On Behalf
> Of *Joni Brennan
> *Sent:* Donnerstag, 9. Mai 2013 04:08
> *To:* Nat Sakimura
> *Cc:* Colin Wallis; Myisha Frazier Mcelveen; Friese, Ingo; Kantara
> Leadership Council Kantara; trustees at kantarainitiative.org
> *Subject:* Re: [BoT] [KI-LC] FTC IoT Request for Input
>
>  
>
> I can help to edit with submissions from those who have indicated
> interest.  I also agree with Colin regarding a very short response
> would still be worth while even if not comprehensive.  This is
> something we could also push to the Kantara blog and perhaps further
> develop in the group Ingo is proposing. 
>
> Thank you for your comments.
>
> - Joni
>
>  
>
> On Wed, May 8, 2013 at 12:30 AM, Nat Sakimura <sakimura at gmail.com
> <mailto:sakimura at gmail.com>> wrote:
>
> +1 Anybody who wants to fill more is more than welcome, I suppose. 
>
>  
>
> 2013/5/8 Colin Wallis <colin_wallis at hotmail.com
> <mailto:colin_wallis at hotmail.com>>
>
> Well, we have nothing to lose by simply making a very short submission
> with answers to the bullet points below.
> Even a short submission keeps us in the play.
> Ingo, if you could draft a basic response the bullet points, maybe
> some of use can add some bits or tidy up.
> Cheers
> Colin
>
> ------------------------------------------------------------------------
>
> From: mfraziermcelveen at deloitte.com <mailto:mfraziermcelveen at deloitte.com>
> To: Ingo.Friese at telekom.de <mailto:Ingo.Friese at telekom.de>;
> joni at ieee-isto.org <mailto:joni at ieee-isto.org>;
> LC at kantarainitiative.org <mailto:LC at kantarainitiative.org>;
> trustees at kantarainitiative.org <mailto:trustees at kantarainitiative.org>
> Date: Tue, 7 May 2013 12:33:20 +0000
> Subject: Re: [KI-LC] FTC IoT Request for Input
>
> I would agree.  I would also think that the IAWG (since now the
> privacy assessment criteria have been moved under our auspices) should
> participate as well.  But I would agree with the assessment of
> understanding what's required in order to respond. 
>
>  
>
> Sincerely,
>
> Myisha
>
> * *
>
> *Myisha Frazier-McElveen*
>
> Manager | Technology Risk
>
> Deloitte and Touche LLP
>
> Tel/Direct: +571 -814-6619 <tel:%2B571%20-814-6619> | Mobile: +1
> 571-814-0911 <tel:%2B1%20571-814-0911>
>
> mfraziermcelveen at deloitte.com <mailto:mfraziermcelveen at deloitte.com> |
> www.deloitte.com <http://www.deloitte.com>
>
>  
>
>  
>
> Please consider the environment before printing.
>
>  
>
>  
>
>  
>
>  
>
> This message (including any attachments) contains confidential
> information intended for a specific individual and purpose, and is
> protected by law. If you are not the intended recipient, you should
> delete this message and any disclosure, copying, or distribution of
> this message, or the taking of any action based on it, by you is
> strictly prohibited.
> v.E.1
>
>  
>
> *From:*lc-bounces at kantarainitiative.org
> <mailto:lc-bounces at kantarainitiative.org>
> [mailto:lc-bounces at kantarainitiative.org
> <mailto:lc-bounces at kantarainitiative.org>] *On Behalf Of
> *Ingo.Friese at telekom.de <mailto:Ingo.Friese at telekom.de>
> *Sent:* Tuesday, May 07, 2013 8:26 AM
> *To:* joni at ieee-isto.org <mailto:joni at ieee-isto.org>;
> LC at kantarainitiative.org <mailto:LC at kantarainitiative.org>;
> trustees at kantarainitiative.org <mailto:trustees at kantarainitiative.org>
> *Subject:* Re: [KI-LC] FTC IoT Request for Input
>
>  
>
> Hi Joni,
>
>  
>
> We should comment or submit something to this workshop. Because a lot
> of these questions fall into the area of the intended WG (Identites of
> Things/Object Identity). But if we have to write a full blown
> conference paper I'm a bit skeptical about the 1^st of June. Maybe
> it's a bit too early for us.
>
>  
>
> Ingo
>
>  
>
> *From:*lc-bounces at kantarainitiative.org
> <mailto:lc-bounces at kantarainitiative.org>
> [mailto:lc-bounces at kantarainitiative.org] *On Behalf Of *Joni Brennan
> *Sent:* Freitag, 3. Mai 2013 21:48
> *To:* LC at kantarainitiative.org <mailto:LC at kantarainitiative.org>;
> trustees at kantarainitiative.org <mailto:trustees at kantarainitiative.org>
> *Subject:* [KI-LC] FTC IoT Request for Input
>
>  
>
> Dear Trustees and LC,
>
> I would like to understand if Kantara would seek to respond to this
> event on IoT from the FTC planned for Nov 21.  The last day to respond
> is June 1 so there is not much time if we'd like to take part. 
>
> - Best Regards
>
> Joni
>
>
> http://www.ftc.gov/opa/2013/04/internetthings.shtm
>
>
>   FTC Seeks Input on Privacy and Security Implications of the Internet
>   of Things
>
>
>     Commission Staff to Conduct Workshop on Nov. 21
>
> The staff of the Federal Trade Commission is interested in the
> consumer privacy and security issues posed by the growing connectivity
> of consumer devices, such as cars, appliances, and medical devices,
> and invites comments on these issues in advance of a public workshop
> to be held on November 21, 2013 in Washington, D.C. 
> The ability of everyday devices to communicate with each other and
> with people is becoming more prevalent and often is referred to as
> "The Internet of Things."  Consumers already are able to use their
> mobile phones to open their car doors, turn off their home lights,
> adjust their thermostats, and have their vital signs, such as blood
> pressure, EKG, and blood sugar levels, remotely monitored by their
> physicians. In the not too distant future, consumers approaching a
> grocery store might receive messages from their refrigerator reminding
> them that they are running out of milk.
> Connected devices can communicate with consumers, transmit data back
> to companies, and compile data for third parties such as researchers,
> health care providers, or even other consumers, who can measure how
> their product usage compares with that of their neighbors.  The
> devices can provide important benefits to consumers:  they can handle
> tasks on a consumer's behalf, improve efficiency, and enable consumers
> to control elements of their home or work environment from a distance.
> At the same time, the data collection and sharing that smart devices
> and greater connectivity enable pose privacy and security risks.
> FTC staff seeks input on the privacy and security implications of
> these developments.  For example:
>
>   * What are the significant developments in services and products
>     that make use of this connectivity (including prevalence and
>     predictions)?
>   * What are the various technologies that enable this connectivity
>     (e.g., RFID, barcodes, wired and wireless connections)?
>   * What types of companies make up the smart ecosystem?
>   * What are the current and future uses of smart technology?
>   * How can consumers benefit from the technology?
>   * What are the unique privacy and security concerns associated with
>     smart technology and its data?  For example, how can companies
>     implement security patching for smart devices?  What steps can be
>     taken to prevent smart devices from becoming targets of or vectors
>     for malware or adware?
>   * How should privacy risks be weighed against potential societal
>     benefits, such as the ability to generate better data to improve
>     health-care decisionmaking or to promote energy efficiency? Can
>     and should de-identified data from smart devices be used for these
>     purposes, and if so, under what circumstances?
>
> FTC staff will accept submissions through June 1, 2013, electronically
> through iot at ftc.gov <mailto:iot at ftc.gov> or in written form.  Paper
> submissions should be mailed or delivered to:  600 Pennsylvania Avenue
> N.W., Room H-113 (Annex B), Washington, DC 20580.  The FTC requests
> that any paper submissions be sent by courier or overnight service, if
> possible, because postal mail in the Washington area and at the
> Commission is subject to delay due to heightened security precautions.
> The Federal Trade Commission works for consumers to prevent
> fraudulent, deceptive, and unfair business practices and to provide
> information to help spot, stop, and avoid them. To file a complaint in
> English or Spanish, visit the FTC's online Complaint Assistant
> <https://www.ftccomplaintassistant.gov/> or call 1-877-FTC-HELP
> (1-877-382-4357 <tel:%281-877-382-4357>). The FTC enters complaints
> into Consumer Sentinel, a secure, online database available to more
> than 2,000 civil and criminal law enforcement agencies in the U.S. and
> abroad. The FTC's website provides free information on a variety of
> consumer topics <http://www.consumer.ftc.gov/>.  Like the FTC on
> Facebook <http://www.ftc.gov/leaving/facebook/index.shtml>, follow us
> on Twitter <http://www.ftc.gov/leaving/twitter/index.shtml>, and
> subscribe to press releases
> <https://www.ftc.gov/opa/subscribe.shtm#pr> for the latest FTC news
> and resources.
>
> MEDIA CONTACT:
>
> Jay Mayfield/
> /Office of Public Affairs//
> 202-326-2181 <tel:202-326-2181>
>
>  
>
> STAFF CONTACT:
>
> Karen Jagielski
> /Bureau of Consumer Protection/
> 202-326-2509 <tel:202-326-2509>
>
>  
>
>  
>
>  
>
>  
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________ LC mailing list
> LC at kantarainitiative.org <mailto:LC at kantarainitiative.org>
> http://kantarainitiative.org/mailman/listinfo/lc
>
>  
>
> _______________________________________________
> Trustees mailing list
> Trustees at kantarainitiative.org <mailto:Trustees at kantarainitiative.org>
> http://kantarainitiative.org/mailman/listinfo/trustees
>
>
>
>  
>
> -- 
> Nat Sakimura (=nat)
>
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en
>
>  
>
>
>
> _______________________________________________
> LC mailing list
> LC at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/lc


-- 
Heather Flanagan
Technical Program Coordinator
Kantara Initiative
Skype: hlflanagan
email: heather at kantarainitiative.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/lc/attachments/20130516/f0e82b42/attachment-0001.html 


More information about the LC mailing list