[KI-LC] FTC IoT Request for Input - first draft for discussion

Joni Brennan joni at ieee-isto.org
Wed May 22 14:53:41 EDT 2013


Thanks Heather, to my knowledge we still did need this agenda item so thank
you for making sure we'll have the time to take it up.

Best Regards,
Joni


On Thu, May 16, 2013 at 10:57 AM, Heather Flanagan <
heather at kantarainitiative.org> wrote:

>  Hi Ingo (and LC)
>
> It looks like the FTC is accepting input through 1 June 2013.  I haven't
> seen any further discussion on the LC list at this point, so I would like
> to add it to the agenda for our next call on 22 May.  Any objections, or
> has this already been dealt with offline?
>
> Thanks!
> Heather
>
>
> On 5/15/13 4:20 AM, Ingo.Friese at telekom.de wrote:
>
>  Hi,****
>
> ** **
>
> I have been tried to compile few basic bullet points. Please have a look
> and feel free to comment and add.****
>
> ** **
>
> Btw: I’m not sure whether this is the right list to discuss this topic….if
> not please let me know****
>
> ** **
>
> ** **
>
> *FTC staff seeks input on the privacy and security implications of these
> developments.  *
>
> * *
>
> *What are the significant developments in services and products that make
> use of this connectivity (including prevalence and predictions)?*
>
> ** **
>
> The next important developments in the internet of things are overarching
> standards, frameworks and infrastructures (apart from the internet layer).
> ****
>
> Standardized interfaces and protocols enable the connection of now still
> rather isolated solutions. Various services can be combined to completely
> new eco-systems. ****
>
> Privacy and security risks will increase because knowledge about things or
> even knowledge about the existence of things and their identity will be
> exchanged much more extensive.****
>
> That’s why we think it needs an “Overall view”, standards and frameworks
> how to handle the identity of things.****
>
> And this brings also a big chance. If there is privacy ensured and secure
> way to let things, goods and objects communicate with each other or with
> human identities this enables myriads of new apps, services and business
> opportunities.****
>
> ** **
>
> *What are the various technologies that enable this connectivity (e.g.,
> RFID, barcodes, wired and wireless connections)?*
>
> ** **
>
> I’d like to add SIM cards. SIM cards enable connectivity and a secure
> element at the same time. While a barcode is readable for everyone SIM
> cards provide mechanisms to protect their information and allow just
> authorized parties to read information.****
>
> ** **
>
> *What types of companies make up the smart ecosystem?*
>
> *<ideas?...maybe we don not need to answer all questions>*
>
> * *
>
> *What are the current and future uses of smart technology? *
>
> ** **
>
> Healthcare, smart metering, logistics, manufacturing, security industry,
> retail etc.****
>
> ** **
>
> *How can consumers benefit from the technology? *
>
> ** **
>
> Consumers will benefit in many ways. They save time and money. Smart
> technology is going make life more convenient. ****
>
> Maybe it’s a good idea to bring examples from different ****
>
> ** **
>
> *What are the unique privacy and security concerns associated with smart
> technology and its data?  For example, how can companies implement security
> patching for smart devices?  What steps can be taken to prevent smart
> devices from becoming targets of or vectors for malware or adware?*
>
> ** **
>
> Apart from technical security mechanisms we see object identity specific
> privacy risks:****
>
> *<I took the basic points from Kenneth paper and applied it to objects>*
>
> An object is associated with the wrong identity information. This could
> lead to confusion of services up to severe errors. (e.g. results are taken
> from a wrong sensor)****
>
> Identity information about an object is inaccurate or out of date. (e.g.
> device cannot communicate anymore)****
>
> Identity information of an object is asserted by parties that are not
> considered as authoritative.(e.g. someone proofs that a certain device
> fulfills the requirements that is not entitled to)****
>
> Object Identity information may be used by someone other than its rightful
> owner or authorized (e.g. a burglar could request status information of a
> home-automation system in order to see if someone is at home)****
>
> ** **
>
> *How should privacy risks be weighed against potential societal benefits,
> such as the ability to generate better data to improve health-care decision
> making or to promote energy efficiency? Can and should de-identified data
> from smart devices be used for these purposes, and if so, under what
> circumstances?*
>
> ** **
>
> User consent is paramount in this case and makes life much easier in such
> kind of services. ****
>
> *<Maybe someone from our IAWG can help out here>*
>
> ****
>
> ** **
>
> *From:* jonibrennan at gmail.com [mailto:jonibrennan at gmail.com<jonibrennan at gmail.com>]
> *On Behalf Of *Joni Brennan
> *Sent:* Donnerstag, 9. Mai 2013 04:08
> *To:* Nat Sakimura
> *Cc:* Colin Wallis; Myisha Frazier Mcelveen; Friese, Ingo; Kantara
> Leadership Council Kantara; trustees at kantarainitiative.org
> *Subject:* Re: [BoT] [KI-LC] FTC IoT Request for Input****
>
> ** **
>
> I can help to edit with submissions from those who have indicated
> interest.  I also agree with Colin regarding a very short response would
> still be worth while even if not comprehensive.  This is something we could
> also push to the Kantara blog and perhaps further develop in the group Ingo
> is proposing.  ****
>
> Thank you for your comments. ****
>
> - Joni****
>
> ** **
>
> On Wed, May 8, 2013 at 12:30 AM, Nat Sakimura <sakimura at gmail.com> wrote:*
> ***
>
> +1 Anybody who wants to fill more is more than welcome, I suppose. ****
>
> ** **
>
> 2013/5/8 Colin Wallis <colin_wallis at hotmail.com>****
>
> Well, we have nothing to lose by simply making a very short submission
> with answers to the bullet points below.
> Even a short submission keeps us in the play.
> Ingo, if you could draft a basic response the bullet points, maybe some of
> use can add some bits or tidy up.
> Cheers
> Colin****
>  ------------------------------
>
> From: mfraziermcelveen at deloitte.com
> To: Ingo.Friese at telekom.de; joni at ieee-isto.org; LC at kantarainitiative.org;
> trustees at kantarainitiative.org
> Date: Tue, 7 May 2013 12:33:20 +0000
> Subject: Re: [KI-LC] FTC IoT Request for Input****
>
> I would agree.  I would also think that the IAWG (since now the privacy
> assessment criteria have been moved under our auspices) should participate
> as well.  But I would agree with the assessment of understanding what’s
> required in order to respond.  ****
>
>  ****
>
> Sincerely,****
>
> Myisha****
>
> * *****
>
> *Myisha Frazier-McElveen*****
>
> Manager | Technology Risk****
>
> Deloitte and Touche LLP****
>
> Tel/Direct: +571 -814-6619 | Mobile: +1 571-814-0911****
>
> mfraziermcelveen at deloitte.com | www.deloitte.com ****
>
>  ****
>
>  ****
>
> Please consider the environment before printing. ****
>
>  ****
>
> ** **
>
>  ****
>
> ** **
>
> This message (including any attachments) contains confidential information
> intended for a specific individual and purpose, and is protected by law. If
> you are not the intended recipient, you should delete this message and any
> disclosure, copying, or distribution of this message, or the taking of any
> action based on it, by you is strictly prohibited.
> v.E.1
>
> ****
>
>  ****
>
> *From:* lc-bounces at kantarainitiative.org [mailto:
> lc-bounces at kantarainitiative.org] *On Behalf Of *Ingo.Friese at telekom.de
> *Sent:* Tuesday, May 07, 2013 8:26 AM
> *To:* joni at ieee-isto.org; LC at kantarainitiative.org;
> trustees at kantarainitiative.org
> *Subject:* Re: [KI-LC] FTC IoT Request for Input****
>
>  ****
>
> Hi Joni,****
>
>  ****
>
> We should comment or submit something to this workshop. Because a lot of
> these questions fall into the area of the intended WG (Identites of
> Things/Object Identity). But if we have to write a full blown conference
> paper I’m a bit skeptical about the 1st of June. Maybe it’s a bit too
> early for us.****
>
>  ****
>
> Ingo****
>
>  ****
>
> *From:* lc-bounces at kantarainitiative.org [
> mailto:lc-bounces at kantarainitiative.org <lc-bounces at kantarainitiative.org>]
> *On Behalf Of *Joni Brennan
> *Sent:* Freitag, 3. Mai 2013 21:48
> *To:* LC at kantarainitiative.org; trustees at kantarainitiative.org
> *Subject:* [KI-LC] FTC IoT Request for Input****
>
>  ****
>
> Dear Trustees and LC,
>
> I would like to understand if Kantara would seek to respond to this event
> on IoT from the FTC planned for Nov 21.  The last day to respond is June 1
> so there is not much time if we'd like to take part.  ****
>
> - Best Regards****
>
> Joni ****
>
>
> http://www.ftc.gov/opa/2013/04/internetthings.shtm****
> FTC Seeks Input on Privacy and Security Implications of the Internet of
> Things**** Commission Staff to Conduct Workshop on Nov. 21****
>
> The staff of the Federal Trade Commission is interested in the consumer
> privacy and security issues posed by the growing connectivity of consumer
> devices, such as cars, appliances, and medical devices, and invites
> comments on these issues in advance of a public workshop to be held on
> November 21, 2013 in Washington, D.C.
> The ability of everyday devices to communicate with each other and with
> people is becoming more prevalent and often is referred to as “The Internet
> of Things.”  Consumers already are able to use their mobile phones to open
> their car doors, turn off their home lights, adjust their thermostats, and
> have their vital signs, such as blood pressure, EKG, and blood sugar
> levels, remotely monitored by their physicians. In the not too distant
> future, consumers approaching a grocery store might receive messages from
> their refrigerator reminding them that they are running out of milk.
> Connected devices can communicate with consumers, transmit data back to
> companies, and compile data for third parties such as researchers, health
> care providers, or even other consumers, who can measure how their product
> usage compares with that of their neighbors.  The devices can provide
> important benefits to consumers:  they can handle tasks on a consumer’s
> behalf, improve efficiency, and enable consumers to control elements of
> their home or work environment from a distance. At the same time, the data
> collection and sharing that smart devices and greater connectivity enable
> pose privacy and security risks.
> FTC staff seeks input on the privacy and security implications of these
> developments.  For example:****
>
>    - What are the significant developments in services and products that
>    make use of this connectivity (including prevalence and predictions)? *
>    ***
>    - What are the various technologies that enable this connectivity
>    (e.g., RFID, barcodes, wired and wireless connections)?****
>    - What types of companies make up the smart ecosystem?****
>    - What are the current and future uses of smart technology? ****
>    - How can consumers benefit from the technology? ****
>    - What are the unique privacy and security concerns associated with
>    smart technology and its data?  For example, how can companies implement
>    security patching for smart devices?  What steps can be taken to prevent
>    smart devices from becoming targets of or vectors for malware or adware?
>    ****
>    - How should privacy risks be weighed against potential societal
>    benefits, such as the ability to generate better data to improve
>    health-care decisionmaking or to promote energy efficiency? Can and should
>    de-identified data from smart devices be used for these purposes, and if
>    so, under what circumstances? ****
>
> FTC staff will accept submissions through June 1, 2013, electronically
> through iot at ftc.gov or in written form.  Paper submissions should be
> mailed or delivered to:  600 Pennsylvania Avenue N.W., Room H-113 (Annex
> B), Washington, DC 20580.  The FTC requests that any paper submissions be
> sent by courier or overnight service, if possible, because postal mail in
> the Washington area and at the Commission is subject to delay due to
> heightened security precautions.
> The Federal Trade Commission works for consumers to prevent fraudulent,
> deceptive, and unfair business practices and to provide information to help
> spot, stop, and avoid them. To file a complaint in English or Spanish,
> visit the FTC's online Complaint Assistant<https://www.ftccomplaintassistant.gov/>or call 1-877-FTC-HELP
> (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a
> secure, online database available to more than 2,000 civil and criminal law
> enforcement agencies in the U.S. and abroad. The FTC’s website provides free
> information on a variety of consumer topics <http://www.consumer.ftc.gov/>.
> Like the FTC on Facebook <http://www.ftc.gov/leaving/facebook/index.shtml>,
> follow us on Twitter <http://www.ftc.gov/leaving/twitter/index.shtml>,
> and subscribe to press releases<https://www.ftc.gov/opa/subscribe.shtm#pr>for the latest FTC news and resources.
> ****
>
> MEDIA CONTACT: ****
>
> Jay Mayfield*
> Office of Public Affairs*
> 202-326-2181****
>
>  ****
>
> STAFF CONTACT:****
>
> Karen Jagielski
> *Bureau of Consumer Protection*
> 202-326-2509****
>
>  ****
>
> ** **
>
>  ****
>
>  ****
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________ LC mailing list
> LC at kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/lc*
> ***
>
> ** **
>
> _______________________________________________
> Trustees mailing list
> Trustees at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/trustees****
>
>
>
> ****
>
> ** **
>
> --
> Nat Sakimura (=nat)****
>
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en****
>
> ** **
>
>
> _______________________________________________
> LC mailing listLC at kantarainitiative.orghttp://kantarainitiative.org/mailman/listinfo/lc
>
>
>
> --
> Heather Flanagan
> Technical Program Coordinator
> Kantara Initiative
> Skype: hlflanagan
> email: heather at kantarainitiative.org
>
>
> _______________________________________________
> LC mailing list
> LC at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/lc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/lc/attachments/20130522/a0475cc6/attachment-0001.html 


More information about the LC mailing list