Hi Simon,
Thank you for sharing. The paper provides a very good overview. Here some rather personal comments:
I think the insurance use-case is very dangerous and I hope that laws prevent us from this scenario. This might endup in situations that “ill” persons do not get health insurances or jobs,
Because if these data are available they will be used. (when insurances use this for car insurances they want also use this for health insurance)
I think also the scenario that a shoe manufacturer can get data from my shoes should be discussed under different angels.
When I buy a shoe, all data belong to me (at least I see the world that way) The manufacture can ask me for it, has to pay for it in some form. The access control should stay always in my hand.
This should be a principles we should clearly promote.
Another thought is data minimization and also data transport minimization. Try to keep many data local or nearby. Not all decisions (e.g. in the heating scenario) have to made in the cloud.
Btw. our sales guys talked to many small companies. They don’t like to put their data in a cloud.
Just few thoughts J
Best Ingo
From: dg-idot-bounces@kantarainitiative.org [mailto:dg-idot-bounces@kantarainitiative.org] On Behalf Of Simon Moffatt
Sent: Dienstag, 24. März 2015 19:58
To: dg-idot@kantarainitiative.org
Subject: [DG-IDoT] ISSA Journal - IDoT: Security & Privacy Challenges
Hi group
This is a basic paper I had published in this months Information Systems Security Association Journal that focused on the privacy and security issues of the internet of things, with obviously a heavy lean on the identity of things.
Comments welcome :-)
Regards
Simon