Re: Faraday cages...
On Aug 10, 2013, at 10:52 AM, Scott Kitterman wrote: > Unless you're checking identification provided by sources all agree are > trustworthy, you've done nothing of the sort. You may be able to attach an > unverified identifier to a group of statements, but there's still no firm > connection to identity (I'm not arguing in favor of one, but it seems a bit > silly to expend resources to protect against something you aren't actually > protecting against). I think you misunderstand the threat model.
Re: Faraday cages...
On Friday, August 09, 2013 09:39:12 Ted Lemon wrote: > On Aug 8, 2013, at 9:05 PM, Keith Moore wrote: > > Would being able to reliably know exactly who said everything that was > > said in a WG meeting visibly improve the quality of our standards? If > > the answer is not a clear "yes" (and I don't think it is) then I suggest > > that this topic is a distraction. > If you mean will it improve what is written on the page, probably not. > Will it decrease the likelihood of someone participating without > identifying themself, and then violating the IPR rules? Possibly. > > AFAIK that's why we do it. Not so much because it is an iron-clad > preventative, but because it to some degree removes the illusion of > anonymity that might tempt someone to do something like that, or just be > careless about it. Unless you're checking identification provided by sources all agree are trustworthy, you've done nothing of the sort. You may be able to attach an unverified identifier to a group of statements, but there's still no firm connection to identity (I'm not arguing in favor of one, but it seems a bit silly to expend resources to protect against something you aren't actually protecting against). Scott K
Re: Faraday cages...
On 08/09/2013 09:39 AM, Ted Lemon wrote: On Aug 8, 2013, at 9:05 PM, Keith Moore wrote: Would being able to reliably know exactly who said everything that was said in a WG meeting visibly improve the quality of our standards? If the answer is not a clear "yes" (and I don't think it is) then I suggest that this topic is a distraction. If you mean will it improve what is written on the page, probably not. Will it decrease the likelihood of someone participating without identifying themself, and then violating the IPR rules? Possibly. AFAIK that's why we do it. Not so much because it is an iron-clad preventative, but because it to some degree removes the illusion of anonymity that might tempt someone to do something like that, or just be careless about it. If it's that important to catch people violating the IPR rules, perhaps we need to hire a court reporter for every WG meeting, and not rely on volunteer Jabber scribes to accurately capture what is said and who said it. Keith
Re: Faraday cages...
On Aug 8, 2013, at 9:05 PM, Keith Moore wrote: > Would being able to reliably know exactly who said everything that was said > in a WG meeting visibly improve the quality of our standards? If the answer > is not a clear "yes" (and I don't think it is) then I suggest that this topic > is a distraction. If you mean will it improve what is written on the page, probably not. Will it decrease the likelihood of someone participating without identifying themself, and then violating the IPR rules? Possibly. AFAIK that's why we do it. Not so much because it is an iron-clad preventative, but because it to some degree removes the illusion of anonymity that might tempt someone to do something like that, or just be careless about it.
Re: Faraday cages...
In message , George Michaelson writes: > > When next you walk into a target or big W, ask to see the conditions of > entry. Along with implied consent to have your bags checked at any time, > you have probably given consent to be video'ed and tracked at their behest. > The poster is on the wall somewhere usually. Your statutory rights cannot > be abrogated but equally, the grey areas have been 'informed'. You expect to video'ed and bag checked for stock loss prevention. There is no implied consent for anything else. You don't need to track mobile phones for stock loss prevention. > BT tracking inside the store is passive collection of data you are > radiating. The store's use of the BT location and timing of presence > against shelves is private information of immense value to them. They share > it for mutual benefit with suppliers, or for money. I doubt they give much > away. > > The large international scroogle rhyming company was compiling third party > uses of the data to inform location as a service, and were not solely > collecting information inside their own physical territory you entered, > with implied consent: they were harvesting data in the public space and > then providing insight into that data into the public space. > > They relate because its harvesting RF. They don't relate in much else to my > mind. The main difference is the levels of encryption used in the two standards. For WiFi there are still a large percentage of networks sending in the clear. For BlueTooth there were no non-encrypted channels in the base spec (1.0) support for them was added in 1.1 [1]. With BlueTooth you get presence. With WiFi you get presence + data Mark [1] http://en.wikipedia.org/wiki/Bluetooth#Bluetooth_v1.1 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: Faraday cages...
On Fri, Aug 9, 2013 at 11:05 AM, Keith Moore wrote: > > Would being able to reliably know exactly who said everything that was > said in a WG meeting visibly improve the quality of our standards? If the > answer is not a clear "yes" (and I don't think it is) then I suggest that > this topic is a distraction. > > Keith > > With this I heartily agree. I think there is nothing to see here which will really make much difference, or cannot be solved in other ways after the event anyway. The problem is not one which technology can solve, because the problem isn't that kind of problem.
Re: Faraday cages...
On 08/08/2013 08:48 PM, Phillip Hallam-Baker wrote: Barcodes have the potential to work really well and require almost no change from current practice. Except that current practice is broken anyway and we desperately need to change it, not add more mechanisms to reinforce continued use of it. Actually I think all of this emphasis on being able to reliably identify every speaker is a bit beside the point. With rare exceptions, who is speaking is not nearly as relevant as what is being said. Of course there are times when it's important or useful to know who is speaking - say if it's an AD, or the document author/editor, or a person with whom there needs to be a followup discussion. But when we find ourselves working so hard to make sure that we can reliably identify every speaker (and perhaps also to exclude anonymous / pseudonymous input), maybe that's a distraction. Maybe we should instead be concentrating on how to make sure that our standards have been written in light of a wide degree of input about requirements, are technically sound, and have enjoyed thorough review. Would being able to reliably know exactly who said everything that was said in a WG meeting visibly improve the quality of our standards? If the answer is not a clear "yes" (and I don't think it is) then I suggest that this topic is a distraction. Keith
Re: Faraday cages...
Philip, I'm not disagreeing. I responded to Keith's mail relating what we do to what was done harvesting WiFi. Like the store, we're in a room. we're in a world of implied and actual consent (you do actually have to give some consents when you register for IETF) -G On Fri, Aug 9, 2013 at 10:48 AM, Phillip Hallam-Baker wrote: > On Thu, Aug 8, 2013 at 8:31 PM, George Michaelson wrote: > >> When next you walk into a target or big W, ask to see the conditions of >> entry. Along with implied consent to have your bags checked at any time, >> you have probably given consent to be video'ed and tracked at their behest. >> The poster is on the wall somewhere usually. Your statutory rights cannot >> be abrogated but equally, the grey areas have been 'informed'. >> > > The efficacy of such notices has not been tested in court and when they > are tested it is likely to cost the target about $2 million+ in legal fees. > > Since the IETF meets around the world the last thing we need is to spend > time checking the legality of the badge at the mic system. And even though > the IETF is not likely to be a target, I would hate to have some of the > less popular with governments organizations I am involved in copy what the > IETF does and then find themselves being targeted with a selective > prosecution. > > Barcodes have the potential to work really well and require almost no > change from current practice. The only downside to a barcode is that they > are slightly easier to forge. Though in the IETF context, forgery would > likely consist of people copying other people's badges for fun rather than > to avoid paying. > > > -- > Website: http://hallambaker.com/ >
Re: Faraday cages...
On Thu, Aug 8, 2013 at 8:31 PM, George Michaelson wrote: > When next you walk into a target or big W, ask to see the conditions of > entry. Along with implied consent to have your bags checked at any time, > you have probably given consent to be video'ed and tracked at their behest. > The poster is on the wall somewhere usually. Your statutory rights cannot > be abrogated but equally, the grey areas have been 'informed'. > The efficacy of such notices has not been tested in court and when they are tested it is likely to cost the target about $2 million+ in legal fees. Since the IETF meets around the world the last thing we need is to spend time checking the legality of the badge at the mic system. And even though the IETF is not likely to be a target, I would hate to have some of the less popular with governments organizations I am involved in copy what the IETF does and then find themselves being targeted with a selective prosecution. Barcodes have the potential to work really well and require almost no change from current practice. The only downside to a barcode is that they are slightly easier to forge. Though in the IETF context, forgery would likely consist of people copying other people's badges for fun rather than to avoid paying. -- Website: http://hallambaker.com/
Re: Faraday cages...
When next you walk into a target or big W, ask to see the conditions of entry. Along with implied consent to have your bags checked at any time, you have probably given consent to be video'ed and tracked at their behest. The poster is on the wall somewhere usually. Your statutory rights cannot be abrogated but equally, the grey areas have been 'informed'. BT tracking inside the store is passive collection of data you are radiating. The store's use of the BT location and timing of presence against shelves is private information of immense value to them. They share it for mutual benefit with suppliers, or for money. I doubt they give much away. The large international scroogle rhyming company was compiling third party uses of the data to inform location as a service, and were not solely collecting information inside their own physical territory you entered, with implied consent: they were harvesting data in the public space and then providing insight into that data into the public space. They relate because its harvesting RF. They don't relate in much else to my mind. -G On Fri, Aug 9, 2013 at 10:22 AM, Keith Moore wrote: > On 08/08/2013 07:41 PM, Phillip Hallam-Baker wrote: > >> Hmmm didn't a certain large company whose name rhymes with scroogle >> recently get whacked with a huge fine for violating privacy in a similar >> manner in the EU? >> > > The rules are different for large companies with funny names. > > Keith > >
Re: Faraday cages...
On 08/08/2013 07:41 PM, Phillip Hallam-Baker wrote: Hmmm didn't a certain large company whose name rhymes with scroogle recently get whacked with a huge fine for violating privacy in a similar manner in the EU? The rules are different for large companies with funny names. Keith
Re: Faraday cages...
Hmmm didn't a certain large company whose name rhymes with scroogle recently get whacked with a huge fine for violating privacy in a similar manner in the EU? Like you say, must be just fine it says so on the net. On Thu, Aug 8, 2013 at 4:52 PM, Christian Huitema wrote: > > >> Why bother with RFID tags, or badges? Simply register with your cell > phone. We can then scan your Wi-Fi and Blue-Tooth signals when you approach > the mic. > >> > >> -- Christian Huitema > >> > >> 'Simply' > >> > >> What is this simple technology of which you speak? I find that the best > we can do with electronic systems is about 99% and that takes a huge amount > of effort. I have a whole drawerful of bluetooth headsets and thats where > they will stay because none of them works well enough to be useful. > > > > I am fairly sure Christian was being ironic. > > :-) > > I was. On the other hand, there are systems out there that will, for > example, track customers as they move in a shop. They do that by listening > to the Bluetooth radios. They definitely do not requests the customers to > install an application or pair their devices. An extract form a research > paper on the subject ( > http://www.gim-international.com/issues/articles/id1443-Bluetooth_Tracking.html) > asserts that "Bluetooth tracking on the basis of MAC addresses does not > violate privacy law. In fact, it simply makes use of a general Bluetooth > function: scanning for nearby devices. Everyone is free to use this > function, for instance when turning on a mobile phone in a public place." > So it must be just fine. > > -- Christian Huitema > > > > > -- Website: http://hallambaker.com/
RE: Faraday cages...
>> Why bother with RFID tags, or badges? Simply register with your cell phone. >> We can then scan your Wi-Fi and Blue-Tooth signals when you approach the mic. >> >> -- Christian Huitema >> >> 'Simply' >> >> What is this simple technology of which you speak? I find that the best we >> can do with electronic systems is about 99% and that takes a huge amount of >> effort. I have a whole drawerful of bluetooth headsets and thats where they >> will stay because none of them works well enough to be useful. > > I am fairly sure Christian was being ironic. :-) I was. On the other hand, there are systems out there that will, for example, track customers as they move in a shop. They do that by listening to the Bluetooth radios. They definitely do not requests the customers to install an application or pair their devices. An extract form a research paper on the subject (http://www.gim-international.com/issues/articles/id1443-Bluetooth_Tracking.html) asserts that "Bluetooth tracking on the basis of MAC addresses does not violate privacy law. In fact, it simply makes use of a general Bluetooth function: scanning for nearby devices. Everyone is free to use this function, for instance when turning on a mobile phone in a public place." So it must be just fine. -- Christian Huitema
Re: Faraday cages...
On Aug 8, 2013, at 1:47 PM, Phillip Hallam-Baker wrote: > Why bother with RFID tags, or badges? Simply register with your cell phone. > We can then scan your Wi-Fi and Blue-Tooth signals when you approach the mic. > > -- Christian Huitema > > 'Simply' > > What is this simple technology of which you speak? I find that the best we > can do with electronic systems is about 99% and that takes a huge amount of > effort. I have a whole drawerful of bluetooth headsets and thats where they > will stay because none of them works well enough to be useful. I am fairly sure Christian was being ironic.
Re: Faraday cages...
On Wed, Aug 7, 2013 at 8:17 PM, Christian Huitema wrote: > >> Unless we adopt the WIDE practice where the tag is re-used from > >> meeting to meeting. It's an elegant solution, and not that different > >> from the reason I own a complete set of Suica, Pasmo, ICOCA, PASPY and > >> London Oyster cards. > > > > That is where I was going with that remark, yes. :) > > Why bother with RFID tags, or badges? Simply register with your cell > phone. We can then scan your Wi-Fi and Blue-Tooth signals when you approach > the mic. > > -- Christian Huitema > 'Simply' What is this simple technology of which you speak? I find that the best we can do with electronic systems is about 99% and that takes a huge amount of effort. I have a whole drawerful of bluetooth headsets and thats where they will stay because none of them works well enough to be useful. I have the whole Apple/Nest/Sonos/Windows/etc suite in the house. The UI sucks because my phone takes about 45 seconds to context switch to a new applet. Often it takes a lot longer as the applet begs to be updated for no particular reason. If we want to do simple then use a BARCODE. A webcam is cheaper and easier to come by than wireless scanning devices. They are just as reliable and there is only one device with a source of power involved. We could easily add QR codes to the front and rear of the badges. A side benefit would be that we also equip ourselves for showing video of people at the mic at the same time (should that prove desirable). No privacy issues, much more robust. It even deals with the issue I have occasionally had where I have had a plane delay and gone straight from the airport to a WG meeting before picking up my badge. Rare exceptions like that are easy to declare, just state it in advance at the mic. I doubt the RFID cars and the associated readers will work as well. Trying to reuse my cell phone is an exercise in the crazy. -- Website: http://hallambaker.com/
RE: Faraday cages...
Why bother with RFID tags, or badges? Simply register with your cell phone. We can then scan your Wi-Fi and Blue-Tooth signals when you approach the mic. You must not have seen my cell phone. Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY "I dropped the toothpaste", said Tom, crestfallenly.
Re: Faraday cages...
What we tried for our experiment was simple: you turn in your RFID card at the end of the meeting, and it is randomly re-used for the next one, i.e., a new number is assigned each meeting. Unfortunately, we only got a relatively small fraction of RFID badges back, if I recall correctly, as people presumably forgot to turn them in. On Aug 7, 2013, at 1:28 PM, Ted Lemon wrote: > On Aug 7, 2013, at 1:24 PM, Scott Brim wrote: >> I keep my passport in a "cage" when I'm not handing it to someone. >> I'm not concerned about my phone. > > Likewise. The point being, handing everyone in IETF an RFID tag probably > doesn't have new privacy implications for most of them, and giving them a > faraday cage, as was done in Hiroshima, addresses the remaining implications > for those people who do not carry powered-on cell phones or laptops for > privacy reasons. If you carry a powered on cell phone, I don't think you > can argue that carrying an RFID tag with a simple number in it makes things > any worse. > > Actually, the main argument I'd make against IETF RFID tags is that it's more > plastic to throw out. > >
Re: Faraday cages...
As far as I know, the simple metallically-coated anti-static plastic bag that's provided with EZPass (and similar electronic toll systems) is quite effective and very cheap. Aluminum foil will also do in a pinch. On Aug 7, 2013, at 2:01 PM, Scott Kitterman wrote: > On Wednesday, August 07, 2013 13:43:06 Joe Abley wrote: >> On 2013-08-07, at 13:28, Ted Lemon wrote: >>> [...] I don't think you can argue that carrying an RFID tag with a simple >>> number in it makes things any worse. >> That sounds right. >> >> The purpose of the badge is to dilute your personal privacy and announce >> your identity to those close enough to see. You can't always tell who is >> looking at your badge. People who see your badge in more than one place can >> infer that you have moved between places. If you don't want people to see >> your badge, you can take it off. > > In RFID terms, that's what the Faraday cage is for. > >> The privacy concerns with badges seem very similar to the privacy concerns >> of carrying RFID tags. >> >> I do not hear a lot of expressed concern about wearing a badge. > > It's more common to have a pocket available than a Faraday cage. > > Scott K > >
RE: Faraday cages...
>> Unless we adopt the WIDE practice where the tag is re-used from >> meeting to meeting. It's an elegant solution, and not that different >> from the reason I own a complete set of Suica, Pasmo, ICOCA, PASPY and >> London Oyster cards. > > That is where I was going with that remark, yes. :) Why bother with RFID tags, or badges? Simply register with your cell phone. We can then scan your Wi-Fi and Blue-Tooth signals when you approach the mic. -- Christian Huitema
Re: Faraday cages...
On Aug 7, 2013, at 4:30 PM, Ole Jacobsen wrote: > Unless we adopt the WIDE practice where the tag is re-used from > meeting to meeting. It's an elegant solution, and not that different > from the reason I own a complete set of Suica, Pasmo, ICOCA, PASPY > and London Oyster cards. That is where I was going with that remark, yes. :)
Re: Faraday cages...
On Wed, 7 Aug 2013, Ted Lemon wrote: > Actually, the main argument I'd make against IETF RFID tags is that > it's more plastic to throw out. > Unless we adopt the WIDE practice where the tag is re-used from meeting to meeting. It's an elegant solution, and not that different from the reason I own a complete set of Suica, Pasmo, ICOCA, PASPY and London Oyster cards. Ole
Re: Faraday cages...
On Wed, Aug 7, 2013 at 1:24 PM, Scott Brim wrote: > On Wed, Aug 7, 2013 at 12:26 PM, Chris Elliott wrote: >> My wallet supposedly has a RFID-blocking layer, but I've not actually tested >> it. I think the only RFID-capable thing in my wallet is my US passport. > > Take a look at what's in your passport with an NFC tool. For example, > you can retrieve the photo. for US passports it seems you have to scan the inside of the back cover, scanning from the outside doesn't find/activate the rfid token, yes? You also need to generate the key material to access the data (DOB + expiry date of passport + passport number?) > I keep my passport in a "cage" when I'm not handing it to someone. > I'm not concerned about my phone. it seems like simply not waving the passport around open is close to good enough? I recall seeing a blackhat/something-or-other demo with a briefcase that'd read the token though? perhaps with enough wattage you can burn through the rf shield in the cover?
Re: Faraday cages...
I hope the RFID badges transmit (optional) pictures as well, so when I harvest them I can use them to associate names with faces.
Re: Faraday cages...
On Wednesday, August 07, 2013 13:43:06 Joe Abley wrote: > On 2013-08-07, at 13:28, Ted Lemon wrote: > > [...] I don't think you can argue that carrying an RFID tag with a simple > > number in it makes things any worse. > That sounds right. > > The purpose of the badge is to dilute your personal privacy and announce > your identity to those close enough to see. You can't always tell who is > looking at your badge. People who see your badge in more than one place can > infer that you have moved between places. If you don't want people to see > your badge, you can take it off. In RFID terms, that's what the Faraday cage is for. > The privacy concerns with badges seem very similar to the privacy concerns > of carrying RFID tags. > > I do not hear a lot of expressed concern about wearing a badge. It's more common to have a pocket available than a Faraday cage. Scott K
Re: Faraday cages...
On 2013-08-07, at 13:28, Ted Lemon wrote: > [...] I don't think you can argue that carrying an RFID tag with a simple > number in it makes things any worse. That sounds right. The purpose of the badge is to dilute your personal privacy and announce your identity to those close enough to see. You can't always tell who is looking at your badge. People who see your badge in more than one place can infer that you have moved between places. If you don't want people to see your badge, you can take it off. The privacy concerns with badges seem very similar to the privacy concerns of carrying RFID tags. I do not hear a lot of expressed concern about wearing a badge. Joe
Re: Faraday cages...
On Aug 7, 2013, at 1:24 PM, Scott Brim wrote: > I keep my passport in a "cage" when I'm not handing it to someone. > I'm not concerned about my phone. Likewise. The point being, handing everyone in IETF an RFID tag probably doesn't have new privacy implications for most of them, and giving them a faraday cage, as was done in Hiroshima, addresses the remaining implications for those people who do not carry powered-on cell phones or laptops for privacy reasons. If you carry a powered on cell phone, I don't think you can argue that carrying an RFID tag with a simple number in it makes things any worse. Actually, the main argument I'd make against IETF RFID tags is that it's more plastic to throw out.
Re: Faraday cages...
On Wed, Aug 7, 2013 at 12:26 PM, Chris Elliott wrote: > My wallet supposedly has a RFID-blocking layer, but I've not actually tested > it. I think the only RFID-capable thing in my wallet is my US passport. Take a look at what's in your passport with an NFC tool. For example, you can retrieve the photo. I keep my passport in a "cage" when I'm not handing it to someone. I'm not concerned about my phone.
Re: Faraday cages...
My wallet supposedly has a RFID-blocking layer, but I've not actually tested it. I think the only RFID-capable thing in my wallet is my US passport. I used my cell phone in Berlin extensively, both roaming and on wifi, obviously, so both radios were active for most of the time I was there. Clearly, I'm not as para^G^G^G^Gconcerned about being tracked or hacked as some others. Chris. On Wed, Aug 7, 2013 at 11:16 AM, Ted Lemon wrote: > Dare I ask how many IETFers also kept their cell phones in faraday cages > for the duration of the conference? > > -- Chris Elliott chell...@pobox.com