From ah at v6x.org  Sat Jul 11 17:23:06 2020
From: ah at v6x.org (=?utf-8?Q?Andreas_H=C3=A4rpfer?=)
Date: Sat, 11 Jul 2020 17:23:06 +0200
Subject: [iot-wg] "Nutrition labels for IoT"
In-Reply-To: <25d0b3d8-0936-31ac-c9f0-50c431c8667b@ripe.net>
References: <25d0b3d8-0936-31ac-c9f0-50c431c8667b@ripe.net>
Message-ID: <D765C392-144D-4A10-8A15-288B9B06B653@v6x.org>


> On 11. Jun 2020, at 10:36, Vesna Manojlovic <BECHA at ripe.net> wrote:
> 
> from: https://pluralistic.net/2020/06/09/war-crimes/#iot
> 
> Nutrition labels for IoT
> 
> A group of CMU researchers just presented "What Should Be on an IoT
> Privacy and Security Label?" at the IEEE Symposium on Security &
> Privacy. They present a model for "privacy labels" to clarify the
> privacy implications of IoT gadgets.
[...]


Just came across a noteworthy remark regarding these nutrition labels
in RISKS 32.01 (http://catless.ncl.ac.uk/Risks/32.01#subj14):

>>>
From: "Keith Medcalf" <kmedcalf at dessus.com>
Subject: IoT Nutrition Labels

The major items missing from the "Nutrition Label" is whether or not the
"Thing" will still "Thing" when the "Internet" is not and never has been
present.

Without that information it is impossible for any rational decision to be made and one must assume that the "Thing" will not "Thing" and is therefore completely unsuitable for use.
>>>