Self attestation of things (Transcript of discussion)

Abstract

This is a picture of the Panopticon. I live in a world now, where everybody can observe me without me knowing when I am being observed and when not. So, that’s the threat model I’m primarily aiming at. Last year I was working for a large software company. They had an insurance company as their client. They were trying to get data on people out of the on-board diagnostics. Not only the speed, et cetera, to do pay-as-you-drive insurance, but also the location information from the on-board diagnostics. This is similar to the government U-turn on health privacy that we heard about from Ross. And most of the times, the software that lies in my car (or in my toaster) I do not own or control. It’s owned by the company who manufactured it. Like, the Jeeps that John Deere manufactures, they say that the software is owned by them. The user has no access, no control, nothing to do with it. But forensics is a important concern. If my car (or my toaster) happens to kill me, then the investigator should be able to find out exactly what happened when I was murdered.