Privacy Etc. Nov 08

8/9/2019 Privacy Etc. Nov 08

http://slidepdf.com/reader/full/privacy-etc-nov-08 1/20

Privacy, Security & Governance

David Armstrong

CASAGRAS Open Seminar

1st December 2008





Radio providing the means of wireless

interrogation, communication and transfer of data

or information.

Frequency defined spectrum for operating RFID

devices, low, high, ultra high and microwave,

each with distinguishing characteristics.

Identification of items by means of codes

contained in a memory-based data carrier andaccessed by radio interrogation.

Radio Frequency Identification

Reader Tag

Host

Information

Management

System

Item

3



Nature of RFID Technologies RFID is an application of object connected data

carrier technology with attributes that arecomplementary to other machine-readable datacarrier technologies.

RFID technologies offer the potential for radical process

improvement characterised by tens of percent improvement and

fast return on investment.

RFID technologies provide strong potential for improvingefficiency, productivity and/or competitiveness.

RFID market increasing significantly, yielding lower costs and

higher performance.

4



RFID is a category of Automatic Identification & DataCapture (AIDC) Technologies

Full Matrix

Dot Codes

Linear

Feature Extraction Technologies

(Vision, Speech recognition & Biometric Systems)Data Carrier Technologies

Electronic StorageMagnetic StorageOptical Storage

RFID

Transponder Touch

Memory

MagneticStripe

MICR

Stacked (or

multirow)

Optical

Character

Recognition

(OCR)

Optical

Mark

Reading(OMR)

Matrix

CodesBar

CodeSmart

Card

Memory

Card

Optical

Memory

(magneto-

optic)

Magnetic

Resonance Chargeinjection

Composites

Codes

Contactless

Smart Card

5



RFID also supports Contactless Smart Cards

RFID is found in a range of card-based

structures, from basic card-based tags to dual

entry smart cards

Supported by ISO standards* for contactless

smarts cards.

High frequency technology has been primarily

applied in card-based technology.

Important in applications for reusable accesscontrol and transactions.

6



European Commission ConsultationProcess on RFID (2006)

The review process revealed that 61% of respondents believed that the publicwere not sufficiently informed about or aware of RFID. It also revealed privacyto be the biggest concern.

7



Some responses

Kill Function

De-activation

Federal Legislation

Lobbying

Negative PR

Uninformed Comment

8



RFID 1.0 RFID 2.0Supply Chain to Product Life Cycle Management

Intelligent Barcode

Static

Single Purpose

One Access Point

Auto ID

Limited Security

Use in Supply Chain

RFID is a Computer

Dynamic

Context Aware

Multiple Access Points

Collaborative Usage

Rich Security

Use in Full Product Life

Cycle9



Existing & Proposed RFID Guidelines

Europe - EC Directive 95/46/EC (in the EUthe Privacy Directive is mandatory, which

means regulatory) USA - e.g. Center for Democracy &Technology

Japan - Guidelines for Privacy Protection(MIC and METI)

10





DESIGN FOR:

User Acceptance Legislative Conformance and Governance

Protection against Abuse from Potential Attackers

Performance

A Standard for Privacy Design

12



Collection Limitation

Data Quality Purpose Specification

Use Limitation

Security Safeguards

Openness Individual Participation

Accountability

Principles for Privacy Design

13



Multiple Issues

Multiple Constituencies

Multiple Arenas & Backgrounds

Governace & Politics

14



The Way Forward

?

15



Physical Materials

Components and sub-assemblies

Products

Containers

Physical carriers

People

Locations

Documents and other forms information carrier

«««.virtually anything tangible that is part of a business

process. This is the opportunity«««

RFID is about identifying and handlingItems«

16



Designers, Manufacturers and users of RFIDtechnology should address the privacy and security

issues as part of its original design. Rather than

retrofitting RFID systems to respond to privacy and

security issues, it is much preferable that security

should be designed in from the beginning.

Notice - Choice & Consent - Onward Transfer -

Access - Security

Privacy & Security as

Primary Design Requirements

17



Ideally, there should be no secret RFID tags or readers.Use of RFID technology should be as transparent as

possible and consumers should know about such

implementation and usage as they engage in any

transaction that involves an RFID system.

But««

Consumer Transparency

18



RFID technology, in and of itself, does not impose

threats to privacy. Privacy breaches occur when

RFID, like any technology, is deployed in a way that is

not consistent with responsible management

practices that foster sound privacy protection

Technology Neutrality

19



Thank You