Privacy Etc. Nov 08
Transcript of Privacy Etc. Nov 08
8/9/2019 Privacy Etc. Nov 08
http://slidepdf.com/reader/full/privacy-etc-nov-08 1/20
Privacy, Security & Governance
David Armstrong
CASAGRAS Open Seminar
1st December 2008
8/9/2019 Privacy Etc. Nov 08
http://slidepdf.com/reader/full/privacy-etc-nov-08 2/20
8/9/2019 Privacy Etc. Nov 08
http://slidepdf.com/reader/full/privacy-etc-nov-08 3/20
Radio providing the means of wireless
interrogation, communication and transfer of data
or information.
Frequency defined spectrum for operating RFID
devices, low, high, ultra high and microwave,
each with distinguishing characteristics.
Identification of items by means of codes
contained in a memory-based data carrier andaccessed by radio interrogation.
Radio Frequency Identification
Reader Tag
Host
Information
Management
System
Item
3
8/9/2019 Privacy Etc. Nov 08
http://slidepdf.com/reader/full/privacy-etc-nov-08 4/20
Nature of RFID Technologies RFID is an application of object connected data
carrier technology with attributes that arecomplementary to other machine-readable datacarrier technologies.
RFID technologies offer the potential for radical process
improvement characterised by tens of percent improvement and
fast return on investment.
RFID technologies provide strong potential for improvingefficiency, productivity and/or competitiveness.
RFID market increasing significantly, yielding lower costs and
higher performance.
4
8/9/2019 Privacy Etc. Nov 08
http://slidepdf.com/reader/full/privacy-etc-nov-08 5/20
RFID is a category of Automatic Identification & DataCapture (AIDC) Technologies
Full Matrix
Dot Codes
Linear
Feature Extraction Technologies
(Vision, Speech recognition & Biometric Systems)Data Carrier Technologies
Electronic StorageMagnetic StorageOptical Storage
RFID
Transponder Touch
Memory
MagneticStripe
MICR
Stacked (or
multirow)
Optical
Character
Recognition
(OCR)
Optical
Mark
Reading(OMR)
Matrix
CodesBar
CodeSmart
Card
Memory
Card
Optical
Memory
(magneto-
optic)
Magnetic
Resonance Chargeinjection
Composites
Codes
Contactless
Smart Card
5
8/9/2019 Privacy Etc. Nov 08
http://slidepdf.com/reader/full/privacy-etc-nov-08 6/20
RFID also supports Contactless Smart Cards
RFID is found in a range of card-based
structures, from basic card-based tags to dual
entry smart cards
Supported by ISO standards* for contactless
smarts cards.
High frequency technology has been primarily
applied in card-based technology.
Important in applications for reusable accesscontrol and transactions.
6
8/9/2019 Privacy Etc. Nov 08
http://slidepdf.com/reader/full/privacy-etc-nov-08 7/20
European Commission ConsultationProcess on RFID (2006)
The review process revealed that 61% of respondents believed that the publicwere not sufficiently informed about or aware of RFID. It also revealed privacyto be the biggest concern.
7
8/9/2019 Privacy Etc. Nov 08
http://slidepdf.com/reader/full/privacy-etc-nov-08 8/20
Some responses
Kill Function
De-activation
Federal Legislation
Lobbying
Negative PR
Uninformed Comment
8
8/9/2019 Privacy Etc. Nov 08
http://slidepdf.com/reader/full/privacy-etc-nov-08 9/20
RFID 1.0 RFID 2.0Supply Chain to Product Life Cycle Management
Intelligent Barcode
Static
Single Purpose
One Access Point
Auto ID
Limited Security
Use in Supply Chain
RFID is a Computer
Dynamic
Context Aware
Multiple Access Points
Collaborative Usage
Rich Security
Use in Full Product Life
Cycle9
8/9/2019 Privacy Etc. Nov 08
http://slidepdf.com/reader/full/privacy-etc-nov-08 10/20
Existing & Proposed RFID Guidelines
Europe - EC Directive 95/46/EC (in the EUthe Privacy Directive is mandatory, which
means regulatory) USA - e.g. Center for Democracy &Technology
Japan - Guidelines for Privacy Protection(MIC and METI)
10
8/9/2019 Privacy Etc. Nov 08
http://slidepdf.com/reader/full/privacy-etc-nov-08 11/20
8/9/2019 Privacy Etc. Nov 08
http://slidepdf.com/reader/full/privacy-etc-nov-08 12/20
DESIGN FOR:
User Acceptance Legislative Conformance and Governance
Protection against Abuse from Potential Attackers
Performance
A Standard for Privacy Design
12
8/9/2019 Privacy Etc. Nov 08
http://slidepdf.com/reader/full/privacy-etc-nov-08 13/20
Collection Limitation
Data Quality Purpose Specification
Use Limitation
Security Safeguards
Openness Individual Participation
Accountability
Principles for Privacy Design
13
8/9/2019 Privacy Etc. Nov 08
http://slidepdf.com/reader/full/privacy-etc-nov-08 14/20
Multiple Issues
Multiple Constituencies
Multiple Arenas & Backgrounds
Governace & Politics
14
8/9/2019 Privacy Etc. Nov 08
http://slidepdf.com/reader/full/privacy-etc-nov-08 15/20
The Way Forward
?
15
8/9/2019 Privacy Etc. Nov 08
http://slidepdf.com/reader/full/privacy-etc-nov-08 16/20
Physical Materials
Components and sub-assemblies
Products
Containers
Physical carriers
People
Locations
Documents and other forms information carrier
«««.virtually anything tangible that is part of a business
process. This is the opportunity«««
RFID is about identifying and handlingItems«
16
8/9/2019 Privacy Etc. Nov 08
http://slidepdf.com/reader/full/privacy-etc-nov-08 17/20
Designers, Manufacturers and users of RFIDtechnology should address the privacy and security
issues as part of its original design. Rather than
retrofitting RFID systems to respond to privacy and
security issues, it is much preferable that security
should be designed in from the beginning.
Notice - Choice & Consent - Onward Transfer -
Access - Security
Privacy & Security as
Primary Design Requirements
17
8/9/2019 Privacy Etc. Nov 08
http://slidepdf.com/reader/full/privacy-etc-nov-08 18/20
Ideally, there should be no secret RFID tags or readers.Use of RFID technology should be as transparent as
possible and consumers should know about such
implementation and usage as they engage in any
transaction that involves an RFID system.
But««
Consumer Transparency
18
8/9/2019 Privacy Etc. Nov 08
http://slidepdf.com/reader/full/privacy-etc-nov-08 19/20
RFID technology, in and of itself, does not impose
threats to privacy. Privacy breaches occur when
RFID, like any technology, is deployed in a way that is
not consistent with responsible management
practices that foster sound privacy protection
Technology Neutrality
19
8/9/2019 Privacy Etc. Nov 08
http://slidepdf.com/reader/full/privacy-etc-nov-08 20/20
Thank You