Ebola’s Threat To India Ebola’s Threat To India Elliot Willard Elliot Willard.
RFID and Public Policy Elliot Maxwell Fellow, Communications Program, Johns Hopkins University and...
-
Upload
miranda-wheeler -
Category
Documents
-
view
214 -
download
0
Transcript of RFID and Public Policy Elliot Maxwell Fellow, Communications Program, Johns Hopkins University and...
RFID and Public Policy
Elliot MaxwellFellow, Communications Program, Johns Hopkins
University and Distinguished Research Fellow, Pennsylvania State University
Why Care About Public Policy? RFID is being developed in an
environment where privacy & health issues are critical
WidespreadAdoption
Public Acceptance
benefits
issues
+ = wake up call
widespread adoption
Why Care About Public Policy?
regulation/legislationpublic unease
inconsistent regulation/legislation:
deployment
costs
$$$-California
-Utah
-Massachusetts
-Portugal
Why Care About Public Policy?
Policy issues unavoidable privacy community already engaged forums for debate multiplying New uses—contactless cards, mobile phones Poor implementations- Cal.school, passports
Reputational costs of policy failures are huge Doing nothing is not a viable option
Existing Laws and RegulationsWill Affect Implementation
Health rules re: exposure to radio waves
Existing Lawsand Regulations
EU Privacy Directive U.S. Federal Trade Commission Act
Japanese Law for the
Protection of Personal
Information
U.S. state consumer
protection laws
Labor laws and
employee contracts
Regulations
re: radio frequency spectrum
Implementation
What We’ve Learned So Far
Little privacy concern until RFID reaches the consumer
“Welcome, Elliot.”
What We’ve Learned So Far Consumers perceive threat
Information gathered about themselves without their consent and linked to personally identifiable data
Post-sale targeting and tracking using RFID Growth of surveillance infrastructure Government access to data
Companies want to protect competitive information Employees fear job loss Health impacts unknown
What We’ve Learned So Far
Many issues aren’t new - there are good policy precedents Customer loyalty cards Fair Information Practices
Deactivation options critical But could jeopardize post-sale benefits
Clear notices and straight forward consumer education are needed
Customer Loyalty Card
What We’ve Learned So Far Post-sale issues are new
technological fixes are being studied Post-sale consumer and societal benefits
are not well understood returns, warranties, recycling, support
for disabled, identifying counterfeit pharmaceuticals, ensuring food safety, minimizing medical errors, monitoring the elderly
Will take time/effort to build infrastructure for these uses
Technical Privacy and Security Measures Can Play an Important Role
Issues
Tradeoffs in functionality/size/cost
Who bears the burden? Impact on post-sale benefits
Solutions
Kill command Partial kill/on-off switch Randomization and
deserialization Encryption Authentication Blocker chips/scanners Database access controls Aggregate data/anonymous
data mining
Recommendations Be proactive, not reactive Privacy and security by design
Use Fair Information Practice as a road map Clear and understandable notices Choice for consumers re. information collected and retained
Provide choices for consumers regarding disabling/turning on-off Support the development of technical solutions for post-sale issues
Recommendations Consumer education and involvement Industry codes including mechanisms for responding to concerns
and enforcement Continue policy outreach/development (health, spectrum, etc.) Help stimulate infrastructure for societal benefits Maintain open standards to allow continued innovation