Resources
Identity Use Cases & Scenarios.- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
 |
Title: THE PROBLEM |
 |
Introduction
RFID technology raises privacy concerns that have technical strong legal, ethical and socio-economic aspects. Hence, we believe that there are problems and issues that will not be addressed or overlooked if treated from one angle only. Moreover, there are privacy problems that cannot be satisfactorily solved by one discipline only. Because of this, we advocate a holistic approach for analysing the privacy problem space of RFID applications. In this section, we will look at the problem space of RFID and possibilities to reach to privacy-enhancing solutions from multidisciplinary perspectives: technical, legal, socio-economical, and ethical aspects will be addressed.
Because of the different RFID technologies and the multitude of applications, solutions for a holistic privacy framework for RFID have to solve a great variety of problems and have to take into account a whole bunch of assumptions, constraints and requirements. Some of them are common within the general problem domain of other holistic privacy frameworks - but many are very specific to the area of RFID.
As mentioned before, RFID related technology and solutions could be divided into two main parts: the basic RFID infrastructure (RFID tags and RFID reader) and the backend system which processes the data and in most cases facilitates the benefits of RFID systems. According , RFID-related privacy threats can basically be divided into privacy threats within the reader-tag system (i.e. within the basic RFID infrastructure) and privacy threats at the backend.. The problem of unauthorised reading of information stored on a tag in case of absence of appropriate means of protection was illustrated in scenario S2 (Enhanced proximity card), where the unauthorised read access enabled the cloning of a tag. The possibility to track the locations of persons wearing tags and associated privacy problems were illustrated by scenarios S4 (The Metro Future Store in Rheinberg), S5 (Usage of RFID Technology in Educational Settings), and S7 (Scenario for social inclusion). Privacy threats at the backend include function creep, the aggregation of personal data, profiling and monitoring specific behaviour at the backend system. Scenario S4 illustrated how tags on customer loyalty cards in combination with hidden readers in the store were used to secretly do personalised profiling of customers in the store.
Besides those privacy threats within the reader-tag system and backend system, there are security-related threats for the integrity, availability and authenticity of personal data stored on the tag or in the backend system, as for instance illustrated by Scenario S1 presenting a malware attack on an RFID system. The backend system usually comprises well known and understood server based technologies. Therefore similar privacy and security related risks arise from the RFID backend as they arise from every other similar infrastructure with the difference that often invisible collection points are used and data subjects might be less aware of the fact that their personal data are collected and processed. To solve the problems in the backend system one could apply the already available security and privacy protecting mechanisms. Nevertheless it has to be emphasised that these protection mechanisms need to be implemented addressing all the known problems with usability, manageability, rising costs etc.
In this chapter, we will not discuss the problems that the backend systems have in common with any server based technology but rather take a more detailed look at some of the RFID specific constraints and privacy problems, both in the front end and backend system, and at obstacles for reaching privacy-enhancing solutions, from a multidisciplinary perspective and relate them to our example scenarios in chapter . Section will discuss the legal aspects while Section ponders on the ethical view point. In Section socio-economic and RFID-technology inherent problems and requirements will be analysed and the technical and administrative security area will be discussed in Section . The chapter concludes with a summary of the different problems discussed and their relation to our example scenarios is presented.
| |
   |
|
| 13 / 38 |
