Resources
Identity Use Cases & Scenarios.- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
 |
Title: EXECUTIVE SUMMARY |
 |
Executive Summary
Businesses have always had a need to keep track of their inventory and assets. In the computerised age barcodes and other optically or magnetically readable media have been used to solve this task. However, these solutions have the precondition that they either need line of sight or physical contact in order to be interrogated. In later years Radio Frequency Identification (RFID) technology has increasingly been used to solve the asset management and tracking problem. RFID technology has the advantage that it can be used without line of sight or physical contact. These properties have also inspired other uses besides asset management and tracking. Thus RFID is used nowadays in, or envisioned to be used in many types of applications for tracking, authenticity verification, matching, process control, access control and automated payment in military, medical, governmental and business applications. No doubt these types of applications have benefited and will benefit from properties of the RFID technology, however, these properties and the possible omnipresence of RFIDs changes the informational landscape in a profound way and brings with it new threats and challenges within the privacy sphere. Just the fact that RFID technology still is in its infancy and that parts of the technology have strong limitations in both power and computational capabilities makes it very hard to apply well known and understood privacy protection techniques that normally rely heavily on cryptography. RFID also raises a number of ethical and legal issues that stem from this new informational landscape and it is very difficult to foresee the social consequences of a widespread use of the technology.
Commonly an RFID system consists of two parts: an RF- subsystem and a backend system. The RF-subsystem consists of RFID-tags containing identification data and related information and RFID-readers that interrogate the tags and send the data to the backend system. The backend system contains the components necessary to store, analyse and in other ways make use of the collected data.
This deliverable tries to answer the following research question: Is it possible to create a holistic privacy framework for RFID systems given current advances in the area and if so what would such a framework look like. The reason why we choose a holistic approach is that we do not believe that the privacy issues surrounding RFID can be properly addressed and solved without taking legal, technical, ethical, economical and social views into consideration.
In order to try to answer the question, we have first analysed and discussed the possible privacy problems that are associated with the RFID technology and the obstacles for reaching privacy-enhanced solutions. Both fictive scenarios and real case studies are used as exemplification throughout the chapter. In the discussion we have tried to limit ourselves to RFID specific issues. This means that the discussion is highly centred on the RF-subsystem part, and the backend component is only addressed if the RF-subsystem places different requirements or introduces new privacy problems other than the ones traditionally present in “normal” information processing systems. The conclusion of the problem inventory is that there exist a number of problems and requirements that needs to be addressed. These issues are summarised in a problem list and associated with example scenarios.
In order to see if the problems and requirements can be addressed, different approaches to solutions are discussed. Within this discussion an overview of proposed guidelines for non-technical and technical means are presented and analysed. Further, a checklist that can be used in order to evaluate the privacy friendliness of an RFID system is presented based on the discussions and findings of the deliverable.
The overall conclusions of the deliverable are the following:
The use of RFID technology in several contexts and its role as a prime Ambient Intelligence enabler raises important data protection and privacy threats.
The current legal privacy framework partly gives too much room for interpretation and does not always give clear answers with regards to RFID technology. Such issues are currently being addressed by the EU.
We believe that in order to get a privacy friendly RFID-system both the RF-subsystem and the backend system needs to provide privacy protection. Since the backend system presumably is under the control of the data controller while some parts of the RF subsystem is not (notably the RFID tag), it is of utmost importance that the RF-subsystem provides for its own privacy protection.
Many proposals for PETs for RFID exist - but only a few of them seem to be really feasible. One of the main problems is that low-cost RFID tags cannot offer any solution for strong privacy. Nevertheless, in the short term the mechanisms suitable for a given area of application should be implemented in order to increase the level of privacy the RFID system offers.
The state-of-the-art at the moment is to have a privacy patchwork for RFID rather than a holistic and integrative approach. A lot more effort in terms of research and development seems to be necessary to finally get a true holistic privacy framework for RFID applications. Among other things low cost RFID tags with better and stronger cryptographic mechanisms need to be developed, the transparency and awareness needs to be raised and the incentives for manufacturers and users of RFID technology to develop more privacy friendly and secure solutions need to be increased.
And finally, the combination of RFID and profiling, eventually coupled with many other privacy-sensitive means and techniques such as biometrics, may be a major privacy concern, as RFIDs, profiling and biometrics themselves already bear many risks, which are multiplied in combination.
| |
   |
|
| 2 / 38 |
