Title: ETHICAL ASPECTS

Typically, the problems induced by RFID applications in the context of informational privacy concerns do generalise those encountered in profiling in general. In the domain of profiling, the individual can to some extend pay attention to not leave too many traces bound to the same identifier or to different identifiers which can be related to an individual and which are very easily linkable, in order to circumvent the collection of data. In the case of RFID however, the tag itself typically is bound to the object itself for the whole lifetime of the object. If the object is indeed a human person then the RFID is bound to this person for a long time, especially if the tag is implanted, as this needs some (easy) surgery. This means that profiling using the information of the RFID, a typically unique identifier, can be done over some long time if no precautions are being in place.

This clearly brings us back to problems encountered in biometrics as non-changing implanted RFID tags can also be considered as biometrically measurable items of the carrier. Hence in their simplest form, RFID tags bear the same problems with respect to ethical issues as biometrics do. In this context, biometrics and RFID applications will in the future also increasingly be used in combination, and – in the best case – help to fight privacy problems, or – in the worst case – create new privacy concerns due to lack of protection measures.

This problem is not only bound to RFID implants in human or animals, as there are lots of items which are in fact carried along by the same person for a very long time, especially for the interesting part of the day, i.e. when one is awake; the “behaviour” of such items is very close to those of implants, as a strong one-to-one connection between carrier and tag is in place over time. The simplest example is a pair of glasses which is carried almost always by some persons, the only exception typically being while one is taking a nap. Other examples are watches, shoes, clothes, but also cell phones, PDA’s, etc (as also already discussed above). Hence in our understanding the border between implants and external devices will vanish more and more, especially also when “wearable” devices will be more widespread and eventually every part of our clothing bears some RFID tag. 

In our opinion, the main problems of RFID applications with respect to privacy concerns is generated by the lack of user control of the very RFID tag, i.e. it can typically not be turned on or off, set into some state (listening only, inactive, …), destroyed easily, nor can its content easily be read by humans (cf. FIDIS D7.7, section 5.1.3.2.2). Furthermore, no control is possible over the communication partners of the tag in the most primitive setting of RFID tags, nor even the communication itself can typically be discovered easily. Hence the user cannot exercise control over the technical item.

In the context of surveillance, the techniques and processes of data mining, data warehousing or profiling in general are usually looked at from the perspective of human persons. The Report on the Surveillance Society mentions that “Surveillance society poses ethical and human rights dilemmas that transcend the realm of privacy” and stresses that “ordinary subjects of surveillance, however acknowledgeable, should not be merely expected to have to protect themselves” .

Further, “ordinary people can and do make a difference especially when they insist that rules and laws be observed, question the system or refuse to have their data used for purposes for which they have insufficient information or about which they harbour doubts” . This is an important point as the carrier of the item (the RFID) generating the date for profiling must himself react to the misuse of data, and must especially be able to act, hence really be in a position to know what and why is processed where by whom and what for. While this is easy to say, which individual is able to control whether – say – the laws on data protection are respected by some company? Or as said in the report on the surveillance society, i.e. “individuals are seriously at a disadvantage in controlling the effects of surveillance” .

Another major concern must be the transparency of the processes used for generating, storing, connecting, transforming data. This is a necessary condition for the profiled user to be able to react; if he does not know that the very process of – say – profiling is taking place, he cannot react appropriately; in fact he cannot react at all.

On the other hand the report is rather pessimistic with respect to codes of practice for example in the world of RFID chips: “Codes of practices may be beside the point, and easily ignored, even if they could be devised” . The second problem must be faced as a really not trivial one, i.e. the very creation of rules of conduct is a difficult task, and typically no-one is willing to pay for its creation.

The potential to invasive use of RFID technology is also mentioned in the report of EPTA, the European Parliamentary Technology Assessment network: “RFID is a technology with enormous potential privacy impact as it allows the allocation of unique identification codes to virtually any object, animal or person.” The main threats to privacy are then “the possibility of remote and undetected reading of the RFID tags” and the “uniqueness of the tag” . The first threat can – at least partially – be eased by shielding the tags or using encryption, the second one by using re-programmable RFID tags.

An example of how customers dislike the use of profiled information is mentioned in a study commissioned by the German Federal Ministry of Education and Research where in a survey about 9 from 10 people do not agree with shorter waiting time in a queue for “good” clients (in the context of a hot line of a mobile phone company). This means that typically users want to be informed about the data that is stored about them and the decision procedures applied to this data.

Another dimension is trust in the goal of the development, and in the key players in this process, or as Bird and Spier say it: “Are these developments really intended to help people? How do we ensure that the industries developing theses technologies really care about people and not just about profit?”

Codes of ethics and conduct

This section focuses on two well known codes of conduct and their influences on ethical considerations. Both codes of conduct are not mainly focusing application in the field of RFID, but go for general computer scientists, hence can (at least) partly be applied to our situation. We are going to discuss the parts directly connected to the subject of interest below.

Typically there is a difference between codes of ethics and codes of conduct. While codes of ethics are more focused on giving visions and objectives for a computer society, codes of conduct on the other hand are typically written for the professionals themselves . The target audience is different and codes of conduct targeted at computer specialists are more normative in nature, but the both kinds reflect the main values in a comprehensive way for their very audience.

The ACM Code of Ethics and Professional Conduct

This code is directed to members of the Association for Computing Machinery ACM and contains 24 imperative statements every ACM member shall follow. The statements “are intended to serve as a basis for ethical decision making in the conduct of professional work” . It also mentions a common problem, namely the sometimes ambiguous definitions in the field of ethics, which implies that there can not be detailed regulations everyone is following, but rather “general” statements. And in the same sense, “questions related to ethical conflicts can best be answered by thoughtful consideration of fundamental principles, rather than reliance on detailed regulations” . In the sequel we pick some of the rules which bear ethical parts, mostly implicitly.

The second rule, “1.2 Avoid harm to others” must be interpreted (as it is also mentioned in the guidelines of the code) very general, also in the sense of harm unexpectedly generated by “well-intended actions” . It is stated that the members must assess social consequences of the system to project the harms possibly produced. Clearly, ethical questions implicitly arise in this context: what is well-intended, which consequences produce socially sensible harm? However, clearly no general answer to such questions can be given within the code of conduct.

The third rule, “1.3 Be honest and trustworthy” raises the question of first the definition of the two central terms of honesty and trustworthiness and – even more complicated – of how to test them? 

The fourth rule, “1.4 Be fair and take action not to discriminate” is in our eyes the central one in this the first few rules under the section title “General Moral Imperatives”. It states that “the values of equality, tolerance, respect for others, and the principles of equal justice governs this imperative” . Again, open ethical questions remain for each member in how to test the values mentioned.

In the context of privacy frameworks for RFID applications, the seventh rule might in fact be the central one, namely “1.7 Respect the privacy of others” . The statement is formulated in a very general manner and directly applicable to our situation. The guidelines accompanying the code of conduct make the rule a bit more explicit, and mention problems and measures especially from profiling.

The last rule in the first section is “1.8 Honor confidentiality” . Hence, extending in some sense contents of the rule 1.7, one should always respect confidentiality with respect to all “partners”, say employers, but also clients and users. This is an important point in RFID technology, as there it is not always clear who is user or client and who is not, i.e. who and what has which role and which rights.

From the second part of rules under the title “More Specific Professional Responsibilities”, we want to mention explicitly the fifth one: “1.5 Give comprehensive and thorough evaluation of computer systems and their impacts, including analysis of possible risks” . This extends in some sense rules 1.2 and 1.3 in a probably often not considered way of thinking. Yet this appears central to gain trust of clients and users, especially if dealing with sensitive data and information which easily is useful for profiling. If the user does not know the risks, how should decisions be taken? And how could even (more or less) objective statements about the risks be made?

Especially the second part of the rule “2.7 Improve public understanding of computing and its consequences” is important in the present setting as usually the power and the problems of RFID technique is not well known to the general public, hence in order to allow people to judge the technique and its problems and understand the problems related to privacy it is crucial to have a good understanding of the basic techniques, not from the technical level but the conceptual level of data processing by RFID.

British Computer Society Code of Conduct

This code consists of a set of rules which each member of the British Computer Society BCS must follow. It clearly states that every member must himself let his personal actions be governed by the rules, but explicitly cites also the Society’s disciplinary procedures when not following the code. Hence compared to the ACM code or ethics, the BCS code of conducts is more normative in nature.

The first rule “1. You shall carry out work […] in accordance with the relevant authority’s requirements and the interests of system users” . Clearly, as the guidelines accompanying the code mentions also, the possible conflict between the requirements of the authority and the rules followed by oneself. In the context of RFID, we shall focus especially on the interests of system users, or in other words work not implicitly or explicitly against these interests.

Important in the context of profiling, we may consider the rule “3. You shall have regard to the legitimate rights of third parties” and understand this also in the sense that profiling of persons can only be done if controlled by some privacy preserving authority.

From the ethical point of view, the central rule is “5. You shall conduct your professional activities without discrimination against clients or colleagues” . This rule is clearly important in the field of privacy and especially also techniques as RFID, but its application often might raise ethical conflicts with respect to requirements of the employer, etc. How to not discriminate some clients when the employer clearly wants to select the “good” customers by some fancy data mining program?

In the section entitled with “duty to relevant authority”, we find the rule “8. You shall not disclose […] or use for personal gain […] confidential information […]” which in our opinion is problematic if not matched against the third rule cited above, and should only with applied with the explicit consent of the profiled persons.