Resources
Identity Use Cases & Scenarios.- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
 |
Title: INTRODUCTION |
 |
Introduction
Background and Motivation (Setting the Scene)
Radio Frequency Identification (RFID) technology is increasingly used for various applications, including retail applications, transportation, aviation, healthcare, automatic toll collection, security and access control. RFID tags are tiny electronic radio tags that can be embedded in or affixed to objects for the purpose of identifying the object via a radio link. RFID readers can read the unique ID code and any other information stored in RFID tags remotely by sending a radio frequency signal. In an RFID system, RFID readers are connected to a backend system which processes the data read from tags and can link them to other data stored in backend databases. The use of RFID systems can enhance the efficiency and functionality of such applications, create new services and can provide further benefits and added value for the owner of RFID tagged items (e.g., smart fridges in combination with RFID-tagged items, possibility to include warranty claim information on tags).
However, besides such benefits and opportunities, RFID technology also poses severe privacy problems. Privacy as an expression of the right of self-determination and human dignity is considered as a core value in democratic societies and is recognised either explicitly or implicitly as a fundamental human right by most constitutions of democratic societies. In the era of modern information technology, an early definition of informational privacy was given by Alan Westin: “Privacy is the claim of individuals, groups and institutions to determine for themselves, when, how and to what extent information about them is communicated to others” . The German Constitutional Court had in its Census decision also defined privacy as the right to informational self-determination, i.e. individuals must be able to determine for themselves when, how, to what extent and for what purposes information about them is communicated to others.
RFID tags can either directly contain personal data (for instance identity cards will contain identifiable data such as name, birth dates (and in some countries personal number) or biometrics) or include data that could be linked to individuals (for instance individuals who carry or wear tagged items or who have implanted RFID tags). As pointed out in , RFID-related privacy threats can basically be divided into privacy threats within the reader-tag system and privacy threats at the backend. Privacy threats within the reader-tag system comprise unauthorised reading and manipulation of information and real-time tracking of individuals. RFID readers can potentially secretly scan and track RFID tags that individuals passing by are wearing or carrying, without the concerned individual’s knowledge or consent. Consequently, privacy principles implemented by the European Legal privacy Framework, such as transparency, informed consent, or more generally the right of informational self-determination, are at stake. Privacy threats at the backend include profiling and monitoring specific behaviour at the backend system. Besides, there are security-related threats for the integrity, availability and authenticity of personal data stored on the tag or in the backend system.
The Art. 29 Working Party and privacy and consumer organisations, such as CASPIAN and EPIC have voiced privacy concerns and discussed high-level privacy guidelines/requirements for RFIDs. Several trials and plans for using RFID in supply chain applications were confronted with protests by consumers, who felt that their privacy was at risk.
RFID-related privacy problems cannot solely be addressed by legal and/or technical measures but require a holistic approach. For instance, RFID applications, such as RFID implants, might even though that they are legally compliant raise ethical questions that need to be addressed as well. Besides, also social aspects of user acceptance and trust need to be taken into account. Hence, for elaborating privacy-enhancements for RFID application, first the privacy problems need to be analysed from technological, legal, ethical and social science perspectives. Such approaches to privacy-enhancements need then to comprise technical, legal, social and ethical measures that are technically feasible, enforce legal privacy principles, be regarded as ethical, are socially acceptable and trustworthy by end users and other concerned individuals.
In this deliverable, we will take a holistic approach to analyse problems and possible privacy-enhancements for RFID applications. Our analyses will be illustrated by a set of application scenarios, which were partly already used in the FIDIS Deliverable D7.7.
| |
   |
|
| 3 / 38 |
