Title: CODE OF CONDUCT APPROACHES TO PRIVACY FRIENDLINESS

RFID Bill of Rights by Garfinkel

Another approach to circumvent the privacy problems introduced by usage of RFID systems are the “RFID Bill of Rights”, as mentioned before, proposed by Simon Garfinkel . According to him consumers should have:

1. The right to know whether products contain RFID tags.  

2. The right to have RFID tags removed or deactivated when they purchase products.  

3. The right to use RFID-enabled services without RFID tags.  

4. The right to access an RFID tag’s stored data.  

5. The right to know when, where and why the tags are being read. 

Garfinkel sees “these not necessarily as the basis for new law, but as a framework for voluntary guidelines that companies wishing to deploy this technology can publicly adopt. Consumers could then boycott companies that violate these principles.”  

Constructing Codes of Conduct – The Toronto Resolution

Problem P10 indicates that detailed regulations or similar notions of ethical issues etc. are usually not possible. However, we think that there are – as already mentioned in section “Ethical Aspects” – general, fundamental principles that can be formulated in a way that is understandable beyond the limits of computer scientists. The major problem is however to find an understandable but also precise enough formulation of those principles and further to work hard on the readability and applicability of that formulation (cf. section ).

This means, that a “meta code of conduct” should be specified, or better, a methodology for constructing codes of conduct appropriated for the specific situation, technology, application, environment etc. This indeed was one of the focuses of the “Toronto Resolution” formulated at a workshop on ethical considerations. This resolution tries to build a common framework based on that specific, particular codes for any application area are to be constructed. It’s some sort of baseline specifying the elements to be treated by any code, and as well an examination guideline for testing those codes against a set of considerations.

The resolution consists of two parts, one specifying a general preamble to be included in future codes of conduct. This preamble tries to place a future code of conduct in the general context, i.e. insists on the moral duty for respecting life on our planet as well as the duty of scientists to not only consider their “restricted environment” (e.g. a university) but very well look at implications of their work on anyone and anything. The preamble reads as follows: 

“Living in a world in which all forms of life are interdependent, we recognize that human activity since the scientific revolution now threatens the future of life on the planet. This threat stems in part from reckless exploitation of the earth’s resources and massive pollution of the biosphere by humankind, exacerbated by rampant militarism. To help solve these problems, scientists and scholars, and all those concerned with the welfare of life on earth, need to unite in a world-wide moral community, in which considerations of beneficence and justice at a global level are fundamental. We recognize that knowledge gives power; that power tends to corrupt and may be used for dangerous and destructive purposes; and that consequently scientists and scholars, who share the privilege of participating in the advancement of knowledge, many under the shelter of academic freedom and in the tradition of open publication, have a particular responsibility to society for the effects of their work. All should make a determined individual and collective effort to foresee the implications and possible consequences of their scholarly and scientific work, and avoid studies that are likely to harm the quality of life.

We should recognize that knowledge also gives enlightenment and promises emancipation from disease, poverty and other social evils. As an alert and enlightened community of experts and concerned citizens, scientists and scholars should participate in the social process of directing their research and its applications to benign ends, while educating their students and the public concerning this, the proper role of scholarly and scientific knowledge.” .

This preamble is very general and can only specify the context in which the more specific rules are to be considered and eventually interpreted, because – as already said – we cannot specify unique rules for ethical considerations which are applicable without interpretation in every context. 

The second part of the resolution consists of twelve conditions mentioned hereafter. These conditions are the ones each new code of conduct should follow and be tested against it. Clearly, there is space for interpretation which – however – must take part in the sense and context formulated by the preamble; while codes of conduct are not easy to formulate, basic guidelines to be followed by them aren’t it either. 

1. “a code should articulate as far as possible the underlying assumptions and guiding principles of a working ethic;

2.  a code should indicate specific measures designed to ensure that signatories adhere to its principles;

3.  a code should be sufficiently general to encompass scholarly work and basic, applied and technological research as well as the actions of practitioners engaged in the discipline or profession;

4.  a code should oppose prejudice with respect to sex, religion, national or ethnic origin, age, sexual preference, colour, or physical or mental disability;

5.  a code should take into account that, while in general it is difficult to anticipate all the consequences of research, scientists and scholars have a responsibility, individually and collectively, to try to foresee, and to keep themselves aware of, the developing applications of their work, and to choose or redirect it accordingly;

6.  a code should recognize that actions designed narrowly to benefit humankind may in fact threaten the survival of all species, since the ecosystem is a seamless web;

7.  a code should forbid research directed towards developing or using methods of torture, or other devices and techniques that threaten or violate individual or collective human rights;

8.  a code should direct scholarly and scientific activity towards the peaceful resolution of conflict and universal disarmament; since all research has military potential, every scientist and scholar should seek to resolve the ethical problem that knowledge, which should enlighten and benefit humanity, may be used instead to harm the planet and its people in war and in preparation for war […];

9.  a code should encourage its adherents to comply with established procedures for the scientific and (where appropriate) ethical peer review of research studies conducted under its auspices and, where such procedures do not exist, a code should specify them;

10.  a code should urge its adherents to make all basic research results universally available;

11.  a code should urge its adherents to identify and report violations of its terms, and should correspondingly ensure their protection from retribution by their fellow-scientists, professional and learned societies, and the judiciary for such exposure;

12. .

One thing is the successful making of such a code. Another thing is its application and wide spreading, which is discussed hereafter. 

Raising Public Awareness

Constructing codes of conduct – as discussed in the previous section – is nice, yet does not help anything if public awareness of the problems is not raised to the same extent and pressure by – say – the client is not exerted. In an optimal environment, codes of conduct are followed unquestionably by the corresponding entity, yet in practice a client must have the possibility to check this in a feasibly way and even eventually question the very interpretations of the code. 

In the present context, we have to focus especially on privacy concerns implicated by RFID (ab-)use, but such concerns are by themselves today often not as widespread as we would like them to be, look for example at the problems induced through the internet. Hence while raising public awareness of use and abuse of RFID is a priority objective, first one must indeed focus on privacy concerns themselves. 

A major issue, as also mentioned in problem P12, is that a larger focus must be put on the comprehensive part of the formulations and finally a comprehensive and thorough evaluation of the issues and impacts.  

Problem P13 focuses on the public awareness issues of RFID techniques and especially on how this awareness of the citizen can be raised, problem P14 more on the dissemination problematic. There is quite some work being done in these directions, consider for example the news from 10.7.2006 on Heise Online where “Data protectionists call for RFID code of conduct”, i.e. the German federal data protection commissioner calling companies to develop themselves guidelines and codes of conduct for their applications working with RFID techniques. It is also referring to the self control initiative of the industry, an issue however which is subject to very controversial discussions in the respectively accompanying comments (see ).

The central point clearly is and will be the consumer; if his fear of negative consequences (in his own understanding) by using RFID techniques willingly or unwillingly is raised, using such techniques might be a negative publicity issue for the company. One source of fear can be little or no information about the technique itself and its possibilities and dangers, which is for the moment the case. So the consumer must be more informed about this technique , restricting knowledge about its problems etc. not only to professionals and experts but allowing a larger public to enter discussion. In a recent publication on “RFID and Consumers” , it was noted that the consumers (or the small percentage of them knowing about RFID) are most concerned with either the augmented possibilities of targeted marketing or consumer data used by third party, hence a major issue for industrial partners using RFID must be the development of RFID code of conducts not only for their own purposes but especially also for showing its strategies and goals to their clients.

While articles on the data protection aspects of RFID (e.g. ) are being developed, respective documents on ethical issues and codes of conduct are not yet widespread. Consider however the article on “An RFID code of conduct” which – starting from problems in the health care sector – asks for considering more than privacy protection by law: “In addition, the Fair Information Practices devised by the Federal Trade Commission provide a blueprint for an industry code of conduct” . A first step in this direction is also done by “ A UK code of practice for the use of radio frequency identification (RFID) in retail outlets” which focuses on informing the consumer about the very presence of RFID tags and the possibilities of disabling, removing, etc. them after purchasing the corresponding article. It further asks for publishing policies on using, processing etc. data generated by RFID frameworks. Clearly, it is not addressing ethical issues on its own, but it might be a first step in the right direction and must be regarded only as a first step.

On the other side it also crucial to not only mark the RFID tags themselves but also their “counterpart”, i.e. the antennas which are used to communicate with the tags. Hence what is for example missing in the code of practice is a clear recommendation on how antennas are to be marked in order to make them visible by – say – consumers. This augmentation of visibility also goes in the right direction of augmenting the awareness of consumers. A side effect of not marking an antenna would then also be that, in case the antenna is nevertheless found by someone – by default it will be considered as a “dangerous” antenna.