Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- D7.2: Descriptive analysis and inventory of profiling practices.
- D7.3: Report on Actual and Possible Profiling Techniques in the Field of Ambient Intelligence.
- D7.4: Implications of profiling practices on democracy.
- D7.6 Workshop on AmI, Profiling and RFID.
- D7.7: RFID, Profiling, and AmI.
- D7.8: Workshop on Ambient Law.
- D7.9: A Vision of Ambient Law.
- D7.10: Multidisciplinary literature selection, with Wiki discussion forum on Profiling, AmI, RFID, Biometrics and Identity.
- D7.11: Kick-off Workshop on biometric behavioural profiling and Transparency Enhancing Technologies.
- Forensic Implications.
- HighTechID.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D7.7: RFID, Profiling, and AmI
Executive Summary
The target of this study is to provide a multifocal perspective on the workings of radio frequency identification (RFID) technologies, integrating technical, social and legal perspectives. As this deliverable is part of the work package on profiling it regards RFID as an enabling technology for Ambient Intelligence, the ‘Internet of Things’ or the age of ‘everyware’. Ambient Intelligence (AmI) implies a real time adaptive environment in which most adaptive decisions are taken by machines in a process of machine to machine communication. These decisions are based on what is called autonomic profiling, severely restricting human intervention, while being in need of a continuous and dynamic flow of information. This raises many of issues that need to be anticipated and dealt with. This deliverable will provide a descriptive analysis to prepare the way for more fundamental research into the possibilities to integrate legal and technological solutions and more specific research into the development of a holistic framework for RFID technologies. Both are taken on in the third work plan of the FIDIS NoE.
Today’s RFID tags* and related systems show a number of remarkable technical capabilities such as:
The ‘always on’ nature of today’s mainly used RFID tags*
Open accessibility to large parts of RFID systems*
The possibility to install and run RFID systems* hidden (including RFID tags*), without user’s recognition and interaction
The possibility to build up an ubiquitous reader* infrastructure combining fixed installed reader networks with mobile readers* and seamless network connection allowing real time automated data collection and processing
In this context control will become one of the central issues. For every implementation of RFID in this context the following aspects have to be taken into consideration:
From the perspective of the operators
Liability
Compliance (including data protection and security safeguards for personal data)
IT-Security in the context of assessing business risks
Technology acceptance and success on the market
From the perspective of the users social aspects including
Erosion of Privacy
Discrimination, exclusion and victimisation as consequences
Helplessness might lead to reactions such as technology avoidance (‘digital refuseniks’) or even open resistance
From the perspective of democracy and rule of law what strikes one, is the potential shift in power between the data controllers and the users, due to the knowledge profilers will develop about citizens and the inadequacy of the present legal and technological infrastructures to make transparent the construction and application of such profiles. The resulting need for a rebalancing process cannot be solved by simple enacting new laws or developing more privacy enhancing technologies (PET*). The research presented in this report demonstrates that there is no solution that is technical, legal or socio-economic only. All aspects have to be taken into account. In this way the deliverable prepares the way for D7.9 (on ambient law, which aims to integrate mandatory data protection legislation into the technological infrastructure and aims to provide smart proxies to allow citizens real-time negotiations concerning their privacy level) and D12.3 (which aims to develop a holistic model for RFID).
Suggestions for different stakeholders developed in this document are:
Politicians and citizens need to foster
Public debate, e.g. participatory Technology Assessment
Social science and social theory
Next to mainstream sociological research more investments need to be made in socio-technical research that looks into the nexus of human and nonhuman attachments in order to fully comprehend and anticipate the type of world that is under construction.
The TFI model provides a salient insight into the technological, the formal and the informal layers of the development and application of emerging technologies. Also Actor Network Theory provides an adequate framework to detect relevant developments because it refuses to pay tribute to classic distinctions between intentional actors and passive material technologies.
Technicians need to invest in further research and development directed towards
Improved security
PETs* and TETs* (Transparency Enhancing Technologies)
Business enterprise needs to be aware that
A cheap and technologically simple implementation of RFID may not be efficient due to liability, security and privacy-compliance problems.
Careful planning and continuous monitoring and improvements are necessary.
In this context appropriate trust models, taking a firm basis in the trust from the perspectives of the users, can play an important role.
Legislators
Need to contemplate integration of legislation into the technological infrastructure to render effective e.g. the fair information principles
Need to face the fact that an AmI environment implies autonomous profiling, which is at odds with some of the basic tenets of data protection (data minimisation, explicit consent, right against automated decision processes)
Need to extend their focus on protection of personal data (data minimisation principle) to a focus on effective access to group profiles that may be applied to an individual person, even if they were inferred from anonymised data or data of other persons
Need to anticipate the emergence of new liability issues (both civil and criminal) and to foresee new methods of criminal investigation that may need new types of safeguards.
Denis Royer | 2 / 43 |