D7.7: RFID, Profiling, and AmI

Title: TFI PERSPECTIVES ON RFID AS AN AMI ENABLING TECHNOLOGY

Ruth Halperin (LSE) 

Introduction

This chapter seeks to offer an integrative outlook of some key issues arising in the context of RFID, AmI and Profiling. To this aim, a three-dimensional model called TFI is applied to map out current (and future) concerns associated with RFID as they relate to technical, formal and informal facets.  In so doing, a more holistic understanding of the prevailing discourse on RFID is attempted, as well as a first step toward analyzing possible relationships between distinct disciplinary concerns.   

The chapter is organised in four sections. First, the TFI model is briefly presented in the next section. The focus of each level of the model and its potential usefulness are highlighted. The following sections (5.4.2-5.4.5) discuss RFID systems* in relation to technical, formal and informal issues respectively. Finally, summary and conclusion are provided in section 5.4.5. 

The TFI Model

In order to analyse the current issues associated with RFID systems*, it is helpful to have a conceptual framework as an aid to classification. Here, we employ the TFI model (Liebenau,  Backhouse,1990; Backhouse, 1996) according to which information systems may be conceptualised and described as comprising technical (T), formal (F) and informal (I) layers.  The power of the TFI model lies in its holistic approach to the study of information systems and related themes, so that the layer to which particular research pertains can easily be understood and its place within the field as a whole ascertained. The model can also be used to detect lacunæ in the current discourse and provide direction for future research and practice.

The technical, formal and informal layers of the TFI model when applied to information systems are defined as follows. The technical layer refers to the information technology component and its spheres of convergence, that is, hardware, software, data formats, protocols and so forth. The design of the technology such as the layout and appearance of the system are also facets of the technical layer. The formal layer of the information system refers to shared understanding of attributes and their formal structure. Policies, regulations and standards are typical manifestations of the formal. Finally, the informal layer refers to the ability to operate with attributes and context across domains.  The informal layer of a system encompasses use or behaviour as well as systems of beliefs embodied in perceptions, expectations and culture.

The relationships between the abstracted layers of the TFI model are mutually constitutive and interdependent, suggesting that technical requires formal and formal requires informal.  Stamper et al. (2000) succinctly illustrate this interrelation of abstracted layers, explaining that:

informal norms are fundamental, because formal norms can only operate by virtue of the informal norms needed to interpret them, while technical norms can play no role…unless embedded within a system of formal norms. (Stamper et al., 2000: 19).

Metaphorically, this can be viewed as a ‘Russian doll’ effect, where the informal is the outer shell containing the formal which, in turn, contains the technical. From the inside, the technical cannot be examined without first considering (unwrapping) the outer layers in turn (Backhouse, 2005: 16). below illustrates the interrelationships between the TFI layers.

Figure : TFI-modell,

RFID - Technical Concerns

As discussed earlier in chapter two - RFID, although not a new technology, is by no means mature and various technical deficiencies are still evident in its current state of development. In technical terms, it is difficult to speak of RFID unambiguously as these systems differ on several important characteristics, such as frequency bands, transmission ranges, storing technologies, and means of power supply. Thus, the overall capability of an RFID system* will depend on each of these factors. 

The technical diversity of RFID systems* also results in different procedures for authentication (e.g. none at all for EPC* tags or passive authentication for RFID in the context of machine readable travel documents) and codification (e.g., encryption of data) in the context of RFID security systems (Loncquenghien, 2006). Indeed, security arises as a major concern in the context of RFID. Security issues in RFID systems* pertain to availability as well as to problems of interoperation among distributed systems as elaborated in chapter 2.4 of this report. In addition, recent studies have demonstrated that RFID systems* are as vulnerable to destructive software viruses infiltrated using RFID tags*. One reason for the vulnerability of RFID systems* is given by Peter Neumann, a computer scientist at ISR International. He commented that ‘it shouldn’t surprise you that a system designed to be manufactured as cheaply as possible is also designed with no security constraint whatsoever’.

Further technical difficulties are associated with the implementation of RFID. As Eckfeldt (2005: 77) puts it ‘implementing an RFID-based system is as much an art as a science’. Unlike other technologies, with RFID, significant gaps become apparent, between what is achieved in the lab and out side of it. For example, antennas that are effective in the lab can fail miserably when deployed in the real world due to unforeseen radio-frequency interference.

Formal dimensions in the discourse of RFID

Within the TFI model, formal issues typically refer to legal and regulatory matters that systems developers and managers must adhere to. In the current discourse of RFID, the development of formal criteria for protection of the private sphere arises as the key concern. The risks associated with RFID, against which policy and legal measures ought to protect are wide-ranging. In some views, RFID applications are seen as extremely risky, posing threats of privacy invasion, identity theft as well as bodily harm from stray radio signals (e.g., www.spychips.com). Others contend that RFID, when viewed in the context of similar technologies (LBS, GPS), do not offer anything that has not been possible so far except that RFID cannot be switched off voluntarily. Thus, the private sphere can also be violated in similar ways by other technologies. Between these two extremes, the more commonly accepted view seems to suggest that RFID pose a significant threat when data protection is concerned. As shown in chapter this easily is the case, when no reliable measure are taken to cut the link between RFID tags* and physical persons. Introduction of new laws is being considered by different nation states and the EU. According to Eckfeldt (2005) several US states including California and Massachusetts are considering whether to implement RFID-specific privacy policy.

Locquenghien (2006) points out that the use of RFID might result in conflicts with existing data protection regulations and show that the criteria which should guarantee the protection for the private sphere can all be easily violated because of the technology’s invisibility. It is concluded that data protection law is by no means prepared for the development of omnipresent data processing.