Advertisers
Click here to advertise your jobs
to thousands of job seekers
monthly.
|
|
|
Analysis Careers Ebusiness Education Government ICT Management Legal Issues Security Society Technology Trends Search for Jobs Build a Resume Media Releases Contact Us Privacy Policy Email the Editor IDG registered user login Subscribe to IDG Publications    |
RFID should be restricted by the state14/12/2005 10:09:01
Cruising non-stop through toll-gates; skirting queues at checkout points; returning faulty goods without a quibble - this appealing way of doing business is on offer now and is attracting attention, though not all of it favourable. RFID tags can take the hassle out of encounters with bureaucracy and providers of goods and services. Yet surveys have shown (Gunter and Spiekermann, 2005) that most people -- more than 73 per cent -- are mistrustful of the whole idea and are opposed to the use of RFID (Radio Frequency Identification) tracking devices on everyday items, let alone as implants in their bodies. Concerns about privacy and trust come to the fore when people learn that RFID technology enables any item whatsoever to be uniquely identified by means of an embedded radio device as small as a grain of salt. These radio devices, or "tags", will, for instance, reply to queries sent out by a transmitter, responding with their identity and their whereabouts to a receiver that could be attached to a computer network, entailing a large capacity for the storage and processing of that information. Receivers can be up to 10km away, in some cases. If, like many, you have an "e-tag" on the windscreen of your car, then you are already an RFID user and your vehicle is constantly beaming out information as if it were a mobile lighthouse. If there were sufficient receivers in place around the state, all your journeys could be recorded and your whereabouts could be stored for further processing (say, matching with the location and time of questionable happenings). Some of the most vociferous opponents of RFID do not mince their words: The CASPIAN organisation (Consumers Against Supermarket Privacy Invasion and Numbering) led by Katherine Albrecht, runs a Web site (http://www.nocards.org) where readers are told that: RFID chips, tiny tracking devices the size of a grain of dust, can be used to secretly identify you and the things you're carrying--right through your clothes, wallet, backpack, or purse. Have you already taken one home with you? Albrecht and Sterling's new book is entitled: "Spychips: How Major Corporations and Government Plan to Track Your Every Move with RFID" and this title seems to condense all the current concerns into the main fear that tracking devices will be used for covert surveillance of citizens and customers. This fear of state and corporate intrusion into personal privacy has roused citizens to march in protest, such as the rally in Rheinberg, Germany, where people carried banners demanding that the government quite simply "Stop RFID" (Black, 2004). Privacy is one of the values that we think of as being obvious, until we try to define it. So let us call on a leading philosopher, James Moor, to provide a definition. Moor (1997) suggests that privacy is evident when a person is "protected from intrusion, interference and information access by others". This is a good definition of privacy in Western societies, but it is important to remember that this value is neither universal nor absolute. China and Singapore are examples of many societies where it is not considered correct that individuals have the right to be shielded as described by Moor. Even where this is held to be correct, in societies such as Australia, it is seen as acceptable for individual privacy to be overridden for the sake of something more valuable, such as the general welfare, and indeed people frequently sacrifice their own privacy for some other benefit, such as the convenience of transacting over the Internet. If, nevertheless, it is taken that individual privacy is to be respected, then the arguments for and against RFID can perhaps be seen as arguments for and against information and communications technology (ICT) in general as the enemy of privacy. As the eminent computer ethicist Herman Tavani explains, ICT poses a unique threat to personal privacy because of the type and quantity of personal information that can be collected, combined with the speed of transmission and the length of time that the information can be held (Tavani, 2004, p. 118). RFID then, specifically, intensifies these ICT-related difficulties with protecting one's private information by offering the information collectors the benefits of ubiquity coupled with secrecy. CASPIAN's Albrecht has led successful campaigns against retail organisations to force them to abandon plans to use RFID devices in place of barcodes (Black, 2004). Albrecht worries, with some justification, that "they are now planning ways to monitor consumers' use of products within their very homes". Other commonly cited examples of unwanted surveillance include the situations where RFIDs in clothing report the wearers' locations and where scanners monitor the contents of handbags, including the amount of money they contain (Juels, Rivest and Szydlo, 2005, p. 2) thus exposing the carriers to well-informed muggers. Awareness of the problem, within government departments, could certainly be improved. The Stapleton-Gray 2005 report, "GAO on Federal Use of RFID", noted that in America, 23 agencies were polled about their use of tagging but only one had identified privacy issues. With potential for all-pervasive intrusion into private matters, tagging not only threatens the citizen's relationship with the state and other powerful organisations, but also threatens personal relationships, because they depend upon trust. If, for instance, one person's clothing is in the vicinity of another person's clothing and this is reported to a third party automatically, the basis for trust between watcher and watched is removed. Parents would no longer need to trust their children to keep good company, and children would no longer enjoy the character-building experience of deserving to be trusted. If talk of relationships is too warm and fuzzy for government agencies and corporations, perhaps legal considerations rather than ethical deliberations will convince potential users of RFID that they must not collect data about their clients without consent. Legislation such as the Information Privacy Act 2000 of Victoria affords citizens the right to privacy of personal information, where "personal information" means information or an opinion (... forming part of a database) that is recorded in any form and whether true or not, about an individual whose identity is apparent, or can reasonably be ascertained. In this way, one Australian state grants its citizens the right to keep their personal information to themselves. Seeing the problem, the ICT industry, whilst creating surveillance devices, is also providing some antidotes to them. Privacy Enhancing Technologies (PETs) can limit the functionality of RFIDs, for example, by enabling the storage of individual preferences as to whether a tag is automatically switched off or not when the tagged object leaves the vendor's/originator's premises. In a study by Gunter and Spiekermann (2005) two forms of RFID constraint were tested in an attempt to establish what might persuade members of the public to accept RFID tracking devices more readily. People were given the choice of having either (1) all RFID devices deactivated at the checkout point and requiring re-activation individually for special post-sales purposes, or (2) storing their preferences in a privacy management system and relying upon the system to choose for them whether or not the RFID should continue to be active. Only 18 per cent of people chose to rely on the PET, as in option 2. So the conclusion reached by the researchers was that people will not willingly relinquish control over their personal information, even though it may be only about which products they are taking home. The fear of loss of control is expected to continue to cause the rejection of RFID technology, in spite of the convenience and positive effects which could be found in a wide range of socially beneficial applications, such as: • security improvements and theft prevention • copyright protection systems • automated shopping services • aids for the handicapped • a wide range of customised personal services. Terms like "trust" and "privacy" start a scramble for ethical principles, in an attempt to find the right answer. By recalling the maxims of well-established thinkers, some hope that it will be easier to decide what to do. British Utilitarian philosophers, such as Bentham and Mill, would have recommended weighing up the outcomes of using RFID in terms of "who does this help, who does it harm?" If the number of people benefiting from the convenience and efficiency offered by tagging technology is smaller than the number of those who suffer from the loss of privacy and trust, then RFID would not get their votes. Another more absolute, black and white approach would have been taken by that other colossus of ethical theory, Immanuel Kant, who insisted that actions are only good for one person if they are good for everyone. So, he might have said that RFID technology has to go, because it facilitates covert spying, and if we asked the spies if they would submit to the same surveillance that they wished to inflict on others, their answer is unlikely to be "oh, sure". Perhaps organisations responsible for drawing up standards, such as ISO and EPC, working together with legislators, will eventually come abreast of the situation. There is active debate in some legislatures, such as California, where the Senate has passed bills restricting tagging, and in Korea where it is under consideration. But the Australian Privacy Foundation has repeatedly expressed dissatisfaction with the inadequacy of the governmental consultative process in this area. Wilshusen (2005, p 19) briefly mentions training as a step in the right direction, and it seems reasonable to assume that when people do not understand what the technology does, RFID can easily be used without regard to their privacy, or perhaps specifically to deny them privacy. Is your shopping telling tales on you? References: Albrecht, K. (2002), 'RFID: Tracking everything, everywhere', CASPIAN, viewed 29 October 2005, http://www.nocards.org/AutoID/overview.shtml. Black, J. (2004), 'Shutting Shopping Bags to Prying Eyes', Business Week Online, viewed 29 October 2005, http://www.businessweek.com/technology/content/mar2004/tc2004035_8506_tc073.htm. Gunter, O. and Spiekermann, S. (2005), 'RFID and the perception of control', Communications of the ACM, Volume 48, No. 9, pp.73-76. Moor, J.H. (1997), 'Towards a theory of privacy for the information age', Computers and Society, Vol. 27, No. 3, pp. 27-32. Stapelton-Gray and Associates (2005), Surpriv: RFID Surveillance and Privacy, viewed 29 October 2005, http://www.stapleton-gray.com/surpriv/. Juels, A., Rivest, R.L. and Szydlo, M. (2005), The blocker tag, selective blocking of RFID tags for consumer privacy, viewed 29 October 2005, http://66.102.7.104/search?q=cache:7prnEPBlP0EJ:theory.lcs.mit.edu/~rivest/JuelsRivestSzydlo-TheBlockerTag.pdf+&hl=en. Tavani, H.T. (2004), Ethics and technology: Ethical issues in an age of information and communication technology, Wiley: Hoboken, NJ Victorian Government (2000), Information privacy act 2000, viewed 29 October 2005, http://dms003.dpc.vic.gov.au/sb/2000_Act/A00937.html. Wilshusen, G.C. (2005), Report to congressional requesters, Information security: Radio frequency identification in the Federal Government, Government Accountability Office, USA, viewed 8 July 2005, http://66.102.7.104/search?q=cache:srk0hhL0Ov4J:www.gao.gov/new.items/d05551.pdf+&hl=en Karen Mather contributed to this article. h.wiebell@bhtafe.edu.au (Box Hill Institute) and kmather@csu.edu.au (Charles Sturt University).
[ Printer Friendly Version ] [ Other stories about Privacy Foundation, Vicinity, ISO, MIT, Charles Sturt University, Charles Sturt University, ACT, Speed ] |
