1 / 16

RFID, Privacy and the Public Policy Void

RFID, Privacy and the Public Policy Void. Beth Givens Privacy Rights Clearinghouse bgivens@privacyrights.org www.privacyrights.org RFID Privacy Workshop MIT Computer Sciences and AI Laboratory November 15, 2003. Topics. Need for Technology Assessment of RFID

odessa-kaufman
Download Presentation

RFID, Privacy and the Public Policy Void

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RFID, Privacy and the Public Policy Void • Beth Givens • Privacy Rights Clearinghouse • bgivens@privacyrights.org • www.privacyrights.org • RFID Privacy Workshop • MIT Computer Sciences and AI Laboratory • November 15, 2003

  2. Topics • Need for Technology Assessment of RFID • Position paper of consumer advocates • www.privacyrights.org & www.nocards.org • Fair Information Practices • Platform for policy and practices • Myths debunked • Limitations of industry solutions

  3. Traditional FIPs Openness Purpose specification Collection limitation Accountability Security safeguards My summary Transparency Fairness Consumer control Privacy by default AutoID Center Recommendations Notice Choice Control Shortcoming of “choice” Importance of “privacy by default” Fair Information Practices

  4. Technology Assessment • Multi-disciplinary analysis of technology to provide early indications of probable benefits and adverse impacts • Overseen by impartial body, stakeholders • Economic, social, and policy impacts • Enable lawmakers and policymakers to make informed decisions

  5. Office of Technology Assessment • U.S. Congress • 1972 - Sept. 1995 • Issued reports • Archive - www.princeton.edu/~ota

  6. Why Technology Assessment of RFID? • “A conversation with society” • Potential for societal harms • Privacy and civil liberties erosion • Impacts of workforce • And more

  7. Components of TA • Project team and director • Advisory panel of stakeholders • Contractors, specific analytical tasks • In-house research • Hearings / workshops nationwide / internat’l • Peer review of draft reports • Final report

  8. Components, cont’d. • Several policy options -- not just one • Technology capabilities & limitations • Technology trajectory / diffusion • Industry structure • Marketplace structure • Level of regulatory oversight • Impacts on economy • Environmental and health impacts

  9. Components of TA, cont’d. • Workforce implications • Consumer impacts -- privacy, civil liberties • Optional technologies, e.g. 2-D barcodes • Risk-benefit analysis, comparative with RFID • Unintended consequences and how to mitigate them • Several policy options -- not just one • www.princeton.edu/~ota

  10. Conclusions: Reversal of Public Policy Void • RFID subject to technology assessment • Policy / practices framework guided largely by Fair Information Practices -- codified into law • Industry adopt voluntary guidelines -- including moratorium on item-tagging

  11. Conclusions, cont’d. • Must address gov’t adoption of RFID because of civil liberties implications • www.privacyrights.org

  12. Myths Debunked • Read-ranges not sufficient for surveillance • Readers not prevalent enough for seamless human tracking • Data on tags is limited • Passive tags cannot be tracked by satellite • High cost of tags are prohibitive to wide-scale deployment

  13. Limitations of Industry Solutions • Killing tags at point of sale • Does not address in-store tracking • Dormant tags can be reactivated • Tag-killing could be halted by gov’t edict • Retailers offer incentives / disincentives to not kill tags • Creation of 2 classes of consumers

  14. Industry Solutions, cont’d. • Blocker tags • Still theoretical • Encourages widespread deployment of RFID • Adds a burden to consumers • Fails to protect consumers when products are separated from the blocker device • Creation of 2 classes of consumers • Closed systems • Strong incentives to standardize and merge

  15. RFID Rights and Responsibilities • Openness re: tags, readers, and data files • Merchants prohibited from coercing consumers to retain live tags • RFID must not be used to track individuals • Never use RFID to eliminate or reduce anonymity -- e.g. not incorporated in currency

More Related