rfid-privacy
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Rfid-privacy] RFID and privacy


From: Loic Dachary
Subject: [Rfid-privacy] RFID and privacy
Date: Wed, 30 Jul 2003 14:15:37 +0200

        Hi,

        I'm publishing a Free Software implementing ISO-15693-3. I'd
like to advocate in favour of privacy protection features for the next
release of ISO-15693-3. As a developer, I'm not really skilled in the
making of these standards. I'd very much appreciate your help about the
best way to voice my concerns and propose solutions.

        Thanks in advance,

(For your information, here is the text explaining the issues related
 to RFID and privacy that is published with the Free Software)
----------------------------------------------------------------------
The RFID technology is an essential component to implement a world of
total control. RFID transponders are inexpensive and extremely small.
They could be included in everyday objects and citizens can hardly
detect their presence. RFID readers create a magnetic field that can
activate the RFID transponders remotely without the consent of their
owner. However, RFID is not inherently harmful: tiny wireless memory
storage can have a useful purpose. It is therefore necessary to
address the privacy problems it creates at a social, legal and
technical level[1].

Consumer lobbies[2] and other non profit organizations raise awareness
of the public. A controversial climate is generated by the cynical
attitude of some organizations whose purpose seems to spread the RFID
technology by deliberately minimizing its impact on privacy[3]. The
rights for privacy and freedom are in conflict with a desire for more
surveillance and control. The outcome of this battle will draw the
social and legal boundaries in which RFID will become acceptable.

An essential and often neglected aspect when dealing with implements
impacting privacy is the control over the technology itself. When
citizens become increasingly accustomed to a technology, their freedom
and privacy depend on who is in control. For instance, if citizens
were vastly willing to add a privacy protecting feature in their web
browser, they would have to ask for permission to a single company who
has exclusive control of more that 90% of the web browsers in
use. Although users theoretically have the choice to switch to another
web browser, in practice 90% of them depend on the will of a single
company.

The RFID technology includes hardware, protocols and software. The
hardware is controlled by a small number of patent holders[4] and is
partially normalized (ISO/IEC). The protocol used to establish a
dialog between a RFID reader and a RFID transponder is defined by an
international standard (ISO/IEC-15693-3) and its software
implementation is not subject to control by a known patent holder.  At
the date of this writing (July 2003), http://nongnu.org/projects/rfid/
is the only Free Software application that empowers every citizen to
take advantage of the RFID technology without asking for permission to
a third party. Most companies producing RFID hardware (readers and
transponders) provide proprietary software for their products and
forbid users to independently adapt it to their needs.

The making of the standards (ISO/IEC-15693 and the forthcoming
ISO/IEC-18000) is vastly dominated by hardware manufacturers. Because
citizens were not represented, the ISO/IEC-15693-3 protocol has no
features addressing privacy issues, such as the ability to permanently
shutdown a RFID transponder. Alain Berthon, editor of ISO/IEC-15693-3,
suggests[5] that people willing to influence the content of the
standards get in touch with national representations of the standard
working groups. For instance, the secretary of the French commission
is Mrs Catherine Protic (AFNOR, address@hidden): she could
use well written statements to push for functionalities protecting
privacy. Copies of these statements should be sent to
address@hidden for archival.

Although RFID was initially developed for surveillance and control, it
may become a useful general purpose technology. The social and legal
boundaries in which it is allowed to spread are being defined but the
control of the technology must not be under-estimated. The
availability of Free Software based solutions relieves citizens from
the undesirable dependence on proprietary software vendors. Citizens
should also participate in the making of the international standards
so that their legitimate need for privacy and independence is not
overlooked.

[1] Approximate Information Flows: Socially-based 
    Modeling of Privacy in Ubiquitous Computing.
    http://guir.berkeley.edu/projects/uisper/pubs/ubicomp2002-aif.pdf

[2] CASPIAN http://www.nocards.org/

[3] Managing External Communications, Auto-ID Center
    Confidential, for sponsors only.
    http://cryptome.org/rfid/external_comm.pdf

[4] For instance, US5793324, EP831618, EP837412, EP845751 
    Texas Instruments Deutschland GMBH 

[5] RFID & Privacy mail thread on address@hidden
    http://mail.nongnu.org/archive/html/rfid-privacy/2003-07/msg00001.html

-- 
Loic   Dachary         http://www.dachary.org/  address@hidden
12 bd  Magenta         http://www.eucd.info/      address@hidden
75010    Paris         T: 33 1 42 45 07 97          address@hidden
        GPG Public Key: http://www.dachary.org/loic/gpg.txt




reply via email to

[Prev in Thread] Current Thread [Next in Thread]