Recalling RFID was exceptionally successful at creating a space where diverse viewpoints on RFID were expressed, shared and debated. The level of understanding of the issues from all sides was very high. This resulted in a measured sense of agreement, rather than opposition. I found this rather refreshing and even managed to concentrate through lengthy discussions of privacy, security, freedom and control.
Here are my raw notes from the first day conference.
Rob van Kranenberg: intro
You cannot see RFID unless you have an opinion on the ways in which smart / ubiquitous environments work. RFID is like the glue that sticks all these things together.
Today there are many diverse viewpoints: pro, against, and people attempting to re-write the map of RFID.
Christian van ‘t Hof: RFID and police investigation
RFID is digitalising public space: we use rfid in daily life, for transactions, identifying, etc. Every time we access these public everyday services there is some registering of your action: time, date, place, and in many cases, your personal details.
Leaving digital footprints on public transport (most people choose personalised cards, so your data is being linked to your actions). As soon as this data is collected, you can start to profile, pattern match, etc.: all of the stuff that is possible with data mining.
Public support for using personal travel data is very high: over 70% support using the chip card to track suspects.
Is exploring how RFID works in practice, legal issues, etc. Moving towards total internet of ubiquitous network society. Rathenau instituut: www.rathenau.nl
RFID is an enabling technology: there are many other ID technologies. And it depends how much you trust data-mining technologies: costs a lot of money, throws up a lot of results, and means that there is a lack of human resources to follow up on leads.
Melanie Rieback: Security and privacy in RFID: the RFID virus.
History: IFF systems, using radar and modulating signals to change the signals of planes.
Auto-ID labs were the first to publish papers on RFID privacy and security.
The RSA blocker tag was one of the first.
Problems: unauthorised tag reading (most tags are not secure), eavesdropping, tracking, tag cloning, denial of service (breaking tags)
RFID malware. RFID is not just a new barcode, it’s the low-end of computing!
There are three kinds of malware: exploits (buffer overflows, code injection, sequel), RFID worms, RFID viruses (getting them to replicate).
The RFID guardian is like a firewall for RFID: a tool for testing RFID deployment. A handheld device for personal RFID privacy management: portable, battery-powered, 2-way communications (can be a reader or imitate a tag, up to 16 tags)
It allows auditing of RFID usage: who is using what and when, are they tracking in the way they say? It allows us to manage keys: we can kill, enable tags, etc. It can also create access control for RFID, do we want to allow reading or writing of tags.
Stephan J. Engberg: Priway.com
Identity management: RFID is one of the largest problems for identity management. The locks on their RFID tags can lock down a tag so that it doesn’t communicate, doesn’t give up any kind of identifyable data.
Defeatism, fatalism. Is individual sovereignty doomed?
Stephan is a constructivist: making and solving things.
We cannot use physical paradigms from the 60’s for digital space.
How to design devices that don’t leak information: zeroleak™
Why are we not starting to secure RFID?
Semantic resolution: dealing with knowledge about others to determine whether transactions should take place.
What should we do when things go wrong?
About transferring control to you. Collaborative mechanisms, where we have control and interfaces for the technology.
Rafi Haladjian: Violet
Why do teddy-bears speak? To add-value to a commoditised teddy-bear.
The vision of the smart house has so many barriers: high costs, not appealing, no fun factor, complex, proprietary technologies, consumers losing control.
How do we get from the Flintstones to the Jetsons with ubiquitous computing? What’s important is in the middle. The process shapes the way things go.
Violet wants to make affordable (€20-200) objects that are one-at-a-time buying decisions. Fun and interpersonal communication are as powerful as usefulness.
Some intentions for Violet:
- Design matters
- Simple
- New image of technology
- Use open standards, explot existing contents, interoperate with existing devices
- Empower the user
- Build a community to help build the brand and make killer apps.
An anthropomorphic rabbit that you can deal with on an emotive level. Nabaztag was interfaced only through a computer, but Nabaztag/tag offers a spontaneous, direct relationship.
Why a rabbit? Rabbits multiply, rabbits are trojan horses (monty python), etc.
Going beyond the rabbit:
Ztamps: RFID tags that you can define yourself. To allow users the same control over RFID as the big guys. A collaboration between Nabaztag + Gallimard Jeunesse to make physical audiobooks.Mentions the interesting photographer Peter Menzel: material world taking photos of household belongings.
Wouter Schilpzand: RFID in Japan
The Japanese market is relatively homogenous and convenience driven, new products get lapped up, good for RFID adoption.
It’s not just Suica: lots of loyalty cards too.
Suica has 13 million transactions a day. It was introduced to cut costs, it was developed to improve services.
Next step is integrating smart cards into mobile felica. 80% of new mobile phones have felica. Since 2004. More than 10 million users and 120 different handsets.
These are mainly used for paying for things, collecting coca-cola points. Mainly used for small payments or loyalty cards.
Felica adds something very powerful to this smart card system: the internet. It allows more information than a smart card: more services, and value added stuff.
Children tracking service: active RFID tags that track kids. “peace of mind” and a sense of control, allows parents to have this feeling (scary). But children started sharing codes and seeing where each other are (cool).
Ken Sakamura: driving user-applications of RFID in Japan.A vision is developing in Japan: that everything will be connected and there is a convergence of networks: everything will be internet based. And RFID is expected to play a major role in this vision.
Willem Velthoven: social RFID in libraries
The public library: all the books are tagged, everybody is tagged.
The ‘lendomat’ scans the books, confirms the books, and prints a receipt.
Nice interface: replacing people.
RFID is an update to their barcode system.Katherine Albrecht
The RFID industry has used the comparison to barcodes to their advantage: it seems safe if it’s just a barcode. But unlike barcodes RFID has unique IDs, which differentiates between individual items.
The very contentious Hitachi mu chip does have an integrated antennae but only an extremely short read range (the one the size of a grain of sand).
What about increased exposure to EMF and the safety of it?
Some other RFID-like technologies: Inkode : chipless tags and conductive ink used as antennae: printed technology, EnOcean: powering devices through vibrations.
The scariest company at the moment: Checkpoint systems: they do retail anti-theft technology which in itself is ok, but they have a service called sourcetagging: where they work with suppliers and sources to deeply embed unique RFID chips into products, inside the mouldings, the fabrics, the plastics, etc.
Even with a short read range, the technology can be used to be invasive. If we put a ubiquitous computing network around us, then we are creating a space for surveillance and control that we may not want. No matter how much privacy or limits we put into the technology, someone will find a way to exploit it.
All consumer use of RFID should be stopped – dead – right now, so we don’t have to try to clean up a huge ubiquitous mess.
Bart Schermer
Picturing the internet from a utopian or dystopian perspective can be very extreme. Argues that RFID is the same. It is easy to create dystopian scenario and more fun, but we shouldn’t create a debate based just on possible misuse or abuse.
RFID can be used to surreptitiously gather personal data, etc. But that it is not in the interest of business to do so.
Reasons why companies won’t surreptitiously gather data:
- They are in violation of the law: data protection directive * Using personal data for other purposes than they have been gathered is a violation
- Surreptiously monitoring and following people is a criminal offence
- Targeted advertising without prior permission from consumers is also a violation of the data protection directive.
Privacy is very difficult and context sensitive. Privacy is a means to maintain economic equality between consumers and companies.
Consumers are overwhelmingly in favour of using RFID for law-enforcement: valuing convenience, price and speed over privacy (even if they say different).
Therefore the single biggest threat to privacy is you. (Big brother awards)
Consumers must always be made aware of how, where and when RFID is used.
Should be made more aware of the importance of privacyConclusions
- Use RFID in a responsible manner: privacy is good business sense
- Provide benefits not only to themselves but to consumers
- Provide openness and transparency about the use of RFID
- Create tools for the protection of privacy (PETs, RFID guardians, logo systems)
Working towards a mandatory logo system for RFID in the Netherlands
Discussion between Katherine Albrecht and Bart Schermer
KA:
With ubiquitous networks such as RFID it’s so difficult to find violations; what was read, by who, when, what info, etc. with who was it shared? Who has a backend connection with this card, and this ID? i.e. who knows who I am.
The problem with ubiquitous technology is that enforcement is virtually impossible. So prevention is better than the cure.BS: we need more critical consumers, who can create backlashes for companies.
People are becoming very open with their data: Facebook et al doesn’t give strong indications and people don’t realise that the data may leak from one container to another.KA: The technology is not inherently malevolent but some technologies invite abuse.
When you see something like RFID you see that history is flowing towards collecting more data and more control. If that is where the money and R&D is flowing then we shouldn’t be surprised if RFID ends up in the same place.BS: You can’t stop technology, particularly if it has so many benefits. Technology will work out for the best: take the example of the internet. Stop the dictator rather than stop the technology that enables the dictator.
KA: developing networks that forget. When does the forgetting occur? Negotiating the kind of databases and timings and permissions. Look at existing technologies that are problematic and look at solving them.
More
More notes here and here. Photos at Flickr.
Related things:
- Touch at Recalling RFID I will be presenting at Recalling RFID in Amsterdam on Friday 19 and Saturday 20 October 2007. The programme includes ‘presentations and debates on RFID and digital connectivity scenarios with speakers from the industry,......
- Rob van Kranenburg at ‘How I learned to love RFID’ On the 20th May, Rob van Kranenburg talked at How I learned to love RFID in HMKV in Dortmund, Germany. This is a short summary of a huge presentation on RFID issues, that covered......
- FoeBud: How we learned to stop RFID FoeBud are a German group of privacy activists that has has a long history of public interventions in privacy and RFID. Rena Tangens and Padeluun presented their work at the recent workshop How I......
- The RFID photo booth At last year’s Picnic conference we created a networked Photo Booth as part of the Mediamatic RFID hackers camp. Picnic is a conference with about two thousand attendees and multiple venues in the Westergasfabriek......
- Alternative RFID infrastructures This is a design brief, one of many themes that the Touch project is investigating. The landscape of RFID technology is focused on surveillance, efficiency and control. The near-future possibility of RFID implants, identity......