reprise (.ppt)

790 views

Published on

  • Be the first to comment

  • Be the first to like this

reprise (.ppt)

  1. 1.   Privacy, Security & Governance David Armstrong CASAGRAS Open Seminar 1 st December 2008
  2. 2. SN1234568 Tag Reader Host Introduction PII  P ersonally I dentifiable I nformation 2
  3. 3. <ul><li>Radio providing the means of wireless interrogation, communication and transfer of data or information. </li></ul><ul><li>Frequency defined spectrum for operating RFID devices, low, high, ultra high and microwave, each with distinguishing characteristics. </li></ul><ul><li>Identification of items by means of codes contained in a memory-based data carrier and accessed by radio interrogation. </li></ul>Radio Frequency Identification 3 Reader Tag Host Information Management System Item
  4. 4. Nature of RFID Technologies <ul><li>RFID is an application of object connected data carrier technology with attributes that are complementary to other machine-readable data carrier technologies. </li></ul><ul><li>RFID technologies offer the potential for radical process improvement characterised by tens of percent improvement and fast return on investment. </li></ul><ul><li>RFID technologies provide strong potential for improving efficiency, productivity and/or competitiveness. </li></ul><ul><li>RFID market increasing significantly, yielding lower costs and higher performance. </li></ul>4
  5. 5. 5 RFID is a category of Automatic Identification & Data Capture (AIDC) Technologies Full Matrix Dot Codes Linear Feature Extraction Technologies (Vision, Speech recognition & Biometric Systems) Data Carrier Technologies Electronic Storage Magnetic Storage Optical Storage RFID Transponder Touch Memory Magnetic Stripe MICR Stacked (or multirow) Optical Character Recognition (OCR) Optical Mark Reading (OMR) Matrix Codes Bar Code Smart Card Memory Card Optical Memory (magneto-optic) Magnetic Resonance Charge injection Composites Codes Contactless Smart Card
  6. 6. RFID also supports Contactless Smart Cards <ul><li>RFID is found in a range of card-based structures, from basic card-based tags to dual entry smart cards </li></ul><ul><li>Supported by ISO standards* for contactless smarts cards. </li></ul><ul><li>High frequency technology has been primarily applied in card-based technology. </li></ul><ul><li>Important in applications for reusable access control and transactions. </li></ul>6
  7. 7. European Commission Consultation Process on RFID (2006) The review process revealed that 61% of respondents believed that the public were not sufficiently informed about or aware of RFID. It also revealed privacy to be the biggest concern. 7
  8. 8. Some responses <ul><li>Kill Function </li></ul><ul><li>De-activation </li></ul><ul><li>Federal Legislation </li></ul><ul><li>Lobbying </li></ul><ul><li>Negative PR </li></ul><ul><li>Uninformed Comment </li></ul>8
  9. 9. RFID 1.0  RFID 2.0 Supply Chain to Product Life Cycle Management <ul><li>Intelligent Barcode  </li></ul><ul><li>Static  </li></ul><ul><li>Single Purpose  </li></ul><ul><li>One Access Point  </li></ul><ul><li>Auto ID  </li></ul><ul><li>Limited Security  </li></ul><ul><li>Use in Supply Chain  </li></ul><ul><li>RFID is a Computer </li></ul><ul><li>Dynamic </li></ul><ul><li>Context Aware </li></ul><ul><li>Multiple Access Points </li></ul><ul><li>Collaborative Usage </li></ul><ul><li>Rich Security </li></ul><ul><li>Use in Full Product Life Cycle </li></ul>9
  10. 10. Existing & Proposed RFID Guidelines <ul><li>Europe - EC Directive 95/46/EC (in the EU the Privacy Directive is mandatory, which means regulatory) </li></ul><ul><li>USA - e.g. Center for Democracy & Technology </li></ul><ul><li>Japan - Guidelines for Privacy Protection (MIC and METI) </li></ul>10
  11. 11. <ul><li>A new work item has been proposed by ETSI, linked to the CASAGRAS and GRIFS projects (target completion end 2009). </li></ul><ul><li>This will result in: </li></ul><ul><li>A protection profile for RFID devices in the context of the Internet of Things </li></ul><ul><li>Development of guidelines for e.g. marking RFID readers as visible (non-technical aspects of RFID). Also marking RFID enabled products as such. </li></ul>Internet of Things 11
  12. 12. <ul><li>DESIGN FOR: </li></ul><ul><li>User Acceptance </li></ul><ul><li>Legislative Conformance and Governance </li></ul><ul><li>Protection against Abuse from Potential Attackers </li></ul><ul><li>Performance </li></ul>A Standard for Privacy Design 12
  13. 13. <ul><li>Collection Limitation </li></ul><ul><li>Data Quality </li></ul><ul><li>Purpose Specification </li></ul><ul><li>Use Limitation </li></ul><ul><li>Security Safeguards </li></ul><ul><li>Openness </li></ul><ul><li>Individual Participation </li></ul><ul><li>Accountability </li></ul>Principles for Privacy Design 13
  14. 14. <ul><li>Multiple Issues </li></ul><ul><li>Multiple Constituencies </li></ul><ul><li>Multiple Arenas & Backgrounds </li></ul>Governace & Politics 14
  15. 15. The Way Forward <ul><li>? </li></ul>15
  16. 16. <ul><li>Physical Materials </li></ul><ul><li>Components and sub-assemblies </li></ul><ul><li>Products </li></ul><ul><li>Containers </li></ul><ul><li>Physical carriers </li></ul><ul><li>People </li></ul><ul><li>Locations </li></ul><ul><li>Documents and other forms information carrier </li></ul><ul><li>……… .virtually anything tangible that is part of a business process. This is the opportunity……… </li></ul>RFID is about identifying and handling Items… 16
  17. 17. Designers, Manufacturers and users of RFID technology should address the privacy and security issues as part of its original design. Rather than retrofitting RFID systems to respond to privacy and security issues, it is much preferable that security should be designed in from the beginning. Notice - Choice & Consent - Onward Transfer - Access - Security Privacy & Security as Primary Design Requirements 17
  18. 18. Ideally, there should be no secret RFID tags or readers. Use of RFID technology should be as transparent as possible and consumers should know about such implementation and usage as they engage in any transaction that involves an RFID system. But…… Consumer Transparency 18
  19. 19. RFID technology, in and of itself, does not impose threats to privacy. Privacy breaches occur when RFID, like any technology, is deployed in a way that is not consistent with responsible management practices that foster sound privacy protection Technology Neutrality 19
  20. 20. <ul><li>Thank You </li></ul>

×