Information Technology Reference
In-Depth Information
tional laws have also been sketched based
upon this directive. The European e-Priva-
cy Directive is expected to become more
important for RFID systems, especially
when the technology is coupled with loca-
tion based services (Lieshout et al., 2007,
p.132).
• Self-Regulations:
Self-Regulation
is con-
sidered to have several positive effects
like it creates commitment by stakehold-
ers, awareness by stakeholders and general
public, and also contributes to complying
with terms of existing privacy laws. Many
NGOs in USA including Privacy Rights
Clearing House, Caspian, American Civil
Liberties Union and several others pub-
lished 'Position Statement on the Use
of RFID on Consumer Products' which
spread awareness that RFID can endan-
ger consumer privacy, threaten civil lib-
erties and reduce or eliminate purchasing
anonymity. EPCglobal had also released a
set of guidelines for EPC usage which in-
clude notice, choice, security, record use,
and retention and consumer education.
The American Center of Democracy and
Technology has proposed guidelines for
the deployment of RFID technology and
these guidelines have been well support-
ed by important American stakeholders
such as Microsoft, Visa USA, Procter and
Gamble and National Consumers league.
The guidelines designed are based on three
general principles: technology neutrality,
privacy and security as primary design
requirements and consumer transparency
(Lieshout et al., 2007, pp.128-129).
•
Other technical solutions: Many techni-
cal solutions
have also been designed with
the aim to enforce privacy fulfillment.
Industries and academia believe that tech-
nology will play a key role in ensuring
compliance with the data protection prin-
ciples and will greatly minimize the illegal
collection and use of personal data and also
prevent any unlawful forms of processing
by making it technically impossible for un-
authorized persons to access personal data.
Privacy Enhancing Technologies have
been created that enable privacy enhancing
functionalities of RFID systems such as
realizing anonymity, unlinkability and un-
observability and using pseudo-identities.
The stated solutions are more directly re-
lated to RFID as they control the flow of
data to the user so as to prevent dissemina-
tion of information against the wish of the
user. Other proposed technical solutions
include shielding of tags (preventing tags
from being read) by making use of Faraday
cage and reducing or removing the antenna
to lessen the read range or to disable the
tag. Technical solutions, however have a
drawback as they are costly, require mana-
gerial resources or might also deny useful
functionalities of RFID system to users
(Lieshout et al., 2007, p.130).
Many methods have been devised to overcome
the security risks of RFID as well (Lieshout et al.,
2007, pp.135-137):
•
The unauthorized modification of tag's ID
and its contents can be prevented by using
read-only tags or by shifting all data except
for the tag ID to the backend. Businesses
can make use of tags that dispose an au-
thentication method (IS0 9798 standard)
through which the reader can be authen-
ticated by the tag so that only authorized
readers are allowed to modify the tag
contents.
•
Deactivation of tags can be avoided by
using an authentication method when
available.
•
By having a close mechanical connection
between the tag and tagged item, there
would be lesser chance for physical de-
Search WWH ::
Custom Search