Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT 15 TH November 2003 By Rakesh Kumar Wipro Technologies India
Privacy Consumer’s Perspective Privacy can be defined as customer’s ability to control the terms under which their personal information is acquired and used (Westin 1967) Business perspective Privacy is about making consumers comfortable disclosing the personal information needed for relationship marketing RFID World 2
Privacy in context of RFID Some Concerns 1. RFID tags without notice 2. Unauthorized development of detailed profiles 3. Unauthorized third party access 4. Government’s perfect hegemony 5. Redress-al mechanism RFID World 3
Catherine and RFID Data Collection Catherine purchases 1) Product information Handbag. Radio tag attached to it 2) Credit Card number (unknown to her) 3) Personal information Product information Personal Information Product Category Name Product name Credit Card No. Product code Social Security No. Unit of measurement Address Manufacturer’s name Place of manufacture RFID World 4
Amalgamation of Transactional and Personal Data Third Party Repositories Data Repository Insurance details Credit history Name : Catherine Medical history Age : 26 Sex : F Credit Card no.: + Social Security no Address Personal Information Product information Blood Group Insurance Details Product Category Credit History Name Product name Product Category + Product code = Credit Card No. Product Name Unit of measurement Product Code Social Security No. Manufacturer’s name Insurance Details Place of manufacture Credit History Address Medical History RFID World 5
Unauthorized Access and Usage Data Repository Name : Catherine ■ Age : 26 ■ Government Sex : F ■ Credit Card no.: ■ Social Security no ■ Address ■ Blood Group ■ Product Name ■ Unauthorized Third Party Product Category ■ Product Attributes ■ Insurance details ■ Credit history ■ Medical history ■ Marketing agencies RFID World 6
Paradox To participate in today's marketplace 1. Catherine is willing to make trade-offs 2. 1. Reward Programmes 2. Better Tracking 3. Guarantees 4. Financial Incentives RFID World 7
Information Type C o Information Type n t r o l High o v e r C o l l e c t Financial i o n a n d Information U Concern for Privacy s a g e o f I Relationship with the information gatherer and owner n Medical Records f o r Concern for Privacy m a t i o n Social Security No Family Records Purchasing Habits Low High Control and Relationship Media Opinions Sensitivity is contextual; that is, what is considered sensitive differs by person and by situation RFID World 8
Why Policy is important ? If RFID commerce has to realize its full potential! 1. Fundamental shift to a customer-centered world 2. Probability of reengaging customer reduced 3. Conducting business nationally and internationally 4. Infuse trust in public and private institutions 5. RFID World 9
Basic Building Blocks Integrated approach for framing RFID Public Policy : 1. Technical 2. Industry Self-Regulation ( Mandatory vs. Voluntary) 3. Ethical approach Technical 4. Legislation 5. Branding RFID and Self Education Regulation 6. Educating Consumers Public Policy Branding Ethics Legislation RFID World 10
Framework for formulating Public Policy Commercial Justification Organizational � Cost RFID practices: � Standards � Technology � Data Collection � Access � Security � Dissemination � Secondary use Corporate Codes Cultural values & Formulation of RFID trust in Public and Public Policy Private Institutions Consumer’s Consumer Expectations Characteristics w.r.t. RFID privacy: •Beliefs Existing •Attitudes •Legislations •Experiences •Public Opinion RFID World 11
Framing the RFID Public Policy Major Expectations Policy Questions 1. Data collection procedures Definition & role of stake holders 1. ( informed vs. un-informed) 2. Authentication Operational features 3. Major expectations ( both 2. implicit and explicit) 4. Level of security Legal rights 3. Analogies 4. Major concerns Criteria 5. 1. Collection 2. Access Research methodology 3. Use 6. 4. Exchange 5. Control RFID World 12
Building Block - Technical The “Kill Tag" approach 1. The Faraday Cage approach 2. The Active Jamming Approach 3. The Smart RFID Tag Approach 4. Selective disclosure of information 5. RFID World 13
Building Block - The Regulation Approach Self Regulation ■ Legislation Self ♦ Industry Legislation by Regulation Existing Public Concern about Privacy Law (Voluntary) ♦ Enforcement and Space ♦ Adjudication Self Laissez A pure market approach ■ Regulation Faire (Mandatory) Legislation ■ Public Trust in Institutions RFID World 14
Building Block - Bringing Ethics Respect confidentiality 1. Don't "flame" 2. Don't be anonymous 3. Don't allow third party to access other’s data 4. Don't misrepresent or lie 5. Follow government’s general guidelines 6. Consider presentation of message 7. RFID World 15
Take Away Notice Enforcement Self Choice Regulation Technical Public Policy Ethical Legislation S e s c s u e r c i c t y A Branding Educating RFID Consumers RFID World 16
Thank You RFID World 17
Recommend
More recommend