RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008.
-
Upload
solomon-scott -
Category
Documents
-
view
220 -
download
0
Transcript of RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008.
![Page 1: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649ebe5503460f94bc7870/html5/thumbnails/1.jpg)
RFID and privacy
RFID Security: theory and practice
Lorentz Center, 26-28 March 2008
![Page 2: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649ebe5503460f94bc7870/html5/thumbnails/2.jpg)
Introduction
• College Bescherming Persoonsgegevens (the Dutch data protection authority)
• Rina Steenkamp ([email protected])
![Page 3: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649ebe5503460f94bc7870/html5/thumbnails/3.jpg)
Understanding privacy implications of new technologies
A data protectionperspective
A technical perspective
An ‘application’perspective
![Page 4: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649ebe5503460f94bc7870/html5/thumbnails/4.jpg)
A technical perspective (1)
Tag interpretation
Immediate response
RFID technology
![Page 5: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649ebe5503460f94bc7870/html5/thumbnails/5.jpg)
A technical perspective (2)
Tag interpretation
Data accumulation
Delayed response
Database technology
![Page 6: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649ebe5503460f94bc7870/html5/thumbnails/6.jpg)
Data mining / data sharing
A technical perspective (3)
Tag interpretation
Data accumulation
Shared databases
Response may be out of context
![Page 7: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649ebe5503460f94bc7870/html5/thumbnails/7.jpg)
A data protection perspective (1)
Tag interpretation
Doesn’t necessarily involve personal
data…
… though it may trigger the creation of personal data…
… and there might be other privacy
implications as well.
![Page 8: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649ebe5503460f94bc7870/html5/thumbnails/8.jpg)
A data protection perspective (2)
Tag interpretation
Data accumulation
Identifier
Personal data
![Page 9: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649ebe5503460f94bc7870/html5/thumbnails/9.jpg)
A privacy perspective (3)
Tag interpretation
Data accumulation
Data mining / data sharing
Identifier
Personal data
![Page 10: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649ebe5503460f94bc7870/html5/thumbnails/10.jpg)
An ‘application’ perspective (1)
Tag interpretation
![Page 11: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649ebe5503460f94bc7870/html5/thumbnails/11.jpg)
An ‘application’ perspective (2)
Tag interpretation
![Page 12: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649ebe5503460f94bc7870/html5/thumbnails/12.jpg)
An ‘application’ perspective (3)
Tag interpretation
…card-carrying communist…
…works at animal testing lab…
…expensive watch…
…’gold’ credit card…
Profiling based on combination of tags… … combination of tags
may identify the individual…
… and some tags might say the darndest things.
![Page 13: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649ebe5503460f94bc7870/html5/thumbnails/13.jpg)
… and some tags might say the darndest things.
…combination of tags may the individual…
Profiling based on combination of tags…
An ‘application’ perspective (4)
Tag interpretation
…card-carrying communist…
…works at animal testing lab…
…expensive watch…
…’gold’ credit card…For this scenario to become a reality, we
need…
…tiny tags that can be read at fairly long
distances……embedded in objects
that people have on their person…
…with understandable tag content…
…that is being read and interpreted.
![Page 14: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649ebe5503460f94bc7870/html5/thumbnails/14.jpg)
An ‘application’ perspective (5)
Tag interpretation
Data accumulationIdentifier
Digital identity
![Page 15: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649ebe5503460f94bc7870/html5/thumbnails/15.jpg)
An ‘application’ perspective (6)
Tag interpretation
Identifier
Unique product identifier
Data accumulation
![Page 16: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649ebe5503460f94bc7870/html5/thumbnails/16.jpg)
An ‘application’ perspective (7)
Tag interpretation
Data accumulation
Data mining / data sharing
Will
Ability
Sense of urgency
Legal obligation
Expectation of profit
StandardsInteroperability
Funding
![Page 17: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649ebe5503460f94bc7870/html5/thumbnails/17.jpg)
Risks
Tag interpretation
Data accumulation
Data mining / data sharing
Hidden / unwanted tags
Hidden / unwanted reading
Excessive collection and processing of personal data
Scope creep
Unfair treatment
![Page 18: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649ebe5503460f94bc7870/html5/thumbnails/18.jpg)
Risk mitigation
Tag interpretation
Data accumulation
Data mining / data sharing
Keep it in proportion – and beware of scope creep
Show and tell
Allow to delete, disable, destroy
Think before you tag
Think before you link
![Page 19: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649ebe5503460f94bc7870/html5/thumbnails/19.jpg)
Legal safeguards (1)
Keep it in proportion
Show and tell
Allow to delete, disable, destroy
Think before you tag
Think before you link
Individual participation
Collection limitation
Use limitation Purpose specification
Openness
![Page 20: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649ebe5503460f94bc7870/html5/thumbnails/20.jpg)
Legal safeguards (2)
Individual participation
Collection limitation
Use limitation Purpose specification
Openness AccountabilityData qualitySecurity
![Page 21: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649ebe5503460f94bc7870/html5/thumbnails/21.jpg)
RFID and privacy on the WWW
http://ec.europa.eu/information_society/policy/rfid/index_en.htm
http://www.dutchdpa.nl/
http://www.cbpweb.nl/
http://www.nvvir.nl/ http://www.ecp.nl
http://www.rathenau.nl
![Page 22: RFID and privacy RFID Security: theory and practice Lorentz Center, 26-28 March 2008.](https://reader035.fdocuments.in/reader035/viewer/2022062408/56649ebe5503460f94bc7870/html5/thumbnails/22.jpg)
Questions? Concerns? Etc.