Interview

RFID privacy, security should start with design

Robert Westervelt, News Editor

    Requires Free Membership to View

 It is essential that the various stakeholders work together to develop, implement and enforce their own guidelines for privacy-positive use of RFID technologies.
Toby Stevens,
directorEnterprise Privacy Group
Do you see IT vendors addressing RFID and privacy in a positive way?
To date, vendors have largely - and quite correctly - assumed that privacy is the responsibility of the integrator rather than the RFID equipment supplier. No amount of security and privacy controls can be effective if the end system is designed to ignore or circumvent privacy needs. Moreover, privacy and security implications are never fully understood in emerging technologies: it takes time to identify the problems and architect solutions. The likes of RSA and IBM are now beginning to do just that. We now have to encourage end users to recognize privacy needs and specify them in the design and procurement phases of their implementations so that privacy becomes the norm, not a value-add feature. What role should government policy makers play in developing privacy guidelines for the use of RFID?
There is an important distinction here between policy and guidelines. The European Commission is keen to mandate policy controls for RFID privacy, and similar moves are afoot in a number of US States. Yet there are numerous excellent guidelines out there, such as those gathered by the EC Article 29 Working Group for its analysis of RFID privacy. A number of high-profile privacy incidents arising from companies and government departments that have failed to heed this advice has spurred governments to consider legislative controls.
RFID privacy:
RSA Conference panel says privacy legislation too premature for RFID
What are some of the challenges to creating policy to protect consumers?
What is required here is not law that specifically controls the usage of RFID technologies, but legislative guidelines to ensure that implementers, consumers and law enforcement authorities understand that privacy and data protection laws apply to RFID systems in the same way as they do to any other technology implementation. Other disruptive technologies - for example the telephone, Internet, cellphones - created security and privacy concerns, but society found a comfortable balance for them, and the same will happen for RFID. What can be done without killing the technology?
If policy-makers are to avoid killing off RFID, then it is essential that the various stakeholders work together to develop, implement and enforce their own guidelines for privacy-positive use of RFID technologies.

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: