Scanning with a Purpose – Supporting the Fair Information Principles in RFID Protocols

  • Christian Floerkemeier
  • Roland Schneider
  • Marc Langheinrich
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3598)

Abstract

Today’s RFID protocols that govern the communication between RFID readers and tags are solely optimized for performance, but fail to address consumer privacy concerns by appropriately supporting the fair information practices. In this paper we propose a feature set that future privacy-aware RFID protocols should include in order to support the fair information principles at the lowest possible level – the air interface between readers and tags – and demonstrate that the performance impact of such an extension would be within acceptable limits. We also outline how this feature set would allow consumer interest groups and privacy-concerned individuals to judge whether an RFID reader deployment complies with the corresponding regulations through the use of a watchdog tag.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Resolution on Radio Frequency Identification. In: 25th International Conference of Data Protection and Privacy Commissioners (November 2003)Google Scholar
  2. 2.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Implementing P3P Using Database Technology. In: Proceedings of the IEEE 19th International Conference on Data Engineering, Bangalor, India, March 2003, pp. 595–606. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  3. 3.
    Auto-ID Center. Draft protocol specification for a 900 MHz Class 0 Radio Frequency Identification Tag (2003)Google Scholar
  4. 4.
    Cranor, L., Langheinrich, M., Marchiori, M., Reagle, J.: The Platform for Privacy Preferences 1.0 (P3P1.0) Specification. W3C Candidate Recommendation (December 2000)Google Scholar
  5. 5.
    EPCglobal. EPC Tag Data Specification 1.1 (November 2003)Google Scholar
  6. 6.
    European Commission. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (November 1995)Google Scholar
  7. 7.
    Finkenzeller, K.: RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification. John Wiley & Sons, Ltd., Chichester (2003)Google Scholar
  8. 8.
    Garfinkel, S.L.: Adopting Fair Information Practices in Low-Cost RFID Systems. In: Privacy Workshop at the International Conference on Ubiquitous Computing 2002 (Ubicomp 2002) (September 2002)Google Scholar
  9. 9.
    Gershman, A., Fano, A.: A wireless world: The Internet sheds its chainsGoogle Scholar
  10. 10.
    International Organization for Standardization. ISO/IEC 18000: Information technology automatic identification and data capture techniques - Radio frequency identification for item management air interface (2003)Google Scholar
  11. 11.
    Juels, A., Rivest, R.L.: The blocker tag: Selective blocking of RFID tags for consumer privacy. In: 10th Annual ACM CCS 2003 (May 2003)Google Scholar
  12. 12.
    Langheinrich, M.: A privacy awareness system for ubiquitous computing environments. In: Borriello, G., Holmquist, L.E. (eds.) UbiComp 2002, vol. 2498, pp. 237–245. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. 13.
    Mealling, M.: Auto-ID Object Name Service (ONS) 1.0 (2003)Google Scholar
  14. 14.
    Organisation for Economic Co-operation and Development (OECD). Recommendation of the Council Concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (September 1980)Google Scholar
  15. 15.
    Privacy Rights Clearinghouse. Position statement on the use of RFID on consumer productsGoogle Scholar
  16. 16.
    Sarma, S.E., Weis, S.A., Engels, D.W.: RFID Systems and Security and Privacy Implications. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002, vol. 2523, pp. 454–470. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Stajano, F.: Security for ubiquitous computing. John Wiley & Sons, Ltd., Chichester (2002)CrossRefGoogle Scholar
  18. 18.
    Wan, D.: Magic medicine cabinet: A situated portal for consumer healthcare. In: Gellersen, H.-W. (ed.) HUC 1999, vol. 1707, pp. 352–355. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  19. 19.
    Weiser, M., Gold, R., Brown, J.: The origins of ubiquitous computing research at PARC in the late 1980s. IBM Systems Journal, 693–696 (1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Christian Floerkemeier
    • 1
  • Roland Schneider
    • 1
  • Marc Langheinrich
    • 1
  1. 1.Institute for Pervasive ComputingETH ZurichSwitzerland

Personalised recommendations