[LINK] Microsoft tracks people with RFID tags
Roger.Clarke at xamax.com.au
Fri Aug 22 08:38:16 EST 2008
At 23:30 +1000 21/8/08, Geoffrey Ramadan wrote:
>If I provided a voluntary service to attendee where: ...
>Would I also be required to go through ...
Fair enough: I opened my mouth, so I'd better deliver *something*!
Agreed: the scale of investment in the risk assessment activities,
and in the risk management design, needs to reflect the nature of the
problem. (And the 3 or 4 decent sets of PIA Guidelines around the
world say that).
Working through the list:
- risk assessment
You need it. (And you're doing it right now)
Yours needs to be bigger than the back of an envelope, but not expensive
You need to see it from the perspective of the diverse array of delegates
that may turn up.
And of course you need to think about the potential negative impact of
unconsented use, data leakage, scepticism, and plain old misunderstanding
Jan may be able to help with some references to codes or guidelines -
although I'm not aware of any existing that would get the tick from any
privacy advocacy organisation
You'd be ill-advised not to check out the ideas on a suitable spread of
people. (And you're doing some of it right now)
- risk management plan
Depending on the outcomes of the assessment, you'll need something, and
more than just a statement or two. Training for the people involved so
that they can provide convincing answers is an important aspect. The
design aspects (at a level a bit deeper than the sketch you provided)
need to be looked at by a sceptical outsider
- post implementation audit
You'll test that it works as it was intended, and that the database isn't
open to abuse, and that the staff actually understood what they were told
- ensure enforceable undertakings
The wording of your statements determines whether you're actually giving
undertakings or just providing the vacuous waffle your lawyer would write
- ensure enforcement process and appropriate sanctions
It would be really nice if there were a framework in place, but it's
pitiful, and you have lots of loop-holes available to you
My quick reaction is that the scale of effort required depends very
much on whether "voluntary" is meaningful.
Regards ... Roger
At 23:30 +1000 21/8/08, Geoffrey Ramadan wrote:
>Roger Clarke wrote:
>> At 15:43 +1000 21/8/08, Geoffrey Ramadan wrote:
>>> If you read the rest of the article you will note:
>>> "A person's entry will trigger an animated avatar on the big in-room screen
>>> using cutting-edge motion detection..
>>> No personally identifiable information, such as names, will be displayed
>>> alongside the avatar...
>> An avatar isn't personally identifiable?
>> How then can the rest of the aims of the scheme be achieved?
>>> Delegates will also be educated on how to opt-out or remove the
>>>RFID tag, ...
>>> ... but Microsoft is hoping most will choose to participate...
>>> The network is intended to help delegates see when rooms are filling up,
>>> identify personal networking opportunities"
>> I wonder what measures are being used to ensure that no-one
>>interprets that hope as a condition of employment, coercion, or
>>> i.e. appropriate consideration for peoples privacy has been considered.
>> It's just a tad more complicated than that, Geoffrey.
>> Comprehensive risk assessment incl. consultation? Comprehensive
>>risk management plan? Genuine consent? Post-implementation audit
>>of the key design features? Enforceable undertakings? Enforcement
>> And that's off the top of the head, without actually looking at
>>the 'Code' that Jan worked on, and that has been comprehensively
>>ignored by the industry that used its preparation as evidence that
>>it was privacy-sensitive.
>If I provided a voluntary service to attendee where:
>1) I recorded their personal information (name and mobile phone
>number) on a clip board which was then entered into a central
>2) issues barcoded name badges to attendees
>3) have operators scan these bacodes upon entry to a function
>4) SMS attendees details of numbers and also allowed access say via
>a wap interface (no name just numbers) to their PDA.
>5) as part of the completed attendee form I had a privacy statement
>stating that information was not going to be used for purposes other
>than this application. Data will be deleted at the end of the
>Would I also be required to go through
>- risk assessment
>- risk management plan
>- post implementation audit
>- ensure enforceable undertakings
>- ensure enforcement process and appropriate sanctions?
Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in Info Science & Eng Australian National University
Visiting Professor in the eCommerce Program University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
More information about the Link