[LINK] RFID & Privacy

[Geoffrey Ramadan]

Adam Todd wrote:
> At 12:29 PM 21/10/2006, Geoffrey Ramadan wrote:
>> Hi Linkers
>>
>> As you may have read on my previous post, I understand that our 
>> industry association needs to take a pro-active approach in 
>> addressing privacy concerns.
>
> Geoffrey, I don't think it's the "industry association" that needs to 
> take a pro-active approach.  It's the Users of the technology that 
> need to understand what they are doing and how it can infringe.
I accept that in the end, it is the End User who will make the eventual 
decision and need to be aware of privacy issues.

However, I also accept that us Technologist and Systems Integrators have 
a role to play to make end user aware of privacy. I expect the resulting 
documents produced would assist both the technologist and end users.


>
> There is no point those very implimenters complaining ten years down 
> the track that the technology they deployed leaves them no privacy!
>
> Don't we see that every few years!
>
> Creators and Inventors of technology only ever generally have some 
> "Bright Eyed" purpose for their creation.  It's USERS who have the 
> evil intent.
>
> Often leaving the inventors to wish they'd shot themselves in the head 
> rather than create the technology.
>
>
>> We will probably put together some industry whitepapers and 
>> guidelines, which may eventually lead to a "code of conduct" for our 
>> industry.
>
> Code of Conduct means nothing, when Government is the leading 
> implimentor of privacy invasion.
I am not out to solve the worlds privacy issues... just ours where we 
have some responsibility.

>
> Shops using RFID to track stock from receipt to customer purchase 
> isn't really an issue.  Unless the shop records the RFID ID against 
> some Customer Profile record.
As you have correctly pointed out, the industry has been very focused on 
inventory and asset control. End Users have been subsequently requesting 
human asset tracking.
>
> It's when RFID is used without the "carriers" knowledge and without 
> the intent of the carrier giving information that the issue arises and 
> the Industry can't and won't prevent that.
Agree.... this is going to be hard to stop, though you can try and 
mitigate it (eg. e-passport). And like all risk, you have to weigh up 
the cost relative to the likelihood of the threat.

Also regardless of the use of RFID, you can always think of ways to 
infringe peoples privacy.

Reg
Geoffrey Ramadan

>
>> I would like to asked your assistance.
>>
>> I would like to start with trying to come to some understanding of 
>> privacy principles:
>>
>> a) can these be summarised into several points?
>
> For the present some may be, however in two years time the range of 
> issues will be different, perhaps some new ones, and with application 
> in the field new things are discovered.
>
> What sadly happens, given human history (Bush invading Iraq on the 
> pretence of Weapons of Mas Destruction and 4 years later still none 
> found, but no one is saying anything this month about WMD, it's about 
> insurgents and Terrorists) what is relevant today and policies 
> created, don't allow for changes in the future, because when changes 
> are called for, it's often too late to ensure past action relating to 
> those new protocols are reacted, and of course it takes years for the 
> changes to be considered.
>
> What needs to be included in the Code Of Conduct is a term for 
> instanter reaction to any "new" consequence of a past deployment to 
> remedy that deployment and make it work.
>
> But no one will ever do that!  Because in a way, it's an open 
> admission of liability to an oversight!
>
>
>> b) which ones of these are based in law? (or what is the basis of these)
>
> Well none.  We don't have a law of privacy in Australia.  We have a 
> Privacy Act that is unenforceable except by the Privacy Commissioner, 
> and the Act itself doesn't relate to private parties exchanging or 
> releasing information.
>
> We have no Tort for Privacy in civil law anyway.
>
>