[LINK] Airport to tag passengers
jwhit at melbpc.org.au
Sun Oct 22 22:05:56 AEST 2006
Others please jump in here.
At 08:36 PM 22/10/2006, Geoffrey Ramadan wrote:
>Jan I am trying to understand how do you weigh
>up differing and conflicting "rights".
>Does the greater need for safety, outweigh privacy issues?
That is the choice of the individual, I reckon. I
may choose to risk 'safety' to retain an ability
to travel without being surveilled. The
comparison here is a straw man because we have
already agreed it is a dumb system and wouldn't
achieve the goal anyway. The bargain is a no
brainer. I won't trade my privacy for a smoke and
mirrors promise of something that won't be
delivered. The exchange is unbalanced.
In other circumstances the choice must be
maintained. For example, tagging children may be
acceptable to some paranoid parents. But others
would never subject their children to being
cattle (e-sheep, given the latest stories from the agriculture arena).
>>> From the RFID privacy perspective, there are
>>> guidelines you can turn to. So far from what
>>> I can tell, this application meets those guidelines.
>>Guidelines are not obligatory. What guidelines
>>are you referring to? What about compliance
>>with the Privacy Act, which IS law, and which IS obligatory.
>I indicated in a previous post the guidelines as mentioned in:
These aren't official, at least what is in the
media release. These are from a resolution that binds no one.
>What elements of this, do you think this system does not meet?
I am not convinced that many of the applications
follow the first principle listed:
a) any controller before introducing RFID tags
linked to personal information or leading to
customer profiles should first consider
alternatives which achieve the same goal without
collecting personal information or profiling customers;
Note this says customers, not staff, but even
staff/employee applications should use this as a
first decision point. If there are alternatives,
use them instead. RFID vendors won't like this, I'm sure.
>Also what element of the privacy act do you think they would not comply with?
It depends on the implementation. Any of the
privacy principles could be breached in the
applications. The proposed code coming out of GS1
says that the Act must be followed. But you know
what? No penalties if they don't. Is that
rigorous enough? I don't think so. It's a
signatory instrument, not part of the law, so no
new players come under the code that aren't
already covered by the Act. So again, no
penalties unless the Commissioner takes it on.
Have you heard of any yet? Me neither.
I also did a bit of reading about the scanning
code of practice. Only applies to supermarkets!
And yet, if RFID is taking the place of barcode
in the scanning, no change there to cover other retail implementations.
I'm still waiting for the answer about the back
office use of the data. If there is this supposed
benefit for warranty identification, there would
need to be a matching record made at time of
purchase, right? Is that going to be at the
choice of the purchaser? What happens when an
item with a chip sells the item? Guess what. The
database behind it is then wrong.
Can RFID chips be written to? Can the information
be changed? At whose discretion?
How can a person who buys a product with an
embedded chip know that it is disabled? Or is this a 'trust us' situation?
from the resolution:
d) whenever RFID tags are in the possession of
individuals, they should have the possibility to
delete data and to disable or destroy the tags
Oh, delete data. It doesn't say from where. Will
sellers delete my data from their backend
systems? How will I know? Who do I tell? Can I do
that at time of purchase or can I do it in the future?
I'm watching a movie...Bourne Supremacy. Lots of
comms chips in this one, blue tooth, etc. He uses
it to advantage. I'm trying to think of an
example where the power is reversed for RFID.
Maybe Professor Klerphel has some ideas on that,
where the head of the company that implements
RFID is the one whose personal activities are
exposed - their kids? their wife's buying habits?
their visits to the local 'gentleman's club' for
the afternoon? hmmmmm..... I know, let's put RFID
chips on all the hookers in St Kilda.....then for
public health reasons, there can be a database of
all of their customers. I like that idea!! Or
their GPS data could just be captured by the
police automatically, just in case the tax office
wants to check if they are paying their proper
FBT. I know that's not an RFID application
(yet?), but maybe it will get a point across as
to why ignoring privacy for the plebs can be a risk to the top dogs, too.
JLWhitaker Associates, Melbourne Victoria
jwhit at janwhitaker.com
'Seed planting is often the most important step.
Without the seed, there is no plant.' - JW, April 2005
_ __________________ _
More information about the Link