[LINK] Microsoft tracks people with RFID tags

Jan Whitaker jwhit at melbpc.org.au
Fri Aug 22 09:12:37 AEST 2008 

At 08:38 AM 22/08/2008, Roger Clarke wrote:
>Working through the list:
>
>- risk assessment
>    You need it.  (And you're doing it right now)
>    Yours needs to be bigger than the back of an envelope, but not expensive
>    You need to see it from the perspective of the diverse array of delegates
>    that may turn up.
>    And of course you need to think about the potential negative impact of
>    unconsented use, data leakage, scepticism, and plain old misunderstanding
>
>    Jan may be able to help with some references to codes or guidelines -
>    although I'm not aware of any existing that would get the tick from any
>    privacy advocacy organisation

The code I was involved with was for retail applications ONLY. The 
need is for something much broader.

If the Privacy Acts that govern any technology or even non-technology 
behaviour is too broad for making implementation decisions, then the 
sorts of areas that Roger mentions need to be considered in instances 
when these sorts of information collection procedures are introduced. 
It does no one any good to take the high level principles and say 
merely 'we comply' without analysing the actual project and processes 
and their implications.

The retail code is less a privacy policy and more a code of practice: 
what is done or not done to comply with the Act.


>- consultation
>    You'd be ill-advised not to check out the ideas on a suitable spread of
>    people.  (And you're doing some of it right now)

and that includes the stakeholders who will be involved at the coal 
face and those who will be offered the opportunity to use the system. 
The person whose info will be collected should be someone NOT 
involved in spruiking it under the rationale of 'well, I'll be doing 
it, so everyone else will feel the same'. Better to have an 
independent researcher with no bias toward the system to ask a range 
of people NOT involved in the project.

This is probably work to be done by the company offering the system 
so the buyers don't have to spend resources over and over doing the 
same thing. However, that research needs to be open, including the 
methodology used, the number of people responding, the questions 
asked, and any incentives used as part of the research process to 
show the answers weren't 'sweetened'.


>- risk management plan
>    Depending on the outcomes of the assessment, you'll need something, and
>    more than just a statement or two.  Training for the people involved so
>    that they can provide convincing answers is an important aspect.  The
>    design aspects (at a level a bit deeper than the sketch you provided)
>    need to be looked at by a sceptical outsider

Yeah, I think the check-out staff at Safeway/Woolies are tired of my 
short lectures about their latest 'loyalty' card. They had nothing to 
do with it!


>- post implementation audit
>    You'll test that it works as it was intended, and that the database isn't
>    open to abuse, and that the staff actually understood what they were told

And is there/was there a clear complaints chain? If there were 
complaints, is that information available for the post audit or was 
it just 'she'll be right' answers to the complainant to get them out 
of there so the organisers could get on to 'more important' things? 
How many times have you stood on the platform of some train station 
cursing that you're about to miss a meeting, but the train operators 
'get off the hook' with a mere 'we are sorry for any inconvenience 
caused'? I don't think the operators understand how much the anger 
increases and smolders in the individual every bloomin' time that line is used.


>- ensure enforceable undertakings
>    The wording of your statements determines whether you're actually giving
>    undertakings or just providing the vacuous waffle your lawyer would write

see above re stating comliance versus actualising the compliance


>- ensure enforcement process and appropriate sanctions
>    It would be really nice if there were a framework in place, but it's
>    pitiful, and you have lots of loop-holes available to you
>
>My quick reaction is that the scale of effort required depends very
>much on whether "voluntary" is meaningful.

Not only meaningful, but fulfilled through the entire process. 
Imagine a computer program or a network [to bring this somewhat back 
to Link issues] where your message or task gets almost to the end, 
but then falls into a black hole, never to be seen again. There is a 
huge amount of faith in the holding organisation that says they will 
'destroy' the collected data *when no longer needed* [my words and 
emphasis]. Who checks? How do you prove a negative? It's just not 
done. I would not be surprised if in all the hubbub that is involved 
in living through a conference that these final steps are NOT done. 
So then what?

Just some more things to add to the mix.

Jan



Melbourne, Victoria, Australia
jwhit at janwhitaker.com
business: http://www.janwhitaker.com
personal: http://www.janwhitaker.com/personal/
blog: http://janwhitaker.com/jansblog/

Our truest response to the irrationality of the world is to paint or 
sing or write, for only in such response do we find truth.
~Madeline L'Engle, writer

Writing Lesson #54:
Learn to love revision. Think of it as polishing the silver for 
guests. - JW, May, 2007
_ __________________ _


-- 
No virus found in this outgoing message.
Checked by AVG. 
Version: 7.5.526 / Virus Database: 270.6.6/1626 - Release Date: 21/08/2008 6:54 PM

More information about the Link mailing list