[LINK] myki

[Roger Clarke]

At 19:02 -0300 17/10/12, Fernando Cassia wrote:
>well, privacy advocates swear contact based systems are safer that
>contactless due to the inability of anyone to read your data 
>remotely using RF...

Privacy (and consumer) advocates are generally more concerned about:
-   systemic risk than opportunistic risk
-   second-party risk than third-party risk

Put another way, the odd passer-by who opportunistically grabs small 
amounts of sensitive data isn't all that big a deal.

The much bigger issue is the systemic capture of large amounts of 
sensitive data, consistently identified, and then available for 
exploitation by the operator, and by anyone else who gets access to 
the data collection, and for purposes additional to the data's 
original purpose.

But agreed:  a poorly-designed scheme that involves the 'broadcast' 
of data (even over NFC's 5-10cm rather than RFID's bigger range) is 
less secure than a scheme that uses controlled exchange of data along 
the closed connection formed by a contact-based chip in a reader.

-- 
Roger Clarke                                 http://www.rogerclarke.com/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Faculty of Law               University of NSW
Visiting Professor in Computer Science    Australian National University