The below article was recently published in Linda Ockwell-Jenner's Stepping Stone newsletter issue 39.
The "Remove before washing" tag on the inside of your new sweater, the
special key that is needed to start your car, and the dashboard mounted
device that lets you use the fast lane, these are examples of Radio
Tags. Radio Frequency Identification (RFID), or Radio Tags, are an
automatic identification technology, used in similar applications as bar
codes, the lines and spaces that are scanned at the grocery store, and
two dimensional symbols, the rectangle of static that gets scanned by
shipping companies.
Q.E.D. Systems contributed heavily to the development of bar codes and
two dimensional symbols and has become a clearing house for automatic
identification standards. Q.E.D. is helping build a risk analysis
framework for RFID privacy and security. On weekly conference calls and
in quarterly face-to-face meetings; end users, solution providers, and
international GS1 organizations gather to discuss how this new
technology can satisfy consumer protection while capitalizing on this
promising technology.
RFID has been around since Harry Stockman wrote "Communications by Means
of Reflected Radar" in 1948, however it was not until the 1990s that the
price came down far enough for commercial use in highway toll
collection. In 2003 privacy became a hot button in the RFID industry
when Italian clothing manufacturer Benetton put RFID tags into its
clothing brand Sisley.
It is no surprise that since 2003 numerous organizations have formed to
discuss privacy and security matters relating to the use of RFID
technology. The Center for Democracy and Technology (CDT) released the
RFID Privacy Best Practices document which covers notice, choice and
consent, information sharing of tag data, and security. The Electronic
Privacy Information Center (EPIC) and the Electronic Frontier Foundation
(EFF) dedicate time and resources to advocating privacy concerns and
gather RFID privacy related information and news.
EPCglobal, a key player in the retail RFID industry specifications,
gathers subscribers to participate in the development of the Electronic
Product Code (EPC) which is their own networking RFID product.
Subscribers participate in the standards development process through
action groups. To address the above mentioned security issues,
EPCglobal's product data protection committee (PDPC) formed to study,
analyze, and recommend a set of security, privacy and authentication
requirements.
Some of the same organizations that participate within EPCglobal, also
participate with international standards bodies and their national
equivalent. Groups such as the International Organization for
Standardization (ISO), the American National Standards Institute (ANSI),
Standards Canada, Association Francaise de Normalisation (AFNOR),
Deutsches Institut für Normung (DIN), the National Institute for
Standards and Technology (NIST), AIM Global and the Information
Protection Commissioner (IPC) of Ontario, Canada are developing privacy
and security documents which will serve as best practices, guidelines
and standards for multiple industries.
Q.E.D. Systems recently presented an overview of risks and
vulnerabilities to EPCglobal. This work summarized the efforts of AIM
Global RFID Experts Group, NIST, and the freight container industry;
while adding Q.E.D.'s assessment of the viability of proposed
countermeasures. For further information on Q.E.D. Systems services in
the area of privacy and security contact Matthew J. Harmon at
matthew.harmon@qed.org.
- Log in to post comments