privacy data protection law and rfid
play

Privacy, Data Protection Law, and RFID Irreconcilable Differences? - PowerPoint PPT Presentation

Dec 03, 2023 •246 likes •828 views

Privacy, Data Protection Law, and RFID Irreconcilable Differences? Marc Langheinrich Institute for Pervasive Computing ETH Zurich, Switzerland 17.07.2006 RFIDSec 2006, Graz 1 Public Concern (as seen on TV) 17.07.2006 RFIDSec 2006, Graz 2

  1. Privacy, Data Protection Law, and RFID Irreconcilable Differences? Marc Langheinrich Institute for Pervasive Computing ETH Zurich, Switzerland 17.07.2006 RFIDSec 2006, Graz 1

  2. Public Concern (as seen on TV) 17.07.2006 RFIDSec 2006, Graz 2

  3. Public Concern (as measured by Google) Original numbers by Ravi Pappu, RFID Privacy Workshop @ MIT: November 15, 2003 17.07.2006 RFIDSec 2006, Graz 3

  4. Public Concern (as seen by AmI-Experts) � Optimists: “All you need is really good firewalls.” � Self-Regulation: “It's maybe about letting them find their own ways of cheating, you know…” � Not my Problem: “For [my colleague] it is more appropriate to think about privacy issues. It’s not really the case in my case.” � Hindrance: “Somehow [privacy] also destroys this, you know, sort of, like, creativity...” � Impossible: “I think you can't think of privacy when you are trying out... it's impossible, because if I do it, I have troubles with finding [a] Ubicomp future” Marc Langheinrich: The DC-Privacy Troubadour – Assessing Privacy Implications of DC-Projects. DC Tales Conference, Santorin, 06/2003. 17.07.2006 RFIDSec 2006, Graz 4

  5. Public Concern (as measured by ) Capgemini: RFID and Consumers – what European Consumers Think About Radio Frequency Identication and the Implications for Business. Survey, February 2005 . Available from: www.capgemini.com/news/2005/Capgemini_European_RFID_report.pdf. 17.07.2006 RFIDSec 2006, Graz 5

  6. Should we be concerned about privacy? 17.07.2006 RFIDSec 2006, Graz 6

  7. What is Privacy? � „The right to be let alone.“ � Louis Brandeis, 1890 (Harvard Law Review) � „The desire of people to choose freely Louis D. Brandeis, 1856 - 1941 under what circumstances and to what extent they will expose themselves, their attitude and their behavior to others.“ � Alan Westin („Privacy And Freedom“, 1967) Alan Westin Prof. Emeritus, Columbia University 17.07.2006 RFIDSec 2006, Graz 7

  8. Why Privacy? � Reasons for Privacy � Free from Nuisance Louis D. Brandeis, 1856 – 1941 „The right to be let alone“ (1890) 17.07.2006 RFIDSec 2006, Graz 8

  9. Why Privacy? � Reasons for Privacy � Free from Nuisance � Intimacy Erving M. Goffman, 1922 – 1982 The Presentation of Self in Everyday Life (1959) 17.07.2006 RFIDSec 2006, Graz 9

  10. Why Privacy? � Reasons for Privacy � Free from Nuisance � Intimacy � Free to Decide for Oneself Beate Rössler Protecting the decisional autonomy in one‘s life (2001) 17.07.2006 RFIDSec 2006, Graz 10

  11. Why Privacy? Privacy isn‘t just about keeping secrets – Privacy isn‘t just about keeping secrets – data exchange and transparency are key issues! data exchange and transparency are key issues! � Reasons for Privacy � Free from Nuisance � Intimacy � Free to Decide for Oneself � By Another Name... � Data Protection � Informational Self-Determination Beate Rössler Protecting the decisional autonomy in one‘s life (2001) 17.07.2006 RFIDSec 2006, Graz 11

  12. Privacy Violations? � Violations Due to Crossings of “Privacy” Borders � Prof. Emeritus Gary T. Marx, MIT � “Privacy” Borders � Natural Borders � Social Borders � Spatial/Temporal Borders � Ephemeral Borders RFID-technology makes some of those borders easier to cross RFID-technology makes some of those borders easier to cross 17.07.2006 RFIDSec 2006, Graz 12

  13. Privacy Implications of Smart Environments � Data Collection � Scale (everywhere, anytime) � Manner (inconspicuous, invisible) � Motivation (unspecified, e.g., context) � Data Types � Observational instead of factual data � Data Access � “The Internet of Things” 17.07.2006 RFIDSec 2006, Graz 13

  14. Should we be concerned about RFID? 17.07.2006 RFIDSec 2006, Graz 14

  15. Societal Drivers for RFID Acceptance – Collection and Use � Higher Efficiency (Cheaper Stuff!) � Rebates! (Loyalty Cards) � Targeted Sales (1-1 Marketing) � More Convenience � Getting shopping advice (e.g., allergies) � Simplified handling (return, repairs, access) � Increased Safety � Crime prevention (Ticketing, counterfeiting, CCTV, …) � Homeland security (terrorism, child molesters, …) 17.07.2006 RFIDSec 2006, Graz 15

  16. Example: Loyalty Cards � Emnid Survey Germany (03/2002) � 50% have at least one loyalty card � 72% welcome such offers � 70 Million Cards in Circulation (DE, 12/03) � Average rebate: 1.0-0.5% � 15% of consumers estimate rebate being 5-10% � Minding the Fine Print? � Explicit signature allows detailed data mining � Consequences? 17.07.2006 RFIDSec 2006, Graz 16

  17. Consumer Loyalty Cards – The Dark Side � The Story of Robert Riveras (1998) � Slipped on spilled yoghurt and hurt kneecap. Sued. � Consumer card showed high volume licqour purchases � Settled out of court � Or: Divorce Case � Liking of expensive wines increased alimony payments 17.07.2006 RFIDSec 2006, Graz 17

  18. Consumer Loyalty Cards – Legal Implications � Arson Near Youth House Niederwangen (Berne) � At scene of crime: Migros-tools � Court ordered disclosure of all 133 consumers who bought items on their supermarket card (8/2004) � Arsonist not yet found (11/2005) 17.07.2006 RFIDSec 2006, Graz 18

  19. Aren’t there laws against this stuff? 17.07.2006 RFIDSec 2006, Graz 19

  20. A (Very) Brief History of Privacy Legislation � Justices Of The Peace Act (England, 1361) � Sentences for Eavesdropping and Peeping Toms � „The poorest man may in his cottage bid defiance to all the force of the crown. It may be frail; its roof may shake; … – but the king of England cannot enter; all his forces dare not cross the threshold of the ruined tenement“ � William Pitt the Elder (1708-1778) English Parliamentarian Addressing the House of Commons in 1763 � First Data Protection Law in the World in Hesse 1970 � 17.07.2006 RFIDSec 2006, Graz 20

  21. Privacy Laws and Regulations � Two Main Approaches � Sectorial (“Don’t Fix if it Ain’t Broken”) � Omnibus (Precautionary Principle) � US: Sector-specific Laws, Minimal Protections � Strong Federal Laws for Government � Self-Regulation, Case-by-Case for Industry � Europe: Omnibus, Strong Privacy Laws � Law Applies to Both Government & Industry � Privacy Commissions in Each Country as Watchdog 17.07.2006 RFIDSec 2006, Graz 21

  22. US Public Sector Privacy Laws (Federal) � Federal Communications Act, 1934, 1997 (Wireless) � Omnibus Crime Control and Safe Street Act, 1968 � Bank Secrecy Act, 1970 � Privacy Act, 1974 � Right to Financial Privacy Act, 1978 � Privacy Protection Act, 1980 � Computer Security Act, 1987 � Family Educational Right to Privacy Act, 1993 � Electronic Communications Privacy Act, 1994 � Freedom of Information Act, 1966, 1991, 1996 � Driver’s Privacy Protection Act, 1994, 2000 17.07.2006 RFIDSec 2006, Graz 22

  23. US Private Sector Laws (Federal) � Fair Credit Reporting Act, 1971, 1997 � Cable TV Privacy Act, 1984 � Video Privacy Protection Act, 1988 � Health Insurance Portability and Accountability Act, 1996 � Children‘s Online Privacy Protection Act, 1998 � Gramm-Leach-Bliley-Act (Financial Institutions), 1999 17.07.2006 RFIDSec 2006, Graz 23

  24. EU Data Directive � 1995 Data Protection Directive 95/46/EC � Sets a Benchmark For National Law For Processing Personal Information In Electronic And Manual Files � Facilitates Data-flow Between Member States And Restricts Export Of Personal Data To „Unsafe“ Non-EU Countries � Applies to both Public and Private Sector � Data collection illegal, unless consented or authorized � Follows OECD Fair Information Principles (1980) 17.07.2006 RFIDSec 2006, Graz 24

  25. Fair Information Principles (FIP) � Drawn Up By the OECD, 1980 � “Organisation for economic cooperation and development” � Voluntary guidelines for member states � Goal: ease transborder flow of goods (and information) � Six Principles (simplified) Openness Collection Limitation 1. 4. Data access and control Data subject’s consent 2. 5. Data security Use Limitation 3. 6. � Core Principles of Most Modern Privacy Laws � Implication: Technical solutions must support FIP 17.07.2006 RFIDSec 2006, Graz 25

  26. Data Protection Law and RFID 25th Intl. Conf. of Data Protection and Privacy Commissioners, 11/03 � All basic principles of data protection law have to be observed when designing, implementing and using RFID technology. In particular any controller – before introducing RFID tags linked to personal � information or leading to customer profiles – should first consider alternatives which achieve the same goal without collecting personal information or profiling customers; (Collection Limitation) if the controller can show that personal data are indispensable, they must � be collected in an open and transparent way ; (Openness, Consent) personal data may only be used for the specific purpose for which they � were first collected and only retained for as long as is necessary to achieve (or carry out) this purpose, and (Use Limitation) whenever RFID tags are in the possession of individuals, they should have � the possibility to delete data and to disable or destroy the tags. (Access and Control) Resolution on Radio Frequency Identification. www.privacyconference2003.org/commissioners.asp 17.07.2006 RFIDSec 2006, Graz 26

  27. Let’s just build privacy-law compliant RFID-Systems 17.07.2006 RFIDSec 2006, Graz 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT 15 TH November 2003 By Rakesh Kumar Wipro Technologies India Privacy Consumers Perspective Privacy can be defined as customers ability to

284 views • 17 slides
EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

28/05/15 Outline Data privacy and the evolving regulation Privacy threats from LBS to geoSN EveryWare Lab Main (location) privacy protection techniques Data Management for Mobile Protecting geo-tagged resource publication

411 views • 7 slides
#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy across hybrid IT Farshad Ghazi - Moderator Mat Spitz Lacy Gruen #MicroFocusCyberSummit Reiner Kappenberger Cloud-based Data Privacy and Protection:

453 views • 10 slides
Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de

Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de

Privacy Challenges in RFID Gildas Avoine Information Security Group Universit e catholique de Louvain Belgium SUMMARY Background about RFID Privacy: Information Leakage Privacy: Malicious Traceability Is Privacy a Research Challenge?

343 views • 32 slides
Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international

Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international

Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international efforts to develop frameworks to enhance privacy while realising big datas benefits Seminar arranged by the Office for Personal Data Protection, Macao,

305 views • 8 slides
Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human

Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human

Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human Right (1/2) From the United Nations Universal Declaration of Human Rights: Article 12 No one shall be subjected to arbitrary interference with his

338 views • 7 slides
Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location

Mobile Networks - Module H2 Privacy in Wireless Networks privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; privacy preserving routing in ad hoc networks; Slides adapted from Security and

909 views • 55 slides
Data Synchronization in Privacy-Preserving RFID Authentication Schemes S ebastien CANARD and

Data Synchronization in Privacy-Preserving RFID Authentication Schemes S ebastien CANARD and

Data Synchronization in Privacy-Preserving RFID Authentication Schemes S ebastien CANARD and Iwen COISEL Orange Labs R&D - Caen - France RFIDSec 08 - 10 th July 2008 Outline 1 General Context 2 A synchronization problem 3 A

714 views • 33 slides
RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium February 2011, Corua, Spain RFID Primer RFID Primer Definition Radio frequency identification'' (RFID) means the use of electromagnetic radiating waves

729 views • 47 slides
Web and privacy Privacy and protection of personal data specific purpose (to collect and

Web and privacy Privacy and protection of personal data specific purpose (to collect and

Web and privacy Industrial perspectives on Cryptography A. Esterle - ENISA Antwerp 29 May 2008 www.enisa.europa.eu Web and privacy Privacy and protection of personal data specific purpose (to collect and process it) subject

732 views • 7 slides
Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Privacy Legislation - History 1950 Art. 8 ECHR: Everyone has the right to respect for his private and family

413 views • 4 slides
RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium April 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium April 2011,

RFID Security and Privacy Gildas Avoine Information Security Group UCL Belgium April 2011, Rennes, France Summary RFID Primer. Examples. Capabilities. Particularities. Authentication in RFID. Theory. Practical

934 views • 64 slides
Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019

Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019

CONSUMER AWARENESS WORKSHOP on Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019 Kolkata OBJECTIVE Engage with the consumer and civil society organisations (CSOs) in tier II locations to

623 views • 50 slides
29.09.2007 No Shortage of Public Fears RFID and Privacy The risk [RFID] poses to humanity

29.09.2007 No Shortage of Public Fears RFID and Privacy The risk [RFID] poses to humanity

29.09.2007 No Shortage of Public Fears RFID and Privacy The risk [RFID] poses to humanity is on Marc Langheinrich Institute for Pervasive Computing a par with nuclear weapons. Dr. Katherine Albrecht Katherine Albrecht,

315 views • 4 slides
A New Framework for RFID Privacy Robert H. Deng, Yingjiu Li, Moti Yung, Yunlei Zhao ESORICS 2010

A New Framework for RFID Privacy Robert H. Deng, Yingjiu Li, Moti Yung, Yunlei Zhao ESORICS 2010

A New Framework for RFID Privacy Robert H. Deng, Yingjiu Li, Moti Yung, Yunlei Zhao ESORICS 2010 Outline Introduction. Model of RFID Systems. Adaptive Completeness and Mutual Authentication. zk-Privacy: Formulation, Clarifications

456 views • 35 slides
Privacy in Ubiquitous Computing Options, Trends, and Implications of Smart Objects Marc

Privacy in Ubiquitous Computing Options, Trends, and Implications of Smart Objects Marc

Privacy in Ubiquitous Computing Options, Trends, and Implications of Smart Objects Marc Langheinrich Institut fr Pervasive Computing ETH Zrich Februar 11. 2006 ZiF-Workshop: Privacy and 1 Surveillance Technologies Privacy in Ubiquitous

573 views • 32 slides
Privacy and RFID Irreconcilable Differences? Marc Langheinrich Institute for Pervasive Computing

Privacy and RFID Irreconcilable Differences? Marc Langheinrich Institute for Pervasive Computing

T Labs Usability Colloquium June 25, 2007 Privacy and RFID Irreconcilable Differences? Marc Langheinrich Institute for Pervasive Computing ETH Zurich, Switzerland C.A.S.P.I.A.N. Consumers against supermarket privacy invasions and

451 views • 25 slides
MU MUSTANG ANGS MHS Administrative Staff Dr. Donna Richardson, Principal Ms. Janetta

MU MUSTANG ANGS MHS Administrative Staff Dr. Donna Richardson, Principal Ms. Janetta

WELCOMES NEW & RETURNING MU MUSTANG ANGS MHS Administrative Staff Dr. Donna Richardson, Principal Ms. Janetta Lucas, AP of Curriculum, AP Cambridge House Mrs. Mary Flynn, AP Harvard House Mr. Brian Holloway, AP Princeton

322 views • 20 slides
Objectives Objectives Review the magnitude of slips, trips & falls within ASIT facilities

Objectives Objectives Review the magnitude of slips, trips & falls within ASIT facilities

The Arkansas Self-Insurance Trust and Mike Johnson & Associates present Preventing Slips, Trips & Falls Todays Presenter: Darrell G. Toenjes, ARM, CHSP, CWCP Darrell G. Toenjes, ARM, CHSP, CWCP Healthcare Risk Management Consultant

396 views • 13 slides
Running Training with HRV Listen to your Heart! Marcel van der Kuil Portland, Quantified

Running Training with HRV Listen to your Heart! Marcel van der Kuil Portland, Quantified

Running Training with HRV Listen to your Heart! Marcel van der Kuil Portland, Quantified Self, Sep 22 2018 Context About me Married with 3 children. Computer/Data Scientist Independent Sports& Health Tech

541 views • 37 slides
Clouded Thoughts Air Quality & Cognitive Performance Arthur Amorim January 23, 2019 Arthur

Clouded Thoughts Air Quality & Cognitive Performance Arthur Amorim January 23, 2019 Arthur

Clouded Thoughts Air Quality & Cognitive Performance Arthur Amorim January 23, 2019 Arthur Amorim Clouded Thoughts Question : How does air quality affect the decision-making of individuals performing high level of inductive reasoning?

887 views • 77 slides
But when the seventy years are fulfilled, I will punish the king of Babylon and his nation, the

But when the seventy years are fulfilled, I will punish the king of Babylon and his nation, the

But when the seventy years are fulfilled, I will punish the king of Babylon and his nation, the land of the Babylonians, for their guilt, declares the Lord, and will make it desolate forever. Jeremiah 25:12 1 King Belshazzar gave a great

739 views • 48 slides
Heaven: A Sneak Preview LESSON 7 Your Response to the Lesson What was most interesting in the

Heaven: A Sneak Preview LESSON 7 Your Response to the Lesson What was most interesting in the

Heaven: A Sneak Preview LESSON 7 Your Response to the Lesson What was most interesting in the Bible story? What activity was most enjoyable? What new things did you learn? Activity A Heavenly Plans Make plans for your life in heaven. What

362 views • 22 slides

More recommend