Ateneo de Manila University explores data security in the use of RFID
All around the world today, Radio Frequency Identification (RFID) is getting widespread attention. For the technology to work, data is electronically encoded and stored in a smart tag which are then picked up during use by a reader via radio waves. Once captured, the data can be turned over to and processed by a computer.
RFID’s applications and potential uses are as varied as they are numerous. In the transportation sector, for instance, it is now common to see contactless smart cards or tickets equipped with RFID tags being used to ride buses, trains, and other public transportation. The convenience it has facilitated is hard to deny, with passengers now needing only to tap a card or ticket to use their preferred mode of transport. In retail, the same technology is being used by the likes of Amazon Go, where RFID tags and readers allow customers to just grab items off the shelves and leave. The tags attached to the items are processed by a reader upon exit, and the store will automatically charge the items bought to the customer’s Amazon account. No more long queues at the checkout counter! For companies, in general, RFID is being used for such purposes as keeping track of employee attendance and facilitating employee access to certain areas, systems, applications and other organization resources.
Amid all this excitement, though, should be a sobering reminder that innovation and emerging technologies, while vital to the economic growth of any country, must not be at the expense of the fundamental rights and freedoms of the people.
With RFID, it’s worth noting that privacy-related issues have been raised ever since it was first introduced. They include concerns about its use by both the government and the private sector when prying into the lives of the people via surreptitious tracking and monitoring. An RFID tag, after all, can record unique identifiers assigned to a individual, which could then, in turn, reveal information about him or her directly or indirectly. A simple loyalty card equipped with an RFID technology can give a general picture of a person’s spending habits or preferences and then link to that person’s other records in the possession of the company managing the card, and even its affiliates.
Given the extent of information involved, there are still a couple of other risks. An individual may be identified or associated with a different data set, which could give rise to many data quality issues. Once data systems are interconnected, profiling will also be so much easier and could make way for all sorts of discriminatory programs or actions, intended or otherwise. Loss of control by a person over his or her personal data will also be inevitable, given the way companies like to share their databases with subsidiaries, affiliates, service providers, and other third parties. Any one of them could use the data for unauthorized purposes. Any one of them could be potential targets for hackers and fraudsters who are certain to take interest in the trove of personal data in their custody.
With these, and as RFID’s capabilities continue to evolve, authorities need to keep up and regularly monitor its development. Whenever possible, appropriate regulations should be instituted. For its proponents and developers, focus should also be given to mechanisms that guarantee security of RFID systems, and not just those that ensure its effectiveness and reliability. Users, in the meantime, must take into account all possible risks posed by the technology—particularly those relating to a person’s privacy—and prop them against its promised benefits. They need to weigh both sides and make a determination whether those benefits make assuming the risks worthwhile. That would be the responsible thing to do.
RFID’s applications and potential uses are as varied as they are numerous. In the transportation sector, for instance, it is now common to see contactless smart cards or tickets equipped with RFID tags being used to ride buses, trains, and other public transportation. The convenience it has facilitated is hard to deny, with passengers now needing only to tap a card or ticket to use their preferred mode of transport. In retail, the same technology is being used by the likes of Amazon Go, where RFID tags and readers allow customers to just grab items off the shelves and leave. The tags attached to the items are processed by a reader upon exit, and the store will automatically charge the items bought to the customer’s Amazon account. No more long queues at the checkout counter! For companies, in general, RFID is being used for such purposes as keeping track of employee attendance and facilitating employee access to certain areas, systems, applications and other organization resources.
Amid all this excitement, though, should be a sobering reminder that innovation and emerging technologies, while vital to the economic growth of any country, must not be at the expense of the fundamental rights and freedoms of the people.
With RFID, it’s worth noting that privacy-related issues have been raised ever since it was first introduced. They include concerns about its use by both the government and the private sector when prying into the lives of the people via surreptitious tracking and monitoring. An RFID tag, after all, can record unique identifiers assigned to a individual, which could then, in turn, reveal information about him or her directly or indirectly. A simple loyalty card equipped with an RFID technology can give a general picture of a person’s spending habits or preferences and then link to that person’s other records in the possession of the company managing the card, and even its affiliates.
Given the extent of information involved, there are still a couple of other risks. An individual may be identified or associated with a different data set, which could give rise to many data quality issues. Once data systems are interconnected, profiling will also be so much easier and could make way for all sorts of discriminatory programs or actions, intended or otherwise. Loss of control by a person over his or her personal data will also be inevitable, given the way companies like to share their databases with subsidiaries, affiliates, service providers, and other third parties. Any one of them could use the data for unauthorized purposes. Any one of them could be potential targets for hackers and fraudsters who are certain to take interest in the trove of personal data in their custody.
With these, and as RFID’s capabilities continue to evolve, authorities need to keep up and regularly monitor its development. Whenever possible, appropriate regulations should be instituted. For its proponents and developers, focus should also be given to mechanisms that guarantee security of RFID systems, and not just those that ensure its effectiveness and reliability. Users, in the meantime, must take into account all possible risks posed by the technology—particularly those relating to a person’s privacy—and prop them against its promised benefits. They need to weigh both sides and make a determination whether those benefits make assuming the risks worthwhile. That would be the responsible thing to do.
No comments: