.FLYINGHEAD THE COMPUTING UNPLUGGED INTERVIEW
.TITLE Real-world privacy implications of RFID
.AUTHOR David Gewirtz
.SUMMARY Over the past few weeks, we’ve been very fortunate to enlist the help of Martyn Mallick, one of the leading experts on RFID technology. This week, we’ll discuss the real-world implications of RFID, including privacy, tracking, embedded tags, and more. This is truly a fascinating conclusion for a very informative series.
.OTHER
Over the past few weeks, we’ve been very fortunate to enlist the help of Martyn Mallick, one of the leading experts on RFID technology. This week, we’ll discuss the real-world implications of RFID, including privacy, tracking, embedded tags, and more. This is truly a fascinating conclusion for a very informative series.
.TEASER Tap here to read the full interview.
.Q David
Can you speak on the RFID privacy and paranoia issue for a moment? You also mentioned the comparison to a credit card?
.A Martyn
The most common question around security I hear is whether an RFID tag on an item such as clothing or electronics would allow that person to be tracked. The answer is theoretically, yes, but practically no.
This is because the RFID tag itself usually only contains a unique identifier similar to what you would see on a barcode. No personal data is on the tag itself, so in order to learn anything about the consumer, someone would need to have access to both the tag data as well as the enterprise database of the retailer who sold you the item.
In addition, retailers are able to render the tags on these items useless by using a ‘kill’ feature outlined in the tag specification.
The retailers themselves already know about your spending habits through your electronic purchase history with credit cards. So if you trust these companies with your credit card spending information, I really don’t see how an RFID tag on the item makes anything less secure.
.Q David
Are you aware of those RFID tags that people are putting under their skin? Do you know much about that?
.A Martyn
People have different motivations for such activities. In some cases, RFID is embedded into their skin for the shock effect, whereas other times there are legitimate reasons to do so.
One example that comes to mind is the ability for VIPs of popular night clubs to have an RFID tag embedded in their skin to allow them to be identified without having to wait in line or carry ID or credit cards.
This isn’t much different than a gas station chain’s RFID-enabled keychain allowing you to quickly pay at the pump — just a different type of tag and method of "attachment." This is not a common use of the technology, though, and not one that I see being actively pursued in the enterprise market.
.Q David
When we talked earlier, you told me a story about RDID and maternity wards. You also mentioned theme parks.
.A Martyn
RFID tags and software systems are being built to solve many real-world problems. We have a system as part of RFID Anywhere called the Location Information System (LIS). What the LIS provides is the ability to combine location awareness data with business or environmental context.
In the case a maternity ward, an RFID tag is incorporated into the bands that both the parent and infant wear. The system can then determine if an infant leaves the ward without his or her parent and provide notification, such as an alarm, or lock down the doors until the matter is resolved.
The same scenario can be used in theme parks where RFID tags carried by a lost child can allow a parent to pinpoint where the child was last seen.
.Q David
Do you see this as an advantage or as the encroachment of Big Brother?
.A Martyn
RFID systems like this are not implemented overnight. After discussing the pros and cons with stakeholders, if RFID will enable a process or address an existing issue, then trials happen, and systems evolve.
Many examples as the ones above may use opt-in participation or other methods, with the end result being to get the most out of a system and reduce security concerns, while demonstrating the benefits of the system and gaining trust in it.
I’ve seen stories around the use of RFID in schools in Asia, but have not read much about it in North America yet.
.Q David
What sorts of RFID applications can be used to increase corporate knowledge and not just generate loads of data?
.A Martyn
Infrastructure products such as RFID Anywhere focus on letting application developers define what RFID data is important to them, allowing the useless data to be discarded as soon as possible.
For example, if an application only cares when an item enters or leaves a room, the software infrastructure that interfaces with the reader should be able to report on only this data and possibly add more value to it along the way, which takes the burden off the end application to deal with the volumes of raw data.
.Q David
Are there other sensors that work in tandem with RFID? What do they do?
.A Martyn
We see most RFID deployments requiring additional sensors, whether to increase the performance of RFID, or to help enable further process automation. An infrastructure such as RFID Anywhere is required to integrate all of these sensors together into what is called an "Intelligent Sensor Network."
.Q David
How would environmental sensors, for example proximity sensors and temperature sensors be used in an RFID application?
.A Martyn
These are used to increase RFID performance. Examples include integrating an RFID reader with a proximity sensor that turns on the RFID reader when a package enters the area, using a temperature sensor to monitor a freezer and if the freezer goes above a certain temperature, using RFID to take an inventory of the freezer and send an alert to the manager.
These sensors are often plugged right in to RFID readers that have general purpose input/output (GPIO) ports.
.Q David
Are there feedback mechanisms, like light stacks, used as well?
.A Martyn
These simplify the process of giving feedback to a worker based on RFID activity. For example, the system could turn on the red light if the RFID reader didn’t read all of the tags it was expecting on an order about to be loaded onto a truck.
.Q David
Back in the day, we were all about barcodes. Are barcodes obsolete in an RFID world?
.A Martyn
RFID and barcodes are used together in many systems. RFID may be used for one component of a system, while a barcode is used for some existing components of the application or perhaps used by a partner who hasn’t implemented RFID in its environment.
.Q David
Where do PLCs fit into this?
.A Martyn
Programmable Logic Controllers are hardware devices programmed to control sensors, feedback mechanisms, heating/cooling systems, etc., and are often used with RFID, or integrated into a system using the same event-driven API.
.Q David
As you know, our readers are mobile gadget aficionados. What sort of mobile devices work with RFID?
.A Martyn
Handheld RFID readers and barcode scanners introduce their own unique strengths and complexities, but are part of many RFID deployments where you can’t always take the asset to the reader, for example, taking inventory of a warehouse.
.Q David
You’ve mentioned Active RFID. Where does that fit in?
.A Martyn
Battery-powered RFID using a variety of communication methods provides longer range than passive RFID — useful for systems where you might be tracking goods over a longer range. Some examples are livestock within a field, used cars within a large lot, equipment in a large warehouse.
.Q David
I’ve also read about RFID and real time location systems. What’s that about?
.A Martyn
These systems typically leverage WiFi networks and specialized tags to track the exact X,Y position of valuable goods using triangulation. Here, the data isn’t just "I saw this tag," the data is "This tag is at position X,Y".
Infrastructure is used for mapping and alert/report generation, and with RFID Anywhere’s Location Information System, both RTLS and RFID can be used in the same system (and even represented on the same map).
.Q David
How do you network this stuff, when it’s not connected all the time? Is there some technology that manages "occasional" connections?
.A Martyn
Distributed environments are very popular for RFID deployments since you often need to react to the RFID data immediately at the point of activity. Here, you would have RFID Anywhere and business logic running at the point of activity (or the "edge") handling data as it comes in.
Then, if you have data that needs to be reported to a system further up the network, you can use any number of technologies — database storage and synchronization, message queuing, Web services — to integrate it when a network connection is available.
However, the important element is having business logic and intelligence right near the reader to act on the RFID data immediately without requiring a constant connection to a central server.
.Q David
Earlier, we talked about vendor privacy issues. RFID is a communications system, so can you speak on the security infrastructure of RFID?
.A Martyn
RFID security encompasses all layers of your RFID network. For each layer there are efforts to provide the utmost in security. Let’s go through each, in turn.
At the physical layer (tag/reader communication), industry groups and reader/tag vendors are constantly improving security in the air protocols to ensure data is not being read between the tag and the readers.
At the middleware/integration layer, companies like Sybase iAnywhere incorporate security into our products to ensure proper authorization, authentication and encryption of the data.
At the application layer, developers who build the applications themselves take advantage of the security in the infrastructure products to ensure data cannot be access maliciously.
Industry consortiums and companies need to emphasize privacy and security when designing RFID systems. This encompasses tag selection and design, use cases, integration, etc.
.Q David
What are the big benefits of RFID and do they outweigh the risks?
.A Martyn
The big benefit is safety. There are many examples of how RFID improves upon safety. One is the authentication of pharmaceuticals so when you take a prescription drug you know you are taking something that has gone through the full slate of tests required by governing bodies such as the FDA.
A second is the ability to trace the origin of products such as produce, so if there happens to be contamination, the item can be traced to its origin and removed from the supply chain to prevent further contamination.
These are just a couple of examples that provide an idea of where there is a strong benefit with little risk.
.BEGIN_KEEP
.Q David
This has been an incredibly valuable and informative interview. Let’s end with some information about RFID University.
.A Martyn
RFID University is a program we put together in 2006 to address the desire for people to start learning about RFID and the lack of any real central place to get started. There were sites to learn about low-level RFID physics, sites that focused on standards, sites about specific hardware vendors, and sites about RFID security.
However, there were no sites that were really designed to educate on all of these things and to tie them all together, which is what a lot of business owners and developers needed.
So, the RFID University Webcast series was delivered focusing on topics including RFID 101, mobile RFID, RFID security to location tracking and so on. In addition to covering these industry topics, we used the RFID Anywhere Developer Edition software, its simulation capabilities, and lots of demos and code samples to let people learn hands-on after attending the sessions. We have already completed two semesters covering 10 unique Webcasts, all with complementary material and steps to learn more about a given topic.
That’s it. Big thanks to Martyn for taking so much time to help us understand RFID. Make sure you visit Sybase iAnywhere and RFID University.
.BEGIN_SIDEBAR
.H1 Product availability and resources
To read "Understanding RFID", visit http://www.computingunplugged.com/issues/issue200701/00001922001.html.
To read "Getting to know how RFID works", visit http://www.computingunplugged.com/issues/issue200702/00001926001.html.
For more information on Sybase iAnywhere, visit http://www.ianywhere.com.
For more information on RFID University, visit http://www.sybase.com/detail?id=1042123.
.END_SIDEBAR
.BIO
.END_KEEP
