1 / 27

A new book addressing social issues in Ubiquitous Computing, in particular in RFID.

Item-level RFID Perception & Privacy Protection Schemes @ ETSI Dr. Sarah Spiekermann Institute of Information Systems Humboldt University Berlin, Germany December 2007. A new book addressing social issues in Ubiquitous Computing, in particular in RFID.

jblass
Télécharger la présentation

A new book addressing social issues in Ubiquitous Computing, in particular in RFID.

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Item-level RFID Perception & Privacy Protection Schemes@ ETSIDr. Sarah SpiekermannInstitute of Information SystemsHumboldt University Berlin, GermanyDecember 2007

  2. A new book addressing social issues in Ubiquitous Computing, in particular in RFID.

  3. RFID represents the ‚ubiquitous‘ and ‚embeddedness‘ element of Ubiquitous Computing. EAN and UCC have joined forces in 2001 in the organisation GS1 where RFID is developemed as the carrier technology for next generation bar codes. „In Germany alone, we expect an RFID-related rise in the share of the value added of the producing sector, trade, transport as well as public and private service providers totalling about 62 billion euros by the year 2010 compared with 3 billion euros in 2004.“ (Public Policy Outlook, Michael Glos, June 2007) RFID is an importantcomponent of the Ubiquitous Computing Landscape. Source: Thiesse, F., Gross, S., “Integration von RFID in die betriebliche IT-Landschaft”,WIRTSCHAFTSINFROMATIK; Vol. 48, No. 3, 2006, pp. 178-187

  4. Consumers appreciate RFID based after sales services. Consumer Perceptions of RFID Benefits - Results from 2 Studies beneficial/like/convenient 5,00 warrantywithout receipt medication fit* warning washing machine* medication Reminder* receipy recommendations* 4,00 exchange Without receipt unsure/medium 3,00 improvedstoragelife* checking used goods* add. Infoat home* recommendationsin the street 2,00 1,00 objectionable 0,00 Study 1 (237 part., 2005) Study 2(306 part., 2006) *significant statistical difference

  5. GI (Pohl, 2004) has established a catalogue of provisions „in order to minimize the potential dangers of transponders for citizens and society.“ The United States of America Center for Democracy and Technology and the OECD have proposed guidelines for the application of RFID in areas where it interfaces with people. Metro Group took 10.000 Payback loyalty cards out of the market. Benetton halted its deployment of RFID on shopfloors. Harvard Business Review launches a debate (2004): „None of your business?“ However, RFID has confronted strong criticism for its potential to undermine privacy.

  6. What are major consumer fears associated with RFID?* • Concern of one’s personal belongings to be assessed without one’s knowledge and consent • Concern to become known to and classified by others • Concern to be followed • Concern to sign responsible for each object one owns • Concern about being restricted, educated or exposed through automatic object reactions Focus Group Results (Content Analysis) „…something is being done with me that I cannot really control and grasp and this is what I am afraid of.“ *Bertold, O., Günther, O., Spiekermann, S. , "RFID: Verbraucherängste und Verbraucherschutz", Wirtschaftsinformatik, Vol. 47, Nr.6, 2005

  7. An extreme fear is that RFID may get out of control. Ishmell‘s Photos on March 13th 2007

  8. How can we build safety into RFID technology so that benefits can be leveraged and social drawbacks can be avoided?

  9. Technically, an attack-tree analysis reveals that uncontrolled tag-reader communication is the main issue to be resolved for safe technology design. Attack-tree Analysis of Consumer Concerns* * Spiekermann, S., Ziekow, H., "RFID: a Systematic Analysis of Privacy Threats & a 7-point plan to address them”, Journal of Information Systems Security, Vol. 1, Nr. 3, 2006

  10. Giving people control over tag-reader communication is a key requirement to ensure privacy.

  11. Giving people control over tag-reader communication is a key requirement to ensure privacy. What does it mean to give control? • Cognitive control • Decisional control • Behavioral control

  12.   ON-TAG SCHEME KILL USER SCHEME(PET1) AGENTSCHEME(PET2) There are 4 options to treat RFID tags at store exits.  

  13. Which strategy should be pursued?

  14. Some notes on the Class1/Gen2 tags‘ kill-function… “If you consider that RFID tags represent the future of computing technology, this proposal [the kill function] becomes as absurd as permanently deactivating desktop PCs to reduce the incidence of computer viruses and phishing” (p. 92 in (Rieback, Gaydadjiev et al. 2006)).

  15. The On-tag Scheme leaves users ‚out of the loop‘ and therefore fails to meet control requirements. UML sequence diagram: RFID based communication in a mall ‘On-tag’ Scheme

  16. BENEFIT: Users can specify their privacy preferences. DRAWBACK: Need to develop the solution for probabilistic tag-reader protocols. Need to integrate privacy preference communication over tag-reader interface. Need for context recognition. Control delegation is typically a challenge when it comes to agent design and agent acceptance. The Agent Scheme implies control delegation and trust in a ‚Privacy Guardian‘.* * Rieback, M. R., B. Crispo, et al. (2005). "RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management". 10th Australiasian Conference on Information Security (ACISP 2005), Brisbane, Australia.

  17. We proposed a User Scheme* where the user is in the driver‘s seat and initiates tag-reader communication where needed. User Scheme Mechanism * Spiekermann, S., Berthold O., "Maintaining privacy in RFID enabled environments - Proposal for a disable-model", in: Privacy, Security and Trust within the Context of Pervasive Computing, Hrsg. P. Robinson, H. Vogt, W. Wagealla, The Kluwer International Series in Engineering and Computer Science, Springer Verlag, 2005

  18. What‘s the most appealing solution to customers?

  19. Peoples‘ reactions were tested vis-à-vis RFID based on two different films about RFID (between-subject design). Set-up • Neutral Film • cut of professional film material • 2 versions which are identical, BUT: • Agent Scheme ending • User Scheme ending • Questionnaire: • 151 questions (62 before the film, 89 after the film) • time to answer: around 55 minutes • pre-tested questions • four test cities: Berlin, Hamburg, Köln und München

  20. Subjects were close to German demographic average. Experimental groups and demographics

  21. In advance of the study we developed scales to measure ‚control perceptions‘ over the intelligent infrastructure.

  22. Study results show that no PET is really superior and that helplessness dominates RFID PET perception. Multivariate Regression Analysis on Drivers of PET Acceptance

  23. 73% of participants want to see RFID chips destroyed rather than taking advantage of the benefits. The trend is reenforced the more education people have. Killing or PET?* Tendency to rejectPET (1-5) Undecided (6) Tendency to use PETfor advantage (7-11) User Scheme 69.9% 82.9%* 8.2% 4.9%* 21.9% 12.2%* with IB Agent Scheme 78.2% 71.4% 9.1% 11.4% 12.7% 17.1% without IB Total 73.4% 77.6% 8.6% 7.9% 18.0% 14.5% with IB The asterisk* denotes a significant difference of technology perception due to education. • *Günther, O., Spiekermann, S. , "RFID And The Perception of Control: The Consumer's View",  Communications of the ACM (CACM), Vol. 48, Nr. 9, September 2005

  24. .26 USEFULNESS .16 USEFULNESS .15 EASE OF USE RFID ACCEPTANCEIN SERVICES .33 .41 EMOTIONAL REACTION EMOTIONAL REACTION RFID ACCEPTANCE ON PRODUCTS R2 = .69 -.15 R2 = .75 PRIVACY- CONCERNS -.25 PRIVACY- CONCERNS .17 .16 FUN SECURITIY .11 TIME SAVINGS Further analysis is now looking into the drivers of RFID acceptance. Drivers of Acceptancefor RFID in the Service Domain Drivers of Acceptancefor RFID on Products

  25. Next steps • Consider user model in the standardization process for tag-reader communication • Consider busienss processes and user concerns and process perceptions before defining technical standards. Co-operation? Please contact me: Sarah Spiekermann(sspiek@wiwi.hu-berlin.de)

  26. Next steps

  27. Research Projects on UbiComp RFID Security, Localization Technologies (Magic Map) RFID Consumer Privacy Ko-RFID: Efficient collaboration in RFID based supply chains Economic Value of Proximity Attention Management in Information Rich Environments Technology Assessment of Ubiquitous Computing

More Related