Wednesday, 28 February 2007

A privacy code for RFID proponents?

The suggestions by the Enterprise Privacy Group (EPG) of 3rd May 2005, seems to be interesting. Toby Stevens, the Director of EPG has succintly put some key principles of the privacy code for the RFID technologies here: http://www.rfidconsultation.eu/docs/ficheiros/EPG_RFID_Privacy_Code_of_Conduct.pdf
I think, he may expand the principles in interfacing technologies too. However, worth a reading.

RFID and risk management in retail

In the retailing industry, http://www.dcs.bbk.ac.uk/~gr/pdf/roussos_v1.4.pdf, George Roussos suggested that risk management would be the preferred mechanism for implementation. Efficient Consumer Response (ECR) Initiative has been a success in the EU (he wrote). Besides, Vendor Managed Inventory (VMI) approach is also considered as something viable towards implementing RFID in retailing. A good article for my further technical understanding in the EU, especially on ECR and VMI.

RFID Management in IT project?

David Norfolk, has written a precise article on managing RFID opportunity. He has used these approaches: inventory management, operational risk, security risk, people risk, technology risk and integration risk assessment (between metadata and semantics) as the key means for an RFID management. I applaud the technical method especially when it involves large scale RFID applications and solutions plus middleware. Leading companies like Ford and TNT have been adopting the mechanism. In my opinion, that itself (the approaches) was the tactical option that they might have after a thorough risk assessment (as possible control). The article by David Norfolk is readable here:http://www.regdeveloper.co.uk/2006/03/01/rfid_tibco_tnt/page2.html

Tuesday, 27 February 2007

RFID and data ownership

The position of data owenership in RFID remains a shady debate to all (US, UK, EU, Australia and Canada). In finding a general and interesting observation of data ownership, I have come into this masterpiece: http://louisville.edu/infosec/Spring%202006/Smith.ppt#256,1,RFID
Assistant Professor of Law, Lars S Smith has explained the debate from two (2) perspectives: civil and common law. Also, extending the data ownership within intellectual property rights regime. I think, it's a fair observation and mind stimulating to find such workable answer(s).

"RFID: Is legal risk management relevant in consumer privacy?"

I had posted yesterday on my proposed abstract. Today, I am pleased to say that the abstract of the above has been accepted by the conference committee for presentation. The link to the conference: http://www.iltc.eu
Details of my paper, photo and short resume will be posted in due course.

Follow up research on: "Researching RFID's surveillance potential"

In 2005, a Consultant - Ross Stapleton-Gray started the above research: http://www.rfidjournal.com/article/articleprint/1765/-1/1. The project was called as "The Sorting Door Project". I am attracted with the mission of the project - now, it should have been published and highlighted to RFID stakeholders and the government - I assume. To quote his statement, written by Mark Robeti in the RFID journal of 28 July 2005 (note my bold and italicised words - the views were laudable):-

..." Stapleton-Gray says the short range of passive RFID tags will constrain RFID-based surveillance to narrow portals or doorways. Doorways are logical places to want to monitor individuals. For example, a company might want to install readers at a store entrance to prevent a potential criminal from entering, or to welcome a valued customer. If and when individuals are carrying or wearing RFID-tagged items, they’ll be visible to RFID readers, or interrogators. RFID readers, in turn, will be widely deployed for a host of applications, including antitheft monitoring in stores and libraries, facility access and supermarket checkout terminals.

The Sorting Door project will try to determine how possible RFID-based surveillance may be once RFID tags become ubiquitous "I'm expecting that research will range from the theoretical (imagine every door on a college campus instrumented; what could we say about activities on campus, and could we detect potential dangerous situations?) to the empirical (putting a reader in a public place and recording what goes by), subject to research guidelines on dealing with human subjects," Stapleton-Gray explains.

"Ideally, the Sorting Door project becomes a confederation of a lot of participants, contributing data and tools, so it's possible to understand how common—or not—tags are within different populations, including both U.S. and foreign, and the project accumulates a certain collective intelligence." Another of the project’s goals will be to examine how inferences might be made from tag data. "For example, if a reader sees the same unique ID on repeated occasions, that would allow a company or government agency to construct a John Doe dossier on an individual," he says. "The organization could then associate a individual with that dossier if, for example, the individual scanned for RFID tags also provided a credit card or driver’s license in making a purchase, or being carded when entering a bar. The next time that tag is read, one can infer that the same individual is present."

It would also be possible to read and use information about products to make additional inferences. If someone were to pass through a doorway carrying or wearing a size-four Donna Karan dress, for example, software could be set up to infer that the person was more likely to be a petite woman than a tall man.

"Some RFID proponents have been dismissive of privacy concerns, noting, for instance, that it might cost upwards of a trillion dollars for the U.S. government to pay to outfit every door in the country’s malls, bus stations, airports, commercial and government buildings and so on with RFID readers, then network them into a single surveillance grid," says Stapleton-Gray.

"But just as the Internet grew from a collective interest in interconnecting private pieces of what became a global network, pure self-interest might lead to a similar 'RFID Internet.' When a great many organizations have fielded RFID readers for their own applications, networking them and aggregating data for new purposes may be quite cost-effective." ...

Now, my next to-do-task is to contact the Consultant, ascertaining the outcome - if he is willingly to entertain my query.

An impressive article on RFID and privacy

This article is quite a cutting-edge of RFID research - especially linking the privacy concern towards consumers. The latter is also one (1) of my primary interests in RFID interdisciplinary research. I stumbled across this impressive sixty three (63) pages of Article: "RFID and Privacy: shopping into surveillance" jointly authored by George Hariton, John Lawford and Hasini Palihapitiya - all from Public Interest Advocacy Centre, Ottawa, Ontario, Canada. All of these authors have beautifully analysed the Canadian legislation - Personal Information Protection and Electronic Documents Act (PIPEDA) as well as analysing the views made by the Canada's Office of Privacy Commisssioner (OPPC). The paper argues extensively on PIPEDA and OPPC's views and cross referred to the neighbour's legislation - US (particularly California). The paper was thoroughly researched through Industry's Canada funding. I am still reading the first (1st) quarter of the pages - and yet, there are already many questions and analysis that I have reserved for them. The article is readable here:
http://www.piac.ca/privacy/radio_frequency_identification_rfid_and_privacy_shopping_into_surveillance/

AIDC or RFID or both?

AIDC (Automatic Identification Data Capture) Technology is regarded by this article: http://www.sarai.net/journal/04_pdf/52beatrice.pdf as a tool on data surveillance. I am, however, unsure whether the tool could be used for RFID or interfaced with it. A technology question that need to be answered (Perhaps, wanting to ask my Chief Technology Officer later). The article above seems to support RFID and in a way, suggested that AIDC is a means to address data surveillance. I attempted to find the detailed mechansim how it benefits privacy but with no avail.

Global RFID ROI Summit 2008

I know, it's too early to disseminate this summit - as it will be on January 2008. But, the featured speakers' testimonials and profiles speak by itself. The link could be accessed here: http://www.rfid-roi.com/speakers.asp
Realised that I need to personally e-mail this respected people for my research - will embark on with the UK first, then EU and US respectively.

Monday, 26 February 2007

A proposed RFID paper in ITLC

I am putting an interest in a coming conference: International Trade and Legal Conference. The details could be found here: http://www.iltc.eu/

One of the presenters (Julie Anne Zetler of Macquarie University) will be presenting something on privacy and data protection on medical perspective (electronic health records). It seems to be interesting. Hope to be able to meeting her and exchange some of my thoughts on medical informatics and its interrelationship with RFID technology. I have registered my interest in this conference and e-mailed my abstract which is as follows:-

Radio Frequency Identification Technology (RFID):
Is legal risk management relevant in consumer privacy?

By Noriswadi Ismail
British Chevening Scholar, University of Strathclyde


RFID is regarded as technological perfection in many global industries; retails, logistics, libraries, passports, surveillance, healthcare and banking. RFID proponents assert that the technology has been complementing global industries’ value chain and business continuity. Global market analysis has predicted that the Return of Investment from this technology will massively attract widespread deployment by 2010. Whilst the strength of this technology remains relevant for the proponents, there remain handful debates on the weaknesses of RFID’s data surveillance. Due to the latter, this paper will reveal the weaknesses and how it leads to privacy debates in consumer privacy. Regulatory and commercial developments from the United Kingdom and European Union will be painstakingly analysed. This paper will also comparatively analyse the developments in Malaysia and Singapore. It will endeavour to outline the respective Regulators’ position and selected industries’ feedbacks in RFID on cursory note. Significantly, this paper will attempt to argue the relevance of legal risk management in consumer privacy as the key question to be answered. It will explore a potential approach that could be balanced between RFID technology vis-à-vis consumer privacy.

Keywords: RFID, data surveillance, privacy, consumer privacy, legal risk management

Saturday, 24 February 2007

Hitachi's latest RFID invention: yet to be named

It has been said as the world's tiniest RFID chip in the world - invented by Japanese leading electronic company - Hitachi. Unreported news suggest that it take years of research & development for Hitachi to produce this end-product. BBC has made a comparison of this chip with a human hair - which shows, how tiny it is. In BBC technology news, as quoted: "They are thiny enough to be embedded in a sheet of paper, Hitachi spokesman Masayuki Takeuchi says". Previously, Hitachi invented "Mu-chip". Again, privacy becomes a fear, read this:http://news.bbc.co.uk/1/hi/technology/6389581.stm

Friday, 23 February 2007

Cambridge's RFID White Paper (2003)

The white paper, (sometime in 2003) has been jointly authored by Steve Hodes and Mark Horrison of Faculty of Engineering, University of Cambridge. It provides the technical perspectives and insights of RFID. It is also useful to gauge the views from Cambridge engineers and their research team. The substantive contents of the paper are from page eight (8) until sixteen (16). Worth a reading with precision: http://www.ifm.eng.cam.ac.uk/automation/publications/documents/CAM-AUTOID-WH024.pdf.

Licence for RFID deployment in Singapore

Infocomm Development Authority (IDA) of Singapore mentioned: RFID equipment from 920-925 MHz at output power between 500mW and 2000mW ERP, a localised radio communication licence is required. The regulation, in my opinion (through my preliminary research, thus far) is one of its kind in South East Asia. Singapore adopted the mechanism being practised by her European and US counterparts. The details could be read here: http://www.ida.gov.sg/Infocomm%20Adoption/20061002182022.aspx

Thursday, 22 February 2007

RFID and Privacy: the Germany's perspective

Read cursorily the slides presentation from the Berlin Privacy Commissioner for Data Protection and Freedom of Information. Dr. Alexander Lix emphasized on transparency, profiling, standard and need for regulation. In the event the latter materialises, Office of Communications (OFCOM), UK should reconsider whether the steps to deregulation RFID will give challenge to the industry. The summary of his presentation was lucid - by saying that every key players should be able to mitigate privacy as a "concern" - and then RFID technology and privacy will not be labelled as "antagonism". The presentation is accessible here: http://www.rfidconsultation.eu/docs/ficheiros/RFID20061016_Alexander_Dix.pdf

Wednesday, 21 February 2007

Return of Investment (RoI) from RFID

Oracle has preached strong RoI from RFID. The success stories could be read here: http://www.oracle.com/industries/retail/oraclerfid_adverto_may04.pdf
On investment's perspective, I am researching generally the real options approach in RFID. The White Paper by Patni analyses this: http://www.patni.com/resource-center/collateral/RFID/tp_RFID_Real-options-approach.pdf
P&G on another hand, has depolyed tagging capabilities in its products - evidencing some potential RoI. Some brief article on its effort in 2005 could be accessed here: http://www.cosmeticsdesign-europe.com/news-by-product/news.asp?id=60052&idCat=74&k=p-g-moves
Interestingly, this article argues that the cost investing in RFID remains difficult to be justified, as for now. The article analyses its views based on an independent Analyst report: http://www.cosmeticsdesign.com/news-by-product/news.asp?id=66805&idCat=63&k=rfid-cost-remains
However, FORBES selectively argued from both sides whether "To RFID or not" - it has opened my eyes larger, being positioned myself as a businessman and economist. The article: http://www.forbes.com/2005/11/01/rfid-walmart-savings-cx_rm_1031rfid2.html

RFID deregulation by OFCOM

Radio Frequency Identification (RFID): Allowed RFID technology to be used without the need for a licence.

The above was the deregulation effort by OFCOM, UK in its Chief Executive's Report, Stephen A. Carter. Quoting the report:

..."As a comparatively new institution, Ofcom is, I think, unusual among UK regulators in that the contemporary principles of better regulation are incorporated into our statutory rule-book, the Communications Act 2003.

A commitment to reducing the regulatory burden upon industry underpins all of our work; both in seeking to remove existing rules which have been overtaken by market developments and are past the point of usefulness; and by resisting, through vigorous internal challenge at Executive and Board level, all attempts to establish new regulation where the case for such an imposition is anything less than crystal clear and unambiguous..."

My opinion: the deregulation of RFID technology was a smart move and of course, the industry will display their 'thumbs up'. However, whether the technology is ever overzealous remains an open question to be answered. I do not think that RFID technology should be the victim of competition principles and perhaps, the technology should be creatively shared as 'commons' as argued by Professor Lawrence Lessig in his book, Future of Ideas.

To gain access on Stephen A. Carter's report, click: http://www.ofcom.org.uk/about/accoun/reports_plans/annrep0506/ceo_rpt/

Singapore's RFID Journey

Infocomm Development Authority (IDA) of Singapore presented informative presentation on the Singapore's journey here: http://www.itu.int/osg/spu/ni/ubiquitous/Presentations/4_poon_RFID.pdf
It looks promising and I wonder whether such legislation or regulation exists to cover privacy. Will attempt to conduct a thorough research on that. However, in my opinion, Singapore's RFID development has been moving forward.

Tuesday, 20 February 2007

"Defusing the threat of RFID"

Laura Hildner, who has a J.D from Harvard and her first degree from Stanford puts a narrow analysis on consumer privacy via technology specific legislation. Professor Jonathan Zittrain of Oxford University was one of the distinguished readers who provided comments on her article. After reading the article, I am much impressed on her recommended approaches (which, I think, will be workable if the knowledge maturity reaches people's mind). The article is retrievable here:
http://www.law.harvard.edu/students/orgs/crcl/vol41_1/hildner.pdf

RFID article by Jerry Brito

Jerry Brito, a notable technology lawyer and writer in Washington D.C, has written a thought provoking article on:

Jerry Brito, Relax Don't Do It: Why Rfid Privacy Concerns are Exaggerated and Legislation is Premature, UCLA J. L. Tech. 5 (2004).

He argued that such legislation could stunt this fledgling technology. He also argued on the overstatement by RFID opponents and beautifully opined that we should think on the government usage of RFID against the people. A good reading and therefore recommended.

By the way, Jerry Brito blogs at: http://www.jerrybrito.com/

RFID smart cards

Alan S. Reid of The Robert Gordon University, Aberdeen has written a beautiful masterpiece on "Is Society smart enough to deal with smart cards" at Computer Law & Security Report 23 (2007) pp 53-61. He argues that the smart cards have POTENTIAL to seriously undermine the human right to privacy as it may FACILITATE the surreptitious collection of personal data. His article also advocated about the privacy of consumers and proposing an effective enforcement of privacy legislation. Prior to this article, he also wrote on: RFID Tags and the European Union: Really Free Internal Distribution? Alan S. Reid, (2005) [JITLP] Journal of International Trade Law and Policy, Vol. 4, 1-30.
Alan's recent article on RFID smart cards can be subscribed via: http://www.compseconline.com/publications/prodclaw.htm

Sunday, 18 February 2007

RFID Virus Research in Amsterdam

Vrije Universiteit, Amsterdam has conducted a research on RFID Virus. Discovered this via BBC: http://news.bbc.co.uk/1/hi/technology/4810576.stm
The Computers System Group has produced a brief interesting paper to read: http://news.bbc.co.uk/1/hi/technology/4810576.stm
The research centre is also accessible here: http://www.rfidvirus.org/
Another report by BBC said that the EC Consultation on RFID tags should be ready by end of 2006 - which I am awaiting eagerly the result - as if awaiting the results of BAFTA and Oscar winners! The BBC report could be reached here: http://news.bbc.co.uk/1/hi/technology/4792554.stm

RFID Brainstorming by MIGHT

Malaysian Industry-Government Group for High Technology (MIGHT) conducted a brainstorming on RFID sometime in 2006. However, I could not retrieve further details, except for the news. Realised that there is a consultation link under MIGHT's website. It is my opinion that MIGHT should embark on a public consultation in relation to RFID and privacy. For future strategic planning, I will write to MIGHT on this. The news on RFID brainstorming could be generally read here:-
http://www.might.org.my/index.php?option=com_content&task=view&id=164&Itemid=2

RFID readiness in Malaysia

New Technologies Department of Malaysian Communications and Multimedia Commission has presented on "RFID readiness in Malaysia", in Shenzen, China. I am pleased, PRIVACY has been highlighted, even if it's just at a glance on the slide. My conclusion after reading the presentation slides: "There are many checklists that need to be strategised for Malaysian RFID stakeholders". We need more dissemination. The papers could be accessed here:-
http://www.aptsec.org/meetings/2005/RFID-WS/Docs/(19)RFID%20READINESS%20IN%20MALAYSIA.pdf

IDC Analysis on RFID Malaysia

As always, IDC will be the one forecasting Malaysia's technology market. Analysis seems to be somehow, quite accurate and hit the scorecard. The latter is based on my reading, experience and apprehension of IDC's ICT fragmented business forecast three (3) years back. However, to my dismay, the report analysis is not a 'creative common'. I need to purchase or perhaps, 'borrow' it from my existing contacts in Malaysia. Brief review could be retrieved here: http://www.idc.com/getdoc.jsp?containerId=MY326100N
IDC press release on RFID could also be read here: http://www.idc.com.my/PressFiles/IDC%20Malaysia%20-%20RFID.asp

Smart Tagging a.k.a RFID

It's exceedingly an ambitious aim, and a long term dividend, which is expected to be yielded from smart tagging in Malaysia. RFID companies are bullish to forecast how the deployment will change the perception of RFID 'ignorant'. An effort has been initiated establishing SYMMID-EREV RFID Solution's Centre for Excellence in Malaysia. The centre also aims to be the regional RFID technology centre to leverage on the usage of the technology to ASEAN and OIC countries. It is hoped, however, privacy is NOT left behind [emphasis added] in the training and dissemination of RFID knowledge by the centre. The brief news on the Centre could be reached here: http://www.ctimes.com.my/BizComp/NewsAnalysis/20050728112221/wartrevamp

Saturday, 17 February 2007

RFID Society Malaysia & RFID Number Plates

With anticipation, hoping that I could gain some useful insights from RFID Society Malaysia, but the mission remains clueless. Discovered this link: http://www.rfidmalaysia.org
during my research. It's merely a general web page presence, instead of being an updated RFID platform. I think, I would incorporate this recent development: http://rfidtimes.blogspot.com/2006/12/rfid-number-plates-in-malaysia-soon.html
RFID Number Plates in Malaysia, soon! that was a good attempt. But it worries others [Malaysians and civil liberties?] so much due to privacy concerns. I am rethinking.

Friday, 16 February 2007

RFID Definition (from Wikipedia)

Attempting to search the best definition of a technology is not an easy task. One book may bring different definition to another. Prior to reaching my own definition, I attempted the Wiki Encylopedia definition. It outlines briefly the general definition and illustrated generally on its history, deployment, technology trend, commercial success, investment effort, standards, quality, regulation and some general global perspectives. A 'commendable appetiser' to embark on such an understanding. The link is reachable here:
http://en.wikipedia.org/wiki/RFID

My accepted abstract on RFID

The accepted papers for the British Irish Legal Education Technology Association have been posted on the website. In the coming conference from 16 to 17 April 2007, I will 'controversially' and 'painstakingly' examine the RFID growth in Malaysia and some concerns that need to be dealt with. I will also present the UK and EU efforts towards this interfacing issue (between privacy and technology). My abstract is readable here:

http://www.bileta2007.co.uk/papers/images/stream_4/IsmailN.pdf

The link to BILETA 2007 conference could be reached here:

http://www.bileta2007.co.uk

US Patent collection database for RFID

I have had the opportunity to read cursorily the database. Am yet to examine and pick some 'controversial' or already 'controversial' devices which are being commercialised in the RFID market. USPTO database provides comprehensive information that I needed. Out of sixty two (2) records, as of to date the database contains, I could assert approximately 30% of it is already in the market. Unless, someone could debate that percentage via empirical research - despite, it's only my rough and preliminary finding. In my opinion, the remaining patents seem to be a mixture of 'first to invent' approach and 'inventive strategy' (as US Patent provisions rely on the 'first to invent' rule). The link to the RFID patents is accessible here:

http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch-adv.htm&r=0&f=S&l=50&d=PTXT&OS=%22Radio+Frequency+Identification+Technology%22&RS=%22Radio+Frequency+Identification+Technology%22&Query=%22Radio+Frequency+Identification+Technology%22&PrevList1=Prev.+50+Hits&TD=62&Srch1=%22Radio+Frequency+Identification+Technology%22

It will take some precious time to provide my summarised findings on the sixty two (62) granted RFID patents. Perhaps, it will take one (1) week to digest some selected ones. In the interval of my research, I will update on other news that I have read and collated randomly on RFID.

Thursday, 15 February 2007

Understanding RFID

To understand RFID, I have managed to conduct some preliminary research on granted patents of RFID invention. Have researched via the United States Patent Office and the European Patent Office online databases for the past two (2) days. Some of the granted RFID patents seem to be technologically commerciable. Yet, some has yet to be tested in the market. I will expose on this blog, whether those granted RFID patents promote privacy fears to the people.

Happy Birthday Blog

It's the birthday of this blog (15 February 2007). It focuses on Radio Frequency Identification Technology (RFID) interdisciplinary research and dissemination: civil liberties, consumerism, medical informatics, technologies, regulations and policies. It dedicates to gauge a global understanding, collaboration and harmonisation on RFID in those areas of research. It is hoped the attempt will witness some fruits in few years time.

The journey has just begun.

Noris
Glasgow
Scotland