Dr. Sarah Spiekermann

Item-level RFID Perception & Privacy Protection Schemes@ ETSI

Dr. Sarah SpiekermannInstitute of Information Systems

Humboldt University Berlin, Germany

December 2007

Dr. Sarah Spiekermann

A new book addressing social issues in Ubiquitous Computing, in particular in RFID.

Dr. Sarah Spiekermann

RFID is an important component of the Ubiquitous Computing Landscape.

• RFID represents the ‚ubiquitous‘ and ‚embeddedness‘ element of Ubiquitous Computing.

• EAN and UCC have joined forces in 2001 in the organisation GS1 where RFID is developemed as the carrier technology for next generation bar codes.

• „In Germany alone, we expect an RFID-related rise in the share of the value added of the producing sector, trade, transport as well as public and private service providers totalling about 62 billion euros by the year 2010 compared with 3 billion euros in 2004.“ (Public Policy Outlook, Michael Glos, June 2007)

Source: Thiesse, F., Gross, S., “Integration von RFID in die betriebliche IT-Landschaft”,WIRTSCHAFTSINFROMATIK; Vol. 48, No. 3, 2006, pp. 178-187

Dr. Sarah Spiekermann

Consumers appreciate RFID based after sales services.

recommendationsin the street

receipy recommendations*

improvedstorage

life*

warning

washing

machine*

checking

used

goods*

medication

Reminder*

add. Infoat home*

medication

fit*

exchange

Without

receipt

warrantywithout

receipt

0,00

1,00

2,00

3,00

4,00

5,00

Consumer Perceptions of RFID Benefits - Results from 2 Studies

beneficial/like/convenient

objectionable

unsure/medium

Study 1(237 part.,2005)

Study 2(306 part.,2006)

*significant statistical difference

Dr. Sarah Spiekermann

However, RFID has confronted strong criticism for its potential to undermine privacy.

• GI (Pohl, 2004) has established a catalogue of provisions „in order to minimize the potential dangers of transponders for citizens and society.“

• The United States of America Center for Democracy and Technology and the OECD have proposed guidelines for the application of RFID in areas where it interfaces with people.

• Metro Group took 10.000 Payback loyalty cards out of the market.

• Benetton halted its deployment of RFID on shopfloors.

• Harvard Business Review launches a debate (2004): „None of your business?“

Dr. Sarah Spiekermann

What are major consumer fears associated with RFID?*

• Concern of one’s personal belongings to be assessed without one’s knowledge and consent

• Concern to become known to and classified by others

• Concern to be followed

• Concern to sign responsible for each object one owns

• Concern about being restricted, educated or exposed through automatic object reactions

„…something is being done with me that I cannot really control and grasp and this is what I am afraid of.“

Focus Group Results (Content Analysis)

*Bertold, O., Günther, O., Spiekermann, S. , "RFID: Verbraucherängste und Verbraucherschutz", Wirtschaftsinformatik, Vol. 47, Nr.6, 2005

Dr. Sarah Spiekermann

An extreme fear is that RFID may get out of control.

on March 13th 2007

Ishmell‘s Photos

Dr. Sarah Spiekermann

How can we build safety into RFID technology so that benefits can be leveraged and social drawbacks can be avoided?

Dr. Sarah Spiekermann

Technically, an attack-tree analysis reveals that uncontrolled tag-reader communication is the main issue to be resolved for safe technology design.

Attack-tree Analysis of Consumer Concerns*

* Spiekermann, S., Ziekow, H., "RFID: a Systematic Analysis of Privacy Threats & a 7-point plan to address them”, Journal of Information Systems Security, Vol. 1, Nr. 3, 2006

Dr. Sarah Spiekermann

Giving people control over tag-reader communication is a key requirement to ensure privacy.

Dr. Sarah Spiekermann

Giving people control over tag-reader communication is a key requirement to ensure privacy.

What does it mean to give control?

1. Cognitive control

2. Decisional control

3. Behavioral control

Dr. Sarah Spiekermann

There are 4 options to treat RFID tags at store exits.

ON-TAG

SCHEME

KILL

USER SCHEME

(PET1)

AGENTSCHEME

(PET2)

Dr. Sarah Spiekermann

Which strategy should be pursued?

Dr. Sarah Spiekermann

Some notes on the Class1/Gen2 tags‘ kill-function…

“If you consider that RFID tags represent the future of computing technology, this proposal [the kill function] becomes as absurd as permanently deactivating desktop PCs to reduce the incidence of

computer viruses and phishing” (p. 92 in (Rieback, Gaydadjiev et al. 2006)).

Dr. Sarah Spiekermann

The On-tag Scheme leaves users ‚out of the loop‘ and therefore fails to meet control requirements.

UML sequence diagram: RFID based communication in a mall‘On-tag’ Scheme

Dr. Sarah Spiekermann

The Agent Scheme implies control delegation and trust in a ‚Privacy Guardian‘.*

BENEFIT:

- Users can specify their privacy preferences.

DRAWBACK:

- Need to develop the solution for probabilistic tag-reader protocols.

- Need to integrate privacy preference communication over tag-reader interface.

- Need for context recognition.

- Control delegation is typically a challenge when it comes to agent design and agent acceptance.

* Rieback, M. R., B. Crispo, et al. (2005). "RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management". 10th Australiasian Conference on Information Security (ACISP 2005), Brisbane, Australia.

Dr. Sarah Spiekermann

We proposed a User Scheme* where the user is in the driver‘s seat and initiates tag-reader communication where needed.

Hash

functionHash-

function

RFID tag

Reader

=?

step IIa: send r

step IV: send h

PasswordPassword , pRNG _ r

step I: EPC?

step II I : calculateh=Hash(r , p)

step IIb

calculateh=Hash(r , p)

Xstep V: EPC

Hash

function

Hash

functionHash-

function

Hash-

function

RFID tag

Reader

=?

step IIa: send r

step IV: send h

PasswordPassword , pRNG _ r

step I: EPC?

step II I : calculateh=Hash(r , p)

step IIb

calculateh=Hash(r , p)

Xstep V: EPC

* Spiekermann, S., Berthold O., "Maintaining privacy in RFID enabled environments - Proposal for a disable-model", in: Privacy, Security and Trust within the Context of Pervasive Computing, Hrsg. P. Robinson, H. Vogt, W. Wagealla, The Kluwer International Series in Engineering and Computer Science, Springer Verlag, 2005

User Scheme Mechanism

Dr. Sarah Spiekermann

What‘s the most appealing solution to customers?

Dr. Sarah Spiekermann

Peoples‘ reactions were tested vis-à-vis RFID based on two different films about RFID (between-subject design).

Neutral Film

cut of professional film material 2 versions which are identical, BUT:

Agent Scheme ending User Scheme ending

Questionnaire:

151 questions (62 before the film, 89 after the film)

time to answer: around 55 minutes pre-tested questions

four test cities: Berlin, Hamburg, Köln und München

Set-up

Dr. Sarah Spiekermann

Subjects were close to German demographic average.

Experimental groups and demographics

Dr. Sarah Spiekermann

In advance of the study we developed scales to measure ‚control perceptions‘ over the intelligent infrastructure.

Rank Index Question text

(1 = fully agree ... 5 = do not agree at all)

Category

1 POW 1 I feel that I can steer the intelligent environment in a way I feel is right.

Power2

POW 2Thanks to <the PET> the electronic environment and its reading devices will have to subdue to my

will.

5 POW 3 Due to <the PET> I perceive perfect control over the activity of my chips.

3CON 1

Thanks to <the PET> I could determine myself whether or not I’ll interact with the intelligent environment. Contingency

7 CON 2 Through <the PET>, services are put at my disposition when I want them.

6H 2

I could imagine that if the electronic environment set out to scan me, it would be able to do so despite <the PET>.

Helplessness10

H 1<The PET> will finally not be able to effectively protect me from being read by the electronic

environment.

8 COI 1 Due to <the PET> it is still my decision whether or not the intelligent environment recognizes me.Choice

4 COI 2 Through <the PET> I finally have the choice whether or not I am being scanned or not

9IC 1

Through <the PET> I would always be informed of whether and in what form the electronic environment recognizes me. Information

11 IC 2 Using <the PET> I would always know when and by whom I have been read out.

* EUP 1 To learn to use <the PET> would be easy for me.

Ease-of-use

* EUP 2 It would be easy for me to learn skillful use of <the PET>.

* EUP 3 I would find <the PET> easy to use.

*EUP 4

Due to <the PET> the information exchange between my chips and reading devices would be clearly defined.

Dr. Sarah Spiekermann

Study results show that no PET is really superior and that helplessness dominates RFID PET perception.

Multivariate Regression Analysis on Drivers of PET Acceptance

Dr. Sarah Spiekermann

73% of participants want to see RFID chips destroyed rather than taking advantage of the benefits. The trend is reenforced the more education people have.

18.0%

14.5%

8.6%

7.9%

73.4%

77.6%

Total

12.7%

17.1%

9.1%

11.4%

78.2%

71.4%

Agent Scheme

21.9%

12.2%*

8.2%

4.9%*

69.9%

82.9%*

User Scheme

Tendency to use PETfor advantage

(7-11)

Undecided

(6)

Tendency to reject

PET (1-5)

with IB

without IB

with IB

The asterisk* denotes a significant difference of technology perception due to education.

Killing or PET?*

1.*Günther, O., Spiekermann, S. , "RFID And The Perception of Control: The Consumer's View",  Communications of the ACM (CACM), Vol. 48, Nr. 9, September 2005

Dr. Sarah Spiekermann

Further analysis is now looking into the drivers of RFID acceptance.

USEFULNESS

EASE OF USE

EMOTIONALREACTION

PRIVACY-CONCERNS

FUN

RFID ACCEPTANCEON PRODUCTS

.15

.26

.33

-.15

.17

R2 = .69

Drivers of Acceptancefor RFID on Products

Drivers of Acceptancefor RFID in the Service Domain

USEFULNESS

EMOTIONAL REACTION

PRIVACY-CONCERNS

SECURITIY

RFID ACCEPTANCEIN SERVICES

.16

.41

-.25

.16

R2 = .75

TIME SAVINGS .11

Dr. Sarah Spiekermann

Next steps

• Consider user model in the standardization process for tag-reader communication

• Consider busienss processes and user concerns and process perceptions before defining technical standards.

Co-operation?

Please contact me:

Sarah Spiekermann(sspiek@wiwi.hu-berlin.de)

Dr. Sarah Spiekermann

Next steps

Dr. Sarah Spiekermann

Research Projects on UbiComp

RFID Security, Localization Technologies (Magic Map)

RFID Consumer Privacy

Ko-RFID: Efficient collaboration in RFID based supply chains

Economic Value of Proximity

Technology Assessment of Ubiquitous Computing

Attention Management in Information Rich Environments

Zur Anzeige wird der QuickTime™ Dekompressor „TIFF (LZW)“

benötigt.