ESO response to EU RFID Mandate M/436 Presentation to ISO/IEC SC31 WG7 (RFID Security) Josef PREISHUBER-PFLÜGL Representing ETSI © ETSI 2010. All rights reserved ISO/IEC JTC1 SC31 WG7, 23 March 2010

Contents ETSI and the STF machine Summary of goals of Mandate 436 Phase 1 Phase 2 Roles in RFID ecosystem Next steps

About ETSI ETSI produces globally-applicable standards for Information and Communications Technologies (ICT), including fixed, mobile, radio, converged, broadcast and internet technologies and is officially recognized by the European Commission as a European Standards Organization. ETSI is a not-for-profit organization whose 700 ETSI member organizations benefit from direct participation and are drawn from 60 countries worldwide. For more information, please visit: www.etsi.org

ETSI facts & figures Membership

ETSI facts & figures Membership

ETSI facts & figures Standards production (estimate for 2007)

About CEN The European Committee for Standardization (CEN) is a major provider of European Standards and technical specifications. It is the only recognized European organization according to Directive 98/34/EC for the planning, drafting and adoption of European Standards in all areas of economic activity with the exeption of electrotechnology (CENELEC) and telecommunication (ETSI). CEN's 31 National Members work together to develop voluntary European Standards (ENs). For more information see www.cen.eu

About CENELEC CENELEC, the European Committee for Electrotechnical Standardization, is composed of the National Electrotechnical Committees of 31 European countries. In addition, 11 National Committees from neighbouring countries are participating in CENELEC work with an Affiliate status. CENELEC’s mission is to prepare voluntary electrotechnical standards that help develop the Single European Market/European Economic Area for electrical and electronic goods and services removing barriers to trade, creating new markets and cutting compliance costs. For more information see www.cenelec.eu

About ETSI Specialist Task Forces (STF) STFs are teams of highly-skilled experts working together over a pre-defined period to draft an ETSI standard under the technical guidance of an ETSI Technical Body and with the support of the ETSI Secretariat.  The task of the STFs is to accelerate the standardization process in areas of strategic importance and in response to urgent market needs. For more information, please visit: http://portal.etsi.org/stfs/process/home.asp The work carried out here is co-financed by the EC/EFTA in response to the EC’s ICT Standardisation Work Programme.

ETSI – Specialist Task Forces

EU Mandate 436 The Mandate addresses data protection, privacy and information security aspects of RFID. It complements the existing legal framework but does not substitute it. The objective of the first phase is to prepare a complete framework for the development of future RFID standards. Assumes that there is no existing framework, or if there is that it is deficient

M436 – RFID definition Any radio waves for identification: All frequency bands (LF, HF, UHF, 2.45 GHz, …) Passive, BAP (battery assisted passive) and active RFID Also includes smartcards (object, animal or even person)

M436 – RFID components Components: Radio waves Network Tags Readers Data bases Network (Internet) Radio waves Network

M436 – Areas to cover

M436 – Inputs to standardisation

M436 – Inputs to solutions Design of hardware Design of software Design of applications Design of processes

The role of ESOs and STFs in M/436 Mandate 436 has been accepted by the 3 ESOs ETSI CEN CENELEC A single STF has been established, hosted by ETSI and under ETSI’s rules The STF is responsible for gathering together the coordinated ESO response to phase 1 that provides a plan for phase 2

Structure of ESO/STF response 1 technical report ETSI TISPAN Work item DTR-07044 Analysis and justification for recommendations Recommendations for phase 2 – new standards and gap closure Open consultation with stakeholders Other impacted standards groups User and consumer groups Privacy interest groups Coordination by group formed from the 3 ESOs

Technical structure of response RFID system architecture Taxonomy of terms Ontology of RFID With respect to security With respect to privacy protection DPP and Security objectives Consumer aspects including interaction Activation Deactivation Environmental aspects of RFID tags and components RFID hardware end of life considerations Data end of life considerations Privacy Impact Assessment outline Role of PIAs Generic versus industry specific PIAs Recommendations for RFID industry specific PIAs RFID logos and signage For consumer awareness For device marking Derived requirements from analysis RFID Logos and signage recommendations Standards roadmap Available standards Gap analysis and recommendations Analysis Requirements

Identifying the roles in the RFID ecosystem RFID standardisation is a complex topic TISPAN for network parts ERM for EU radio parts CEN for EU application space CENELEC for EU electrotechnical space ISO/IEC for frameworks and basics GS1 for industry … New topics The Internet of Things RFID plus other communications Machines talking to machines talking to people talking to people talking to machines …

Next steps? STF plan to make the TR available for public consultation end of May Internal discussion with ETSI TBs throughout development TISPAN ERM (i.e. TG34 RFID) M2M? SCP? And with non ETSI Standards Organizations CEN ISO Public expert groups DISCUSS and COMMENT

Thanks for LISTENING Contact: Josef Preishuber-Pflügl, STF Member (j.preishuber-pfluegl@cisc.at) Scott Cadzow, STF Leader (scott@cadzow.com) Thanks for LISTENING