Presentation on theme: "Dr. Sarah Spiekermann Item-level RFID Perception & Privacy Protection ETSI Dr. Sarah Spiekermann Institute of Information Systems Humboldt University."— Presentation transcript:
Dr. Sarah Spiekermann Item-level RFID Perception & Privacy Protection Schemes @ ETSI Dr. Sarah Spiekermann Institute of Information Systems Humboldt University Berlin, Germany December 2007
Dr. Sarah Spiekermann A new book addressing social issues in Ubiquitous Computing, in particular in RFID.
Dr. Sarah Spiekermann RFID is an important component of the Ubiquitous Computing Landscape. RFID represents the ubiquitous and embeddedness element of Ubiquitous Computing. EAN and UCC have joined forces in 2001 in the organisation GS1 where RFID is developemed as the carrier technology for next generation bar codes. In Germany alone, we expect an RFID- related rise in the share of the value added of the producing sector, trade, transport as well as public and private service providers totalling about 62 billion euros by the year 2010 compared with 3 billion euros in 2004. (Public Policy Outlook, Michael Glos, June 2007) Source: Thiesse, F., Gross, S., Integration von RFID in die betriebliche IT-Landschaft, WIRTSCHAFTSINFROMATIK; Vol. 48, No. 3, 2006, pp. 178-187
Dr. Sarah Spiekermann Consumers appreciate RFID based after sales services. recommendations in the street receipy recommendations* improved storage life* warning washing machine* checking used goods* medication Reminder* add. Info at home* medication fit* exchange Without receipt warranty without receipt 0,00 1,00 2,00 3,00 4,00 5,00 Consumer Perceptions of RFID Benefits - Results from 2 Studies beneficial/ like/convenient objectionable unsure/ medium Study 1 (237 part., 2005) Study 2 (306 part., 2006) *significant statistical difference
Dr. Sarah Spiekermann However, RFID has confronted strong criticism for its potential to undermine privacy. GI (Pohl, 2004) has established a catalogue of provisions in order to minimize the potential dangers of transponders for citizens and society. The United States of America Center for Democracy and Technology and the OECD have proposed guidelines for the application of RFID in areas where it interfaces with people. Metro Group took 10.000 Payback loyalty cards out of the market. Benetton halted its deployment of RFID on shopfloors. Harvard Business Review launches a debate (2004): None of your business?
Dr. Sarah Spiekermann What are major consumer fears associated with RFID?* Concern of ones personal belongings to be assessed without ones knowledge and consent Concern to become known to and classified by others Concern to be followed Concern to sign responsible for each object one owns Concern about being restricted, educated or exposed through automatic object reactions …something is being done with me that I cannot really control and grasp and this is what I am afraid of. Focus Group Results (Content Analysis) *Bertold, O., Günther, O., Spiekermann, S., "RFID: Verbraucherängste und Verbraucherschutz", Wirtschaftsinformatik, Vol. 47, Nr.6, 2005
Dr. Sarah Spiekermann An extreme fear is that RFID may get out of control. onMarch 13th 2007 Ishmells Photos
Dr. Sarah Spiekermann How can we build safety into RFID technology so that benefits can be leveraged and social drawbacks can be avoided?
Dr. Sarah Spiekermann Technically, an attack-tree analysis reveals that uncontrolled tag-reader communication is the main issue to be resolved for safe technology design. Attack-tree Analysis of Consumer Concerns* * Spiekermann, S., Ziekow, H., "RFID: a Systematic Analysis of Privacy Threats & a 7-point plan to address them, Journal of Information Systems Security, Vol. 1, Nr. 3, 2006
Dr. Sarah Spiekermann Giving people control over tag-reader communication is a key requirement to ensure privacy.
Dr. Sarah Spiekermann Giving people control over tag-reader communication is a key requirement to ensure privacy. What does it mean to give control? Cognitive control 1.Decisional control 2.Behavioral control
Dr. Sarah Spiekermann There are 4 options to treat RFID tags at store exits. ON-TAG SCHEME KILL USER SCHEME (PET1) AGENT SCHEME (PET2)
Dr. Sarah Spiekermann Which strategy should be pursued?
Dr. Sarah Spiekermann Some notes on the Class1/Gen2 tags kill-function… If you consider that RFID tags represent the future of computing technology, this proposal [the kill function] becomes as absurd as permanently deactivating desktop PCs to reduce the incidence of computer viruses and phishing (p. 92 in (Rieback, Gaydadjiev et al. 2006)).
Dr. Sarah Spiekermann The On-tag Scheme leaves users out of the loop and therefore fails to meet control requirements. UML sequence diagram: RFID based communication in a mall On-tag Scheme
Dr. Sarah Spiekermann The Agent Scheme implies control delegation and trust in a Privacy Guardian.* BENEFIT: -Users can specify their privacy preferences. DRAWBACK: -Need to develop the solution for probabilistic tag-reader protocols. -Need to integrate privacy preference communication over tag-reader interface. -Need for context recognition. -Control delegation is typically a challenge when it comes to agent design and agent acceptance. * Rieback, M. R., B. Crispo, et al. (2005). "RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management". 10th Australiasian Conference on Information Security (ACISP 2005), Brisbane, Australia.
Dr. Sarah Spiekermann We proposed a User Scheme* where the user is in the drivers seat and initiates tag-reader communication where needed. * Spiekermann, S., Berthold O., "Maintaining privacy in RFID enabled environments - Proposal for a disable-model", in: Privacy, Security and Trust within the Context of Pervasive Computing, Hrsg. P. Robinson, H. Vogt, W. Wagealla, The Kluwer International Series in Engineering and Computer Science, Springer Verlag, 2005 User Scheme Mechanism
Dr. Sarah Spiekermann Whats the most appealing solution to customers?
Dr. Sarah Spiekermann Peoples reactions were tested vis-à-vis RFID based on two different films about RFID (between-subject design). Neutral Film cut of professional film material 2 versions which are identical, BUT: Agent Scheme ending User Scheme ending Questionnaire: 151 questions (62 before the film, 89 after the film) time to answer: around 55 minutes pre-tested questions four test cities: Berlin, Hamburg, Köln und München Set-up
Dr. Sarah Spiekermann Subjects were close to German demographic average. Experimental groups and demographics
Dr. Sarah Spiekermann In advance of the study we developed scales to measure control perceptions over the intelligent infrastructure. RankIndexQuestion text (1 = fully agree... 5 = do not agree at all) Category 1 POW 1 I feel that I can steer the intelligent environment in a way I feel is right. Power 2 POW 2 Thanks to the electronic environment and its reading devices will have to subdue to my will. 5 POW 3 Due to I perceive perfect control over the activity of my chips. 3 CON 1 Thanks to I could determine myself whether or not Ill interact with the intelligent environment. Contingency 7 CON 2 Through, services are put at my disposition when I want them. 6 H 2 I could imagine that if the electronic environment set out to scan me, it would be able to do so despite. Helplessness 10 H 1 will finally not be able to effectively protect me from being read by the electronic environment. 8 COI 1 Due to it is still my decision whether or not the intelligent environment recognizes me. Choice 4 COI 2 Through I finally have the choice whether or not I am being scanned or not 9 IC 1 Through I would always be informed of whether and in what form the electronic environment recognizes me. Information 11 IC 2 Using I would always know when and by whom I have been read out. * EUP 1 To learn to use would be easy for me. Ease-of-use * EUP 2 It would be easy for me to learn skillful use of. * EUP 3 I would find easy to use. * EUP 4 Due to the information exchange between my chips and reading devices would be clearly defined.
Dr. Sarah Spiekermann Study results show that no PET is really superior and that helplessness dominates RFID PET perception. Multivariate Regression Analysis on Drivers of PET Acceptance
Dr. Sarah Spiekermann 73% of participants want to see RFID chips destroyed rather than taking advantage of the benefits. The trend is reenforced the more education people have. 18.0% 14.5% 8.6% 7.9% 73.4% 77.6% Total 12.7% 17.1% 9.1% 11.4% 78.2% 71.4% Agent Scheme 21.9% 12.2%* 8.2% 4.9%* 69.9% 82.9%* User Scheme Tendency to use PET for advantage (7-11) Undecided (6) Tendency to reject PET (1-5) with IB without IB with IB The asterisk* denotes a significant difference of technology perception due to education. Killing or PET?* 1.*Günther, O., Spiekermann, S., "RFID And The Perception of Control: The Consumer's View", Communications of the ACM (CACM), Vol. 48, Nr. 9, September 2005
Dr. Sarah Spiekermann Further analysis is now looking into the drivers of RFID acceptance. USEFULNESS EASE OF USE EMOTIONAL REACTION PRIVACY- CONCERNS FUN RFID ACCEPTANCE ON PRODUCTS.15.26.33 -.15.17 R 2 =.69 Drivers of Acceptance for RFID on Products Drivers of Acceptance for RFID in the Service Domain USEFULNESS EMOTIONAL REACTION PRIVACY- CONCERNS SECURITIY RFID ACCEPTANCE IN SERVICES.16.41 -.25.16 R 2 =.75 TIME SAVINGS.11
Dr. Sarah Spiekermann Next steps Consider user model in the standardization process for tag-reader communication Consider busienss processes and user concerns and process perceptions before defining technical standards. Co-operation? Please contact me: Sarah Spiekermann(firstname.lastname@example.org)
Dr. Sarah Spiekermann Research Projects on UbiComp RFID Security, Localization Technologies (Magic Map) RFID Consumer Privacy Ko-RFID: Efficient collaboration in RFID based supply chains Economic Value of Proximity Technology Assessment of Ubiquitous Computing Attention Management in Information Rich Environments