Wednesday, November 19, 2008

RFID Chips: My Article on Schools Chipping Kids + Science Daily's Piece on the Opening of a Privacy And Security Pandora's Box

Before I get to the article I found on RFID chips and the possible privacy and security problems they may pose, let me direct you to an article I recently had published on the California Progress Report.

I point you there first because it to is on the use of RFID's, but more specifically, how they were used by a school district on students without parental consent. We (CFC), along with the ACLU and many other privacy protection organizations fought hard to get the Governor to sign a bill that would have addressed this loophole and required schools get parental consent before they chip their kids...but sadly, the Governor vetoed it. The fight is not yet over.

Here's a clip from the article "Protecting Privacy of Children, Rights of Parents Unfinished in California":

Given the controversial nature of RFID technologies, and the inherent risks associated with it, school districts should be required to notify parents and get their consent BEFORE “chipping” their children.

Schools are already required to get parental permission for sex education, field trips, and in some cases, student cell-phone use on campus.

If the Sutter case illustrates nothing else, it’s that parents, not schools, should decide whether children must carry a tracking devise. Mechanical devices might be useful for tracking cattle, but when it comes to our children, RFID’s are no substitute for teacher and school staff responsibility.

Click here to read my article in its entirety.

Now let's move onto the piece in Science Daily that details an article published in the current issue of the International Journal of Intellectual Property Management suggesting that a privacy and security Pandora's Box is on the verge of opening if human rights, particularly regarding data protection are not addressed in the design of new RFID applications.

Science Daily Reports:

According to Eleni Kosta and Jos Dumortier of the Katholieke Universiteit Leuven in Belgium, the benefits of RFID technology in innovation are beyond question. However, the threats posed to personal privacy should be taken into account at the design phase of the applications. Their increasingly widespread deployment means individuals do not necessarily know when, how and what kind of information about them is being transmitted at any given time from an RFID in a passport, in their shopping bags, or even when they visit the library.


A recent European Commission report, "Communication on RFID" emphasised that privacy and security should be built into RFID information systems before their widespread deployment. Moreover, European legislation on data protection applies to RFID technology when it entails the processing of personal data, Kosta and Dumortier point out. However, it is not always clear whether or not information stored on or transmitted via an RFID tag is personal data.


However, there are many instances when the information seemingly cannot be directly linked to an individual, but by linking the RFID tag number to a back-end database can be correlated with a credit card payment, for instance, and so provide indirect identification of the individual. "In this case, even if the data seem anonymous at first sight, the processing falls under the scope of application of the Data Protection Directive, as the data can be easily linked to the credit card data", the team explains. Even vaguer are the cases when the information on the RFID tag cannot be linked to an actual person, or at least significant effort is needed for a link to be made.

Click here to read more.

No comments: