Thursday, April 7, 2005

Contactless chips

An article in Wired News on 29 March 2005 on contactless chips caught my eye. It so happened that the US government is going to implant such device in passports and in the employee ID cards of the Department of Homeland Security, the anti-terrorism body. In a slip of tongue, the press release on the device mentioned that contactless chips, or proximity chips, are just another name for RFID. I have been following the RFID/privacy issue for quite some time. Those interested are welcomed to take a look at my earlier reading notes.

Conspiracy theorists and civil libertarians are very worried about the intrusion on personal privacy as a result of the use of these chips. RFIDs are now widespread in many merchandises. The purpose is to link up goods with the production, inventory, wholesale and retail systems with a view to better management and cost savings. The big worry is that RFID left on goods such as garments can be detected unnoticed and then linked up with credit card records, thus rendering the personal information and the whereabouts of a person being captured by others.

The latest contactless chips carry more information such as biometrics for accurate identification of a person. It is very useful in passports and I envisage that it will soon be extended to all sort of identity cards, HKIC included. The issue of security has been raised, especially on the employee ID card of government agents. The good news is that the Homeland Security Department's employee ID card will use state-of-the-art authentication and encryption systems to protect the department and its employees from identity thieves and spies with unauthorized RFID tag readers. The bad news is that chips on passports will not have any of those digital security features because the passports need to be compatible with as many reader devices used by other countries as possible.

RFID manufacturers are typically making radio tags for ID documents that comply with ISO/IEC 14443, the contactless chip industry technology standard. This standard limits transmission ranges to a distance of about 4 inches. Other RFID tags can be read at distances up to 30 feet, making them easier targets for identity thieves trying to capture their data. However, some tests have demonstrated that electronic eavesdroppers up to 30 feet away can capture data (including biometric records) while it is being sent by the chips to an authorized reader device. Furthermore, a Tel-Aviv University study revealed that ISO/IEC 14443-compliant chips can also be read directly over much longer distances by specially built devices.

I am interested in the RFID issue mainly because of its implication on HRM. I consider it is a duty of the HR manager to ensure that an organization make good use of the personal information of its employees while at the same time protect their personal privacy. As employee monitoring devices get more common, this will be an essential area in staff relations and staff management where managers (aka EOs) can specialize and contribute.

Actually personal privacy is not supreme and we need to release our personal information in order to survive in a community and receive all sort of services. With devices like the RFID, contactless chips, the global wireless network and many connected databases, we can be greeted anywhere by name and offered goods and services of our choice instantly. I saw the sci-fi movie Minority Report where Tom Cruise was greeted by the advertisement signboard as he approached. It recognized his identity and instantly greeted him by name and displayed the preferred advertisement for him. This scenario is not far away. Nowadays, when I visit Amazon.com, I am instantly greeted by name and the front page displays new books related to titles I bought or searched before, all because of the personal information contained in the cookie. Some people still have problem dealing with such services.

There was also an earlier article in Scientific American on considerate computing. An analogy: nowadays, even a public toilet knows that I approach and flushes for me. But my beloved computer still needs some slapping on the face before it wakes up to serve me, and only after suspiciously verifying who I am. Considerate computing starts with giving out your personal information, by RFID for example; then the computer or other computing devices can automatically serve you without requiring you to boot the device or throw a switch. This is not sci-fi. Some modern homes already have such devices. The purpose is to let the computer serves you instead of you serving it first. The catch is that you need to let the computer, and thus the computer network and then the Internet, know your personal information.

No comments:

Post a Comment