Monday, June 6, 2005

Warning on RFID misuses

CNet on 27 May carried an article on a report by the GAO of USA on the possible misuses of RFID. Here are some extracts.

GAO, the Government Accountability Office, is the equivalent of the Audit Commission in Hong Kong. It compiles reports similar to our value-for-money audit reports to the Congress. The consequence of these reports are much better than that performed by our Public Account Committee.

RFID is a loose term for the technology that includes battery-powered "active" tags, such as those used in highway toll booths, to "passive" RFID tags that measure a fraction of a millimeter in size. Government agencies are experimenting with passive RFID technology. Among the list of planned or actual uses are: the Department of Defense for tracking shipments; the Department of Homeland Security for immigration and baggage tracking; the State Department for electronic passports; the Department of Veterans Affairs for "audible prescription reading." In addition, the Department of Homeland Security is responsible for designing a standardized ID card that could be RFID-outfitted.

Few privacy concerns exist when RFID is used merely to track warehouse pallets. But when RFID chips are embedded in ID cards or otherwise linked to personal information, the GAO warned, the privacy risks increase dramatically.

Many federal agencies are already using RFID or plan to use it. But only one of 23 agencies polled by the GAO had identified any legal or privacy issues - even though three admitted RFID would let them track employee movements. Radio frequency identification is becoming increasingly popular inside the U.S. government, but agencies have not seriously considered the privacy risks, federal auditors said.

"Key security issues include protecting the confidentiality, integrity and availability of the data and information systems," the GAO said. "The privacy issues include notifying consumers; tracking an individual's movements; profiling an individual's habits, tastes and predilections; and allowing for secondary uses of information."

"Consumers have raised concerns about whether certain collected data might reveal personal information such as medical predispositions or personal health histories and that the use of this information could result in denial of insurance coverage or employment to the individual," the report said. "For example, the use of RFID technology to track over-the-counter or prescription medicines has generated substantial controversy."

A general move towards the use of such technology is now seen in Hong Kong. Many devices are being used in public, and to a lesser noticed extent, in organizations monitoring their employees. The Privacy Commissioner noted the topic of employee monitoring and issued some guidelines. I think there is too little rain despite the thunder as the employee sector is not quite aware of the implication. So it is now left to the goodwill and skills of the managers (EOs) to ensure a balance between employers' interest and the rights of the employees.

No comments:

Post a Comment