Privacy Concerns Over Tracking - Where are we 10 years after the RFID hype?

The Faculty of Informatics is pleased to announce a seminar given by Günter Karjoth

DATE: Thursday, December 12th, 2013
PLACE: USI Lugano Campus, room SI-015, Informatics building (Via G. Buffi 13)
TIME: 14.30

ABSTRACT:
Automated identification and data capturing technologies enable the identification of objects and the collecting of data about them. Radio-frequency identification (RFID) - the wireless non-contact use of radio-frequency electromagnetic fields to transfer data for the purposes of tracking tags attached to objects - is a prominent example of these technologies. Around 2003, there was a huge excitement around the potential of RFID technology, accompanied by ambitious plans of companies such as Gillette, Walmart and Metro. However, the capability to tag indivual items and giving it a globally unique number - the Electronic Product Code EPC - raised strong privacy concerns. Shaping of public opinion was done by consumer advocacy groups, followed by numerous articles in journals and newspapers and not only in those specialized in technology and business but also in the popular press. Perceptions of RFID differed dramatically - ranging from fuzzy fear ("spy chips", "Orwellian Eyes") to unlimited belief in its not yet completely discovered potential. In particular in the retail space, technological solutions to protect privacy are constrained. Stringent cost requirements limit the tag's computational power, which in turn limits the mechanisms to give users options and control over the use of their data in back-end systems. Interesting concepts such as the Blocker Tag or the Clipped Tags did not get adopted. Despite the technological challenges in developing a secure and practical protection method, the major reason for diminishing interest by the public might have been that RFID adoption had followed a typical progression of an emerging technology, from a strong earlier enthusiasm of the RFID community through a period of disillusionment when it became obvious that the technology was not as easy to operationalize and thus RFID did not (yet) became as ubiquitous as proclaimed. Today, new technologies have arisen such as big data and complex-event processing that may help to bring RFID the much-anticipated break-through.

In this talk, I will first elaborate on the challenges in protecting privacy in RFID applications. Then I widen the focus to location tracking technologies in general and turn to digital signage networks that collect and analyze detailed information about consumers, their behaviors, and their characteristics employing techniques ranging from simple people-counting sensors to sophisticated facial recognition cameras to create highly targeted advertisements. As for RFID, what about notice of collection, choice and informed consent? And, do we face the same dilemma in developing adequate protection mechanisms?

BIO:
Günter Karjoth studied computer science at the University of Stuttgart (Germany) followed by a doctorate. From 1986 - 2013, he worked at IBM Research - Zurich, where he was involved in research projects within the fields of middleware and mobile agent security, identity and access management, enterprise privacy, and protocol engineering. Dr. Karjoth has lectured on "Privacy in the Electronic Society" at the ETH Zurich. Since September 2013 he is a research lecturer at the Lucerne University of Applied Sciences and Arts (School of Business).

Dr. Karjoth has published more than 60 technical papers in refereed journals and proceedings, authored 10 patents, and served in different capacities for various conferences and journals as well as on standardization committees. He has acted in different roles in several EU-funded research projects. From 2003-2011, he was the technical co-lead of the Zurich Information Security Center (ZISC), a joint collaboration of the ETH Zurich with an industry consortium. He is an ACM Distinguished Scientist (2013) and had received IBM Outstanding Achievement Awards for his work on Privacy for RFID (2006) and on the Enterprise Privacy Architecture (2005).

HOST: Prof. Marc Langheinrich