Item-level RFID Perception

1
Item-level RFID Perception Privacy Protection
Schemes_at_ ETSIDr. Sarah SpiekermannInstitute
of Information SystemsHumboldt University
Berlin, GermanyDecember 2007
2
A new book addressing social issues in Ubiquitous
Computing, in particular in RFID.
3
RFID is an important component of the Ubiquitous
Computing Landscape.

• RFID represents the ubiquitous and
  embeddedness element of Ubiquitous Computing.
• EAN and UCC have joined forces in 2001 in the
  organisation GS1 where RFID is developemed as the
  carrier technology for next generation bar codes.
• In Germany alone, we expect an RFID-related rise
  in the share of the value added of the producing
  sector, trade, transport as well as public and
  private service providers totalling about 62
  billion euros by the year 2010 compared with 3
  billion euros in 2004. (Public Policy Outlook,
  Michael Glos, June 2007)

Source Thiesse, F., Gross, S., Integration von
RFID in die betriebliche IT-Landschaft,WIRTSCHAF
TSINFROMATIK Vol. 48, No. 3, 2006, pp. 178-187
4
Consumers appreciate RFID based after sales
services.
Consumer Perceptions of RFID Benefits
- Results from 2 Studies
beneficial/like/convenient
5,00
warrantywithout receipt
warning washing machine
medication fit
medication Reminder
receipy recommendations
4,00
exchange Without receipt
unsure/medium
3,00
improvedstoragelife
checking used goods
add. Infoat home
recommendationsin the street
2,00
1,00
objectionable
0,00
Study 1 (237 part., 2005)
Study 2(306 part., 2006)
significant statistical difference
5
However, RFID has confronted strong criticism for
its potential to undermine privacy.

• GI (Pohl, 2004) has established a catalogue of
  provisions in order to minimize the potential
  dangers of transponders for citizens and
  society.
• The United States of America Center for Democracy
  and Technology and the OECD have proposed
  guidelines for the application of RFID in areas
  where it interfaces with people.
• Metro Group took 10.000 Payback loyalty cards out
  of the market.
• Benetton halted its deployment of RFID on
  shopfloors.
• Harvard Business Review launches a debate (2004)
  None of your business?

6
What are major consumer fears associated with
RFID?
Focus Group Results (Content Analysis)

• Concern of ones personal belongings to be
  assessed without ones knowledge and consent
• Concern to become known to and classified by
  others
• Concern to be followed
• Concern to sign responsible for each object one
  owns
• Concern about being restricted, educated or
  exposed through automatic object reactions

something is being done with me that I cannot
really control and grasp and this is what I am
afraid of.
Bertold, O., Günther, O., Spiekermann, S. ,
"RFID Verbraucherängste und Verbraucherschutz",
Wirtschaftsinformatik, Vol. 47, Nr.6, 2005
7
An extreme fear is that RFID may get out of
control.
Ishmells Photos
on
March 13th 2007
8
How can we build safety into RFID technology so
that benefits can be leveraged and social
drawbacks can be avoided?
9
Technically, an attack-tree analysis reveals that
uncontrolled tag-reader communication is the main
issue to be resolved for safe technology design.
Attack-tree Analysis of Consumer Concerns
Spiekermann, S., Ziekow, H., "RFID a
Systematic Analysis of Privacy Threats a
7-point plan to address them, Journal of
Information Systems Security, Vol. 1, Nr. 3, 2006
10
Giving people control over tag-reader
communication is a key requirement to ensure
privacy.
11
Giving people control over tag-reader
communication is a key requirement to ensure
privacy.

• What does it mean to give control?
• Cognitive control
• Decisional control
• Behavioral control

12
There are 4 options to treat RFID tags at store
exits.
?
?
13
Which strategy should be pursued?
14
Some notes on the Class1/Gen2 tags kill-function

• If you consider that RFID tags represent the
  future of computing technology, this proposal
  the kill function becomes as absurd as
  permanently deactivating desktop PCs to reduce
  the incidence of computer viruses and phishing
  (p. 92 in (Rieback, Gaydadjiev et al. 2006)).

15
The On-tag Scheme leaves users out of the loop
and therefore fails to meet control requirements.
UML sequence diagram RFID based communication in
a mall On-tag Scheme
16
The Agent Scheme implies control delegation and
trust in a Privacy Guardian.

• BENEFIT
• Users can specify their privacy preferences.
• DRAWBACK
• Need to develop the solution for probabilistic
  tag-reader protocols.
• Need to integrate privacy preference
  communication over tag-reader interface.
• Need for context recognition.
• Control delegation is typically a challenge when
  it comes to agent design and agent acceptance.

Rieback, M. R., B. Crispo, et al. (2005). "RFID
Guardian A Battery-Powered Mobile Device for
RFID Privacy Management". 10th Australiasian
Conference on Information Security (ACISP 2005),
Brisbane, Australia.
17
We proposed a User Scheme where the user is in
the drivers seat and initiates tag-reader
communication where needed.
User Scheme Mechanism
Spiekermann, S., Berthold O., "Maintaining
privacy in RFID enabled environments - Proposal
for a disable-model", in Privacy, Security and
Trust within the Context of Pervasive Computing,
Hrsg. P. Robinson, H. Vogt, W. Wagealla, The
Kluwer International Series in Engineering and
Computer Science, Springer Verlag, 2005
18
Whats the most appealing solution to customers?
19
Peoples reactions were tested vis-à-vis RFID
based on two different films about RFID
(between-subject design).
Set-up

• Neutral Film
• cut of professional film material
• 2 versions which are identical, BUT
• Agent Scheme ending
• User Scheme ending

• Questionnaire
• 151 questions (62 before the film, 89 after
  the film)
• time to answer around 55 minutes
• pre-tested questions
• four test cities Berlin, Hamburg, Köln und
  München

20
Subjects were close to German demographic average.
Experimental groups and demographics
21
In advance of the study we developed scales to
measure control perceptions over the
intelligent infrastructure.
Rank Index Question text (1 fully agree ... 5 do not agree at all) Category
1 POW 1 I feel that I can steer the intelligent environment in a way I feel is right. Power
2 POW 2 Thanks to ltthe PETgt the electronic environment and its reading devices will have to subdue to my will. Power
5 POW 3 Due to ltthe PETgt I perceive perfect control over the activity of my chips. Power
3 CON 1 Thanks to ltthe PETgt I could determine myself whether or not Ill interact with the intelligent environment. Contingency
7 CON 2 Through ltthe PETgt, services are put at my disposition when I want them. Contingency
6 H 2 I could imagine that if the electronic environment set out to scan me, it would be able to do so despite ltthe PETgt. Helplessness
10 H 1 ltThe PETgt will finally not be able to effectively protect me from being read by the electronic environment. Helplessness
8 COI 1 Due to ltthe PETgt it is still my decision whether or not the intelligent environment recognizes me. Choice
4 COI 2 Through ltthe PETgt I finally have the choice whether or not I am being scanned or not Choice
9 IC 1 Through ltthe PETgt I would always be informed of whether and in what form the electronic environment recognizes me. Information
11 IC 2 Using ltthe PETgt I would always know when and by whom I have been read out. Information
EUP 1 To learn to use ltthe PETgt would be easy for me. Ease-of-use
EUP 2 It would be easy for me to learn skillful use of ltthe PETgt. Ease-of-use
EUP 3 I would find ltthe PETgt easy to use. Ease-of-use
EUP 4 Due to ltthe PETgt the information exchange between my chips and reading devices would be clearly defined. Ease-of-use
22
Study results show that no PET is really superior
and that helplessness dominates RFID PET
perception.
Multivariate Regression Analysis on Drivers of
PET Acceptance
23
73 of participants want to see RFID chips
destroyed rather than taking advantage of the
benefits. The trend is reenforced the more
education people have.
Killing or PET?
Tendency to use PETfor advantage (7-11)
Undecided (6)
Tendency to rejectPET (1-5)
21.9 12.2
8.2 4.9
69.9 82.9
User Scheme
with IB
12.7 17.1
9.1 11.4
78.2 71.4
Agent Scheme
without IB
18.0 14.5
8.6 7.9
73.4 77.6
Total
with IB
The asterisk denotes a significant difference of
technology perception due to education.

1. Günther, O., Spiekermann, S. , "RFID And The
   Perception of Control The Consumer's View", 
   Communications of the ACM (CACM), Vol. 48, Nr.
   9, September 2005

24
Further analysis is now looking into the drivers
of RFID acceptance.
Drivers of Acceptancefor RFID on Products
Drivers of Acceptancefor RFID in the Service
Domain
25
Next steps

• Consider user model in the standardization
  process for tag-reader communication
• Consider busienss processes and user concerns and
  process perceptions before defining technical
  standards.
• Co-operation?
• Please contact me
• Sarah Spiekermann(sspiek_at_wiwi.hu-berlin.de)

26
Next steps
27
Research Projects on UbiComp
RFID Security, Localization Technologies (Magic
Map)
RFID Consumer Privacy
Ko-RFID Efficient collaboration in RFID based
supply chains
Economic Value of Proximity
Attention Management in Information Rich
Environments
Technology Assessment of Ubiquitous Computing