Computers, Privacy & the Constitution

View   r14  >  r13  >  r12  >  r11  >  r10  >  r9  ...
DanielHarrisFirstPaper 14 - 05 Jan 2010 - Main.IanSullivan
Line: 1 to 1
Changed:
<
<
META TOPICPARENT name="FirstPaper"
>
>
META TOPICPARENT name="OldPapers"
 

In Defense of RFID


DanielHarrisFirstPaper 13 - 16 Apr 2009 - Main.DanielHarris
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper"
Line: 36 to 36
 

What’s the Real Issue?

Changed:
<
<
I suspect that opposition to contactless smart cards stems from the idea that, when used for identification, they make life too easy. The user wants to be able to get through his day; the privacy advocate might rather see cumbersome identification technology hassle the user out of his complacency. The question is whether we should be requiring identification at all (or using payment cards rather than cash). Fighting that question on the merits would take more than 1,000 words, but going by Octopus’s uptake and our use of mobile phones we can assume that convenience is a compelling, perhaps deciding factor. The energies of privacy advocates will be better spent education people about their exposure to privacy-invasion and lobbying for a legal framework protective of privacy: it’s too easy to look like an irrelevant Luddite when you’re smashing chips and playing with tinfoil.
>
>
I suspect that opposition to contactless smart cards stems from the idea that, when used for identification, they make life too easy. The user wants to be able to get through his day; the privacy advocate might rather see cumbersome identification technology hassle the user out of his complacency. The question is whether we should be requiring identification at all (or using payment cards rather than cash). Fighting that question on the merits would take more than 1,000 words, but going by Octopus’s uptake and our use of mobile phones we can assume that convenience is a compelling, perhaps deciding factor. The energies of privacy advocates will be better spent educating people about their exposure to privacy-invasion and lobbying for a legal framework protective of privacy: it’s too easy to look like an irrelevant Luddite when you’re smashing chips and playing with tinfoil.
 

DanielHarrisFirstPaper 12 - 15 Apr 2009 - Main.EbenMoglen
Line: 1 to 1
Changed:
<
<
META TOPICPARENT name="FirstPaper%25"
>
>
META TOPICPARENT name="FirstPaper"
 

In Defense of RFID

Line: 84 to 84
 -- DanielHarris - 09 Apr 2009
Changed:
<
<
I think the argument about the functional equivalency of howling RFID cards and cellphones where privacy is concerned highlights another important point: piecemeal solutions to the privacy concerns with particular technologies, whether technological or legislative, have little effect on the overall erosion of privacy.
>
>
I think the argument about the functional equivalency of howling RFID cards and cellphones where privacy is concerned highlights another important point: piecemeal solutions to the privacy concerns with particul
 Which suggests that we need a solution--again, either legislative or technological--that encompasses all vectors for privacy invasion. Recognizing a constitutional right is a plausible first step, since the right can influence cultural expectations about how technology should preserve rather than erode privacy. This can in turn influence technology architects and hopefully meta privacy-protecting legislation along the lines of the Civil Rights Act of 1964.

-- AndreiVoinigescu - 10 Apr 2009

Added:
>
>
  • I think this essay is convincing on the points it argues. I also think, however, that the action is elsewhere.

  • I believe your argument that tracking by RFID is much harder than tracking by cellphone, which everyone more or less now accepts risk of. But the point about RFID is how cheaply someone can plant something on you that could be detected later: browser cookies in the real world. And, just as it may be especially problematic when A can see a cookie given you by B, ....

  • I think the problems posed by chatty RFID tags are more from the effects on identity-based security than about tracking. The CUID scheme turns out to be easy to break, for example, despite the "encryption" features, because you can pretend to be a door lock and spend all day having brief conversations with passing ID cards. After a surprisingly small number of such challenge/response pairs, you are ready to open any door in the place, or to pretend to be anyone you please to impersonate. I agree that one can shield cards most of the time so that their tendency to make excess noise can be confined, though many people will be careless thus enabling various forms of fraud and abuse.

  • Your position seems to be that there are good reasons for having stored wireless money that anonymously pays rapidly and at a distance. I entirely endorse that view, and would be happy to carry such a card myself. Remove the anonymity, however, and I don't want it at any price. So it's obviously not about radio frequency ID technology, it's about carrying a bunch of automated database record tags around with me covering my entry in other people's databases.
 
 
<--/commentPlugin-->

DanielHarrisFirstPaper 11 - 12 Apr 2009 - Main.DanielHarris
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper%25"
Line: 22 to 22
 The most important privacy protection for the Octopus is that it need not be registered or personalized. Only students need provide their personal data, and then only if they desire the student discounts available on some of the transportation networks. Secondly, the Octopus is a cash card system--although a credit-card-based auto-replenishment system is available, the vast majority of passengers will buy and refill their Octopus with Hong Kong Dollar banknotes. Nothing stops one from exchanging cards (as long as one is eligible for any discounts on the card) or maintaining multiple cards: in fact, Octopus encourages buying limited-edition “sold” cards (or chip-containing products) with, for example, holiday designs or cartoon characters on the card. Although anonymous cards still have identifying serial numbers, the possibility for correlation with personal identity is far lower than with credit or debit cards.
Deleted:
<
<
Of course, given the substantial presence of surveillance camera at major transport facilities, it should be fairly easy to correlate an anonymous Octopus serial number with the face (and perhaps identity) of its user. The same applies to the $4 Metrocard you can buy from a sidewalk newsstand, or to a credit or debit card, though.
 

But What About the Howling?

Changed:
<
<
We’ve heard a lot about cards “howling” (which, to be clear, refers to the replies of cards to readers close enough to reach them and hear back). The howling nature of the Octopus (or the CUID) and the ability to use it through a bag or wallet is part of what makes it successful, but there are countermeasures available for things we’re more worried about: contactless US passports are allegedly shielded when closed, and contactless “enhanced” driver licenses/passport cards sometimes ship with a protective sleeve.
>
>
Of course, given the substantial presence of surveillance cameras at transport facilities, it should be fairly easy to correlate an anonymous Octopus serial number with the face (and perhaps identity) of its user. The same, though, applies to the $4 Metrocard you can buy from a newsstand, or to a credit or debit card.

We’ve heard a lot about cards “howling” (which refers to the replies of cards to readers close enough to reach them and hear back). The howling nature of the Octopus (or the CUID) and the ability to use it through a bag or wallet is part of what makes it successful, but there are countermeasures available for things we’re more worried about: contactless US passports are allegedly shielded when closed, and contactless “enhanced” driver licenses/passport cards sometimes ship with a protective sleeve. The RFID's lack of an off switch is mitigated by this sort of easy countermeasure--it's no harder to apply such than to definitively disable, say, a mobile phone (requiring battery removal: it has no "hard" power switch either).

 

I Saw the Best Minds of My Generation

Changed:
<
<
You might still be worried about your cash cards--even if your rogue reader can’t crack the encryption, she’s still picking up a unique identifier. Going out in public with neither a balaclava over your face nor a variety of artificial limps should worry you almost as much: video biometric recognition is likely to progress just as fast as whatever technology is required to build out a network of long-range RFID scanners even approaching the existing surveillance camera network's ambit. Everything about the way you look and move is howling to every camera that can see you.
>
>
Don’t forget that mobile phone--in more civilized cities it works underground, too--and it actively howls. If you would not turn off your phone or leave it at home to avoid being tracked, you gain little from smashing your RFID chips. It's probably fair to say that most of us in this class, aware of the bargain, choose the convenience of a mobile over location privacy.
 
Changed:
<
<
Don’t forget your mobile phone--in more civilized cities it works underground, too--it actually, actively howls. If you would not turn off your phone or leave it at home to avoid being tracked, you gain little from smashing your RFID chips.
>
>
You might still be worried about your cash cards--even if your rogue reader can’t crack the encryption, she’s still picking up a unique identifier. There's no technical solution to this problem, though: going out in public without disguising your appearance and gait may soon be just as treacherous, as video biometric recognition is likely to progress as fast as the technology required to build out a network of long-range RFID scanners even approaching the existing surveillance camera network's ambit. Broadcasting a unique identifier is a fact of life in modern society--this, not any specific technology, is the problem.
 

What’s the Real Issue?

Changed:
<
<
I suspect that opposition to contactless smart cards stems from the idea that, when used for identification, they make life too easy. The user wants to be able to get through his day; the privacy advocate might rather see cumbersome identification technology hassle the user out of his complacency. The question is whether we should be requiring identification at all (or using payment cards rather than cash). Fighting that question on the merits would take more than 1,000 words, but going by Octopus’s uptake we can assume that convenience is a compelling, perhaps deciding factor. The energies of privacy advocates will be better spent lobbying for legal protections: it’s too easy to look like an irrelevant Luddite when you’re smashing chips and playing with tinfoil.
>
>
I suspect that opposition to contactless smart cards stems from the idea that, when used for identification, they make life too easy. The user wants to be able to get through his day; the privacy advocate might rather see cumbersome identification technology hassle the user out of his complacency. The question is whether we should be requiring identification at all (or using payment cards rather than cash). Fighting that question on the merits would take more than 1,000 words, but going by Octopus’s uptake and our use of mobile phones we can assume that convenience is a compelling, perhaps deciding factor. The energies of privacy advocates will be better spent education people about their exposure to privacy-invasion and lobbying for a legal framework protective of privacy: it’s too easy to look like an irrelevant Luddite when you’re smashing chips and playing with tinfoil.
 

DanielHarrisFirstPaper 10 - 10 Apr 2009 - Main.AndreiVoinigescu
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper%25"
Line: 82 to 82
 Thanks for the feedback -- I will think about this some more and try to come up with some changes.

-- DanielHarris - 09 Apr 2009

Added:
>
>

I think the argument about the functional equivalency of howling RFID cards and cellphones where privacy is concerned highlights another important point: piecemeal solutions to the privacy concerns with particular technologies, whether technological or legislative, have little effect on the overall erosion of privacy.

Which suggests that we need a solution--again, either legislative or technological--that encompasses all vectors for privacy invasion. Recognizing a constitutional right is a plausible first step, since the right can influence cultural expectations about how technology should preserve rather than erode privacy. This can in turn influence technology architects and hopefully meta privacy-protecting legislation along the lines of the Civil Rights Act of 1964.

-- AndreiVoinigescu - 10 Apr 2009

 
 
<--/commentPlugin-->

DanielHarrisFirstPaper 9 - 09 Apr 2009 - Main.DanielHarris
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper%25"
Line: 53 to 53
 My position isn't equally true of every privacy concern -- I'm making a specific comparison between the information provided by howling IDs and mobile phones. One can get exactly the same information -- a unique identifier and its position -- from your mobile phone as from RFID, but we already have a perfectly good mobile-tracking infrastructure built out and in use. It just doesn't make sense, I argue, to worry about the government tracking your e-passport while you leave your mobile phone on, because they're exactly the same type of threat. In contrast, cameras (for now) capture different information (someone who looks like X was at Y) than do credit cards (someone paid for Z with X's credit card) than do mobile phones (someone with SIM card U was at S series of places). I make the mobile-RFID comparison specifically because I suspect that even in our class, very few of us have regular second thoughts about leaving our phones on.
Changed:
<
<
I agree that raising the profile of RFID privacy concerns generates attention, but I worry that many peoples worries about RFID privacy are subtracting respectability from a movement that's already vulnerable to accusations of paranoia rather than adding significant resources.
>
>
I agree that raising the profile of RFID privacy concerns generates attention, but I worry that many people's worries about RFID privacy are subtracting respectability from a movement that's already vulnerable to accusations of paranoia rather than adding significant resources.
 -- DanielHarris - 07 Apr 2009
Changed:
<
<
Daniel, I take your point about the hide-the-ball nature of focusing on RFID rather than on other technologies which essentially raise the same privacy concerns. But I do wonder whether you may be a bit off base when you say: "I worry that many peoples worries about RFID privacy are subtracting respectability from a movement that's already vulnerable to accusations of paranoia rather than adding significant resources." It seems to me, as a bit of a newcomer to this arena, to be the opposite--- that is, that the focus on RFID makes sense because its less immediate nature may make arguments around it seem more plausible and thus respectable.
>
>
Daniel, I take your point about the hide-the-ball nature of focusing on RFID rather than on other technologies which essentially raise the same privacy concerns. But I do wonder whether you may be a bit off base when you say: "I worry that many people's worries about RFID privacy are subtracting respectability from a movement that's already vulnerable to accusations of paranoia rather than adding significant resources." It seems to me, as a bit of a newcomer to this arena, to be the opposite--- that is, that the focus on RFID makes sense because its less immediate nature may make arguments around it seem more plausible and thus respectable.
 

This may be only my own experience, but I suspect someone naïve to the problem of technology and privacy may be more willing to hear about technologies that are less familiar to them, like RFID. A person unsophisticated to your arguments still has a cellphone, which they probably like, and Facebook, which they probably don’t want to give up, and credit cards which they can’t imagine living without. I wonder if focusing on RFID (which undoubtedly runs a bit into the tin-foil hat problem you write about) at least has the effect of allowing listeners who might turn off a more mainstream argument, precisely because it was mainstream, and thus reached them in ways they’d rather not think about, to get some grounding in the idea that technology can and does impinge on our privacy in all sorts of devious and subterranean ways. Of course, it’s also quite possible the same people who would hear “cellphone privacy invasion” and immediately switch off because, hey, who’s going to give up their cell phone, are the same people who hear “RFID” and immediately begin looking for the roll of Reynolds. Either way, it’s just something to think about as a possible (small) counterpoint to your argument.

Line: 73 to 73
 As for the point about lobbying, I agree that the smashing chips and playing with tin-foil problem (hilarious, by the way) is a real concern for privacy advocates. However, I think the solution is thinking about more effective ways to communicate RFID (and other privacy) issues to the general public, not to abandon speech about technologies that do indeed pose a threat to privacy. But perhaps this is what you mean by the word "lobbying", in which case we are on the same page.

-- JustinColannino - 08 Apr 2009

Added:
>
>

Dana, interesting counterpoint -- but, admitting it for the sake of the argument, I don't think there's much time left for it. EZ-Pay and its brethren have been in wide use for a while now, and that's a logical, familiarizing, and accurate analogy for prospective payment providers to use. I still think (granting that my perceptions of Joe the Public's values may be completely off base) that it might be easier to gin up fear of pervasive CCTV, with the aid of red-light/speed cameras.

Justin, yes, I'm not actually suggesting not to worry. I'm suggesting that we temper our worries about any one of these issues with an awareness of we're already willing to give away, which I think my (severely in need of distillation) mobile example drives home. Those of us in class, at least, have a clear choice between giving up or crippling our handy gadgets or living life under constant tracking.

Thanks for the feedback -- I will think about this some more and try to come up with some changes.

-- DanielHarris - 09 Apr 2009

 
 
<--/commentPlugin-->
\ No newline at end of file

DanielHarrisFirstPaper 8 - 08 Apr 2009 - Main.JustinColannino
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper%25"
Line: 65 to 65
 

-- DanaDelger - 08 Apr 2009

Added:
>
>
Daniel, I think that we are talking past each other a little bit when we compare privacy violating technologies. I perceived your argument in the section labeled 'I saw the greatest minds of my generation' as arguing: don't worry about your mobile cash cards, unless you wear a disguise or turn your phone off people can still get the same information (your location) from you. I object to that argument because it can be made the other way: don't worry about your cellphone, unless you wear a disguise or do not carry anything with RFID people can still get the same information (your location) from you.

You respond that you "make the mobile-RFID comparison specifically because I suspect that even in our class, very few of us have regular second thoughts about leaving our phones on." I think that you are trying to make the more nuanced point that for all the hoopla about RFID, people don't give a second thought to carrying a cellphone and that maybe they should be more consistent in their fears? Is this right? If so, I had a hard time distilling that excellent point from the text.

As for the point about lobbying, I agree that the smashing chips and playing with tin-foil problem (hilarious, by the way) is a real concern for privacy advocates. However, I think the solution is thinking about more effective ways to communicate RFID (and other privacy) issues to the general public, not to abandon speech about technologies that do indeed pose a threat to privacy. But perhaps this is what you mean by the word "lobbying", in which case we are on the same page.

-- JustinColannino - 08 Apr 2009

 
 
<--/commentPlugin-->
\ No newline at end of file

DanielHarrisFirstPaper 7 - 08 Apr 2009 - Main.DanaDelger
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper%25"
Line: 56 to 56
 I agree that raising the profile of RFID privacy concerns generates attention, but I worry that many peoples worries about RFID privacy are subtracting respectability from a movement that's already vulnerable to accusations of paranoia rather than adding significant resources.

-- DanielHarris - 07 Apr 2009

Added:
>
>

Daniel, I take your point about the hide-the-ball nature of focusing on RFID rather than on other technologies which essentially raise the same privacy concerns. But I do wonder whether you may be a bit off base when you say: "I worry that many peoples worries about RFID privacy are subtracting respectability from a movement that's already vulnerable to accusations of paranoia rather than adding significant resources." It seems to me, as a bit of a newcomer to this arena, to be the opposite--- that is, that the focus on RFID makes sense because its less immediate nature may make arguments around it seem more plausible and thus respectable.

This may be only my own experience, but I suspect someone naïve to the problem of technology and privacy may be more willing to hear about technologies that are less familiar to them, like RFID. A person unsophisticated to your arguments still has a cellphone, which they probably like, and Facebook, which they probably don’t want to give up, and credit cards which they can’t imagine living without. I wonder if focusing on RFID (which undoubtedly runs a bit into the tin-foil hat problem you write about) at least has the effect of allowing listeners who might turn off a more mainstream argument, precisely because it was mainstream, and thus reached them in ways they’d rather not think about, to get some grounding in the idea that technology can and does impinge on our privacy in all sorts of devious and subterranean ways. Of course, it’s also quite possible the same people who would hear “cellphone privacy invasion” and immediately switch off because, hey, who’s going to give up their cell phone, are the same people who hear “RFID” and immediately begin looking for the roll of Reynolds. Either way, it’s just something to think about as a possible (small) counterpoint to your argument.

-- DanaDelger - 08 Apr 2009

 
 
<--/commentPlugin-->
\ No newline at end of file

DanielHarrisFirstPaper 6 - 07 Apr 2009 - Main.DanielHarris
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper%25"
Line: 49 to 49
 -- JustinColannino - 01 Apr 2009
Added:
>
>

My position isn't equally true of every privacy concern -- I'm making a specific comparison between the information provided by howling IDs and mobile phones. One can get exactly the same information -- a unique identifier and its position -- from your mobile phone as from RFID, but we already have a perfectly good mobile-tracking infrastructure built out and in use. It just doesn't make sense, I argue, to worry about the government tracking your e-passport while you leave your mobile phone on, because they're exactly the same type of threat. In contrast, cameras (for now) capture different information (someone who looks like X was at Y) than do credit cards (someone paid for Z with X's credit card) than do mobile phones (someone with SIM card U was at S series of places). I make the mobile-RFID comparison specifically because I suspect that even in our class, very few of us have regular second thoughts about leaving our phones on.

I agree that raising the profile of RFID privacy concerns generates attention, but I worry that many peoples worries about RFID privacy are subtracting respectability from a movement that's already vulnerable to accusations of paranoia rather than adding significant resources.

-- DanielHarris - 07 Apr 2009

 
 
<--/commentPlugin-->
\ No newline at end of file

DanielHarrisFirstPaper 5 - 03 Apr 2009 - Main.ElizabethDoisy
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper%25"

DanielHarrisFirstPaper 4 - 01 Apr 2009 - Main.JustinColannino
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper%25"
Line: 38 to 38
 I suspect that opposition to contactless smart cards stems from the idea that, when used for identification, they make life too easy. The user wants to be able to get through his day; the privacy advocate might rather see cumbersome identification technology hassle the user out of his complacency. The question is whether we should be requiring identification at all (or using payment cards rather than cash). Fighting that question on the merits would take more than 1,000 words, but going by Octopus’s uptake we can assume that convenience is a compelling, perhaps deciding factor. The energies of privacy advocates will be better spent lobbying for legal protections: it’s too easy to look like an irrelevant Luddite when you’re smashing chips and playing with tinfoil.
Added:
>
>

Daniel, I find the first half of your paper particularly compelling. RFID cash cards, like the Octopus, seem to me to have traits that protect both privacy and convenience. In fact, they seem like a great compromise.

However, the second half confuses me a bit. I read your argument to say, basically, with so many other privacy concerns (cameras, cellphones, etc., etc.) we should not be concerned about RFID. Instead, you argue, privacy activists should "lobby[] for legal protections." To me this position is contradictory. How do you convince people that privacy matters if you ignore a source of its decline? People need a reason to take action. Political lobbying needs feet or dollars to make it go, and people worried about RFID privacy adds both.

Another problem with your position is that it is equally true of any and every privacy concern. Don't worry about cameras-you carry a cellphone, right? Don't worry about your cellphone-you pay with a credit card, right? Privacy is eroded by many different technologies. Arguing that we should ignore one simply because beneficial uses exist for it that do not invade our privacy as much misses the point that it is the aggregate effect which erodes privacy.

-- JustinColannino - 01 Apr 2009

 
 
<--/commentPlugin-->

DanielHarrisFirstPaper 3 - 09 Mar 2009 - Main.DanielHarris
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper%25"

In Defense of RFID

Changed:
<
<
-- By DanielHarris - 20 Feb 2009
>
>
-- By DanielHarris - 8 Mar 2009
 
Changed:
<
<
What baby am I saving? - Transaction Time / efficiency - durability
>
>

Introduction

 
Changed:
<
<
On Howling - passive - range limitations / possibilities - shielding options (or why you can't wardrive for passports) - Some Biometrics Howl, Too
>
>
RFID and related technologies in the form of the contactless smart card have taken a beating, often literally. Smart cards were also part of my daily life a year before it found its way into our CUIDs. At any given time in Hong Kong, I typically had three “smart” cards on my person: the HKID (a contact smart card), the Lingnan ID (functionally identical to the CUID), and the Octopus. Fond memories of the Octopus in particular make me want to make sure we don’t throw out the baby with the bath water.
 
Changed:
<
<
The Real Problem: it makes pervasive ID too easy - fight that one on its merits - let's use it for money and not for ID -- but if you're carrying a cash card it's trivial to associate with ID - just as true for non-RFID. avoiding the direct link and making the private bad guy work harder is a reasonable safeguard. - ID vs. inconvenience (after-hours access)
>
>

What “Baby” is This?

 
Changed:
<
<

Section I

>
>
The Octopus is a contactless RFID stored-value card, available in anonymous and personalized versions. Operated by a consortium of Hong Kong transport operators (and therefore, like the MTR Corporation, effectively controlled by the HKSAR government), the Octopus began its life in 1997 as a common stored-value card for public transport. It is now used by 95% of Hong Kong’s adult (16-65) population and accepted not just on all scheduled public transport, but also in numerous retail settings: grocery stores, drugstores, ubiquitous convenience stores, parking meters, vending machines, and prominent fast-food restaurants. At my university, the student canteen (cafeteria) and library copying machines and printers accepted Octopus, too. The retail network is a powerful argument for Octopus use even just on transport, as any staffed retail location accepting Octopus can accept cash to load onto the card.
 
Changed:
<
<

Subsection A

>
>
Why is it so popular? Time. The transaction time for transport is 300ms--quick enough to tap one’s closed wallet while moving through a turnstile at full rush hour speed--with a leisurely 1 sec. allowed for retail transactions. Even without considering the difficulties of fumbling around with small coins, worth as little as a US penny, to make exact change for a bus, this speed lets passengers tap their cards for distance-based fares and intermodal interchange discounts without clogging the series of underground tubes. Anyone who’s had the misfortune of riding a NYCT bus, or who makes a habit of outpacing cross-town buses on foot, can see the implications: buses become downright usable when they aren’t daintily reading Metrocards for five minutes at every stop. An on-the-honor paper ticketing system has this advantage, but still requires queuing beforehand to purchase tickets.
 
Added:
>
>
Contactless smart cards are also more durable than their alternatives: I occasionally had to clean the contacts on my rarely-employed HKID with a pencil eraser, and have had my share of demagnetized or scratched magnetic stripes.
 
Changed:
<
<

Subsub 1

>
>

Privacy Protections

 
Changed:
<
<

Subsection B

>
>
The most important privacy protection for the Octopus is that it need not be registered or personalized. Only students need provide their personal data, and then only if they desire the student discounts available on some of the transportation networks. Secondly, the Octopus is a cash card system--although a credit-card-based auto-replenishment system is available, the vast majority of passengers will buy and refill their Octopus with Hong Kong Dollar banknotes. Nothing stops one from exchanging cards (as long as one is eligible for any discounts on the card) or maintaining multiple cards: in fact, Octopus encourages buying limited-edition “sold” cards (or chip-containing products) with, for example, holiday designs or cartoon characters on the card. Although anonymous cards still have identifying serial numbers, the possibility for correlation with personal identity is far lower than with credit or debit cards.
 
Added:
>
>
Of course, given the substantial presence of surveillance camera at major transport facilities, it should be fairly easy to correlate an anonymous Octopus serial number with the face (and perhaps identity) of its user. The same applies to the $4 Metrocard you can buy from a sidewalk newsstand, or to a credit or debit card, though.
 
Changed:
<
<

Subsub 1

>
>

But What About the Howling?

 
Added:
>
>
We’ve heard a lot about cards “howling” (which, to be clear, refers to the replies of cards to readers close enough to reach them and hear back). The howling nature of the Octopus (or the CUID) and the ability to use it through a bag or wallet is part of what makes it successful, but there are countermeasures available for things we’re more worried about: contactless US passports are allegedly shielded when closed, and contactless “enhanced” driver licenses/passport cards sometimes ship with a protective sleeve.
 
Changed:
<
<

Subsub 2

>
>

I Saw the Best Minds of My Generation

 
Added:
>
>
You might still be worried about your cash cards--even if your rogue reader can’t crack the encryption, she’s still picking up a unique identifier. Going out in public with neither a balaclava over your face nor a variety of artificial limps should worry you almost as much: video biometric recognition is likely to progress just as fast as whatever technology is required to build out a network of long-range RFID scanners even approaching the existing surveillance camera network's ambit. Everything about the way you look and move is howling to every camera that can see you.
 
Added:
>
>
Don’t forget your mobile phone--in more civilized cities it works underground, too--it actually, actively howls. If you would not turn off your phone or leave it at home to avoid being tracked, you gain little from smashing your RFID chips.
 
Changed:
<
<

Section II

>
>

What’s the Real Issue?

 
Changed:
<
<

Subsection A

>
>
I suspect that opposition to contactless smart cards stems from the idea that, when used for identification, they make life too easy. The user wants to be able to get through his day; the privacy advocate might rather see cumbersome identification technology hassle the user out of his complacency. The question is whether we should be requiring identification at all (or using payment cards rather than cash). Fighting that question on the merits would take more than 1,000 words, but going by Octopus’s uptake we can assume that convenience is a compelling, perhaps deciding factor. The energies of privacy advocates will be better spent lobbying for legal protections: it’s too easy to look like an irrelevant Luddite when you’re smashing chips and playing with tinfoil.
 
Deleted:
<
<

Subsection B

 \ No newline at end of file
Added:
>
>
 
<--/commentPlugin-->

DanielHarrisFirstPaper 2 - 02 Mar 2009 - Main.DanielHarris
Line: 1 to 1
 
META TOPICPARENT name="FirstPaper%25"
Deleted:
<
<
 

In Defense of RFID

Line: 7 to 6
 -- By DanielHarris - 20 Feb 2009
Added:
>
>
What baby am I saving? - Transaction Time / efficiency - durability

On Howling - passive - range limitations / possibilities - shielding options (or why you can't wardrive for passports) - Some Biometrics Howl, Too

The Real Problem: it makes pervasive ID too easy - fight that one on its merits - let's use it for money and not for ID -- but if you're carrying a cash card it's trivial to associate with ID - just as true for non-RFID. avoiding the direct link and making the private bad guy work harder is a reasonable safeguard. - ID vs. inconvenience (after-hours access)

 

Section I


DanielHarrisFirstPaper 1 - 20 Feb 2009 - Main.DanielHarris
Line: 1 to 1
Added:
>
>
META TOPICPARENT name="FirstPaper%25"

In Defense of RFID

-- By DanielHarris - 20 Feb 2009

Section I

Subsection A

Subsub 1

Subsection B

Subsub 1

Subsub 2

Section II

Subsection A

Subsection B


Revision 14r14 - 05 Jan 2010 - 22:30:15 - IanSullivan
Revision 13r13 - 16 Apr 2009 - 01:36:04 - DanielHarris
Revision 12r12 - 15 Apr 2009 - 19:55:47 - EbenMoglen
Revision 11r11 - 12 Apr 2009 - 19:24:27 - DanielHarris
Revision 10r10 - 10 Apr 2009 - 23:13:24 - AndreiVoinigescu
Revision 9r9 - 09 Apr 2009 - 00:49:38 - DanielHarris
Revision 8r8 - 08 Apr 2009 - 14:01:14 - JustinColannino
Revision 7r7 - 08 Apr 2009 - 01:21:46 - DanaDelger
Revision 6r6 - 07 Apr 2009 - 23:20:09 - DanielHarris
Revision 5r5 - 03 Apr 2009 - 16:50:10 - ElizabethDoisy
Revision 4r4 - 01 Apr 2009 - 21:43:19 - JustinColannino
Revision 3r3 - 09 Mar 2009 - 04:37:06 - DanielHarris
Revision 2r2 - 02 Mar 2009 - 15:43:46 - DanielHarris
Revision 1r1 - 20 Feb 2009 - 04:19:50 - DanielHarris
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM