ietf
[Top] [All Lists]

Re: Some more background on the RFID experiment in Hiroshima

2009-09-14 02:06:13
At Sun, 13 Sep 2009 21:19:53 -0700 (PDT),
Ole Jacobsen wrote:


Eric,

The local hosts are reading the messages on this list and will take 
appropriate steps including:

* Not displaying the ID number <--> attendee mapping anywhere

* Not assigning numbers sequencially

That seems like a good start. As Richard and I have both indicated,
however, this system seems to have substantial residual privacy
risk, even if the identifiers are assigned completely unpredictably
(and note that non-sequential and unpredictable are not at all the
same thing). 


Again, anyone may opt out, but this IS an experiment and it is 
certainly hoped that people will participate.

I'm not trying to be difficult, but I'm not overly impressed with the
defense that people keep offering that this is an experiment and
people can opt out. If this were being done as an experiment at a
university, you would be expected to go in front of a human subjects
committee and demonstrate that your subjects had given informed
consent, probably wouldn't be harmed, etc. Now, obviously, this isn't
an academic setting, but I think it's fair to say that the people
running this experiment haven't done anything like full disclosure of
the relevant risks--and it's not even clear that they understand them
themselves. [It would also be consistent with common practice for
people to specifically opt in, not out.]

Now, I'm not saying that the IETF can never experiment with anything
(e.g., a new brand of pen at registration) without going through this
kind of review, but given that there has historically been quite a bit
of concern about the about the privacy implications of this sort of
RFID tagging (see, for instance, the issue of RFID tags in passports)
and that several people have raised concerns about this particular
use, ISTM that a somewhat higher bar is appropriate.  I'm not sure
exactly what I would consider meaningful for such an experiment in
order for participants to be fully informed, but it seems to me that
at minimum it would be the sort of security analysis that we would
expect to be provided in an I-D under RFC 3552.

-Ekr
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>