Previous Page  30 / 32 Next Page
Information
Show Menu
Previous Page 30 / 32 Next Page
Page Background

30

PCPD News

私隱專員公署通訊

Issue no. 30

Hence, it is possible for someone

to read from, or write to, an RFID

tag without being noticed.

• Open Standards

The majority of RFID tags for

p r oduc t s c a r r y an E l e c t r on i c

Product Code (EPC), which is a

standard product code that allows

anyone t o ea s i l y l ook up t he

product the tag is attached to. It is

therefore possible to use an RFID

reader to scan and find out what

a person is wearing or carrying,

including the size and brand of

c l o t he s , med i ca t i on package ,

book, etc. in order to understand

the individual’s health condition,

personal preference etc.

It is important to note that RFID tags

typically used for item labelling have

a working range of 1 to 4 metres, so

tags can be read from a relatively long

distance. Coupled with the possible

information stored in the chip (unique

identifier, product information, etc.),

if the chips are left on the purchased

products after the point of sale, they

pose the following privacy threats.

• Position Traceability

Each tag has a unique manufacturing

identifier. If i t i s po s s i b l e t o

associate such an identifier to

a specific person, it is also be

possible to track the person’s

position by reading the tag on a

T-shirt, for example, at different

locations.

• Information Leakage

I t i s po s s i b l e t o ga t he r s ome

i n f o r ma t i o n a b o u t p e o p l e ’s

belongings simply by reading the

tags embedded in the items they

carry, such as a passport, book,

watch or medicine package. It

would then be easy to further infer

their personal preferences, health

status or even political beliefs.

If no privacy impact assessment is

carried out, RFID tags present possible

privacy threats to consumers. The

following countermeasures to prevent

privacy abuse from the use of RFID

tags, especially in the retail sector, are

recommended.

• Design tags which are not easily

readable by scanners in normal

situations and have to be allowed

o r r e ve a l e d by t h e owne r o f

the objects before they can be

scanned, so that tags can operate

a f t e r t he po i n t o f s a l e , wh i l e

privacy is preserved.

• Disable or remove tags, or offer

to consumer such choices, after

the items they were attached to or

embedded in are sold.

• Store a reference number instead

of personal data on RFID chips.

• Be transparent about the use,

particularly when the use is not

limited to logistical controls, of

RFID tags.

• Sh i e l d l i f e l ong RF IDs aga i ns t

covert readers to avoid reading of

tags without the knowledge of the

owner.

• When appropriate, use encryption

to protect information that must be

left on merchandise.

科技新知

Technology Updates

資料來源

Sources

“RFID Tag Privacy Threats and Countermeasures: Current Status”, European Commission, Joint Research Centre – Institute for

the Protection and Security of the Citizen

https://ec.europa.eu/jrc/sites/default/files/jrc78156_report_rfid_en.pdf
1 21 22 23 24 25 26 27 28 29 30 31 32  FlippingBook