Mick Fortune <[log in to unmask]> wrote: [...]
> Regardless of whether the practice is illegal or not there are, to my
> knowledge, at least two RFID companies operating in the global market that
> advocate the use of at least some bibliographic data elements on tags as
> part of their solution. [...]
I'm convinced there are privacy law concerns about RFID if you can
identify the object from the RFID tag. This is famous and was covered
on BBC's mainstream technology TV show "Click" long enough ago that I
can't find it in their current archive: I think it was 2007ish.
The basic idea is that you somehow identify who is holding what
object: then, when your RFID readers locate that object, you've
probably located the person.
Usually, the attack is done by giving the person an object you tagged
surreptitiously, but if you can work out tag data from covers of books
they want to carry around, it makes the attack much easier to use.
Track books and at some point, simply look to see who is carrying what
book and you discover where they've been.
This seems like a privacy concern that we should address. Not
allowing public searches of the OPAC by barcode improves matters
slightly, but I think there are ways around that. A stronger way
might be to have tags contain only some "one-way barcode" which can be
changed and is associated with the real barcode in a way that can't be
decoded easily outside the library, but even that isn't perfect.
> [...] it seems to me
> unlikely that one of the world's largest RFID companies would knowingly
> break the law. But I am working to try and resolve the matter offline and -
> to avoid the list going up in flames - will not respond to this debate again
> here until I can (hopefully) shed some more light on the argument.
I think that's putting far too much faith in the large RFID companies.
That said, I'm not sure whether the RFID providers or libraries are
actually doing anything illegal in the above tag-tracking case, or
just doing the equivalent of selling people cars with no locks that
are easy pickings for criminals. Unethical, but maybe not illegal.
Anyone feel free to contact me directly for more information.
--
MJ Ray (slef). LMS developer and supporter for a small, friendly
worker cooperative http://www.ttllp.co.uk/ http://mjr.towers.org.uk/
(Notice http://mjr.towers.org.uk/email.html) tel:+44-844-4437-237
|