Untergeordnete Seiten
  • RFID position paper IFLA
Zum Ende der Metadaten springen
Zum Anfang der Metadaten

 Ideas / Characteristics for the position paper

- 1-2 pages

- other sections to be involved?

- skeleton:

- importance of RFID for libraries
- state of the art in standardization
- privacy in library environement: overview risks and measures
- statement: "technical" guidelines of the government reduce the possibilities of libraries to govern the use of RFID-tags together with suppliers

Further ideas/findings to the topic from Edmund (2008-08-09)

IFLA ITS SC MEETING - RFID DISCUSSION
Background to issues with EU RFID proposals
-          EU Consultation on RFID standards
o    Mandates privacy & implementation review processes
o    Includes some specific requirements on RFID implementation
-          3M Concerns
o    They are concerned the EU Proposal mandates particular solutions and does not mesh with existing standards
o    Want "self regulation"
o    Issues with definition of "public space"
-          Background to privacy issues & anonymity
o    Privacy of borrowing history has been a key concern of libraries
o    Overlaps with copyright and privacy positions of IFLA
o    Issues
§  "Tracking" - following the movement of the book/item by RFID number
§  "Hot listing" - building up a database associating titles to their RFID and tracking their movement
o    Some approaches to secure the RFID
§  The RFID id should be "rewritten" on checkout or
§  The RFID should be erased on checkout
§  The RFID is secured using public key encryption or other
-          Book industry adoption may drive standards for library adoption, but may not have requisite privacy controls:
Cnet NEWS.COM 8/5/2003
                http://news.zdnet.co.uk/itmanagement/0,1000000308,2134438,00.htm
                "By placing tag readers on the shelves of bookstores, the new system allows booksellers to gain information such as the range of books a shopper has browsed, how many times a particular title was picked up and even the length of time spent flipping through each book, Japan's Nikkei Electronic News reported."
EU CONSULTATION
http://ec.europa.eu/yourvoice/ipm/forms/dispatch?form=RFIDRec


 READING
                IFLA
Matts Lindquist.  RFID in libraries - introduction to the issues
http://www.ifla.org/IV/ifla69/papers/161e-Lindquist.pdf
Principally a technical overview
                                Martin Gorman.  Privacy in the Digital environment---issues for libraries
                                http://www.ifla.org/IV/ifla67/papers/145-083e.pdf
                                A good statement of the general digital privacy issues applicable to libraries
                               
                OTHER
                ISO 28560 - http://www.bs.dk/standards/rfid  (inter-operability standards & data model)
                Privacy issues
2004 - http://galecia.com/included/docs/position_rfid_permission.pdf
This work is a draft chapter for Wireless Privacy: RFID, Bluetooth and 802.11 to be published in early 2005 by Addison- Wesley/Prentice Hall. It is made available with special permission from the book's editors, Simson Garfinkel and Beth Rosenberg.
"Libraries should not yet implement RFID systems. Instead, libraries should be among the entities putting pressure on government and industry entities to develop standards, public policy and best practices guidelines for its use.
Libraries that choose to implement RFID technologies in advance of policy safeguards being put in place should take extra precautions to follow evolving best practices guidelines.", p.16
Privacy and Security in Library RFID: Issues, Practices, and Architectures
David Molnar_ David Wagner
http://www.cs.berkeley.edu/~dmolnar/library.pdf
ACM CCS'04, October 2529, 2004, Washington, DC, USA.
"We have given specific proposals for improving privacy in RFID tags. Unfortunately, such changes will require time,effort, and money, and no current library RFID system sup-
ports them. There will be a substantial cost for privacy and security in the library RFID setting. Is the cost of privacy and security "worth it?" Put another
way, should a library refuse to buy RFID until systems are available that resist these attacks? We cannot dictate an-swers to this question. What we have done, instead, is pro-
vide the means for libraries and their communities to make an informed decision, and the technical options to improve future library RFID systems."
ALA blog: http://www.libraryrfid.net/wordpress/
ALA technotes: http://www.ala.org/ala/pla/plapubs/technotes/rfidtechnology.cfm
Edmund Balnaves
Information Officer
IFLA ITS

Sources

 I've added three documents coming from an initiative of RFID-stakeholders against the EU-draft, see attachments or

2008-April-RFID and Privacy Policy.pdf 

EPCglobal Guidance to EU RFID Consultation.doc

 3M Comments for EU RFID Privacy and Data Security Recommendation.doc

Starting MAIL to IFLA ITS

Dear collegues,

in the last years RFID has evolved to be one of the mayor innovation topics in libraries, especially in those, who have a high pressure of usage. In parallel the discussion around the potential misuse of the technology, the risks of data lost and privacy violation arises broader public notice.

In this situation the European Union prepares a recommendation guideline (this means: a rule to become a law in the resp. member-states of the union) which was open for comment by the end of april. This opens a discussion around the application scenarios of RFID. Because the commission, the EU-governement, aimes to implement privacy, data protection, and information security regulations in applications where RFID is used (in cases where person-related data are existant, there should be a opt-in solution which means, that the tag should become deativated, when the consumer leaves the factory) vendors, manufacturers and service-providers fear now to lose a lot of possibilities for their applcations and shout instead of for self-regulations. The use of RFID in libraries requests the possibity to store application specific data on the RFID-tag and this means at least, that libraries and their needs become involved into the debatte. IFLA was asked to deliver a statement but was not prepared - now we are asked to prepare a statement for IFLA. And because I am aware of the complexity of the discussion and the technical backround we must prepare this statement carefully. There are indeed particular privacy concerns which are related to general IFLA policies; to point this out and to help IFLA finding a position in the debate is IMHO a useful job.

I wish to use this opportunity to start with another issue - discussed on the occasion of our last meeting: to start the IST-WIKI as a platform for discussion and collaborative work. Therefore you will become noradays a welcome message with the login information.

In our new WIKI I've uploaded some documents from the application providers, the mail from Stuart Hamilton, the IFLA Senior Policy Advisor.

Best regards

Reinhard

Deutsche Nationalbibliothekmailto:r.altenhoener@d-nb.de

eMail-Exchange IFLA HQ - IFLA ITS

From: Stuart Hamilton [mailto:Stuart.Hamilton@IFLA.nl]
Sent: Tuesday, 29 April 2008 6:56 PM
To: Altenhoener, Reinhard; Edmund Balnaves; alenka.kavcic@nuk.uni-lj.si
Subject: FW: RFID Consumer Privacy Policy - EU Proposal Hi again

Please find attached the comments from 3M on the proposed legislation.

Reinhard, I also think it is important that if we produce a position paper it should not only be for the archive. I've spoken to Sjoerd about this and we think that producing something for the Information Technology section to endorse in Quebec might be a good way to proceed, followed by publicising the paper via the IFLA mailing lists and then wider technology lists and forums. Obviously we would also make the paper available via IFLANET.

Sjoerd suggests that technology firms might be consulted but I am sure you will find the correct way to proceed regarding third party input.

Do you think this is a good approach?

Kind regards,

Stuart

Stuart Hamilton

IFLA Senior Policy Advisor

IFLA Headquarters

PO Box 95312

2509 CH The Hague

Netherlands

00 31 70 314 0884


From: dapointon1@mmm.com [mailto:dapointon1@mmm.com]
Sent: 28 April 2008 17:15
To: Stuart Hamilton
Cc: rdlarson1@mmm.com; ryanchek@mmm.com; jhaas@mmm.com; dtcastro@mmm.com
Subject: RE: RFID Consumer Privacy Policy - EU Proposal

Stuart, thank you for your help.  I too am sorry about the time constraints, as we did not have clear knowledge of this from our EU colleagues until last week.  As you look further into this issue please let me know whether 3M can assist in any way.  I am attaching our final comments for your review and if you feel it appropriate, distribution to your members.

Dave

David A. Pointon
National Sales Manager
Government, Locating & Marking
3M Track&Trace Solutions Division
3M Center Bldg, 225-4N-14
St. Paul, MN  55144-1000
651-736-3449 (o)
651-503-4554 (m)
651-736-0030 (f)
dapointon1@mmm.com

"Stuart Hamilton" <Stuart.Hamilton@IFLA.nl> 04/28/2008 06:28 AM

 

To

<jhaas@mmm.com>

cc

<dapointon1@mmm.com>

Subject

RE: RFID Consumer Privacy Policy - EU Proposal

 

 

 

 

Hi Dave, Hi Jacob

I'm sorry that time constraints meant that we were unable to get you a
more detailed position statement from IFLA on the EU legislation. If we
had received the docs a little earlier we might have been able to do
more. Nevertheless you have alerted us to an area that we should have
something more substantial on, and I have asked my colleagues to prepare
something as soon as they can.

All for now,

Stuart

--{}{}{}{}{}-{}Original Message{}---
{{From: jhaas@mmm.com [mailto:jhaas@mmm.com] }}
Sent: donderdag 24 april 2008 22:25
To: Stuart Hamilton
Cc: dapointon1@mmm.com
Subject: Fw: RFID Consumer Privacy Policy - EU Proposal

Stuart,

Attached is documentation from EPC Global regarding some legislation
that
is happening at the EU.  Please read through and see if IFLA is
interested
in giving input.

Kindest Regards,

Jacob Haas
3M Library Systems

Dear colleague;

Please make sure to spend some time to read and understand the included
information.
As you may already know there is a policy proposal in front of the
European
Commission guiding EU member countries on RFID and consumer privacy
legislation.
If passed as the current proposal, there would be some adverse effects
on
item level tagging not only in Europe but it could set off a precedent
effecting other parts of the world.
It is important that companies with interest in RFID are aware of this
situation and more importantly work to submit a response to the EU
before
April 25. Attached is a letter that outlines the situation and a
response
guidance document drafted by EPC Global.

Please feel free to share these with companies who are EPC Global
members,
or otherwise closely vested in adoption of EPC RFID technology. This is
not
for public distribution or disclosure, and should be limited to EPC
Global
members only.

(See attached file: 2008-April-RFID and Privacy Policy.pdf)(See attached
file: EPCglobal Guidance to EU  RFID Consultation.doc)

(See attached file: 2008-April-RFID and Privacy Policy.pdf)(See attached
file: EPCglobal Guidance to EU  RFID Consultation.doc)

  • Keine Stichwörter
Schreiben Sie einen Kommentar...