New technologies pose online privacy uncertainties, Rotenberg claims
Computerworld | Jan 2, 2008
Privacy advocate says that much remains unknown about how collected data will be used
by Patrick Thibodeau
January 02, 2008 (Computerworld) — Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC), spoke recently with Computerworld about online privacy issues. In an initial installment of the interview, Rotenberg said he fears that a “privacy meltdown” will result from Google Inc.’s planned acquisition of online ad-serving vendor DoubleClick Inc., a deal that was given the green light last month by the U.S. Federal Trade Commission. In this second installment, he gives his take on how young people view privacy and discusses the privacy ramifications of shopping courtesy cards, radio frequency identification (RFID) tags and bar-coded driver’s licenses.
Some privacy advocates argue that the younger generation of Internet users – the Facebook and MySpace users – are less guarded about data privacy. Is this younger generation in the vanguard of a new way of thinking about privacy, or are they just naïve? Younger people today have a different way of thinking about privacy. I think it’s a mistake to believe that they value privacy less [than other users do]. And in many respects, that’s actually the experience we’ve often had in this country: notions of privacy evolve based on what technology makes possible. But I think the mistake that people sometimes make is to believe that because kids have a different expectation of privacy, somehow it’s a diminished expectation.
Do you think, though, that young users are sharing more information about themselves in public environments than they should be? I think the interesting issue, and where the privacy debate begins, is when the information that they make available to their friends – for example, on a social network site – is gathered surreptitiously and used for marketing purposes. And there, I think there really is a [valid] debate about whether people, and kids in particular, understand what’s going on and if it’s really fair.
The courtesy cards that retailers issue to customers to qualify for discounts can be used to record everything that someone like me buys. How can that information be used? And as a consumer, should I worry about it? I generally think that being worried is a helpful way to talk about privacy. In terms of how businesses collect and use personal information, the right approach is really to ask the question, “Are companies being fair with what they do with the data they collect?” If they aren’t, then we need some rules in place.
Do you think that retailers are being fair about how they use the purchasing information they collect? I think it’s a very serious issue. One of the big paradoxes about privacy is that the companies that collect and use so much information about consumers tend to be very secretive about their own practices, and as a result, it’s just very difficult for people to really know what’s happening to the data that is provided to [the companies]. So typically, when we talk about privacy laws, one of the main things we’re arguing for is simply making companies more accountable in the collection and use of data that they collect.
At an IBM conference that I was at recently, the ID badges for attendees included RFID tags that automatically tracked what sessions people attended. IBM’s conference organizers had a reasonable explanation: instead of scanning people’s badges as they went into sessions, they just RFID’ed them. But where can this all go if things like driver’s licenses or library cards get RFID tags? Your story is very interesting, and in fact, [IBM’s] analogy is imperfect. When you scan a card, there’s a moment when the card is removed, it’s turned over to a reader and the person is aware of the fact that the card is being read. The problem, of course, with an RFID tag is that it can be read at any time by anyone who is in possession of a reader – whether or not the person knows that their card is being scanned. And this is precisely the debate we are having right now with the Department of Homeland Security over many of the identity schemes.
How do you think the DHS is going to use RFID tags? We know that they are adopting a standard that a lot of people, not only in the privacy community but also in the security community, are not very happy about. It’s the so-called vicinity read or contactless read RFID tag. It’s designed precisely to prevent the ability of people to know when the data on the tag is being read. That violates a central principal of [personal] security, and that is basic access control – you want people to know when information about them is being requested by others, if for no other reason than to be able to make sure that it’s being requested for an appropriate purpose and not a purpose that might create a problem.
Can you illustrate how the contactless RFID technology might be misused? In lots of ways. A lot of hackers have done a pretty good job showing the problems with the remote RFID tags. You can pull credit card numbers, if [companies] haven’t encrypted the numbers. You can get medical information. You can pull information on U.S. travelers overseas. The U.S. State Department’s proposal for the e-Passport, for example, had to be significantly revised when people realized that there was going to be a problem with the RFID tag being remotely read on U.S. citizens as they traveled overseas. There are real concerns here.
How do you think this issue will turn out? The Department of Homeland Security is playing a leading role right now in putting forward many of the new proposals for border control, [personal] identification and video surveillance, and EPIC has probably been the group most critical of these proposals. Part of the concern is also that these proposals haven’t been really well-thought-out, and I think the best example of that is the federal national identity card known as Real ID. There has been a real push-back from the states regarding that proposal, and a real concern that it will create some new security risks if it were to be implemented.
The Real ID plan sets national identity card standards – it requires a bar code and a digital photograph. What are some of the other things that it requires, and why is it so toxic to some people? I can’t give you a precise answer because the federal government still hasn’t issued the final regulations, which is really amazing when you think about it. The law was passed in February of 2005, and the states were expected to comply with the federal regulations within three years, and we’re creeping up on the three-year anniversary of the law [being approved], and the Department of Homeland Security still hasn’t issued the final rules. This is an example, I think, of the problems with these proposals when they are not thought out very well and when there are a lot of underlying security problems.
My new Washington, D.C., driver’s license has a bar code on it. I have no idea what information is on that bar code. How do you think that information stored there could be used? From our perspective, the key to good systems of identification – to secure systems of identification – is to ensure that they are only used for their intended purpose. The big risk with the state driver’s license, particularly when you start adding mag stripes, bar codes and some other functionality, is that it makes it easier for the private sector to pull information off of a license and use it for other purposes.
Here’s a classic example: You go into a bar, the bar owner wants to make sure that you are 21, you present the license. But if he swipes the license and pulls your name and address, birth date, sex, eye color and height off of the license, now he’s got a lot more information than he’s really entitled to. In response to that specific problem, a number of states have limited the ability of merchants to take information from driver’s licenses.