1 / 21

Summary of STF396 progress

Summary of STF396 progress. Autumn M436 CG meeting. Overview. Summary of the comments received General = 111 of 659 (17%) Editorial = 233 of 659 (35%) Technical = 315 of 659 (48%) This relative mix has been maintained even as new comments creep through (figures change but mix doesn’t)

cnava
Download Presentation

Summary of STF396 progress

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Summary of STF396 progress Autumn M436 CG meeting

  2. Overview • Summary of the comments received • General = 111 of 659 (17%) • Editorial = 233 of 659 (35%) • Technical = 315 of 659 (48%) • This relative mix has been maintained even as new comments creep through (figures change but mix doesn’t) • Overview of response • Accept all “Editorial” without detailed review • Confirm all are addressed in final edit • Many duplications across the comments • not necessarily the same text but the same concern has been expressed • Document structure requires change • Analysis moved to annex • Findings made more “hard” (less verbosity)

  3. Where are the comments • Clause by clause • Overall (i.e. purpose, scope and structure of document) = 28 • Clause 1 = 0 (zero) • Clause 2 = 13 • Clause 3 = 18 • Clause 4 = 36 • Clause 5 = 22 • Clause 6 = 46 • Clause 7 = 143 • Clause 8 = 101 • Clause 9 = 120 • Clause 10 = 42 • Clause 11 = 5 • Clause 12 = 69 • Annexes = The rest

  4. Problems we’ve got to defuse • Mandate 436 responds to an observed concern • RFID appears to be becoming close to ubiquity without public debate on the privacy issues it raises • RFID whilst becoming ubiquitous is not becoming more visible • RFID is a misleading and abused term and has a wide range of associations across industry and society • The document from the ESOs addresses the concern • Sometimes without appearing to be being terribly sensitive to the industry • Has led to a number of calls that the STF/M436 is aiming to damage the industry • By highlighting the issues and the contribution of RFID technology to the issues • The industry indicated they consider themselves unfairly singled out with regard to privacy issues • With an aim to identify the minimum set of standards to address the concerns • Not finalized at the time when the document was sent to consultation

  5. Regulatory data protection definitions • Personal data • shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity • Processing of personal data • shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction • “data subject’s” consent • shall mean any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed

  6. Some major opinions we’ve got to acknowledge • The Article 29 working group • The unique identity on tags amounts to personal data • This is not strongly stated in the document (opinion was expressed after the TR was released to consultation) • PETs in this area need further examination • The PIA has to include a risk analysis • This is clearly stated in the objectives and requirements of PIA in the TR • The EU Data Protection landscape • The existing provisions need to be reinforced • The ontology begins to address this • Anticipate and allow for changes in current DP legislation expected after the revision of the current Data Protection Directive • Expect RFID-specific provisions in the revised Data Protection Directive • Linkability is a major threat • Covers the entire system and is shown by the ontology • There is RFID technology available to address many of the concerns • But not a lot of guidance in selecting it

  7. A couple of concessions • RFID is not the root cause of all privacy problems • They existed before RFID existed • Other technologies and applications have privacy problems • The RFID industry has the potential to offer considerable societal benefit • Within the constraints of existing laws • However … • The RFID industry has to show it is addressing the concerns • The RFID industry has to acknowledge its role in the privacy debate • As a source of concern • As a root of trust • Steps needed in the industry … • Adoption of PETs • Development of PETs where there aren’t any • Development and application of PIAs (as an essential step to address privacy issues)

  8. Some of the achievements • We’ve worked through an ontology and that work is being acknowledged and adopted in privacy work in parts of ETSI and in other areas • But we’ve softened our promotion of ontology as the terminology does not sit happily on the shoulders of the industry partners • We’ve begun to develop a useful taxonomy for RFID, Privacy and Risk • Also being adopted by other groups in ETSI and outside • We’ve brought RFID issues to light • Mainly showing RFID is not just an RF technology but exists within a system • We’ve shown that privacy, data protection and ITSec are systems issues • We’ve tried to prime the future standards work to recognise that the systems boundaries will get more and more blurred so all the problems we’ve identified can only get bigger

  9. Aims of document re-structuring • Move analysis to annexes • The analysis is proof or verification supporting the recommendations • Need to be more exact about what is needed in phase 2 • EN for common European Emblem • EN to specify on the signs the supplementary information to be displayed in areas where RFID interrogators are deployed • EN for the PIA Process • EN to specify the method of “Privacy by Design” • EN defining a checklist for application of “Privacy by Design” method • EN to specify the method of “Design for Assurance” • EN defining a checklist for application of “Design for Assurance” method • …

  10. Original structure of response • RFID system architecture • Taxonomy of terms • Ontology of RFID • With respect to security • With respect to privacy protection • Consumer, DPP and Security objectives • Environmental aspects of RFID tags and components • RFID hardware end of life considerations • Data end of life considerations • Privacy Impact Assessment outline • Role of PIAs • Generic versus industry specific PIAs • Recommendations for RFID industry specific PIAs • RFID logos and signage • For consumer awareness • For device marking • Derived requirements from analysis • RFID Logos and signage recommendations • Standards roadmap • Available standards • Gap analysis and recommendations Analysis Requirements

  11. Revision of contents in restructuring • 4 Summary of findings and recommendations • 5 Consumer aspects including interaction • 6 The RFID ecosystem • 7Analysis • 8 Data Protection, Privacy and Security Objectives and Requirements • 9 Privacy Impact and Data Protection Assessment (PIA) outline • 10 RFID Penetration (PEN) Testing Outline • 11 Common European RFID Emblem/Sign • 12 Environmental aspects of RFID tags and components • 13 Standardization Gaps Analysis and Summary • Annex A: Summary of status of RFID standardization • Annex B: Summary of tag capabilities • Annex C: Summary of risk assessment of RFID systems • Annex D: RFID Penetration Testing • Annex E: Gap analysis in standardisation

  12. Structure of TR 187 020 – proposal • Recommendations – not exhaustive (that’s in the document and in development based on the analysis) • EN for common European Emblem • EN to specify the supplementary information to be displayed in areas where RFID interrogators are deployed • EN for the PIA Process – RFID specific aspects • Should be part of a PIA framework • PIA framework needs an agreed taxonomy, ontology and conformance/validation regime • EN to specify the method of “Privacy by Design” • EN defining a checklist for application of “Privacy by Design” method • EN to specify the method of “Design for Assurance” • EN defining a checklist for application of “Design for Assurance” method

  13. Privacy standards requirements • Privacy by design needs to be formalised • Not just an RFID issue but has to consider RFID too • Tag privacy performance specification • Requires a checklist of tag capability against PETs • Interrogator privacy performance specification • Requires a checklist of interrogator capability against PETs • RFID Air Interface (radio protocol) privacy performance specification • Requires a checklist of AI capability against PETs • PIA standards • Method, conformance and application guidance

  14. Structure of TR 187 020 –proposal • Recommendations • Existing standards and their gaps • Analysis • Get the core document much smaller • But that may mean the annexes get expanded

  15. Attempting to model privacy Exhibits Person Behaviour Determines The simplest expression of the definition of personal data and the attempt to express it for both the direct and indirect cases.

  16. Wider concept Location Takes place at Exhibits Person Behaviour Action Consists of Determines Happens at Time

  17. For the wider picture • Examination of behaviour by itself may reveal personal data without needing to carry explicit “personal” data • Behaviour is visible in many parts of the telecommunications environment: • Protocol stack offers data • Time, location (on the network) • Application offers data • Action (may also give time and location (geographic))

  18. Structure of ESO/STF response • 1 technical report • ETSI TISPAN Work item DTR-07044 • Analysis and justification for recommendations • Recommendations for phase 2 – new standards and gap closure • Open consultation with stakeholders • Other impacted standards groups • User and consumer groups • Privacy interest groups • Coordination by group formed from the 3 ESOs

  19. Privacy protection by security (PETs) • Common Criteria approach • Pseudonymity • ensures that a user may use a resource or service without disclosing its user identity, but can still be accountable for that use • Unlinkability • a user may make multiple uses of resources or services without others being able to link these uses together • Unobservability • a user may use a resource or service without others, especially third parties, being able to observe that the resource or service is being used • Anonymity • ensures that a user may use a resource or service without disclosing the user's identity • Misses a number of key items • Misses a “Consent framework” • Misses the deletion requirement of legislation • When collected personal data is no longer needed, for the purpose it was collected for, it shall be deleted

  20. Signs and emblems - Restructuring • Formerly clause 10 – Signs and emblems • Only one conclusion • The ISO Emblem with modification to be adopted as European Common emblem to be associated to tagged items and signage • Two recommendations for phase 2 • Development of an EN derived from the ISO Emblem defining the European Common Emblem to be carried out by CEN • Development of an EN defining the supplementary information on signs to be displayed in areas where RFID interrogators are deployed • To be consistent with data protection directives • To be developed in consultation with ANEC • Development to be led by CEN with due diligence of result to include ETSI HF and USER as well as ANEC • Some exceptions to be noted • Government issued identity tokens with RFID do not need to carry the RFID emblem (e.g. passports, identity cards) • All of the analysis to be moved to an annex

  21. Gaps that are not RFID specific • Adoption and formalisation of key approaches • Design for Assurance • How can the industry show compliance to this? • Privacy by Design • How can the industry show compliance to this? • Development of privacy controls • Privacy controls in technology • Across the RFID system (tag, radio interface, interrogator, back end system) • Privacy controls in management processes • The challenge • The need for privacy control is racing against the growing use and development of applications that will introduce new privacy risk.

More Related