Abstract
This article investigates the conflicting area of user benefits arising through item level RFID tagging and a desire for privacy. It distinguishes between three approaches feasible to address consumer privacy concerns. One is to kill RFID tags at store exits. The second is to lock tags and have user unlock them if they want to initiate reader communication (user scheme). The third is to let the network access users’ RFID tags while adhering to a privacy protocol (agent scheme). The perception and reactions of future users to these three privacy enhancing technologies (PETs) are compared in the present article and an attempt is made to understand the reasoning behind their preferences. The main conclusion is that users don’t trust complex PETs as they are envisioned today. Instead they prefer to kill RFID chips at store exits even if they appreciate after sales services. Enhancing trust through security and privacy ‘visibility’ as well as PET simplicity may be the road to take for PET engineers in UbiComp.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
References
Fusaro, R.: None of Our Business. Harvard Business Review, 33–44 (2004)
Smith, J.H., Milberg, J., Burke, S.: Information Privacy: Measuring Individuals’ Concerns About Organizational Practices. MIS Quarterly 20(2), 167–196 (1996)
Jannasch, U., Spiekermann, S.: RFID: Technologie im Einzelhandel der Zukunft: Datenentstehung, Marketing Potentiale und Auswirkungen auf die Privatheit des Kunden, Lehrstuhl für Wirtschaftsinformatik, Humboldt Universität zu Berlin: Berlin (2004)
Berthold, O., Guenther, Spiekermann, S.: RFID Verbraucherängste und Verbraucherschutz. Wirtschaftsinformatik, Heft 6 (2005)
FoeBuD e.V. (ed.): Positionspapier über den Gebrauch von RFID auf und in Konsumgütern, FoeBuD e.V.: Bielefeld (2003)
Duce, H.: Public Policy: Understanding Public Opinion, A.-I. Center, Massachusetts Institute of Technology. MIT, Cambridge, USA (2003)
Auto-ID Center (ed.): 860 MHz – 930 MHz Class 1 Radio Frequency (RF) Identification Tag Radio Frequency & Logical Communication Interface Specification, EPCGlobal, Cambridge, Massachusetts, USA (2004)
Sarma, S., Weis, S., Engels, D.: RFID Systems, Security & Privacy Implications, A.-I. Center. Massachusetts Institute of Technology. MIT, Cambridge, USA (2002)
Auto-ID Center, (ed.): Technology Guide. Massachusetts Institute of Technology, MIT, Cambridge, USA (2002)
GCI (ed.): Global Commerce Initiative EPC Roadmap, G.C. Initiative and IBM (2003)
Auto-ID Center (ed.): EPC-256: The 256-bit Electronic Product Code Representation. Massachusetts Institute of Technology, MIT, Cambridge, USA (2003)
Auto-ID Center (ed.): EPC Information Service - Data Model and Queries. Massachusetts Institute of Technology, MIT, Cambridge, USA (2003)
Auto-ID Center (ed.): Auto-ID Object Name Service (ONS) 1.0. Massachusetts Institute of Technology, MIT, Cambridge, USA (2003)
Engels, D.: Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, Springer, Heidelberg (2004)
Engberg, S., Harning, M., Damsgaard, C.: Zero-knowledge Device Authentication: Privacy & Security Enhanced RFID preserving Business Value and Consumer Convenience. In: Proceedings of the Second Annual Conference on Privacy, Security and Trust, New Brunswick, Canada (2004)
Spiekermann, S., Berthold, O.: Maintaining privacy in RFID enabled environments - Proposal for a disable-model. In: Robinson, P., Vogt, H. (eds.) Privacy, Security and Trust within the Context of Pervasive Computing, Springer Verlag, Vienna, Austria (2004)
Inoue, Y.: RFID Privacy Using User-controllable Uniqueness. In: Proceedings of the RFID Privacy Workshop, Massachusetts Institute of Technology, MIT, Cambridge, MA, USA (2004)
Floerkemeier, C., Schneider, R., Langheinrich, M.: Scanning with a Purpose - Supporting the Fair Information Principles in RFID Protocols. In: Murakami, H., Nakashima, H., Tokuda, H., Yasumura, M. (eds.) UCS 2004. LNCS, vol. 3598, Springer, Heidelberg (2005)
Langheinrich, M.: A Privacy Awareness System for Ubiquitous Computing Environments. In: Borriello, G., Holmquist, L.E. (eds.) UbiComp 2002. LNCS, vol. 2498, Springer, Heidelberg (2002)
Christian, M., Floerkemeier, C.: Making Radio Frequency Identification Visible – A Watchdog Tag. In: Proceedings of the 5th Annual IEEE International Conference on Pervasive Computing and Communications, New York (2007)
Stajano, F.: Security for Ubiquitous Computing. John Wiley & Sons, Chichester, UK (2002)
Platform for Privacy Preferences (P3P) Project, W3C (2006)
Juels, A., Rivest, R., Szydlo, M.: The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy. In: Proceedings of the 10th Annual ACM CCS, ACM Press, New York (2003)
Karjoth, G., Moskowitz, P.A.: Disabling RFID Tags with Visible Confirmation: Clipped Tags are Silenced. In: Proceedings of the ACM Workshop on Privacy in the Electronic Society, ACM Press, Alexandria, VA, USA (2005)
Spiekermann, S.: Perceived Control: Scales for Privacy in Ubiquitous Computing. In: Acquisti, A., De Capitani di Vimercati, S., Gritzalis, S., Lambrinoudakis, C. (eds.) Digital Privacy: Theory, Technologies and Practices, Taylor and Francis, New York (2007)
Fishbein, M., Ajzen, I.: Belief, Attitude, Intention and Behavior: An Introduction to Theory and Research. Addison-Wesley, Reading, MA, USA (1975)
Ajzen, I.: From intentions to actions: A theory of planne behavior. In: Kuhi, J., Beckmann, J. (eds.) Action - control: From cognition to behavior, pp. 11–39. Springer, Heidelberg (1985)
Ajzen, I., Fishbein, M.: The Influence of Attitudes on Behavir. In: Albarracin, D., Johnson, B.T., Zanna, M.P. (eds.) The Handbook of Attitudes on Behavior, pp. 173–221. Erlbaum, Mahwah, New York (2005)
Rogers, E.: Diffusion of Innovations. The Free Press, New York (1995)
Kassarjian, H.H.: Content Analysis in Consumer Research. Journal of Consumer Research 4(1), 8–18 (1977)
W3C, (ed.): Web Security Experience, Indicators and Trust: Scope and Use Cases, W3C Working Draft (25 May 2007)
Adams, A., Sasse, A.: Users are not the enemy - Why users compromise computer security mechanisms and how to take remedial measures. Communications of the ACM 42(12), 40–46 (1999)
Berendt, B., Guenther, O., Spiekermann, S.: Privacy in E-Commerce: Stated Preferences vs. Actual Behavior. Communications of the ACM 48(4) (2005)
Sheeran, P.: Intention-behavior relations: A conceptual and empirical review. In: Stroebe, W., Hewstone, M. (eds.) European Review of Social Psychology, pp. 1–36. Wiley, Chichester, UK (2002)
Trafimow, D.: Evidence that perceived behavioural control is a multidimensional construct: Perceived control and perceived difficulty. British Journal of Social Psychology 41, 101–121 (2002)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Spiekermann, S. (2007). Privacy Enhancing Technologies for RFID in Retail- An Empirical Investigation. In: Krumm, J., Abowd, G.D., Seneviratne, A., Strang, T. (eds) UbiComp 2007: Ubiquitous Computing. UbiComp 2007. Lecture Notes in Computer Science, vol 4717. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74853-3_4
Download citation
DOI: https://doi.org/10.1007/978-3-540-74853-3_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74852-6
Online ISBN: 978-3-540-74853-3
eBook Packages: Computer ScienceComputer Science (R0)