On Sun, 13 Sep 2009, Eric Rescorla wrote: > > That seems like a good start. As Richard and I have both indicated, > however, this system seems to have substantial residual privacy > risk, even if the identifiers are assigned completely unpredictably > (and note that non-sequential and unpredictable are not at all the > same thing). I will leave it to the local organizers to disclose and explain the experiment further. I am no privacy and security expert, but it seems to me rather unlikely that anyone needs to be concerned about being "tracked" when the practical distance from reader to card is about 18 inches. In having these discussions we've probably highlighted a number of *potential* risks much more than what the average credit card or cell phone customer is informed of. I suppose we could do what the Fastrak people did when they sent me the RFID gizmo for bridge tolls: They included a foil-lined bag and explained that the system was being used to monitor traffic (as well as collect tolls) and if I didn't want to participate I could put the gizmo in the bag. > I'm not trying to be difficult, but I'm not overly impressed with the > defense that people keep offering that this is an experiment and > people can opt out. If this were being done as an experiment at a > university, you would be expected to go in front of a human subjects > committee and demonstrate that your subjects had given informed > consent, probably wouldn't be harmed, etc. What about a "commercial" or "business" setting? The hotel in Stockholm where many (most?) of the IETFers stayed had RFID cards for key entry to the hotel rooms. > Now, obviously, this isn't an academic setting, but I think it's > fair to say that the people running this experiment haven't done > anything like full disclosure of the relevant risks--and it's not > even clear that they understand them themselves. [It would also be > consistent with common practice for people to specifically opt in, > not out.] Effectively that's what will happen. At registration, you will be offered the card, you can obviously refuse to accept it. As for full disclosure of relevant risks, having this discussion is hopefully leading to a set of observations that can be supplied to each attendee. And yes, it isn't fully designed yet, but I am sure the organizers never expected this amount of feedback either, particularly not since the technology has been in regular use in Japan for many years. Ole _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf