Sep 26, 2011Market research suggests that over the next few years, Near Field Communication (NFC) technology will be in use all around us. For consumers, the technology will become omnipresent in our lives, and NFC-enabled mobile phones will emerge as our primary consumer ID credential. When staying at a hotel, rather than swiping a magnetic card to access your room, you'll be able to tap your mobile phone to the NFC reader on the door to your room. You'll be able to use your phone to pay for dinner or movie tickets. And you'll be able to store a subway or rail card or bus pass on the device. Instead of carrying a loyalty token from a supermarket, pharmacy or other retailer or service provider, such as Starbucks or Kinkos (now known as FedEx Office), you'll be able to just tap your mobile phone to a 13.56 MHz passive RFID NFC tag located near the register, in order to obtain a discount or collect points. For social networks, check-in would be performed simply and on the spot, using a Google Places tag, or via a Foursquare or Facebook equivalent.
It is unlikely that mobile phones will replace driver's licenses, citizen ID cards or any other government-issued credentials, as issuing agencies will certainly want to maintain control of and manage the security aspects of these IDs. Small businesses, however, will most likely enable the use of NFC mobiles to access buildings, or to sign on to company networks. Some larger businesses may follow—when employees' mobile phones are company-issued. The usage models are very compelling. NFC is simple, relatively easy to use and very cost-effective to implement. The technology works at very short distances—typically, less than an inch away—and does not require an application to be launched, or a camera to be activated. It is intuitive and easy to use. Because NFC is certain to become pervasive, we need to consider the implications for privacy.
|
|
What Will Wide Adoption of NFC Mean to Our Privacy?
How is our privacy impacted when so much of what we do is integrated into a single credential—our mobile phone? It may be helpful to begin with a definition of "privacy," which has different meanings to different people in different cultures—and which, of course, can be a highly politicized topic. Perhaps the most widely quoted description of privacy is the very short and elegant definition put forward in 1890 by Louis Brandeis (who later became a U.S. Supreme Court justice) and his law partner, Samuel Warren: Privacy, they maintained, is the "right to be let alone." Succinct, indeed, but is this broad definition sufficient to assess NFC technology's impact on our privacy? A simple way to ascertain this could be to explore some possible NFC transactions, and to determine if the use of NFC detracts or enhances that right.
Applications That Require Mere Possession of a Credential
When we buy our daily MARTA, Charlie or Oyster pass, in Atlanta, Boston or London, respectively, we do so for cash or credit, and we receive a badge or card that we can use, and then discard or recharge—a straightforward process. When using cash, we remain anonymous, whereas if paying with a credit card, we divulge our identity to a mass-transit operator, and also reveal our presence to the financial institution that issued the card.
The same exact scenarios are possible with an NFC-enabled phone. It is important to remember that such a device's NFC functionality is independent of cellular and GPS activation. NFC operates in the equivalent of airplane mode. Thus, if we pay using an NFC cash-card application on our mobile device, and the phone's communication function is deactivated, we remain anonymous. If we use a credit card linked to our NFC phone, we reveal our purchase to the seller and the card-issuing institution. Closed-circuit television (CCTV) cameras and other technologies widely deployed by mass-transit systems remain the same in both scenarios. NFC's ability to function regardless of cellular activation affords us the same level of anonymity and privacy that we would enjoy using cash or credit cards. Over time, features of NFC technology could further enhance privacy, enabling the purchase of a mass-transit ticket from home, downloaded to a different mobile device, or through the mobile operator, and thus reducing the number of locations tracking our activities.
The same rule applies for most loyalty or coupon-exchange applications. The mere possession of a valid credential is all that is required. In other words, there is no need to prove that my Best Buy or Walgreens token belongs to me—I have it, and all that is necessary is for me to present the customer ID number. Much like the mass-transit application, the mobile phone could be in airplane mode, but the NFC communication function would still remain active. To the extent that a user might wish to relinquish anonymity through payment with a credit card—or by maintaining an account with a retailer that includes personal details and the tracking of purchase history—the use of mobile NFC technology does not alter a transaction's level of privacy.
In certain applications, we, as consumers, are required to prove that the credential we possess does, indeed, belong to us. This also applies to the use of an NFC mobile phone as a credential. The current pre-NFC practice often entails the collection of additional information above and beyond what is actually required for a transaction, and there is no change when using NFC. A good example would be a season pass for a ski resort or amusement park. Arguably, a service provider or retailer would not need to know my true identity in order to allow me onto a roller coaster or ski slope—that company would only need to know that the pass was being used by just one person.
Retailers employ different techniques for verification—normally, a picture ID, sometimes with a government-issued ID card requested to validate that person's name. While most consumers and retailers treat such passes as personalized credentials, there is no real justification for doing so. This is an area in which NFC use might require an additional badge with a photo, or a secure app for a retailer with a photo that pops up upon presentation, to allow for verification. Both the retailer's revenues and the consumer's privacy are at stake. The challenges posed by these types of transactions do not change with NFC—however, the technology can offer a solution that exactly matches current practice, with fewer plastic badges required. The level of privacy, or the desire for anonymity, may appear extreme in certain cultures, but it is part of the "right to be let alone." Why shouldn't I be entitled to purchase a discounted annual pass for Disneyland or SeaWorld, and still retain my privacy?
Applications That Require a Specific Person's Use
Applications requiring the verification of a particular individual's identity tend, in general, to be higher-security applications, such as those allowing access to an office, network or bank account, or to the making of a cashless payment beyond what is commonly referred to as a micropayment. Depending on the level of security and the desired speed for processing the transaction, different design options are available. For making payments or gaining access to a network or a building, an NFC-enabled phone or some other mobile device acts exactly as a smart-card credential. So the mobile device could be used alone, or with a PIN, entered either on the device itself or via an external PIN-pad. For some applications, verification could require a mobile unit in tandem with biometric identification—again, with the biometric sensor built into the mobile device itself, or available externally. For access to high-security networks or bank accounts, the device could be used as the logon credential, together with a separate, secondary credential from the bank, such as a token for the generation of a one-time password (OTP), as required in many European countries. In all of these higher-security applications, we, as consumers—or, in some cases, as employees—have willingly surrendered our anonymity. The answer to the question of whether the use of NFC detracts from or enhances privacy is clearly that the effect is neutral.
Can NFC Enhance Our Privacy?
Location-based Social Networks and Loyalty
At present, many smartphone users take advantage of GPS location services to "check in" at restaurants or clubs in order to share their status with friends, or simply to receive a loyalty discount from a retailer. NFC technology will enable achievement of the same goals, offering users the choice of selective disclosure without the need for a GPS broadcast. So a user can receive a loyalty discount from a coffee shop without broadcasting his or her presence at a particular location to others, or make a status update without broadcasting his or her GPS location. The "near-field" aspects of NFC enable users to make a deliberate decision to check in via a particular RFID tag, and thus offer clear privacy advantages.
Identity Theft and Passwords
Any time we can protect ourselves from identity theft, we enhance our privacy, and our ability "to be let alone"—and to minimize intrusion into our accounts or our social networks. Governments and corporations issue smart cards to their employees that can be used as a secure credential or secure ID; the NFC-enabled mobile device will be our very own smart card, a secure credential that belongs to us. It also liberates us from the many passwords that we currently need, with their increasing complexity, vulnerability and renewal requirement. As a tool that can potentially enhance our security against identity theft, and thus our privacy, NFC is a positive development.
The Haifa Center of Law & Technology, under the title Privacy in the Digital Environment, proposed a new definition for the right to privacy:
"The right to privacy is our right to keep a domain around us, which includes all those things that are part of us, such as our body, home, thoughts, feelings, secrets and identity. The right to privacy gives us the ability to choose which parts in this domain can be accessed by others, and to control the extent, manner and timing of the use of those parts we choose to disclose."
Much work remains to be done in order to ensure privacy whenever databases are used to track purchases, subscriptions, privileges, membership, loyalty points and so forth. Databases need to be purged of superfluous details unnecessary for delivering what a consumer specifically seeks. This is an issue that may require government legislation, as the use of data mining and buying patterns expands as tools of commerce.
A number of European countries have implemented laws that promote privacy and enhance database protection. In the United States, smart card industry associations have put forward positive ideas, but ultimately, privacy must be thoughtfully integrated into a system's design, and not offered as an optional extra or as a service. The mass introduction of NFC-enabled mobile phones over the coming years will offer an opportunity to enhance our privacy as consumers, by empowering us with our own secure ID devices. Handset manufacturers, carriers and governments will need to ensure that NFC's privacy-enhancing features are not compromised for commercial advantage, and that the crucial issue of enhancing a database's architecture and security, as well as curtailing the excessive storage of personal information, is addressed. These are urgent issues.
Ayman S. Ashour serves as the chairman and CEO of Identive Group, a systems and technology provider for the identification, security and RFID industries, as well as the NFC market. Led by Ashour, the firm recently partnered with Google on its rollout of a Google Places NFC smart-poster campaign in Austin, Texas. It has also collaborated with Dutch financial services company Rabobank and the Royal Dutch Hockey Federation (KNHB), to kick off the first consumer campaign promoting its Cashless Betalen mobile-payment NFC solution. Additionally, Identive is providing more than a million NFC tags to a major smartphone manufacturer, to facilitate consumer NFC apps using mobile devices..
