Privacy: Whose Responsibility?

By Ari Juels

The following are excerpts from an exchange on an RFID bulletin board run by the Silicon Valley RFID Special Interest Group. The identities of the people posting were withheld to protect their privacy.

  • TAGS

“The primary responsibility of handling privacy education is in the hands of the users of RFID—not the standards bodies, not the software and hardware vendors, and not even the RFID Journal.”

“I think it’s a shared responsibility. Consortia often assume certain roles in advocating technology, educating the public, and representing the member companies as a bloc. EPCglobal will be promoting an EPC logo as notice of ‘RFID Inside.’ It bears the primary responsibility to ensure that that mark means what it implies and to ensure that the member companies stand by what they collectively agreed to. Trade associations/standards bodies will have a significant role in this.”

“I agree. But the ultimate responsibility of articulating this RFID privacy issue lies with the companies that are deploying RFID. They are closest to the general public.”

“Everyone involved in the trade association/standards body efforts must continue to work tirelessly. But for me, I spend more of my time making our customers aware of this issue, because they are the key to winning the privacy issue ‘war.’”

“I think [the responsibility] lies more with commercial entities to act responsibly and describe to the public exactly how they are acting responsibly. That’s what my firm is doing, and I think we all need to think that way. I don’t think we can rely on the EPCglobal, or any other standards body, to do that for us.”