Академический Документы
Профессиональный Документы
Культура Документы
of RFID technology
The mission of INTECO is to provide value and innovation to citizens, to the SMEs, Public
Administrations and to the information technology sector through the development of projects
which contribute towards increasing confidence in our country’s Information Society services,
also promoting an international course of participation. For this purpose, INTECO will develop
proceedings, at least along the strategic lines of Technological Security, Accessibility, ICT
Quality and Training.
The Spanish Data Protection Authority (Agencia Española de Protección de Datos, AEPD) is an
entity subject to public law with its own legal status and full public and private capacity, acting
completely independently of Public Authorities during the exercise of its duties, and whose
corporate purpose is security for compliance with and application of the provisions contained in
Organic Law 15/1999, of 13th December on the Protection of Personal Data (Ley Orgánica de
Protección de Datos, LOPD) and its regulations thereof.
Its functions are, generally, to safeguard compliance with the legislation on data protection and to
control its application - especially regarding the rights to information, access, rectification,
objection and cancellation of data – to attend to requests and complaints which may be made by
persons affected by these issues and the sanctioning legal authority for infractions which may be
committed on this matter, as well as the collection of statistical data and to report on draft
regulations which have a bearing on data protection issues, and to issue instructions and
recommendations for amending the records of the LOPD and the security and access controls to
the files.
1. RFID TECHNOLOGY 4
6. SECURITY RISKS 25
7. PRIVACY RISKS 28
8. REGULATORY COMPLIANCE 30
Its origin probably dates back to the 1920s, although it seems that started to be used
during the Second World War in order for aircraft to identify themselves as “friendly” when
facing their own forces. In time, this idea moved to smaller-sized systems for monitoring
military personnel and equipment, until two North American companies began its civil
marketing at the end of the 70s.
At the present time, under the RFID acronym, technologies are joining forces in order to
identify objects using radio waves.
There are four components which form part of RFID technology: the labels, the readers,
the software that processes the information and the programmers:
• RFID Label: allows information to be stored and sent to a reader using radio waves.
Colloquially they are known as tags – which is the term in English – although they
are also known as transponders (this name comes from the joining of the words
transmitter (transmisor) and responder (contestador).
The labels actually cost very little (just a few Euro cents) and they measure up to
0.4mm2, therefore they can be integrated into all kinds of object.
• RFID Reader: receives the information transmitted by the labels and transfers it to
the middleware or data processing subsystem. The reader parts are: antenna,
transceiver and decoder. Some readers include a programmer module which allows
them to write information onto the labels, if the labels allow it.
• RFID Programmers: the RFID programmers are devices which write the information
onto the RFID label, that is, they encode the information on a microchip located inside
an RFID label. Programming of the labels is carried out only once if the labels are
read only, or several times if they are read/write.
we can clearly see which way the general operating diagram is structured for an RFID
system: the labels or tags send information to the reader using an antenna which
transmits the information to the data processing subsystem or middleware so that the data
can be filtered. In this way, only valid information reaches the software applications.
Types of labels
There is a huge variety of RFID labels, and the different types that exist depend on the
power source they use, their physical shape, the mechanism they use to store data, the
quantity of data they can store, their operating frequency or the communications they use
to transmit information to the reader. Thanks to this, it is possible to select the most
suitable label for each specific application.
a. Passive RFID labels: Do not need an internal power source. They are resonant
circuits, as all the power they need is supplied by the electromagnetic field created by
the reader, which activates the integrated circuit and powers the chip so that it can
transmit a response. In this type of label, the antenna must be designed so that it can
obtain the necessary power it needs to operate.
The range of these labels will vary depending on many factors, such as the operating
frequency or the antenna they possess. They can reach distances of between a few
millimetres and 6-7 metres.
As they do not have an internal battery, these labels are very small in size (see
Illustration 3: Passive Label 1
Passive RFID labels are the most economical labels on the market.
b. Active RFID labels: Have an internal battery, which powers its circuits and transmits
the response to the reader. Their broadcast coverage is greater thanks to the fact that
they have their own battery and their storage capacity is also greater.
On transmitting more powerful signals, its range is greater and it can be suitable for
use in hostile environments, as it can be immersed in water or in areas where there is
a lot of metal. These labels are much more reliable and secure.
These labels are the most expensive on the market and also the largest in size. The
possible effective range of these labels may reach several hundred metres
(depending on their features), and their useful battery life may extend to 10 years.
c. Semi-passive RFID labels: This type of label has a mixture of features of the two
previous types. On the one hand, the chip is operated by a battery (like the active
RFID labels) but on the other, the power that it needs to communicate with the reader
is sent by the reader itself via its radio waves, which, when captured by the label’s
antenna, provide sufficient power for transmitting the information (like the passive
RFID labels).
They are larger and more expensive than the passive labels (as they have a battery)
and cheaper and smaller than the active ones. Their communication capacity is
greater than the passive labels although they do not match the active ones in these
features.
Depending on the operating frequency, labels can be classified as low, high, ultra-high
frequency and microwave. The operating frequency determines aspects of the label such
as the capacity to transmit data, the speed and reading time of the latter, the coverage
radius and the cost of the label.
Passive labels normally use the low frequency band. Both low and high frequency labels
operate using inductive coupling, that is, they use the magnetic field generated by the
• It automates the procedures for maintaining traceability and allows a larger quantity of
information to be included on the label, thereby reducing human error.
• It facilitates the concealment and placement of labels into products (for passive
labels) to prevent their visibility in the event of a robbery attempt.
• It allows data to be stored without having direct contact with the labels.
• It reduces operating costs, given that scanning operations are not necessary for
identifying products which have this technology.
• It enables the information stored on the label to be easily updated if the label is
read/write.
• Easier to withdraw a specific product from the market if a danger to security arises.
• Makes rewriting possible, so as to add and delete information as required when the
label is read/write (unlike bar codes which can only be written once).
Among Spanish companies, the use of RFID technology is still incipient. Therefore the
adoption level of this technology by small businesses stands at 0.8%, for small and
medium-sized companies and entities with 10 to 49 employees, this percentage rises to
3.1% and to 8.9% for 50 to 249 workers. If we are talking about large companies (more
than 249) the percentage is at 20% 1 .
Therefore we can clearly see how a company of larger size is related to greater usage of
RFID technology.
30%
25%
20.0%
20%
15%
10% 8.9%
5% 3.1%
0.8%
0%
Micro enterprises Small enterprises Medium enterprises Large enterprises
The reasons for using RFID technology varies also with respect to the size of the
company. In Graph 2: Objectives of use of RFID technology in relation to company size
(%)
By sector, regardless of the size of entity, companies with transport and storage activities
use RFID technology the most (12.2%). They are followed by the financial sector (8.2%),
IT, telecommunications and audiovisual media (7.5%) and the wholesale trade (6.2%) and
retail (5%).
For small businesses (less than 10 employees), the major applications for RFID
technology are related to payment systems – e.g.: highway tolls or passenger transport –
with 48.5%, followed by product identification (38.7%). By contrast, the main uses
1
"Information and Communications Technologies in SMEs and large Spanish companies” (2010) and “Information and
Communications Technologies in small Spanish businesses” (2010), both from the Ministry of Industry, Tourism and Trade
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Examples of the current applications of RFID technology are many and the predictions
indicate that they will grow exponentially in the next few years. All environments where
automatic, reliable, rapid and cheap identification can bring benefits are scope for the
application of RFID technology. Day by day, we are surrounded by diverse and varied
modes of application for this technology:
Passive UHF (ultra high frequency) RFID technology is used to make exact
payment, so that change or cash returns are unnecessary and therefore no human
intervention is required. In this way, road congestion is reduced.
• As access control in residential areas, hotel rooms, car parks, industrial plants or
environments requiring security. Recognition of the identity of a person wishing to
access a specific area is made without physical contact, using radio waves
between a transmitter and receiver by means of a tag which may be presented in
different formats: Bracelet, card, etc.
• In logistics, storage and distribution in general. One example is its introduction into
the product inventory and monitoring system for textile companies, or its use for
identification, location and management of large pieces of concrete, or in postal
management systems for improving delivery times of mailings and in logistic
management.
This is possible thanks to tags included in the trolleys which transport goods from
each one of them. Lorries that transport the products have computers with RFID
technology which transfer the information using Wi-Fi.
• In the military sphere, the Department of Defence of the United States demands
that its providers use RFID technology in the supply chain. In this way, the United
States Air Force (USAF) has RFID devices for security and tracking activities on
board all types and class of aeroplanes transporting supplies for the Department of
Defence.
As well as these already-established and thoroughly tested applications, there are many
other applications being studied, for example:
• Electronic payment using mobile phones, through the NFC technology (Near Field
Communication) which allows a mobile telephone to recover information from an
RFID label. This technology, combined with electronic payment methods for mobile
phones (such as Mobipay, Playbox, etc.) allows products to be purchased and
paid for by simply moving the telephone closer to the information point of the
product, where RFID extracts the information it needs.
• In many countries, "electronic passports" are used, which store the information of
the holder and their photograph or fingerprint on an RFID chip.
• Operation of vehicles and industrial machinery. In this case, the RFID label acts as
staff verification control, allowing operation only after presenting such label.
Before standards were issued to regulate communication between labels and readers,
each company possessed a different system; therefore the labels of one manufacturer
could only be read by the readers of this same manufacturer.
Of all the frequencies used for working in the RFID world, the only band with world
acceptance was that of 13.56MHz, which became ISO standard.
World standardisation of RFID began because of competition between two rival groups:
ISO and Auto-ID Centre (better known as EPC Global).
The Global EPC has developed the EPC or Electronic Product Code which solves the
standardisation problem as far as coding is concerned. The EPC code is a unique number
(24 hexadecimal digits in length) designed to exclusively identify any object on a world
level. This allows the efficiency and physical handling procedures for goods to be
improved, such as reception, accounting, classification and shipment. The suppliers
obtain information in real time on the consumption and status of their goods within the
supply chain, and can estimate delivery times and resolve, to a large extent, the theft of
goods.
2
The EAN.UCC system is a collection of standards which allows efficient administration of the multi-sectorial and world
distribution chains through the unequivocal identification of products using product labelling with standard bar codes. It
allows procedures to be automated, enabling the route and location of products to be known using an automatic barcode
reader.
• Approval: tests which the products must pass in order to satisfy the requirements of
the standard.
• ISO/IEC 11784-11785, ISO 10536, ISO 18000: on privacy and security of the data.
• ISO 15693: standard HF, also very widespread, is used in contactless credit and debit
cards.
• ISO 18000/-7: Industrial standard for UHF (for all products based on active RFID) is
promoted by the United States Department of Defence, NATO and other active RFID
business users.
• ISO/IEC 15961: takes care of the data protocol and application interface.
• ISO/IEC 15962: about the data coding protocol and memory functions of the RFID
label.
• ISO/IEC 15963: about the tracing and monitoring system which affects the RFID
label.
• ISO 24710: AIDC techniques for management of objects with ISO interface 18000.
Although the specifications and terminology are updated continuously, the RFID
standards created by the ISO establish all the regulatory requirements at world level. The
governments of each country regulate the permitted frequencies, emissions and other
operating characteristics.
The lack of standardisation is one of the most important factors to take into account at the
time of final introduction of RFID. Thanks to ISO and to EPC Global, standardisation is a
fact. However, the real problem is that the current standards are not one hundred percent
compatible with each other or with other technologies.
The majority of technologies for automatic identification are widely accepted by users and
are very well known. In view of the fact that RFID technology is called to replace them, in
some cases they are described only briefly.
The bar code is the preferred technology of commerce for product identification, in spite of
its limitations:
Nowadays there are several types of codes, with several lines of bars superimposed,
equal and varied in length, in several, even two-dimensional colours. Each of these
variants improves some of the features of the original system.
We can talk about identification systems by fingerprint, voice, pupil and shape of the face,
shape of the ear, physical shape or by style of writing, among others. In authentication
systems, different factors are usually used such as "what I have (E.g: a card), what I know
(E.g: a PIN number) and what I am (E.g: my fingerprint)”. Biometric systems would
represent the third factor: “what I am”.
One of the main advantages of smart cards is that they provide protection against
possible unwanted access as they have advance safety features and they are also more
economical.
3
The technology has some inherent error rates.
• The majority of studies and surveys carried out show a clear tendency for RFID to be
used instead of the bar code. It is expected that both technologies will coexist but,
generally speaking, RFID technology will win over bar codes, as it saves time and
staff, is more efficient and minimises losses and errors.
• Biometric systems provide great versatility in identification but they need to manage
private information of the individual. However, RFID technology allows a smaller
quantity of information to be used. Therefore, in environments where an extreme level
of security is not needed, this technology is a good alternative to what is being used.
• Finally, when compared with smart cards, the latter do not contain batteries, as it is the
reader, through electric contact, which supplies the power needed for it to operate;
contrary to RFID technology which does not require contact with the reader device.
RFID technology sets out new opportunities for improving efficiency and convenience of
the daily use systems. These improvements, which affect many facets of life, from the
personal to the professional, can occasionally pose new risks to security and new
challenges for their prevention. In order to identify the new risks they pose, the two types
of user of this technology must be taken into account:
• Entities which use RFID to optimise their internal processes of management, storage,
inventories, production, staff management, security, etc.
• Entities which offer a service to users within the organisation, such as access control,
or specific users, such as product sales, hiring of health services, etc.
In both cases, there are risks derived from the nature of the technology which are
common although the applications are so different in their benefits and objectives. These
common risks are in the nature of attacks or breakdowns which affect the service, by
interrupting it, altering it, or even through any kind of fraud. These risks are analysed in
the following section under the heading “risks to security".
On the other hand, the possibility also exists that the technology will be used maliciously
to fraudulently gain access to personal information of the system users. This second type
of risk is mainly associated with systems that give service to users and which could have
serious repercussions for the organisations responsible. These risks are dealt with in the
section “risks to privacy”.
As well as these two types, there are other risks which may determine the use of the
RFID technology. So, with respect to RFID technology, the discussion will be raised on
the risks of exposing human beings to the radiation. This problem has been dealt with by
the OMS. Its Commission ICNIRP (International Commission on Non Ionizing Radiation
Protection) published regulations for exposure to the radiations that set out maximum
exposure times and power levels of the electromagnetic fields present. The health risks
presented by the fields created by the readers and RFID labels which are used
commercially today are minimal. As an illustrative piece of information, we note that the
energy emitted by a mobile telephone is 2W and that of an RFID label varies between 10
and 200 μW, that is, between 200,000 and 10,000 times less power than that emitted by a
mobile telephone.
Given their importance, the risks arising from RFID use must be confronted with the
greatest attention. In preventing these risks, all participants in the technology are
responsible, from those distributing the technology and those organisations which must
protect the public, to the users themselves.
The risks to the security of RFID technology arise from actions designed to damage,
interrupt or take advantage of the service in a malicious way. These kinds of acts seek
financial benefit or even damage to the service being offered.
The risks to the service occur during the most usual types of “attack” that the installation
can suffer, each of them with a different purpose and impact. The simplest way to attack
an RFID system is to prevent communication between the reader and the label, but there
are other, more sophisticated forms of attack, which target radio frequency
communications:
This attack can be used to remove products protected by RFID labels. It may also be a
protective measure for users against readers of illegal labels. A very relevant example
of this case is that of the electronic passport, for which there are special covers with
metal wires that create a "Faraday cage” preventing uncontrolled readings of their
information.
2) Supplantation: This attack consists of sending false information which appears valid.
For example, a false electronic product code (EPC) could be sent when the system is
expecting a correct one.
This kind of attack can be used to replace labels which may allow expensive articles
with labels from cheaper products to be retained. Furthermore, when applied to a
distribution chain, this could result in a very large fraud through substitutions of large
volumes of goods. This attack could be used in other environments, such as the tele-
toll.
4) Repetition: Consists of sending the RFID reader a signal which reproduces that of a
valid label. This signal will have been captured by listening to the original. The receiver
will accept the data sent as valid. This attack allows the identity of an RFID label to be
replaced.
5) Denial of service (DoS): This type of attack saturates the system by sending a
massive amount of data that exceeds its processing power (for example, paralysing
the operability of backscattering or return signal of the RFID technology). Also, there is
a variant, known as RF Jamming, the use of which will cancel or inhibit radio
frequency communication by transmitting sufficiently powerful noise. In both cases, the
system is invalidated for detection of tags. This attack manages to ensure that labelled
objects escape control of the system when moving. It may be used to remove goods
on a small or large scale.
7) Cloning of the RFID card: From the communications between a label and the reader,
the data is copied and replicated on another RFID label to be used later.
9) Malicious code (malware): Another possible risk to RFID technology consists of the
infection and transmission of malicious codes included in the RFID labels. For this to
happen, the malicious code must enter into the label, which means a complicated
action, given that the storage capacity of some labels is not very large.
10) Spoofing: Particular case for active labels (reading and writing). In this case, real data
is written onto an RFID label to replace the original information. This is more usual on
RFID labels for garments. The information can be replaced as many times as required,
as long as it is for reading.
12) Rendering labels useless: If the RFID label is subjected to a strong electromagnetic
field this will disable it. This technique is used to steal products if, for example, a highly
directional antenna is used which can render the product labels useless.
The possibility of these attacks and their technical simplicity is due to the maturity of the
technology, which allows access to RFID readers and recorders at a very affordable price.
This is why the technology must be further improved, the level of protection of access
increased and the possibilities for fraud reduced.
One of the features of the technology that must be improved to increase security is the
memory and processing capacity of the labels, which will restrict the opportunities for
implementing advanced security mechanisms and coding.
The authentication methods prior to deleting or disabling the labels can prevent these
unauthorised actions. Encoding of the labels is another good practice if they contain
private information.
Regarding security measures for the reader, authentication techniques can be used to
effect communication between reader and label, thereby preventing falsification of reader
identifiers.
In addition to the possibility of attack on the technological components, there is also risk
for the privacy of users. This consists of unauthorised access to personal information
of the users who use the RFID technology. In this case, we are talking about attacks
which use similar techniques to those seen in the risks to security, but which access this
type of information, either because it is included on the label, or because it is associated
with the label and access is gained to the central system to consult it.
In 2006, the European Commission carried out a public survey on RFID which exposed
the opinion of European citizens regarding this technology. The majority expressed their
concern about possible interference to their privacy.
• Unauthorised access to the labels: These may contain personal data, such as
names, dates of birth, directions etc. They may also contain personal data of any kind,
depending on the application.
• Research into persons and/or their actions, tastes, etc: A person carrying an RFID
label with their data and using it to pay for shopping, public transport, accessing
buildings, etc, may be observed and classified.
• Use of the data for analysis of individual behaviour: Using "data mining”
techniques, this analysis allows consumer profiles to be defined based on client
preferences, using this information to design and guide the marketing strategy and
advertising of companies.
The perspective of users on these systems is a very important factor for their success.
The main cause of suspicion is related to threats to the privacy and the perception of not
having control over this technology and its uses.
It is perfectly possible, for example, that the user, on acquiring an article, will be unaware
of the presence of the tag and that it can be read from a certain distance away without
Therefore, suspicion is fed by the same features that RFID technology allows. This is not
merely a subjective question. Therefore, measures for preventing risks to privacy is a
priority task for organisations and requires correct planning of the information system. As
a general rule, we should ensure that personal data is not stored on labels, thereby
preventing a large part of the risk. If measures are not adopted which guarantee respect
for private life, there is risk of generating a negative social perception of technologies
based on RFID.
The problem with the privacy of RFID technology has stirred great interest in the heart of
the European Union, which is reflected in the monitoring work carried out by the “Work
Group of Article 295”, in which Spain is represented through the Spanish Data Protection
Agency. In their reports, we can appreciate a growing number of jobs relating to RFID
data protection.
Of the different documents put forward by the European authorities, there is a clear
conclusion. In those cases where the label contains personal information, or can be
related with resources that link with information of this nature, the regulations on personal
data protection will apply. For example, this would occur when:
• The labels are used to compile information linked to personal data, for example,
related to a specific purchase with a client code or a loyalty card.
• The labels are used to trace information on the users in the absence of other kinds of
identifier. For example, if a business traces the tags which are inserted into the
clothing worn by the client, or the products that have been purchased, with the aim of
tracing consumer profiles. Much more obvious would be the case in which the tag of a
daily used product is used, such as a watch, as an identifier for the client for
successive entry into the establishment.
So, although there is specific regulation, the Organic Law 15/1999 of 13th December for
protection of Data of a Personal Nature (LOPD) it is directly applicable to the RFID and
to each one of the principles, rights and obligations that it regulates.
Therefore both the producers and the developers of these types of product, as well as the
organisations that use them, notwithstanding the full application of the LOPD group, must
be very mindful that:
1) That the principles of LOPD article 4 are fully applied and therefore a prior
judgement must be carried out on the need to use RFID technology, clearly
defining the aims and uses of the latter which must be proportional to the aims that
5
Available at: http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2008/wp146_es.pdf
6
Available at: http://ec.europa.eu/information_society/policy/rfid/documents/recommendationonrfid2009.pdf
2) Those affected, such as clients, workers and generally any person whose
information has been indexed through the direct or indirect use of these labels,
must be informed of the existence of the processes under the terms of LOPD
article 5. To do this, the following recommendations on the information must very
specifically be taken into account:
a) It must be clear, and above all, accessible when the labels are used in
areas such as business, using, wherever necessary, clearly visible signs.
b) The use of labels must be indicated, their location on the product, the
existence of readers and if the tags will be monitored.
d) Each and every one of the contents required by LOPD article 5.1 must be
included.
3) It must be analysed beforehand in which cases the labels may be used with
consent and in which cases this is unnecessary. Consent must be given
beforehand, free, specific and informed. Special care must be taken when dealing
with especially sensitive areas, whether due to the nature of those affected, such
as minors, or the nature of the data itself such as health related data.
4) The security of each and every one of the personal resources, organisational and
technical, hardware and software, related to the handling of personal data linked to
RFIDs must be guaranteed. In this regard, it must be specified that the introduction
of this kind of technology on Spanish territory must scrupulously respect the
provisions of Royal Decree 1720/2007, of 21st December, through which the
implementing Regulation of Organic Law 15/1999, of 13th December, for
protection of data of a personal nature, is approved. The security measures shall
be particularly relevant in those cases in which the nature of the data may call for
high level application, and when, due to the interoperability of these kinds of
products, the information could be read by organisations alien to the one
responsible for its handling, and must prevent unauthorised accesses at all costs.
More specifically, we can conclude from this regulation that certain design and security
parameters should always be taken into account:
• Every RFID label must be automatically deactivated if it passes into the hands of an
end customer.
• The customer or user must be informed of the time at which a product or technology
includes RFID labels.
• The option for keeping the user informed automatically, through screens or LEDs
which show the state of activation of the label, must also be included.
• Data of a sensitive nature may not be included on RFID labels, such as data relating
to political ideology, religion or health data, unless it is for a legal and lawful purpose
and the security measures have been adopted.
• Individual deactivation of the label must also be made possible, as required by the
user.
Finally, further development of Directive 2009/136/CE 7 must also be fully taken into
account, which shows the need to look after protection of fundamental rights, and
specifically the fundamental right to data protection, when the RFID labels are connected
to public, electronic communications networks or when they use electronic communication
services as a basic infrastructure. In this case, the provisions pertaining to Directive
2002/58/CE (Directive on privacy and electronic communications) must also be applied,
including those relating to security, traffic data and location, and to confidentiality.
7
Directive 2009/136/CE of the European Parliament and of the advisory of 25th November 2009 modifying Directive
2002/22/CE relating to universal service and the rights of users in relation to networks and electronic communications
services, Directive 2002/58/CE relating to the handling of personal data and the protection of privacy in the electronic
communications sector and the Regulation (CE) no 2006/2004 on cooperation in matters concerning the protection of
consumers. DOUE L377/11 of 18/12/2009.
Domestic users now use RFID technology and they are using it more often, in clothes
shops as an anti-theft system, in libraries, in personal identification systems for accessing
buildings, in passports, pet identification and are even implanted in humans. The use of
RFID will benefit other technological advances, provided that its proper use is ensured.
Users must get to know the technology and take an interest in the use they will make of it,
knowing how to exercise their rights and to communicate to those responsible for using
this technology, the need to respect their fundamental rights to data protection during the
design stages of new RFID services.
The main attack to a user’s privacy through this technology is the attempt to read
personal and private information stored on an RFID device in the user’s possession.
In order to prevent this sort of undesired access to information, there are different
measures whose application will depend on the needs of each user profile, as these
needs will not be the same for a small business client who purchases an item of clothing
as they are for an industrial business which invests in machines or products, the
knowledge of which could make them vulnerable to certain risks. These systems are:
• Use of watchdog labels: (“perro guardián" in Spanish) These labels report any
attempts to read and write which are made in their area of operation.
• Insulation. Prevents the reading of labels except when required. To do this, just insert
the label into a metal or plastic case, which will carry out the function of "Faraday's
cage".
• Use of devices which create a secure area around the user through the emission
of waves which cancel the effectiveness of the RFID. They are also known as
RFID firewalls or radio frequency inhibitors. This solution can be applied to maximum
security environments that are not compatible with situations in which certain readers
must be permitted and others not.
• The cancellation of labels once the transaction has been carried out, destroying
them physically, or by the KILL command (code included on the tag which, when
activated by a reader is disabled permanently). This restricts the user’s traceability
once the purchase of the products has been made, guaranteeing their privacy.
Many organisations have already opted to install RFID technology and the predictions
indicate that many more will do so soon. This is why the existence of a good practice
reference is very useful, which will provide guidance for the correct way to develop
and use these systems.
In the first place, it is essential to take the privacy of user information into account if these
aspects relating to the protection of personal data are not taken into account this could
cause damage to the users, as well as damage to the reputation of the entity, including
the financial costs associated with the loss of public image, compensation, sanctions etc.
Secondly, organisations must bear in mind, when creating their systems, that they are
“monitoring” objects, not the persons which carry them. Compliance with this idea reduces
the possibility of third parties being able to take advantage of the RFID technology to
access the private information of users.
• Do not focus only on the labels or the technology when assessing an RFID system.
• The system should be analysed in its entirety as security or lack of privacy problems
can arise from combinations in the system or from components which are not directly
linked to the RFID readers/transmitters.
• The privacy and security must "work" from the initial installation of the system, as it is
a key part of the latter.
• Full agreement, participation and consent of the users of the system are necessary.
This is achieved through knowledge and participation.
Therefore, the four directives for organisations aimed at protecting privacy are as follows:
• Choice. Consumers must be informed when RFID is being used on a product, in case
they wish to throw out or remove the RFID labels.
• Education. Consumers must have the possibility of being properly informed on the use
of electronic labels, their technical possibilities and their application.
4) The methodology of regulatory compliance which ensures full respect for the
provisions of LOPD.
8
See ICO (2009): Privacy Impact Assessment (PIA) handbook (Version 2). Available at
http://www.ico.gov.uk/upload/documents/pia_handbook_html_v2/index.html
• Renaming: Avoiding the replacement of a label or similar attacks. In this case, the
RFID labels contain a collection of pseudonyms so that they can transmit a different
one every time they are interrogated by the reader. This way a malicious reader who
wants to supplant the label would have to know all the pseudonyms to carry out a
supplantation.
This defence can be offset by a malicious reader which can read each possible label
many times until the codes repeat themselves. To prevent this, the response of the
label is controlled, slowing down the response in the event of a rapid sequence of
interrogations.
• To provide notification that RFID is being used, clearly and with symbols displayed: on
the products, readers and areas in range of the readers.
• To make users aware, at all times, of when, where and why a tag is being read.
Including indication of the reader with any kind of luminous sign, inconspicuous to
prevent nuisances, but indicative of the activity.
• To have a privacy policy relating to the attainment, use and deletion of personal
information associated with RFID, which must be made public for the users, offering
them the possibility of knowing, accessing and modifying the personal information
associated with RFID that is stored.
• To have RFID-trained staff who know the features of the system installed and are
accessible to the public, and are capable of answering questions on security and
privacy correctly.
• Not to store personal information on RFID tags, destroying said information as soon as
possible, thereby reducing the risk of interference in the privacy of users.
• Withdraw, destroy or deactivate the tags when they have completed their task. If the
post-sales service is to be continued and maintained, it must be ensured that when a
product is returned, this will mean the deletion of any association of the tag with the
user.
• To offer the user the facilities for the withdrawal, destruction or deactivation of the tags
associated with products when the installations are going to be abandoned.
• Not to grant third parties information associated with RFID which could be used to
create profiles or carry out monitoring of users.
• To carry out security audits of RFID systems, periodically to guarantee their level of
security.
www.inteco.es www.agpd.es
Guide INTECO-AEPD on the security and privacy of RFID technology. Page 38 of 38