Book Review: ''RFID Applications, Security, and Privacy''
September 27, 2005
Thanks again to all RFIDbuzz editors for giving me the opportunity to read through this exciting book on RFID and Privacy. Overall, I liked this book very much.
[ Simson Garfinkel & Beth Rosenberg (Eds.) RFID : Applications, Security, and Privacy, Addison-Wesley Professional, July 6, 2005, 608 pages, ISBN: 0321290968. ]
This is a very rich collection of articles contributed by people with diverse backgrounds, viewpoints, and stances. It was just published from Addison-Wesley this summer and includes a number of fresh topics that are highly relevant to the ongoing debates on RFID technology and its implications for all facets of our lives. There are overlaps and discrepancies between some chapters, which actually made my reading experience exciting and fun rather than confusing and frustrating. This book may not be for people who are looking for predigested information about how to build RFID applications, how to address RFID privacy issues, etc. However, anyone who actively thinks about the issues around RFID technology would find this book highly valuable: I believe this is the best book published so far for this reader population.
I myself have been following relevant topics for several years and am currently a contributer at RFIDbuzz and elsewhere. Also, organized with my colleagues workshops in Tokyo last year, partly inspired by the workshop held at MIT in 2003, chaired by Simson Garfinkel, one of the editors of this book (he says the idea for this book came about because of that workshop). Before reading, I wasn't expecting to find something new in the book. But, I was luckily wrong. For example, articles on interaction design (Chapter 9) and cross-cultural perspectives (Chapter 31 and 32) were new to me. Again, the quality (and the quantity) of each article may vary; however, it matters less when many articles are contributed by people who are now playing key roles in shaping the co-evolution of RFID technology and the society.
The book has 608 pages consisting of 32 chapters and 6 appendixes.
The first part of the book includes 9 chapters that covers basics in broad areas: the technology, standardization, privacy, authentication of goods, philosophy and interaction design. Chapter 2, contributed by Simson Garfinkel and Henry Holzman, gives a very good overview of RFID technology and, in Chapter 3, Sanjay Sarma, a professor at MIT and a co-founder of the Auto-ID Center talks about the history of the Auto-ID Center and EPCglobal. Chapter 4 discusses data protection law and fair information practices (FIP) in relation to RFID.
The second part of the book includes 6 chapters that covers different application areas: wireless payment, military logistics, pharmacy, healthcare, library, and livestock management. Chapters 10 and 12 include interviews with key men who led major RFID projects at Exxon Mobile and CVS/Pharmacy Corporation. Chapter 14, contributed by Lori Bowen Ayre, discusses opportunities and risks of using RFID in libraries – one of the unique issues raised here is the cost and time for manually attaching RFID tags to hundreds of thousands of library books.
The third part of the book is titled "Threats" and begins with the contribution by Katherine Albrecht, a prominent consumer privacy activist. The 6 chapters in this part cover social risks and technological weaknesses related to RFID. I liked the way how Chapters 16 and 17 discussed privacy by introducing different system architecture types and potential scenarios of technology adoption. In Chapter 19, Jonathan Westhues, an undergrad student in Canada, shares his experience of hacking a proximity card system.
The fourth part of the book includes 3 chapters that discuss technological approached to RFID privacy and security. In Chapter 21, Ari Juels discusses different approached to the RFID privacy problem, including Blocker Tags and Soft Blocking. The following chapters discuss randomization, killing, recoding, etc. without getting into too much technical details.
The fifth (and the last) part of the book is titled "Stakeholder Perspectives" and includes 9 chapters discussing varieties of topics. I found some of the chapters in this part very interesting. In Chater 30, Peter de Jager discusses RFID privacy in relation to Y2K: "In some ways, I was to Y2K what Katherine Albrecht is to RFID and privacy." Chapter 31 and 32 discuss privacy issues in Asia and Latin America. I was most excited to read these chapters and I do think these contributions are valuable. However, I also felt that they may only have scratched the surface.
Most articles in Appendixes seems to be already published elsewhere. However, they are all good articles and reading them together creates a different opportunity for thinking.
Overall, I would highly recommend this book. It's an essential book for anyone who actively thinks about the issues around the use of RFID technology.
- Chapter 2: Understanding RFID Technology (Simson Garfinkel, Henry Holzman)
- Chapter 3: A History of the EPC (Sanjay Sarma)
- Chapter 17: Multiple Scenarios for Private-Sector Use of RFID (Ari Schwartz, Paula Bruening)
Posted by konomi