Book Review: ''RFID Applications, Security, and Privacy''

September 27, 2005

Thanks again to all RFIDbuzz editors for giving me the opportunity to read through this exciting book on RFID and Privacy. Overall, I liked this book very much.

0321290968s.gif
[ Simson Garfinkel & Beth Rosenberg (Eds.) RFID : Applications, Security, and Privacy, Addison-Wesley Professional, July 6, 2005, 608 pages, ISBN: 0321290968. ]

This is a very rich collection of articles contributed by people with diverse backgrounds, viewpoints, and stances. It was just published from Addison-Wesley this summer and includes a number of fresh topics that are highly relevant to the ongoing debates on RFID technology and its implications for all facets of our lives. There are overlaps and discrepancies between some chapters, which actually made my reading experience exciting and fun rather than confusing and frustrating. This book may not be for people who are looking for predigested information about how to build RFID applications, how to address RFID privacy issues, etc. However, anyone who actively thinks about the issues around RFID technology would find this book highly valuable: I believe this is the best book published so far for this reader population.

I myself have been following relevant topics for several years and am currently a contributer at RFIDbuzz and elsewhere. Also, organized with my colleagues workshops in Tokyo last year, partly inspired by the workshop held at MIT in 2003, chaired by Simson Garfinkel, one of the editors of this book (he says the idea for this book came about because of that workshop). Before reading, I wasn't expecting to find something new in the book. But, I was luckily wrong. For example, articles on interaction design (Chapter 9) and cross-cultural perspectives (Chapter 31 and 32) were new to me. Again, the quality (and the quantity) of each article may vary; however, it matters less when many articles are contributed by people who are now playing key roles in shaping the co-evolution of RFID technology and the society.

The book has 608 pages consisting of 32 chapters and 6 appendixes.

The first part of the book includes 9 chapters that covers basics in broad areas: the technology, standardization, privacy, authentication of goods, philosophy and interaction design. Chapter 2, contributed by Simson Garfinkel and Henry Holzman, gives a very good overview of RFID technology and, in Chapter 3, Sanjay Sarma, a professor at MIT and a co-founder of the Auto-ID Center talks about the history of the Auto-ID Center and EPCglobal. Chapter 4 discusses data protection law and fair information practices (FIP) in relation to RFID.

The second part of the book includes 6 chapters that covers different application areas: wireless payment, military logistics, pharmacy, healthcare, library, and livestock management. Chapters 10 and 12 include interviews with key men who led major RFID projects at Exxon Mobile and CVS/Pharmacy Corporation. Chapter 14, contributed by Lori Bowen Ayre, discusses opportunities and risks of using RFID in libraries one of the unique issues raised here is the cost and time for manually attaching RFID tags to hundreds of thousands of library books.

The third part of the book is titled "Threats" and begins with the contribution by Katherine Albrecht, a prominent consumer privacy activist. The 6 chapters in this part cover social risks and technological weaknesses related to RFID. I liked the way how Chapters 16 and 17 discussed privacy by introducing different system architecture types and potential scenarios of technology adoption. In Chapter 19, Jonathan Westhues, an undergrad student in Canada, shares his experience of hacking a proximity card system.

The fourth part of the book includes 3 chapters that discuss technological approached to RFID privacy and security. In Chapter 21, Ari Juels discusses different approached to the RFID privacy problem, including Blocker Tags and Soft Blocking. The following chapters discuss randomization, killing, recoding, etc. without getting into too much technical details.

The fifth (and the last) part of the book is titled "Stakeholder Perspectives" and includes 9 chapters discussing varieties of topics. I found some of the chapters in this part very interesting. In Chater 30, Peter de Jager discusses RFID privacy in relation to Y2K: "In some ways, I was to Y2K what Katherine Albrecht is to RFID and privacy." Chapter 31 and 32 discuss privacy issues in Asia and Latin America. I was most excited to read these chapters and I do think these contributions are valuable. However, I also felt that they may only have scratched the surface.

Most articles in Appendixes seems to be already published elsewhere. However, they are all good articles and reading them together creates a different opportunity for thinking.

Overall, I would highly recommend this book. It's an essential book for anyone who actively thinks about the issues around the use of RFID technology.


PDFs are available for the following chapters (courtesy of Addison-Wesley/Prentice Hall PTR):


Posted by konomi

Comments

Konomi, I just read the book as well and couldn't agree with you more on the fact that this is one of the most well-written book on the subject. My only concern is that developments around RFID are evolving so fast that such books need new editions in shorter intervals to ensure the general population is reading the latest and supporting the development of RFID.

Posted by: Vaibhav at October 3, 2005 10:05 PM

can some body send me this book............

i cannt afford to buy it.......

so read its 3 chapterss that were available and found the interest in reading the rest

so if somebody could just mail me the book or share it
at
uetian_devil@hotmail.com


kind request

Regards

ghulam mustafa

Posted by: mustafa at January 6, 2006 12:24 PM
Post a comment









Remember personal info?