I recently became enthusiastic about how wonderful transparent security would be. I still feel that way, but we also need to define limits on transparency. The example of a girl being expelled from her school because she refuses to wear a RFID badge (through @stoweboyd) is interesting.
The issue is rather simple. A school has issued RFID badges to track attendance, a student refuses to wear the badge, she gets expelled, a judge issues a stay, an we are now waiting for the trial. I also wear a RFID badge at work every day, and that doesn’t bother me much (well, it bothers me a bit: I usually wear it “visibly”, but not too much, as I don’t like the idea of the dangling name tag around my neck). This badge helps me getting into offices; it could also help me get connected to internet, and many other things. However, there is a big difference: my badge is a proximity badge. When I want to enter a room, I wave it to a reader; when I want to access internet, I insert it in a card reader. I can be tracked, but there are clear limits on what can be tracked. In that particular schoool’s case, things are different: the badges are designed to be read from a distance, without any badgeholder interference.
This is transparency, of course, and it could make your life easier. Think about a restricted area’s door opening just because you are arriving: sounds nice, doesn’t it? That makes it more convenient than a standard badge. However, this convenience implies that you trust the badge’s issuer, at least enough to believe that they won’t read your badge to monitor your every movement, like how much time do you spend in your office (working), or elsewhere (potentially not working). Here, the issue is the lack of user engagement from the user. With such a system, the user ends up believing/fearing that she is the victim of pemanent surveillance, and this may just be true.
This problem is not specific to this case. Gemalto has a technology called eGo that faces similar issues. This technology communicates through the body to establish a secure link between a reader and a personal device. To take the access control example, a door could open when you touch it. It is better than simply using RFID, but not much. With this technology, you can be tracked whenever you touch something, and some people will (understandably) not like it. Of course, it is easy to design limits. For instance, one could imagine a specific, clearly marked pad that you have to touch in order to start the authentication: then, there is a specific gesture, which can be interpreted as an acknowledgement. For RFID, this is more difficult to do, especially in crowded areas like schools, where several badges are likely to be readable at any time.
This post is actually turning into advertisement for Natural Security. This startup proposes a contactless device that communicates with a fingerprint reader that can be integrated in a variety of envionments. When you swipe your finger, you are authenticated, and then a transaction can occur. You don’t need to take the card out of your pocket or purse, but you are doing a specific simple gesture to acknowledge your intention to do something. On top of that, you are authenticated, which is a nice bonus. Security, naturally and esaily; I guess that this is where the company name comes from.
Once again, no system is foolproof, and heavy surveillance could be achieved with most products, just like fraud remains possible in most cases. However, good security systems should allow/encourage the institutions and corporations who use them to respect their users’ privacy, just as much as they should encourage/force the end users to comply to the security rules. As I mentioned in the previous post, end users aren’t security providers’ customers, but they have rights, which are often hard to understan, and it is also our responsibility to help our customers respect these rights.
One final note about RFID at school. If this system is installed, it is likely that it will soon replace human checks, and sudents will be able to escape class or other oblgations by swapping badges or putting their badge in somebody else’s pocket. Why? Because a human being looking at badges performs an authentication by matching the ace on the badge and the face of the person wearing it, where a RFID system simply counts badges, and doesn’t care about human beings. What a package: you get less privacy and less security.