EDRI - RFID

Recommended Action

Wed, 27 Aug 2008 21:02:10 +0100

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

EDRi member FoeBuD e.V. has set up a contest for finding a RFID warning sign to be passed on to the EU's process in RFID legislation. Since the industry came up with a similar contest but looking for a somewhat "friendly" design, FoeBuD is looking for a precise warning sign that would shows the dangers for citizens' rights when RFID technology is involved.

There are two categories in FoeBuD's contest: strict and freestyle. In the strict category, a design for an official RFID warning sign is wanted. The winning design in this category shall be sent to the EU as a proposal for marking RFID tags and readers. It should follow the rules for warning and danger signs as e.g. DIN 4844-2 shows. The freestyle category is what its

Cloning e-passports

Wed, 27 Aug 2008 19:38:19 +0100

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

Jeroen van Beek, a computer researcher at the University of Amsterdam, has shown in some tests conducted for The Times that the new micro-chipped passports, introduced in UK to protect against terrorism and organised crime, can be easily cloned.

The researcher has succeeded in cloning the chips of two British passports in which he introduced the pictures of Osama bin Laden and a suicide bomber and in passing the cloned chips as genuine through Golden Reader, which is the standard passport reader software used by the UN agency setting standards for e-passports and which is also recommended for use at airports. The cloning operation took less than an hour. Van Beek developed his cloning

Dutch University sued to stop publishing research on chip technology

Wed, 16 Jul 2008 19:50:21 +0100

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

Dutch chipmaker NXP Semiconductors has sued the Dutch Computer Security Group of Radboud University in Nijmege in order to stop the publication of research results showing security flaws in NXP's Mifare Classic wireless smart cards used in transit and building entry systems around the world.

The technology is used for the transit system in The Netherlands, in the subway systems in London, Hong Kong and Boston, as well as in cards for accessing buildings and facilities, covering 80 percent of the market.

The security researchers of the Dutch university have checked the Mifare system used with Oyster cards for transport in London and recently succeeded in cracking the encryption on a card and clone it. They added credit to it

Recommended Action

Wed, 12 Mar 2008 20:37:34 +0000

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

Draft Recommendation on the implementation of privacy, data protection and information security principles in applications supported by Radio Frequency Identification (RFID): your opinion matters! The Public Consultation will be open for a period of eight weeks and will finish on 25th April 2008. You may find also a translation of the consultation in French and German.
http://ec.europa.eu/yourvoice/ipm/forms/dispatch?form=RFIDRec

EC Draft Recommendation on RFID Privacy and Security published

Wed, 27 Feb 2008 20:50:20 +0000

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

The European Commission published the Draft Recommendation on RFID Privacy and Security on the Your Voice in Europe-Platform for public consultation.

After a public consultation on RFID Privacy Issues in 2006, some conferences and workshops and various discussions on the topic within the RFID Expert Group, this publication finally represents the measures that the Commission recommends to the member states and stakeholders, in order to achieve a high level of privacy and data protection in the context of RFID applications.

EDRi welcomes this Draft Recommendation, which contains various important measures, like the recommendation that RFID reading areas as well as RFID tagged object should be marked with a clear sign indicating the presence of

Internet-related privacy issues on the EU institutions' agenda

Wed, 13 Feb 2008 18:14:54 +0000

(Dieser Artikel ist auch in deutscher Sprache verfügbar) The privacy problems created by the Internet and other new technologies such as RFID have an important place on the agenda of the European institutions that seem to be more anxious than ever to tackle those issues. The hearing at the European Parliament's Civil Liberties Committee reported in the last EDRi-gram seems to be only the top of the iceberg.

Article 29 working party will discuss at the next meeting, on 18 February 2008, the highly sensitive topic of privacy & search engines, and it is probable to adopt an Opinion on this topic.

But the views of the Working party's members are already public, after the last month meeting at the European Parliament. Moreover, Peter Schaar,

Key privacy concerns in Netherlands 2007

Wed, 30 Jan 2008 20:29:20 +0000

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

The nominees and winners of the Dutch Big Brother Awards 2007 showed it clearly: a proper level of data protection in The Netherlands cannot be taken for granted. A number of big projects and ongoing legislative efforts threaten the state of data protection in the Netherlands. The government shows no signs of taking critics seriously. The disinterest of the public and ease with which a majority of Dutch citizens are willing to hand over their privacy for a promise of security, led the jury of the Big Brother Awards declare the Dutch citizen the winner. Other winners were the plans for an Electronic Child Dossier, the National Railways for the RFID transit card system and De Nederlandsche

European Data Protection Supervisor's opinion on RFID

Wed, 16 Jan 2008 19:35:58 +0000

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

In the context of increasing debates in the European Union over the RFID policy, Peter Hustinx, the European Data Protection Supevisor (EDPS), published on 20 December 2007 his opinion on the growing use of RFID chips in consumer products and other new applications affecting individuals.

EDPS published this opinion as a response to the European Commission's communication on Radio Frequency Identification (RFID) in Europe that was released in March 2007, but taking into consideration other actions, such as the creation by the EC of the RFID expert group, where EDRi is a member.

Peter Hustinx, explained the role of RFID and its relation with the privacy issues: "RFID systems could play a key role in the development of

RFID and Informed Consent - Using and removing of RFID functionality

Wed, 05 Dec 2007 18:25:34 +0000

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

Following the the EDRi statements on RFID Privacy Issues and RFID Security Issues published earlier this year, EDRi recently contributed with a third written statement to the European Commission's RFID Expert Group focusing on RFID and Informed Consent.

In this paper, EDRi deals with the possibilities of informing individuals about RFID use and strongly asks for a strict opt-in regime for RFID usage. Furthermore various mechanisms for removing, altering or disabling RFID functionality are discussed and evaluated with respect to the protection of personal data.

Finally, EDRi suggests a concept of responsibilities to ensure that RFID technology is only disseminated to organisations that

Lisbon Conference "On RFID - The next step to the Internet of Things"

Wed, 21 Nov 2007 19:13:28 +0000

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

Last week the conference "On RFID", organised by the Portuguese Presidency with support of the European Commission DG Information Society, took place in Lisbon. During the one and a half days of the conference a number of topics were discussed, that could be crucial for the future development of RFID technology.

Privacy and security were the topics of a panel discussion held during the morning of the first day. The participants in this discussion, representatives of industry, consumer, data protection and international organisations, all shared the opinion that security and privacy by design is the proper way for advancements of RFID technology. As Reinhard Posch, representative of the European Network and Information Security Agency

Fingerprints in passports: the German population in a risky experiment

Wed, 24 Oct 2007 20:36:41 +0100

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

On 1 November 2007, registration offices throughout Germany will begin collecting fingerprints from all citizens wishing to travel. Two years after the storage of a facial image on an RFID chip has been introduced, the project of full biometric registration of the whole population continues. Germany's Chaos Computer Club (CCC) points out once more that the ePassport has risks and side-effects, which particularly affect senior citizens.

Many older people will have problems giving fingerprints. Experience as well as international and German studies show that considerably more than 10% of all senior citizens must expect to have no recordable fingerprints. This will inevitably expose them to discrimination through

Prague will anonymise RFID city cards

Wed, 01 Aug 2007 19:13:17 +0100

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

Prague Deputy Mayor announced that following the presure of EDRI-member Iuridicum Remedium and the interpellation of the member of city parliament Petra Kolinska (Green Party) the city authorities decided that RFID chips in newly issued city cards will no longer contain personal data.

This move is a reaction to the press conference Iuridicum Remedium held on 12 June2007. At the press conference cryptologist Tomás Rosa demonstrated that first and last name as well as date of birth of the owners of the newly issued city card can be easily read by any unauthorised person from a distance of a dozen centimeters even when carried in the purse or pocket. The NGO requested city authorities to stop the project of city card

EDRI's contributions to the RFID Expert Group

Wed, 01 Aug 2007 19:00:03 +0100

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

The RFID Expert Group created by the European Commission in order to assist in drafting the future RFID strategy had several meetings until now. European Digital Rights Initiative (EDRI) submitted two papers to this group on RFID Privacy and Security in order to stress that the reliable protection of privacy and personal data is a key issue for the acceptance of this technology.

The first paper on RFID Privacy issues was EDRI's contribution to the RFID Expert Group Meeting on 10 July 2007 and focused on the data protection and privacy issues of RFID applications, but also suggested a classification scheme for RFID applications based on data protection and user control.

RFID Expert Group - Kick Off

Wed, 06 Jun 2007 17:26:20 +0100

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

Following the public consultations on RFID last year, the European Commission announced the creation of an RFID Expert Group to assist in drafting the future RFID strategy. The group's kick-off meeting was held in Brussles last week. EDRi was invited to participate in the group.

The Group has been established for two years and includes representatives from the industry, standardisation bodies and the civil society. The EU data protection authorities participate as observers.

In the past years digital rights organisations have continuously expressed their strong concerns regarding the implications the usage of RFID may have on privacy. The public consultation on RFID confirmed that these concerns

Stakeholder group to advise on EU RFID strategy

Wed, 28 Mar 2007 20:10:25 +0100

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

The European Commission presented its new proposal for the radio frequency identification (RFID) tags strategy for Europe after one year of consultations. The strategy will be drafted in cooperation with a Stakeholder Group to be created and Article 29 Working Party.

An EU study had been initiated after a 6-months period of consultations that had shown concerns related to the use of RFID tags especially regarding public awareness and fears that the system would affect privacy. The study advised on the necessity to assure the public that the tags would not turn into a large-range surveillance system and that people would have control on the information included in the tags.