Skip to main content
SpringerLink
Log in

Privacy Enhancing Technologies for RFID in Retail- An Empirical Investigation

  • Conference paper
UbiComp 2007: Ubiquitous Computing (UbiComp 2007)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4717))

Included in the following conference series:

Abstract

This article investigates the conflicting area of user benefits arising through item level RFID tagging and a desire for privacy. It distinguishes between three approaches feasible to address consumer privacy concerns. One is to kill RFID tags at store exits. The second is to lock tags and have user unlock them if they want to initiate reader communication (user scheme). The third is to let the network access users’ RFID tags while adhering to a privacy protocol (agent scheme). The perception and reactions of future users to these three privacy enhancing technologies (PETs) are compared in the present article and an attempt is made to understand the reasoning behind their preferences. The main conclusion is that users don’t trust complex PETs as they are envisioned today. Instead they prefer to kill RFID chips at store exits even if they appreciate after sales services. Enhancing trust through security and privacy ‘visibility’ as well as PET simplicity may be the road to take for PET engineers in UbiComp.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Fusaro, R.: None of Our Business. Harvard Business Review, 33–44 (2004)

    Google Scholar 

  2. Smith, J.H., Milberg, J., Burke, S.: Information Privacy: Measuring Individuals’ Concerns About Organizational Practices. MIS Quarterly 20(2), 167–196 (1996)

    Article  Google Scholar 

  3. Jannasch, U., Spiekermann, S.: RFID: Technologie im Einzelhandel der Zukunft: Datenentstehung, Marketing Potentiale und Auswirkungen auf die Privatheit des Kunden, Lehrstuhl für Wirtschaftsinformatik, Humboldt Universität zu Berlin: Berlin (2004)

    Google Scholar 

  4. Berthold, O., Guenther, Spiekermann, S.: RFID Verbraucherängste und Verbraucherschutz. Wirtschaftsinformatik, Heft 6 (2005)

    Google Scholar 

  5. FoeBuD e.V. (ed.): Positionspapier über den Gebrauch von RFID auf und in Konsumgütern, FoeBuD e.V.: Bielefeld (2003)

    Google Scholar 

  6. Duce, H.: Public Policy: Understanding Public Opinion, A.-I. Center, Massachusetts Institute of Technology. MIT, Cambridge, USA (2003)

    Google Scholar 

  7. Auto-ID Center (ed.): 860 MHz – 930 MHz Class 1 Radio Frequency (RF) Identification Tag Radio Frequency & Logical Communication Interface Specification, EPCGlobal, Cambridge, Massachusetts, USA (2004)

    Google Scholar 

  8. Sarma, S., Weis, S., Engels, D.: RFID Systems, Security & Privacy Implications, A.-I. Center. Massachusetts Institute of Technology. MIT, Cambridge, USA (2002)

    Google Scholar 

  9. Auto-ID Center, (ed.): Technology Guide. Massachusetts Institute of Technology, MIT, Cambridge, USA (2002)

    Google Scholar 

  10. GCI (ed.): Global Commerce Initiative EPC Roadmap, G.C. Initiative and IBM (2003)

    Google Scholar 

  11. Auto-ID Center (ed.): EPC-256: The 256-bit Electronic Product Code Representation. Massachusetts Institute of Technology, MIT, Cambridge, USA (2003)

    Google Scholar 

  12. Auto-ID Center (ed.): EPC Information Service - Data Model and Queries. Massachusetts Institute of Technology, MIT, Cambridge, USA (2003)

    Google Scholar 

  13. Auto-ID Center (ed.): Auto-ID Object Name Service (ONS) 1.0. Massachusetts Institute of Technology, MIT, Cambridge, USA (2003)

    Google Scholar 

  14. Engels, D.: Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, Springer, Heidelberg (2004)

    Google Scholar 

  15. Engberg, S., Harning, M., Damsgaard, C.: Zero-knowledge Device Authentication: Privacy & Security Enhanced RFID preserving Business Value and Consumer Convenience. In: Proceedings of the Second Annual Conference on Privacy, Security and Trust, New Brunswick, Canada (2004)

    Google Scholar 

  16. Spiekermann, S., Berthold, O.: Maintaining privacy in RFID enabled environments - Proposal for a disable-model. In: Robinson, P., Vogt, H. (eds.) Privacy, Security and Trust within the Context of Pervasive Computing, Springer Verlag, Vienna, Austria (2004)

    Google Scholar 

  17. Inoue, Y.: RFID Privacy Using User-controllable Uniqueness. In: Proceedings of the RFID Privacy Workshop, Massachusetts Institute of Technology, MIT, Cambridge, MA, USA (2004)

    Google Scholar 

  18. Floerkemeier, C., Schneider, R., Langheinrich, M.: Scanning with a Purpose - Supporting the Fair Information Principles in RFID Protocols. In: Murakami, H., Nakashima, H., Tokuda, H., Yasumura, M. (eds.) UCS 2004. LNCS, vol. 3598, Springer, Heidelberg (2005)

    Google Scholar 

  19. Langheinrich, M.: A Privacy Awareness System for Ubiquitous Computing Environments. In: Borriello, G., Holmquist, L.E. (eds.) UbiComp 2002. LNCS, vol. 2498, Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  20. Christian, M., Floerkemeier, C.: Making Radio Frequency Identification Visible – A Watchdog Tag. In: Proceedings of the 5th Annual IEEE International Conference on Pervasive Computing and Communications, New York (2007)

    Google Scholar 

  21. Stajano, F.: Security for Ubiquitous Computing. John Wiley & Sons, Chichester, UK (2002)

    Google Scholar 

  22. Platform for Privacy Preferences (P3P) Project, W3C (2006)

    Google Scholar 

  23. Juels, A., Rivest, R., Szydlo, M.: The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy. In: Proceedings of the 10th Annual ACM CCS, ACM Press, New York (2003)

    Google Scholar 

  24. Karjoth, G., Moskowitz, P.A.: Disabling RFID Tags with Visible Confirmation: Clipped Tags are Silenced. In: Proceedings of the ACM Workshop on Privacy in the Electronic Society, ACM Press, Alexandria, VA, USA (2005)

    Google Scholar 

  25. Spiekermann, S.: Perceived Control: Scales for Privacy in Ubiquitous Computing. In: Acquisti, A., De Capitani di Vimercati, S., Gritzalis, S., Lambrinoudakis, C. (eds.) Digital Privacy: Theory, Technologies and Practices, Taylor and Francis, New York (2007)

    Google Scholar 

  26. Fishbein, M., Ajzen, I.: Belief, Attitude, Intention and Behavior: An Introduction to Theory and Research. Addison-Wesley, Reading, MA, USA (1975)

    Google Scholar 

  27. Ajzen, I.: From intentions to actions: A theory of planne behavior. In: Kuhi, J., Beckmann, J. (eds.) Action - control: From cognition to behavior, pp. 11–39. Springer, Heidelberg (1985)

    Google Scholar 

  28. Ajzen, I., Fishbein, M.: The Influence of Attitudes on Behavir. In: Albarracin, D., Johnson, B.T., Zanna, M.P. (eds.) The Handbook of Attitudes on Behavior, pp. 173–221. Erlbaum, Mahwah, New York (2005)

    Google Scholar 

  29. Rogers, E.: Diffusion of Innovations. The Free Press, New York (1995)

    Google Scholar 

  30. Kassarjian, H.H.: Content Analysis in Consumer Research. Journal of Consumer Research 4(1), 8–18 (1977)

    Article  Google Scholar 

  31. W3C, (ed.): Web Security Experience, Indicators and Trust: Scope and Use Cases, W3C Working Draft (25 May 2007)

    Google Scholar 

  32. Adams, A., Sasse, A.: Users are not the enemy - Why users compromise computer security mechanisms and how to take remedial measures. Communications of the ACM 42(12), 40–46 (1999)

    Article  Google Scholar 

  33. Berendt, B., Guenther, O., Spiekermann, S.: Privacy in E-Commerce: Stated Preferences vs. Actual Behavior. Communications of the ACM 48(4) (2005)

    Google Scholar 

  34. Sheeran, P.: Intention-behavior relations: A conceptual and empirical review. In: Stroebe, W., Hewstone, M. (eds.) European Review of Social Psychology, pp. 1–36. Wiley, Chichester, UK (2002)

    Google Scholar 

  35. Trafimow, D.: Evidence that perceived behavioural control is a multidimensional construct: Perceived control and perceived difficulty. British Journal of Social Psychology 41, 101–121 (2002)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Information Systems, Humboldt University Berlin, Spandauer Strasse 1, 10178 Berlin, Germany

    Sarah Spiekermann

Authors
  1. Sarah Spiekermann
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

John Krumm Gregory D. Abowd Aruna Seneviratne Thomas Strang

Electronic supplementary material

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Spiekermann, S. (2007). Privacy Enhancing Technologies for RFID in Retail- An Empirical Investigation. In: Krumm, J., Abowd, G.D., Seneviratne, A., Strang, T. (eds) UbiComp 2007: Ubiquitous Computing. UbiComp 2007. Lecture Notes in Computer Science, vol 4717. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74853-3_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-74853-3_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-74852-6

  • Online ISBN: 978-3-540-74853-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation