Search This Blog

Thursday, March 10, 2011

RFID and privacy

     There are a number of various types of uses for radio frequency identification units (RFID). The purpose of the chapter from Digital Privacy(Acquisti, Gritzalis, Lambrinoudakis, & Vimercati, 2008) was not necessarily to discuss the numerous applications, but to discuss the issues surround privacy concerns. However, discussing some of the applications may make the privacy issue easier to understand.

     The entire point of the RFID is to track, locate and identify an object. That object being a piece of clothing, an animal or a piece of machinery. From there, different attributes can be allocated to their purpose. In the case of clothing, a merchandiser can determine size, color and other customer traits, especially when associating them with some type of charge card.

     RFID can track inventory, streamlining shipments as they arrive and their location. RFID is used by local municipalities (in the northeast, EZ-Pass as an example). The use of EZ-Pass is the first type of RFID that I thought of that could invade privacy, as did thousands of others in its inception. If doing the speed limit between exist should take 45 minutes and I arrive in 20 minutes, does law enforcement have the right to use the EZ-Pass to give me a speeding ticket. I did several searches on this topic and found numerous similar concerns, but no actual prosecuted case of it in any state.

     My concern with this chapter is how the author details the RFID as a potential threat to privacy and civil liberties. I believe that this is overkill, however upon further reading; someone with malicious intentions could in fact use this against an individual.

     He lists several features of privacy violations;

• No tag presence awareness – I could understand if the tag is used outside of a store, but while merchandise is still unpaid for, I do not see this as a privacy violation.

• No reader presence awareness – if a customer intends on stealing an item, why should they know where the reader is located? Again, I do not see this as a privacy violation.

• Silent readings – again, as long as the merchandise is still owned by the store, no violation.

• Line of sight – same as silent readings.

     Where I do see the privacy threats as a concern is since there are no line of sight requirements, there is technology that exists that can identify items that an individual is wearing or carrying. Thereby making personal theft an easy target.

     If the RFID is not killed upon purchase, then there is a direct violation as a merchant can track the movements of a potential consumer.

     The author states that there is a school of thought in favor of RFID technology and that the privacy community has exaggerated its effect. I tend to agree with this school of thought.

      Where I believe the largest privacy violation can occur is where there are unauthorized readers. The author uses the example of someone stopping b briefly by the window of a sex shop and a reader took the information from a charge card in his pocket, identified him and is now on a mailing list of sex related items, when the individual may have only spent seconds at the window.

     Probably the best forms of legitimate use to not violate privacy are utilizing a kill command (rendering the device useless) or an active jamming device.

      I understand that there is the potential for privacy invasion with these devices, and I am not suggesting that the thought is irrational, just highly improbable due to the cost of mitigating the problem if caught violating privacy vs. its actual practicality.


Acquisti, A., Gritzalis, S., Lambrinoudakis, C., & Vimercati, S. D. C. d. (Eds.). (2008). Digital Privacy: Theory, Technologies, and Practices. New York: Auerbach Publications.

Thursday, March 3, 2011

Privacy-Preservation Techniques in data mining

Privacy Preservation in Data Mining

Data mining has an ultimate goal of prediction. (Acquisti, Gritzalis, Lambrinoudakis, & Vimercati, 2008) Data mining has many uses in today’s organizations, specifically in consumer focused companies such as financial, retail and marketing to name a few.

Data mining gathers and is the process of analyzing data from different perspectives and summarizing it into useful information. The information could be used to increase sales, decrease overhead or even find correlations of information that were not known to exist. If a company wants to properly target their advertising dollars, they are going to data mine. By applying predictive data mining, you will find the proper target audience and further, find out what their likes, dislikes and habits are. (Anissimov, 2011)

There are several types of algorithms that are utilized in data mining. To name a few, clustering algorithms are given a set of data that may or may not have any meaning, the clustering algorithm thereby clusters the data in several methods that may have not been recognized by the naked eye. The K-means clustering is a method of cluster analysis which takes into consideration a number of observations and puts them into K clusters; the expected result is an attempt to find the center of natural clusters in the data as well as a clarification of the differences of the different sets of data. (Wagner, Cardie, Rogers, & Schroedl, 2001)

A primary concern for data mining research is the development of data collection methods that incorporate the privacy of the individual. A productive direction for future data mining research will be the development of techniques that incorporate privacy concerns. Specifically, we address the following question; Since the primary task in data mining is the development of models about aggregated data, can we develop accurate models without access to precise information in individual data records? With data mining, a retailer could use point-of-sale records of past purchases to send targeted promotions on an individual’s purchase history.

In the corporate world, data mining is used most frequently to determine trends and predict the future. It is used to build models and decision support systems that give management information they can use to sell their products more efficiently. Data mining however is used in retail as well as pharmaceutical sales and even by the Department of Defense to predict with greater accuracy the likelihood of an attack. (Palace, 1996)

In regard to preserving the privacy of personal information, it is important to note that the privacy of individuals should never be sacrificed. The text gives an example of insurance companies sharing the data of patient records with the doctor’s office. Some data needs to be kept unique, while others can be shared. Sensitive information about an individual could be shared with law enforcement by an airline without the entire passenger list being violated. There have been many cases whereas different law enforcement agencies didn’t collaborate their information and in fact, with data mining could have shared information without giving away the entire portfolio that they have on record of the individual in question, thereby making the identification and apprehension an easier task. (Acquisti, et al., 2008)


Acquisti, A., Gritzalis, S., Lambrinoudakis, C., & Vimercati, S. D. C. d. (Eds.). (2008). Digital Privacy: Theory, Technologies, and Practices. New York: Auerbach Publications.

Anissimov, M. (2011). What is data mining? , 2011, from

Palace, B. (1996). Data Mining Technology Note prepared for Management 274A : Anderson Graduate School of Management at UCLA UCLA.

Wagner, K., Cardie, C., Rogers, S., & Schroedl, S. (2001). Constrained K-means clustering iwth background knowledge. Proceedings of the Eighteenth International Conference on Machine Learning, 2001.