Wednesday, October 21, 2009

VSD: Near Field Privacy

In his book, "Philosophical Dimensions of Privacy," author ferdinand Schoeman describes privacy as a claim, entitlement or right of an individual to determine what information about himself or herself can be communicate to others. Privacy is considered a houshold term (not to be a pun- the household is often riddled with privacy issues), however there are nuances in how people think about it. Some classify privacy as an issue of security and control (Parent, 1983), while others simply project it as a materialization of human dignity- the mere fact that there is a want for some things to be private and some things not is a cornerstone of many facets of humanity (Bloustein, 1964). In either case, privacy has undeniable value to many and there have been painstaking steps take towards protecting it in continually developing areas of advancing civilization. Three common approaches have been identified in terms of preserving and protecting privacy in value-sensitive design methodology (Friedman, 2007):
  1. Inform people when and what information about them is being captured and to whom the information is being made available
  2. Allow people to stipulate what information they project and who can get hold of it
  3. Apply privacy enhancing technologies (PETs) that prevent sensitive data from being tagged to a specific individual in the first place
With the breakdown of technological barriers, a network of available information has begun to flourish- some authorized and acknowledged by owners, and some not. One particular technological area of concern is Radio Frequency Identification (RFID), a technology whereby modest amounts of data can be stored on a tiny tag- usually integrated within or attached to owned objects of interest- so as to be read by active radio fields (readers), and in some cases written to. RFID and privacy have had a tumultuous relationship especially due to the fact that information can be accessed and exchanged without a line-of-sight. Both readers and tags can be completely hidden from view, making it difficult, if not impossible for the owners of the scanned objects to even be aware that such a process is taking place (Langheinrich, 2008). Additionally, the range at which unautorized tag readout (t"tag-sniffing") can occur is fairly large, with the help of wireless communications. In April of 2008, a search for scholarly articles on RFID privacy and security yielded over 700 titles. As of October of 2009, over 17,000 articles are returned.

Near Field Communication (NFC) is an extension of RFID Technology. It differs from traditional RFID communication protocols in that is only occurs over a very short distance (under 4 inches). Notable current instantiations of NFC include the Oyster card public transport system in the United Kingdom, and the payWave credit card augmentation in American banking and processing interactions. While RFID may be seen to uphold values of convenience, openness, and process efficiency ( e.g. government issued passports with RFID tags as well as retail chains that use RFID tags in products for inventory tracking are able to cut costs, reduce time between entities, and generally streamline the flow of information), NFC and the protocols that can be scribed to it (Paci, 2009) can be seen as an attempt to uphold privacy. Near fields inherently require that an interaction take place very close to one's object of choice (which has become the mobile phone. ABI Research has concluded that at least 20% of mobile phones will be NFC-enabled by the year 2012. Currrently, only a small number of models from manufactures such as Nokia are enabled for near field communication (Gallen, 2008)). Mobile exchanges of information that one may want to keep private such as mobile contactless payments must take place very close to one's mobile device. In this way, a sense of private space is being projected upon the transfer of information. Further, because near field communication can be tied to powerful processing technologies within a mobile device, the first two preservation attempts for privacy can be seen whereby the the user is informed when and what information is being captured and to whom it is being made available, and the user can be allowed to stipulate what information, if any, they can broadcast and who is allowed to get a hold of it. The NFC extension of RFID technology and the technological ecosystem that embodies and executes the private exchange of information is what allows privacy to be maintained, even in the chaos and paranoia that radio friency identification in general imbues.

In the terms of value sensitive design, we can attempt to identify the stakeholders involved. Those stakeholders that directly interact with the technology would be users of NFC-enabled mobile phones. Instead of considering their phone as a long-range communication device, they will come to see their phone as the gatekeeper to much of their identity- much of which they would like to keep private. Those whom we may consider to be indirect stakeholder would be those who may benefit from the fact that these users can use their mobile device to communication and transmit information. An example would be a restaurant owner, who allows his customers to pay their bills without requiring card swipes, paper receipts, or signatures. This would present him with feinite cost sacings. Further, he may allow people to touch their mobile devices over an advertisement poster to collect coupons. Only those direct stakeholder who feel so inclined to received a coupon would do so, but the owner would still be (positively?) affected by his endorsement adn encouragement of the use of NFC.

This example shows a somewhat clear delineation between direct and indirect stakeholder of NFC with respect to the value of privacy. However, stakeholder identification itself sheds light on the very issue that NFC addresses within the realm of privacy. When radio frequency is the primary vehicle of information transmission, and due to a lack of line-of-sight as well as unauthorized tag-sniffing, the typical stakeholder is an average consumer, and is both direct and indirect. For example, a consumer may make a purchase at a gas station using their payWave credit card- directly using the RFID functionality that the card permits. However, they are highly susceptible to unknown and unwanted tag sniffing, whereby a reader may be able to receive purchase records or banking account information. NFC aims to make it so that it is always clear to the user whether they are a direct stakeholder or an indirect one.

The value of privacy embedded in NFC comes at the cost of openness and conflicts with location-independence. Since NFC holds privacy so high and forces interactions to occur within people's personal space, it makes it difficult for people/systems to share information who aren't situated near each other. In fact, in cultures where personal space is very small, privacy may still be a concern. However, in cultures where openness and convenience are much more important than privacy, a technology like NFC would seem tedious and unintelligent compared to ones like WiFi. With regards to location-independence, and precisely because NFC requires a 4-inch proximity in order to exchange information, it can be used to ensure attendance for various activities. For example, it is conceivable that a school may use NFC to allow children/teens to "touch" in for attendance and that all a teacher must do to take classroom attendance is to check records. However, the value imposed here is that attendance is important in the first place. How does this play out against education infrastructures where attendance at a specific location isn't important, but rather online presence and respected assignment deadlines.

In summary, through the lenses of value sensitive design we can see how privacy is imbued and preserved within the usage and interactions of near field communication- especially within the common vehicle which is growing to be the mobile cellular device. It serves to use much of the benefits and intelligence that RFID provides, but attempts to apply a much more thorough materialization that respects the ability to which people can transmit information and to control how and to whom that information is shared.


Bloustein, E. (1964). Privacy as an Aspect of Human Dignity: An Answer to Dean Prosser. New York University Law Review, 39, 962-1007.

Friedman, B., & Kahn, P. H., Jr. (2007). Human values, ethics, and design. In Sears, A. & Jacko, J. (Eds.). The Human-Computer Interaction Handbook: Fundamentals, Evolving Technologies and Emerging Applications, 2nd Edition. (pp. 1241-1266). Lawrence Erlbaum.

Langheinrich, M. (2007). A Survey of RFID Privacy Approaches. Springer-Verlag London Limited

Paci, F. (2009). Privacy-Preserving Management of Transactions' Receipts for Mobile Environments. Proceedings fo the 8th Symposim on Identity and Trust on the Internet. Gaithersburg, Maryland, 73-84.

Parent, W. (1983). Privacy, Morality and the Law. Philosophy and Public Affairs, 12, 269-288.

No comments: