Commercial and personal data could both be at risk from hackers under plans by Ofcom to have all RFID applications operating within a dedicated area of radio bandwidth, a privacy expert has warned.
The concerns have come to light after the regulator of UK communications announced it was planning to direct all RFID communications into one area on the radio frequency, between 865MHz and 868MHz, due to increasing demand for radio access from supply chain specialists and retailers.
Until now, retailers and other RFID users have taken a piecemeal approach, rather than operating within a designated
area. However, Dr Gus Hosein, a specialist in privacy, civil liberties and technology in the information systems department of the London School of Economics, has warned that to set aside one area of the radio spectrum for RFID use would mean there was greater risk of data being spied on. The extent of the problem would depend on how a retailer uses RFID. However, such data could include consumers’ names and addresses, as well as critical supply chain data.
Hosein said: “By narrowing it down, it will be a lot easier to start doing surveillance on one specific area of bandwidth.”
Commercial spying would be one of the biggest issues, he added. “I’ve not heard of it in this country, but elsewhere people have been able to spy on other companies’ databases. Can you imagine the temptation of being able to look into Wal-Mart’s?”
Personal data transmitted via RFID could also be tapped into by external sources, said Hosein.
Ofcom said the size of the 3MHz available for RFID had no impact on security, adding: “It’s up to the user to guarantee security, not Ofcom. We make the spectrum available and it’s the responsibility of the users to make best use of it.”
Tesco spokeswoman Deborah Watson said it was already operating within Ofcom’s specified bandwidth for RFID, but was not worried about hacking. “We take the privacy of all customers extremely seriously. We’re aware of the concerns with any IT system and take measures to protect our business and customers.”
The draft regulations, offering licence-exempt access to the RFID zone, remain open for consultation until September 12.
Rachel Barnes
The concerns have come to light after the regulator of UK communications announced it was planning to direct all RFID communications into one area on the radio frequency, between 865MHz and 868MHz, due to increasing demand for radio access from supply chain specialists and retailers.
Until now, retailers and other RFID users have taken a piecemeal approach, rather than operating within a designated
area. However, Dr Gus Hosein, a specialist in privacy, civil liberties and technology in the information systems department of the London School of Economics, has warned that to set aside one area of the radio spectrum for RFID use would mean there was greater risk of data being spied on. The extent of the problem would depend on how a retailer uses RFID. However, such data could include consumers’ names and addresses, as well as critical supply chain data.
Hosein said: “By narrowing it down, it will be a lot easier to start doing surveillance on one specific area of bandwidth.”
Commercial spying would be one of the biggest issues, he added. “I’ve not heard of it in this country, but elsewhere people have been able to spy on other companies’ databases. Can you imagine the temptation of being able to look into Wal-Mart’s?”
Personal data transmitted via RFID could also be tapped into by external sources, said Hosein.
Ofcom said the size of the 3MHz available for RFID had no impact on security, adding: “It’s up to the user to guarantee security, not Ofcom. We make the spectrum available and it’s the responsibility of the users to make best use of it.”
Tesco spokeswoman Deborah Watson said it was already operating within Ofcom’s specified bandwidth for RFID, but was not worried about hacking. “We take the privacy of all customers extremely seriously. We’re aware of the concerns with any IT system and take measures to protect our business and customers.”
The draft regulations, offering licence-exempt access to the RFID zone, remain open for consultation until September 12.
Rachel Barnes
No comments yet