I spoke on a panel today at the mid-year meeting of the American Bar Association’s Technology in the Practice and Workplace Committee.  The focus was on legal issues associated with RFID in the Workplace – other participants included representatives from the ACLU and various law firms representing either unions or companies that use RFID.  While the meeting was held at Seattle University, attendees included Professors from around Washington as well as lawyers and ABA members from across the country.

While I provided expertise on the existing attacks (and defenses) against existing RFID systems, I also emphasized privacy concerns with emerging RFID systems.  In particular, I explained how the RFID-based RTLS systems that are appearing in hospitals and government buildings can be abused.  Workers can be tracked either explicitly or through the equipment they use, patterns of association (e.g. relationships) between people can be made – as can changes in those patterns, and lots of unanticipated higher-level context can be extracted from raw sensor data long after it was recorded.  The union-side lawyer (Robert Lavitt from Schwerin Campbell Barnard Iglitzin & Lavitt LLP) also brought some interesting notes regarding past cases involving RFID tracking in hospitals. A key point in the privacy debate was on whether or not the benefit of such systems outweighed the privacy risk.  This is a recurring trade-off for context-aware computing technologies and it has been studied from many angles: “privacy vs. utility”, “privacy and proportionality”, “privacy vs. benefit”.  It’s more than likely that looming debates over emerging technology will form around this trade-off…

Overall the panel discussion was great and there should eventually be some references online, for now the day’s agenda provides an overview.

Today’s talks covered a variety of topics, from effective and efficient strategies for managing RFID data in the supply chain, to a framework for security in interoperable RFID networks, to probabilistic RFID data cleaning and even RFID in mobile E-commerce.

One interesting talk on “Interoperable Internet Scale Security Framework for RFID Networks” was given by Tingting Mao at the MIT AUTO-ID lab. This work describes a framework whereby businesses can define policies for sharing EPC data and the associated business events. A key feature of this system is that it uses authentication and authorization based on an aggregation of business rules, enterprise information, and RFID tag information. In another talk, Antti Sirkka from TietoEnator discussed “Modelling Traceability in the Forestry Wood Supply Chain”. This work aims to use RFID to improve information on processes in the forestry wood production system – a pressing problem given the equivalent of Є5 billion of wood raw material going to waste in Europe.

There were also great talks and discussion from panelists Yanlei Diao (University of Massachusetts, Amherst) and Fusheng Wang (Siemens Corporate Research).

Slides from the talks will eventually be posted online at: http://rfid.cs.washington.edu/rfdm08/

The first annual International Workshop on RFID Data Management (RFDM’08) is happening in Cancun today in conjunction with the International Conference on Data Engineering (ICDE). The workshop brings together researchers and practitioners that work on problems related to managing data produced by RFID or other traceability and automated identification (Auto ID) technologies. The goal is to fill an important gap in the community by bringing interested researchers together to identify future research challenges and opportunities. The workshop is co-chaired by Prof. Magdalena Balazinska and Dr. Karin Murthy (IBM).

Prof. Jiawei Han (UIUC) just gave a great keynote talk titled “Warehousing and Mining Massive RFID Data Sets”. It covered some recent work he an his student Hector Gonzalez have done on techniques for managing the massive (i.e. peta-byte scale) RFID data sets that are generated by supply chain applications of RFID. He concluded with some interesting work that applies these techniques to the analysis and aggregation of traffic patterns using EZ-pass and FasTrak data.