Archived questions for speakers

Questions for Matthai

• In our discussion, Matthai made the point that elderly citizens preferred to have the RFID bracelet rather than the RFID wisp because they knew that they could simply remove the bracelet whenever they didn't want to be tracked. However, presumably, the parties who have a vested interest in the elderly being tracked (e.g. government (medicaid, etc might be based on their activities), elder home (accountability, human personnel expense)) would want to institute measures to either incentivise wearing of the bracelet or penalize removal of the bracelet. Over time, however, it might very well happen that the practicality of choosing not to be tracked would become unrealistic, due either to financial constraints of being retired or lack of good, non-automated elder care, if left up simply to market forces. What protections can be made such that the ability to lead a more traditional end of life does not become difficult or impossible were it desired?
• In the client concerns section, two of the points are listed as: (1) Lack of trust/understanding of technology and (2) Fear of being monitored (Especially among mentally ill). In the debate over pervasive computing, especially with RFID, it seems like many proponents of pervasive technologies attribute lack of trust specifically to lack of understanding of the systems being designed. How fair is this characterization? How does it play into the ability to have useful debates about its place? The association between trust/understanding in the bullet point is quite curious in this regard. The same issue lies with the second bullet point which seems to imply that fear of being monitored is somehow irrational (or only for the "neo-luddites"). Yet the ability to monitor, measure, and infer is one of the central ways in which power manifests because it gives cheap, actionable information. Thus, power tends to become even more centralized in the institutions that come to have access to such data. Of course, these are probably way too deep readings of the slides, but it seems like they get at the strawmen that are typically setup in the portrayal of RFID. So the questions here are to what extent are the fears and concerns of RFID tied to misunderstanding of the technologies?
• In the deployment of the Eldercare system, who owns the data? If it is the wearer of the bracelet, do the same laws about medical data apply here? In the case where the data is owned by another party, what limits should be placed on what can be done with this data?
• Who verifies that the results of the Eldercare system are accurate and reliable? There is evidence that RFID reads can often be missed, non-uniform or inaccurate. Readers may break, tags may break, the inferring machine may be down. In the Eldercare, these reads feed into a system that eventually makes a "diagnosis" of sorts. In the case that this diagnosis is wrong, where does the responsibility lie?
• What are the possible health implications that could be brought about from having to wear a RFID reader on the wrist for extended periods of time? Studies on the prolonged use of cell phones have raised concerns that they can possibly cause cancers, reduction in viable sperm in men, etc. Are there currently any studies in process that are addressing this possiblility?

Questions for Rene

• How much could one gain by using a malicious reader (one that exceeds FCC limits) on a standard tag? Rene estimates that it would be rather easy to get twice the range. Someone super proficient could get a five-fold increase in read range before reaching physical limits, but would require on the order of $2-5 million in resources (need both a select group of people and machines to create such a reader).
• About cloning tags, Rene says it would be difficult but doable to clone tags using FPGAs. Things such as video confirmation used in conjunction with tags would make it harder to bypass security though.
• Is the barrier of entry to clone/sniff RFID tags getting lower? Rene says there's a small group of people with the know-how.
• How would one secure a tag so only a specific reader could read it? Since a tag is merely a key, it only has meaning if the reader knows how to look up the tag's key in the right database.