Feeds

Ofcom deregulates RFID in the UK

Lack of interference

Protecting users from Firesheep and other Sidejacking attacks with SSL

Communications watchdog Ofcom yesterday said that it would be making radio spectrum available for use by Radio Frequency Identification (RFID) equipment, and that those using the new technology would not need a wireless telegraphy licence.

The country's privacy watchdog – the Information Commissioner – has also clarified data protection implications of using RFID.

On Monday, (7 August) Ofcom published draft regulations which exempt the use of RFID equipment in the 865–868 MHz band from wireless telegraphy licensing. The draft regulations are open for consultation until 12 September.

Ofcom is responsible for civil use of the radio spectrum. To protect current users from interference, it authorises use of new or reclaimed frequencies by granting licences under the Wireless Telegraphy Act of 1949. Without such a licence it is illegal to use or install transmission equipment unless such use is exempt from the need to hold a wireless telegraphy licence.

The regulator has decided, however, that users of RFID technology are unlikely to cause interference to other users of the radio spectrum, and therefore they do not need a licence.

RFID is a generic term for technologies that use radio waves to automatically identify objects.

An RFID chip comprises a microchip and a tiny antenna that transmits the data from the chip to a reader. The reader is activated whenever the antenna comes into range and the data can be used to trigger an event – such as raising an alarm or signalling that a pallet of goods has arrived in a warehouse. Usually the range is no more than a few feet.

The chips can be incorporated into a range of products and have an advantage over barcodes in not requiring a line of sight between the chip and the reader. They offer a means of navigating complex global supply chains, allowing companies to track their products from factory to distribution centre, from warehouse to sales floor.

In response to growing interest in RFID, the European Conference of Communications and Postal Administrations (CEPT) recommended that additional spectrum be made available at 865-868MHz. Ofcom’s announcement yesterday implements this recommendation.

However, there are privacy implications relating to RFID chips.

In general the chips are too small to be removed, and if they are embedded in the product itself – clothes or shoes – rather than the packaging, then they will remain in it. It is also possible for them to remain trackable and this, say some privacy groups, is an unacceptable breach of privacy. They worry that criminals, governments or other agencies will be able to identify and track an individual by the RFID tags on his or her person.

Many of the privacy fears are exaggerated, given the limitations of the technology; but Ofcom acknowledges the concerns exist and warns that they fall out with its remit.

The regulator consulted with both the Department of Trade and Industry (DTI) and the Office of the Information Commissioner prior to making its announcements yesterday. As a result, the DTI has confirmed that it should be contacted in relation to any privacy concerns over the Ofcom consultation.

The Information Commissioner also issued a statement, clarifying his position on the use of RFID tags. This says:

“RFID tags may be used in circumstances where the Data Protection Act 1998 is unlikely to apply at all – for example, in monitoring distribution of pallets of goods from warehouse to stores. Even where personal information is involved it is perfectly possible to comply with the Act.

“Where the use of such tags involves the collection, generation or disclosure of personal information then the Act will apply. In particular, this means that individuals should be aware when information about them is being collected and what it will be used for.”

See:

Ofcom's proposal (26-page / 91KB PDF)
The Information Commissioner’s statement (1-page / 25KB PDF)

© Pinsent Masons 2000 - 2005

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.