Beruflich Dokumente
Kultur Dokumente
Karnika Seth
Cyber law Expert & Managing Partner
SETH ASSOCIATES
ADVOCATES AND LEGAL CONSULTANTS
Global standardisation
Legal Issues
Security and other issues
RFID Technology- An Introduction
Radio Frequency Identification (RFID) Technology uses radio waves to
automatically identify wirelessly, contact less and without visibility objects
which, or people who have an RFID tag attached. It is grouped under the
broad category of automatic identification technologies.
It consists of two parts: a tag that contains an identification number and a
reader who works as a scanner that triggers the tag to broadcast its
identification number. This number usually acts as an input to further data
processing. RFID is designed to enable readers to capture data on tags and
transmit it to computer system without needing a person to be involved.
The RFID system consists of an antenna and a transceiver, which reads the
radio frequency and transfers the information to a processing device
(reader) and a transponder, or RF tag, which contains the RF circuitry and
information to be transmitted.
The Radio frequency band allocated to India for RFID is 865 – 867 MHz.
This band has been freed solely for RFID since March 2005.
Transport industry
The Minister of Road Transport and Highways, Government of India, launched a
pilot project for radio frequency identification (RFID)-based vehicle tracking project
on the Delhi-Jaipur highway of India.
Ticketing
More recently, NXP Semiconductors, SmartTags and Gemini Traze have
collaborated to implement a “hands-free” RFID ticketing solution for a sporting
event.
© All Rights Reserved Seth Associates
RFID Applications in India
RFID in the Pharmaceutical Industry
(Ranbaxy), a wholly owned subsidiary of Ranbaxy Laboratories Limited,
India’s largest pharmaceutical company, has chosen Acsis to implement a
radio frequency identification (RFID) tracking system to meet Wal-Mart’s
RFID mandate for its Class 2 pharmaceutical suppliers.
Animal Tracking
The Kopordem farm at Valpoi in Sattari Taluk in North Goa has become the
first farm in India to use RFID microchips that can be injected into the
animal's body.
Manufacturing Sector
Wipro’s Manufacturing Solutions’ Center of Excellence (CoE) has a
dedicated team of consultants who help customers define, analyze, design
and implement RFID solutions. Amongst others, their RFID solutions
include a Wireless Yard Management System for a large automobile
manufacturer and a Real-Time WIP Tracking System for an electronic
component product manufacturer
Legal approvals & compliances-
Statutory framework & Regulatory Authority
Wireless Planning and Coordination Wing of Ministry of Communications and Information
Technology, Government of India deals with issues of licensing use of RFID devices in India.
Indian Wireless Telegraphy Act
Indian Wireless Telegraphy Act 1933-An Act to regulate the possession of wireless
telegraphy apparatus-‘wireless communication’ defined in Section 2 of the Act means any
transmission, omission or reception of signs, signals, writing, images and sounds, or
intelligence of any nature by means of electricity, magnetism, or Radio waves or Hertzian
waves, without the use of wires or other continuous electrical conductors between the
transmitting and the receiving apparatus;
Explanation.—‘Radio waves’ or ‘Hertzian waves’ means electromagnetic waves of frequencies
lower than 3,000 gigacycles per second propagated in space without artificial guide;
Section 5 of the Indian Wireless Telegraphy Act 1933- Licences.—The telegraphy
authority constituted under the Indian Telegraph Act, 1885, shall be the authority competent to
issue licences to possess wireless telegraphy apparatus under this Act, and may issue
licences in such manner, on such conditions and subject to such payments, as may be
prescribed.
According to Section 3 of the Act Possession of wireless telegraphy apparatus without licence
is strictly prohibited-possessing wireless transmitter without licence -3 years punishment , fine
or both. Section 4 deals with Power of Central Government to exempt persons from provisions
of the Act and Section 10 elucidates Power of Central Government to make rules
Indian Telegraph Act
The Indian Telegraph Act was passed by the Legislature in 1885 and it came into
force on 1st October, 1885-An Act to amend the law relating to Telegraphs in India
‘Telegraph’ which expression by the definition would include a telephone and FAX
also. A video and Television both fall with in the definition of ‘‘ telegraph’’. A telegraph
wireless receiving station is a ‘‘ telegraph’’ as defined in the Act.Section 3 of the
Indian Telegraph Act defines Telegraph as - "telegraph" means any appliance,
instrument, material or apparatus used or capable of use for transmission or reception
of signs, signals, writing, images, and sounds or intelligence of any nature by wire,
visual or other electro-magnetic emissions, Radio waves or Hertzian waves, galvanic,
electric or magnetic means;
Explanation — "Radio waves" or "Hertzian waves" means electro magnetic waves
of frequencies lower than 3,000 giga-cycles per sound propagated in space without
artificial guide.
"telegraph authority" means the Director-General of Posts and Telegraphs, and
includes any officer empowered by him to perform all or any of the functions of the
telegraph authority under this Act;
Rule 4. In case where any person to whom a licence has been issued under
section 4 of the Act, informs that his licensed system is getting harmful
interference from any other radio communication system exempted under
these rules, the use of such unlicensed Wireless equipment shall be
discontinued forthwith.
RFID Standardisation
RFID standards first came into being during the early 1990s, when
the (newly created) CENTC225 committee on bar coding focused
the attention on automatic ID techniques in general.
The members of the SC31 committees are the representatives of the national
standard bodies such as in UK the BSI IST34 committee on bar coding, including the
same people who tend to participate in CEN TC225. They represent either internal
consultants within big corporations,or external consultants which are representing the
interest of different companies. As a result,three different levels of representativeness
(and thus interests) can be identified in the ISO process: the individual, the
organisational, and the national level .
Standardisation-The ISO approach
A new entity was created in October 2003, the EPC Global as a joint
venture between UCC and EAN to undertake the standardisation
and commercialisation work within Auto-ID.. Whereas Auto-ID would
continue to research RFID technologies, EPC Global focuses on
standardisation activities, as well as their commercialisation.
The EPC Global approach
EPC standards describe the tag and the air interface depending on
the data being carried. EPCstandards prescribe the physical
implementation of the tags and readers, rather then specifying their
generic characteristics. The standards are also much more limited in
their scope, forexample where the ISO standards for air interface
cover all the frequency range, EPC operatesonly within the UHF
between 860-930MHz with one standard for 13.56MHz
The EPC vs ISO Global approach
Whereas ISO can claim that it reflects the global requirements into a
legitimate process (equalfooting and consensus based), EPC
focuses on speed and emphasises the broad support it receives
from the industry community.
The ISO and EPC processes can be seen as complementary, even
more so when one consider that the only competing area is the
standard for air interfaces frequencies.
However, for both EPC supporters and for ISO the need for a single,
global standard is impetuous.
Tags that usually store personal data ( active tags) e.g passports issued with RFID
technology-RFID chips containing biometric information -Germany, Belgium-
In compliance with the recommendations of the ICAO the Council of the European
Union adopted on 13/12/2004 a regulation mandating the inclusion of both facial
image andfingerprints in future passports and travel documents issued by EU
Member States. The new regulation aims at better protecting EU passports against
forgery, at enabling better identification of passport holders and at harmonising
security standard features used in the production of passports and travel
documents issued by Member States-Council Regulation 2252/2004 on standards
for security features and biometrics in passports and travel documents issued by
Member States.
Legal Issues
Monetary counterfeit
Even the use of RFID tags in banknotes can be highly problematic in this perspective.
Through RFID it will be possible to determine which banknotes were withdrawn by
whom from which automatic teller machine, or where those banknotes were then
used to buy certain products or services.
Inexpensive tags simply do not have the memory to store lists of readers
that can authenticate themselves to the tag, in order to avoid unwanted
reading of tags; and they don't have the power to call out to an enterprise
server to get this information from a database. So they are exposed to
unauthorised reading by competitors, for instance if a rival enters the shop
of a competitor and “scans” by a mobile reader its inventory.
Labour law.
Besides, the use of the same RFID tags for other purposes, such as the
surveillance of employees which is already mentioned above, this
technology may affect the health of employees in terms of possible radiation
emitted during the data communication between tag and reader. It might
also lead to cutting personnel as a result of rationalisation through the use
of the technology.
Privacy and Data Protection
Privacy is closely connected to Data Protection. An individual’s data like his
name address, telephonenumbers, profession, family, choices, etc. are often
available at various places like schools, colleges, banks, directories, surveys
and on various web sites.
It would be a misnomer to say that India does not have ‘data protection’
legislation at all.
This is factually wrong. The fact is that there exists data protection legislation
in India. The subject matter of data protection and privacy has been dealt
within the Information Technology Act, 2000 but not in an exclusive manner.
Data Protection-legislative domain-India
The main principles on data protection and privacy enumerated under the
Information Technology Act, 2000 are:
The idea behind the aforesaid section is that the person who has
secured access to any such information shall not take unfair
advantage of it by disclosing it to the third party without obtaining the
consent of the disclosing party.
Cyber contraventions under IT Act
(a) Illegal access, (b) Illegal interception, (c) Data interference, (d)
System interference, (e) Misuse of devices, etc.
The Right to Privacy in India
Judicial activism has brought the Right to Privacy within the realm
of Fundamental Rights.
Article 141 of the Constitution states that “the law declared by the
Supreme Court shall be binding on all courts within the territory of
India.” Therefore, the decisions of The Supreme Court of India
become the law of the Land.
In this case the appellant was being harassed by police under Regulation 236(b)
of UP Police Regulation, which permits domiciliary visits at night.
The Supreme Court held that the Regulation 236 is unconstitutional and violative
of Article 21.
The Court equated ‘personal liberty’ with ‘privacy’, and observed, that “the
concept of liberty in Article was comprehensive enough to include privacy and
that a person’s house, where he lives with his family is his ‘castle’ and that
nothing is more deleterious to a man’s physical happiness and health than a
calculated interference with his privacy”.
Judicial Activism: The Right to Privacy
People’s Union for Civil Liberties (PUCL) v. Union of India AIR (1997) 1 SCC
301
(1) that the individual’s right to privacy exists and any unlawful invasion
of privacy would make the ‘offender’ liable for the consequences in
accordance with law;
(3) that the person’s “right to be let alone” is not an absolute right and
may be lawfully restricted for the prevention of crime, disorder or
protection of health or morals or protection of rights and freedom of
others.
RFID and Data protection laws in
other countries
GERMANY
Article 6c of the German Federal Data Protection Law (BDSG) is partly applicable to
RFID tags, notably where the tag does not directly process or store personal data, as
for instance passive tags
USA
Utah recently reviewed its laws on unauthorised access to networks and added
wireless networks as it previously only addressed wire line networks: it clarifies that
computer crimes laws apply to wireless networks.
Virginia’s law authorises research relating to methods of electronic toll collection. Also
provides that data generated by automated electronic toll-collection systems on use
of toll facilities can only be disclosed when so required by order of a court.
Emphasises need for prior consent of the individual whose data is being collected. It
defines the principles of data protection and requires that a data controller
implements these principles- ( purpose limitation, proportionality, data quality ,
lawfulness and ensure the security of the processing of personal data.
Blocker tags
Encryption