RFID privacy and more

February 22, 2006


Radio Frequency ID tags are wonderful! Hi-tech embedded in a thin plastic band. Cheap, flexible, powerful and useful for a wide-range of applications; but since its popularisation there is some controversy about the security and privacy issues. Civil rights groups and privacy-concerned public are claming against the use of this devices and demanding government regulations. The are right, but just partially. Some cases could be pretty sound like pharmaceutics –really I don’t want that someone knows that I’ve got Viagra in my briefcase!- , but if the company uses RFID to manage inventory, supply-chain or maintenance processes. It is affecting anybody’s privacy?

The privacy problems are mainly two, one technical and the other psychological:

  • They must be low-cost devices and therefore they can implement only a limited set of algorithms for encryption and authentication mechanisms. News like this one (Yes is the S from RSA!) show the reality of RFID security. Now it’s just an isolate experiment, but recent events in the security market .(A good example is the WEP encryption standard for WiFi networks, in only months the Wire-equivalent-Protection become synonymous of insecurity)
  • The fear to progress forces and technology changes. Politics and lobbing agents also matters, but, of course, they need some gas in form of public support. Here, unfortunately is messier to deal with.

In addition, some other managerial questions are also relevant. If some critical processes are relying on information gathered by RFID infrastructures, there some question we should answer (a first approach):

  • There is some concern and aware of RFID Risks?
  • Is your organization managing policies and procedures related to RFID and complying current regulation?
  • Are controls in place to assure that RFID tags are properly issued and scraped?
  • Are controls in place to assure that RFID infrastructure systems are tracking all items with reliability?
  • Are the RFID tags properly deactivate to safeguard clients or suppliers privacy?
  • Who is accountable of all this stuff?

Let me show a simple example: A regular task for financial auditors is to estimate inventory accounts based on physical inventories using samples. What if your systems provide a quasi-physical inventory based on RFID warehouse facility?. Should the auditor relay totally on this data? Should the auditor work if the were no RFID system?. I let the answer to the reader

Pending task: How about a good IT Audit program for RFID enviroments?

Strategy Tip: Don’t forget, new emerging technologies come together with “emerging” risks.

OS X Malware born

February 19, 2006

XOS WORMSooner or later markets reach equilibrium. Computer virus markets, like others, are not different indeed. Some users of Mac environments thought they were safe from viruses but it is now part of a myth. The past 16th November was discovered the 1st worm for Apple’s OSX. It is not much aggressive; it is just a proof of concept that malware is not only possible but a real menace on this platform.

Apple’s strategy of migrating their platform from Power PC to Intel could be a signal that OS X could become a much more popular OS in the future. If Apple’s countermeasures against copy and deployment of OS X on standard PC ( Today it’s possible but illegal) fails, the population of OSX-suited (or hybrid) malware will increase soon. Malware it’s not about technology it’s a market phenomenon.

On Human Machine Interfaces – Future or dream?

February 17, 2006

We’ve seen it before in comics and movies like Minority Report. This device developed at NYU is a dream for science fiction lovers and widget maniacs. Look at the new display! It’s fantastic!

For years I’ve seen experts, researchers and journalists announcing futurisctic interfaces and a revolution in how we communicate with machines. Is this revolution realy coming? Is it real o a dream?. I must recognise, I like the invention. I’d like to play with it, but, how about working ten hours a day with it?. History of human development shows us that improvements of productive processes are commonly(if not always) driven by some energetic efficiency. First of all, we try by all means to reduce our physical/manual labor. Finger pads, mouses, trackballs are finger adapted devices which save human energy, and indeed they are better (considering just energy consumed) than devices adapted for hand, arm or body movements. On the other hand of the equation is output. Only if the increase of output (usability, speed,…) of using these devices exceeds the value we lost (costs) – measured in energy or equivalents – then we’d see a revolution of Human-machine interfaces (HMI). I’m unable to foreseen the future, but for now I think that the benefits of using these gadgets are less than costs. So my forecast is that this revolution will not take place, at least for the moment. Some specific areas such CAD, home electronics or surveillance systems could have other surplus scenario and maybe this technologies might be adopted soon, but generally speaking, I don’t see a future with ubiquitous touch-screens.

Rumours: Apple is in the mood to release a new gadget with similar technology. The TPod?

To think about: Apple’s killer product, IPod. What HMI uses? The Thumb!

Strategy Tip: Think broader, take in account not just advantages of technologies but costs (not only money) too. They both are mirror images of the same thing.

Comments are open!

Moving StrategIT

February 15, 2006


Unfortunately we are unable to move all past information to the new page. In the future we’ll try to feed the articles section of StrategIT with some relevant past articles or posts, but now we are trying to set WordPress up porperly. Meantime , we’ll continue posting. We hope that former readers will find us and we’re looking forward meet them again. WordPress includes some features such categories, pages and tags that improve the information’s organization and browsing, and of course, is working faster as other similar sites.

Some things are lost in the moving but net viewed we all are better off with this change.