“Why RFID Chips are Like a Dog Collar” Interview with Sushant Agarwal, Privacy and Sustainable Computing Lab

Sushant would you please introduce yourself and tell us about your scientific work and background?

Sushant: My name is Sushant Agarwal. I did my Bachelor and Masters in India in Aerospace Engineering at the Indian Institute of Technology Bombay.During this time, I did an internships at the University of Cambridge where I worked on a project related to RFID. There I had to carry several RFID enabled cards – key cards to unlock the university doors, college main entrance, my dorm room and also an id-card for a library. I used to wonder why they don’t just create one RFID chip which would work for everything. Later, I started my thesis which dealt with machine learning. This was the time I started thinking about privacy and how centralisation is not always a good approach. After my studies, I got an opportunity here to work on a project that combined both privacy and RFID.

Would you tell us a little more about this project?

The EU project which was called SERAMIS (Sensor-Enabled Real-World Awareness for Management Information Systems) has been dealing with the use of RFID in fashion retail. My work focused more on the privacy aspects. If you look at clothes that you buy from big fashion retailers, along with the price tags there can be RFID chips as well, which are slowly replacing the security tags or the fancy colour bombs they were using before.

Would you also tell us about the tool you created at the Lab called “PriWUcy”?

This was part of the SERAMIS project as well. We had to develop a tool for Privacy Impact Assessments. When we started developing this tool the landscape of data protection related regulation changed to the General Data Protection Regulation (GDPR). Because of this regulatory change a lot of things in our Privacy Impact Assessment tool had to be adjusted. This was the time when we thought about a sustainable solution and came up with the idea to model the legislation in a machine-readable way in order to easily update the tool based on the changes in the interpretation of the GDPR.

Sushant, what is privacy for you?

For me personally, privacy is all about control. I want to have the ultimate control of my data. At least I should be allowed to say who should get my data, as well as what kind of data they should have access to. So it shouldn’t be like logging in online and starting Facebook in one of your tabs and then Facebook tracks you for all the rest of the websites that you browse. That is something I really hate. I try to use online services where I can have the maximum amount of control possible.

Would you give us an example for how you make use of your knowledge on privacy in your daily life?

Yes, for me the concept of smart homes is something very interesting. And to try this out on a small scale, I started out with some smart bulbs. I bought  some smart-bulbs from China to experiment with. These bulbs work using Wi-Fi and through a switch in my apartment I was communicating first with a server in China and then the server was controlling my light switch. One could say the server in China was a middleman in the process of switching on my lights. And I didn’t really like this design so I looked at some open source alternatives like https://home-assistant.io/ where I had better control and I could avoid the middleman.