KEY-FOB DATA PRIVACY

"It's an interesting privacy issue and something that's gone under the radar," observes David Jacobs, an attorney with the Electronic Privacy Information Center (EPIC), a nonprofit organization in Washington, D.C., concerned with new-technology privacy and civil liberties issues.

And under the radar is right: There appears to be nothing about the care and handling of key-fob data at EPIC, the ACLU, the Privacy Rights Clearinghouse, the Electronic Frontier Foundation, Computer Professionals for Social Responsibility or the U.S. Public Interest Research Group, among other organizations specializing in this area.

An Emerging Issue

People are generally OK with

information need to make

something work. The problem is

when you have secondary uses.

"With emerging issues like location privacy, it might just be lack of awareness," says Jacobs, "something people don't think about, but if you stopped them and said, 'Here's what's going on and do you think there should be policy protections?' they might say yes." But, he notes, "People, I think, are generally OK with collecting information that is necessary to make a particular service work. If you need to be able to tie a key fob to some central access system and that's all the system is doing — keeping track of the fobs and controlling access — then generally it's easier to have that be accepted. The problem is when you start having secondary uses."

What kind of secondary uses? We've seen with hotel key fobs that in some cases personal information beyond that needed for room access was being kept, and not always deleted after keys were turned in. Data mining is common as you move about Facebook and other social-media sites – why else do you think those ads pop up offering deals on, say, DVDs of TV shows whose pages you "like"? — and even supermarket cash registers can take notice of what you buy, pair it with your credit card or debit card information, and send the information to companies that send you coupons for those products.

"A lot of people are wary now of data brokers or information brokers — companies that collect personal information and use it for marketing," says Jacobs.

Fobs and Cops

There's also the issue of what police may or may not be entitled to. "Law enforcement might request access if there's some sort of database that contains information about when a particular key fob was used to enter the building," Jacobs says. "Conceivably that might help them in an investigation, especially if the key fob is tied to a particular resident. An issue here is what sort of showing law-enforcement has to make before they can access that device. Do they require a warrant for information about entering or leaving the building? For [such] no-content information, which different from reading an e-mail or listening to a phone conversation, generally they don't need a warrant."

Next page: Have a Policy >>