RFID Privacy and You
RFID (Radio-Frequency Identification) is a tiny wireless technology which has the potential to radically transform the commerce world. It consists of an inexpensive chip, often smaller than a grain of sand, which can be read up to several meters away. The hope among retailers, is that the technology can be used as a next-generation barcode, automating inventory levels, and thus cutting costs for manufacturers and retailers. While the technology does offer some potentially remarkable opportunities, it also raises some concerns with regard to
individual privacy and corporate espionage.
While barcode-type RFID tags are not likely to reach consumers on a regular basis in the near future, there is little doubt that with the success of early trials, they eventually will. Consequently, concerns about privacy infringement with regard to RFID are important not only in the theoretical sphere, but increasingly such discussions have vital practical applications.
SPECIFIC PRIVACY CONCERNS
RFID tags differ from conventional barcode tags in a number of ways. It is these differences that create the benefit of adopting the technology, while simultaneously creating the greatest concern over the privacy issues involved. For example, under today's bar code technology, a pack of Wrigley's Gum sold in Houston, Texas has the same barcode as a pack sold in New York City or Ontario. With RFID, however, each pack would have a unique ID code which could be tied to the purchaser of that gum when they use an 'item registration system' such as a frequent shopper card or a credit card.
Continuing with the Gum example, the purchaser could then be tracked if he/she ever entered that same store again, or perhaps more frightening, if they entered any other store with RFID reading capability. Because unlike a barcode, RFID can be read at a distance of up to a few yards. Meaning that if you enter a store with a pack of gum in your pocket, the reader can identify that pack of gum, the time and date you bought it, where you bought it, and how frequently you come into the store.
If you used a credit card or a frequent shopper card to purchase it, the manufacturer and store could also tie that information to your name, address, and email. You could then receive targeted advertisements by gum companies as you walk down the aisle, or receive mailings through your e-mail or snail mail about other products.
As the technology behind RFID advances, the potential for privacy infringement does as well. A more recent development is a study which reveals that RFID already has the capability to determine the distance of a tag from the reader location. With such technology already available, it is not difficult to imagine a situation in which retailers could determine the location of individuals within their store, and thus target specific advertisements to that customer based upon past purchases. In effect, that store would be creating a personal log of your past purchases, your shopping patterns, and ultimately your behavioral patters.
While such information gathering would be considered intrusive enough by many consumer's standards, the danger that such information could be sold to other retailers, (similar to the way such profiles are currently sold regarding internet commerce), could create potentially devastating information vulnerabilities. While some RFID critics have pointed out that the technology could lead to some sort of corporate 'Big Brother' there is a more widespread concern that allowing RFID to develop without legal restrictions will eliminate the possibility for consumers to refuse to give such information to retailers.
Despite these and other such dangers, however, there are some steps being taken to mitigate these privacy issues. For example, a recent proposal would require that all RFID-tagged products be clearly labeled. This would give consumers the choice to select products without RFID, or at a minimum to recognize that the items they select are being tracked. For those unsatisfied with disclosure, there also exist a growing number of products designed to limit their exposure to RFID tagged products. One such product is ìKill Codesî a command which turns off all RFID tags immediately as the consumer comes into contact with them, thus entirely eliminating the effectiveness of the technology. Another proposal, however, ìRSA Blocker Tagsî, try to address privacy concerns while maintaining the integrity of the product. Under this technology, the item can only be tracked by that store's authorized reader, meaning that customers cannot be tracked outside of the store in which they purchased the item.
While some of the dangers posited here seem far-fetched and unlikely, the technology already exists and is developing rapidly to ensure that such hypotheticals can become realities. RFID tags have the potential to revolutionize the shopping experience by bringing us targeted products and allowing retailers and manufacturers to track purchases and shopper behavior more accurately and cost-effectively. The concern, however, is that if we are not aware and careful about the potential abuses of such technologies early on, we may fail to incorporate them at a time when the laws and mores of such a system are still developing, ultimately suffering the consequences later on.
About the author:
Rich McIver writes for http://www.rfidgazette.org , a free informational resource on RFID. See http://www.rfidgazette .org/privacy/ for more information on RFID privacy issues.