March 22, 2005

RFID Privacy Issues

How RFID Will Impact Consumer Privacy
by Rich McIver
Special to RFID Gazette

RFID (Radio-Frequency Identification) is a tiny wireless technology which has the potential to radically transform the commerce world. It consists of an inexpensive chip, often smaller than a grain of sand, which can be read up to several meters away. The hope among retailers is that the technology can be used as a next-generation barcode, automating inventory levels, and thus cutting costs for manufacturers and retailers. While the technology does offer some potentially remarkable opportunities, it also raises some concerns with regard to individual privacy and corporate espionage.

While barcode-type RFID tags are not likely to reach consumers on a regular basis in the near future, there is little doubt that with the success of early trials, they eventually will. Consequently, concerns about privacy infringement with regard to RFID are important not only in the theoretical sphere, but increasingly such discussions have vital practical applications.

SPECIFIC PRIVACY CONCERNS

RFID tags differ from conventional barcode tags in a number of ways. It is these differences that create the benefit of adopting the technology, while simultaneously creating the greatest concern over the privacy issues involved. For example, under today's barcode technology, a pack of Wrigley's gum sold in Houston has the same barcode as a pack sold in New York City. With RFID, however, each pack would have a unique ID code which could be tied to the purchaser of that gum when they use an "item registration system" such as a frequent shopper card or a credit card.

Continuing with the gum example, the purchaser could then be tracked if he/she ever entered that same store again, or perhaps more frightening, if they entered any other store with RFID reading capability. Because, unlike a barcode, RFID tags can be read from much greater distances and the reading of such devices is non-directional. This means that if you enter a store with a pack of gum in your pocket, the reader can identify that pack of gum, the time and date you bought it, where you bought it, and how frequently you come into the store. If you used a credit card or a frequent shopper card to purchase it, the manufacturer and store could also tie that information to your name, address, and e-mail. You could then receive targeted advertisements by gum companies as you walk down the aisle, or receive mailings through your e-mail or regular mail about other products.

As the technology behind RFID advances, the potential for privacy infringement does as well. A more recent development is a study which reveals that RFID already has the capability to determine the distance of a tag from the reader location. With such technology already available, it is not difficult to imagine a situation in which retailers could determine the location of individuals within their store, and thus target specific advertisements to that customer based upon past purchases. In effect, that store would be creating a personal log of your past purchases, your shopping patterns, and ultimately your behavioral patters. While such information gathering would be considered intrusive enough by many consumer's standards, the danger that such information could be sold to other retailers, (similar to the way such profiles are currently sold regarding Internet commerce), could create potentially devastating information vulnerabilities. While some RFID critics have pointed out that the technology could lead to some sort of corporate "Big Brother," there is a more widespread concern that allowing RFID to develop without legal restrictions will eliminate the possibility for consumers to refuse to give such information to retailers.

COUNTER-MEASURES

Despite these and other such dangers, however, there are some steps being taken to mitigate these privacy issues. For example, a recent proposal would require that all RFID-tagged products be clearly labeled. This would give consumers the choice to select products without RFID, or at a minimum to recognize that the items they select are being tracked. For those unsatisfied with disclosure, there also exist a growing number of products designed to limit their exposure to RFID tagged products. One such product is "Kill Codes," a command which turns off all RFID tags immediately as the consumer comes into contact with them, thus entirely eliminating the effectiveness of the technology. Another countermeasure against RFID privacy invasion is "RSA Blocker Tags," which try to address privacy concerns while maintaining the integrity of the product. Under this technology, the item can only be tracked by that store's authorized reader, meaning that customers cannot be tracked outside of the store in which they purchased the item.

CONCLUSION

While some of the dangers posited here seem far-fetched and unlikely, the technology already exists and is developing rapidly to ensure that such hypotheticals can become realities. RFID tags have the potential to revolutionize the shopping experience by bringing us targeted products and allowing retailers and manufacturers to track purchases and shopper behavior more accurately and cost-effectively. The concern, however, is that if we are not aware and careful about the potential abuses of such technologies early on, we may fail to incorporate them at a time when the laws and mores of such a system are still developing, ultimately suffering the consequences later on.

--
Did you enjoy this post?

Free RFID Newsletter

Subscribe to The RFID Gazetteer, published monthly. Enter your email address:

« Alien Technology Wins DOD Contract | Main | Proposal For RFID Laws To Protect Privacy »