The threat to privacy posed by placing RFID tags on consumer goods keeps getting more complex. Can privacy guidelines keep pace with this dynamic and powerful technology?
Tagging Individual Items
Protests over the use of radio frequency identification (RFID) tags with consumer products have raged for years. Early on, privacy advocates raised the alarm over tagging individual items and the potential for collecting data on each consumer's purchasing history. Retailers and technologists alike responded by saying that the tagging of individual items was a long way off.
Well, we are almost there. One recent account tells how Levi Strauss is testing the use of RFID on men's jeans sold in one U.S. store and on pants in two stores in Mexico. This shows just how quickly business practices and technologies evolve when greater efficiency and higher profits can be achieved.
Despite assurances from the business community, people still want to see safeguards in place that will protect their private lives.
Promises and Threats
To answer this call, the Center for Democracy & Technology presented at a trade show in Las Vegas on May 1 a list of best practices for companies using RFID. The guidelines call for businesses to inform consumers when they have embedded RFID tags in clothing seams, labels, and packages. And businesses are asked to inform customers on ways to disable and dispose of the tags once items are purchased. The guidelines go on to request that retailers alert consumers when they're entering a commercial or public place where RFID technology is used.
High-profile companies and organizations made a strong show of support for these practices. Among them are the American Library Association, Cisco Systems, Eli Lilly and Co., IBM, Intel, Microsoft, the National Consumer League, Procter & Gamble Co., VeriSign, and Visa USA.
The question is: Will these guidelines be enough?
Dan Mullen, president of AIM Global, a trade association for the automatic identification and data capture industry, recently said in an article titled "RFID: For the Common Good", "To make educated decisions about how RFID fits into our lives, it is important to understand the various ways in which RFID is already being used to provide security, safety and authentication to protect the public and the common good." A better approach would be to base such decisions on a solid understanding of the technology and how it is developed.
Mullen goes on to say, "It's important to realize that RFID is not a monolithic technology. It is, instead, a family of similar but not identical systems, each with its own capabilities and limitations. Different systems require different levels of security to ensure privacy. Attempting to develop a one-size-fits-all approach to privacy and security would, instead, result in a one-size-fits-none 'solution' that could deprive citizens of existing and future benefits of the technology."
Not only does the variety of capabilities possessed by the technology make it difficult to come up with privacy guidelines, but the speed with which the capabilities change and grow make the task daunting.