Chapter 5. Privacy Concerns

Not surprisingly, privacy issues represent a significant concern regarding RFID technology. After all, when a new technology is invented and is in the process of being developed, it must be analyzed from several viewpoints to determine whether and how its use will impact society. Consumer advocacy groups worry that RFID misuse might lead to the tracking of individuals, resulting in a loss of privacy.

In the midst of all the heated discussions about RFID and privacy, one important point is that privacy issues apply only to some particular types of RFID applications. A large number of RFID applications raise no privacy concerns. With regard to those RFID applications that do raise security concerns, the RFID vendors , the business community, researchers, integrators, lawmakers, and privacy advocates are feverishly working to deal with these issues. However, agreed-upon standards and regulations will eventually result from this meeting of the minds.

CAVEAT EMPTOR

Neither this chapter nor this book provides legal counsel. Adherence to the advice provided herein does not guarantee compliance with any law or standard, domestic or international. Example rules and regulations in this chapter and book are just that: examples. Businesses should consult their own legal counsel to ensure compliance with laws and regulations that might apply to them.

5.1. Core Issue

By its very nature, RFID technology can identify almost any type of object, even down to an individual component level. For example, any T-shirt produced by any manufacturer in the world can be uniquely identified using RFID. An identifier scheme such as Electronic Product Code (EPC; see Chapter 10, "Standards") makes it possible to generate a large number of unique identification numbers. Each of these unique identification numbers can be put on an RFID tag, which can then be attached to each item of a particular type. Continuing with the T-shirt example, it is possible, using an EPC numbering scheme of appropriate size , to tag every T-shirt produced in the world in any given year. The tag might be hidden or embedded in a T-shirt in such a manner a customer cannot find it. When a customer buys such a tagged T-shirt, this unique ID can be recorded at the time of sale and associated with the customer's personal record. When this customer carries or wears this T-shirt, a concealed reader can, theoretically, read the tag " anywhere ," " anytime ," without this person's knowledge or consent . The tag data can then be used by some kind of application to extract the associated personal record, resulting in tracking of this item and hence its owner. Of course, this scenario assumes that the tag is not destroyed before the customer leaves the store, his personal profile is somehow accessible and associated with the tag's EPC identifier at the time of purchase, and that some kind of massive distributed database exists that can store and update the data of each such T-shirt EPC and each customer's personal information. The purchaser-wearer of this T-shirt loses anonymity and control of how the collecting parties use this tracking information, which can result in uncontrolled profiling of this customer and might seriously infringe upon his privacy rights.

Privacy-rights advocates fear that if the use of RFID is not checked, its use might open doors to the government, law enforcement officials, business community, and criminals alike to surreptitiously read the unique tag data of items a person wears or carries (in a purse, for example, assuming the purse is made of an RF-friendly material and is in the read range, among other things; see Chapter 2, "Advantages of the Technology") and extract the information of the items and buyer associated with this data. Thus, the buyer loses his privacy and anonymity. Moving closer to what is reality today, you need to understand that RFID has severe limitations in terms of reading distances (depending on the frequency and tag type) and materials through which it can read tag data, to name a few (see Chapter 3, "Limitations of the Technology"). Therefore, currently, RFID cannot read a tag at an arbitrary distance through an arbitrary material in an arbitrary operating environment.

In this discussion, one subtle but important point is that two distinct elements are involved in item-level tagging: unique tag data and consumer identification data (CID) of the customer. As long as these two entities are kept separate, the question of privacy infringement of the consumer does not arise. When these two pieces of data are linked or associated somehow, however, then the issue of privacy-rights violation might arise. To alleviate this problem and build customer trust and confidence, a retailer might want to explain to customers the benefits of item-level tagging. It can then offer an opt-in or opt-out option to customers for collection and association of their CIDs with purchased items' tag data.

Note that privacy concerns already exist with bar code, credit card, and consumer discount card technologies, and that RFID is another variation on these same themes. Retailers can already tie together data from credit cards and customer bar code loyalty cards, which raises some of the same privacy issues as RFID.

However, not all item-level tagging involves privacy concerns. Applications that involve electronic payment are acceptable, for example, as is the tagging of a shipping container with the sender's information (see Chapter 4, "Application Areas").