Privacy Considerations

As we pointed out earlier, there are two basic ways that privacy can be compromized in the world. Thus far, our discussion has centered on the firstunauthorized third-party attacks and breaches of security that expose private and confidential data, thereby affecting businesses and/or individuals. Privacy may also be compromised through deliberate or accidental misuse of data by the very same entitiescommercial or governmentalthat collect and manage confidential data for legitimate reasons. This section discusses the latter situation, misuse of data, with particular emphasis on business-to-consumer relationships.

Although privacy concerns are not unique to RFID applications, specific features of RFID systems require businesses to be more aware of and sensitive to privacy issues. First, RFID is a relatively new technology that is frequently misunderstood by consumers. Second, RFID offers the potential to collect and track very significant amounts of data about consumers and their behavior, which can become a very powerful tool for abuse. Privacy concerns related to RFID revolve around questions of what is tracked, how it is tracked, and for what purposes it is tracked. We briefly outline the contours of these discussions while we try our best to avoid the fundamental and philosophical issues related to an individual's rights to privacy. We conclude this chapter with a discussion of how businesses can develop and implement RFID privacy best practices.

Consumer RFID Applications and Privacy

Consumer privacy groups worry about RFID primarily in relation to consumer applications (described earlier), contending that information collected could conceivably be used to track and trace people's actions and belongings in ways that could violate individual rights to privacy. These concerns are most frequently discussed by lawmakers and relayed by the press. The most Orwellian argument maintains that RFID technology itself invades privacy by creating an entirely new method of surveillance. Others argue that legislation should not focus on the technology, per se, but rather on the kinds of information governments and businesses are allowed to collect and what they are allowed to do with it.

Consumer Willingness to Disclose Personal Data

Although the discussions continue, consumers typically must first be willing to disclose personal or private data in order for a business to collect it. Most consumers are willing to do so, in varying degrees, in exchange for receiving certain benefits. Two general factors, purpose and trust, determine their willingness to do so.

Purpose

Consumers are generally willing to disclose personal data for receiving specific benefits. For example, many consumers are willing to provide details related to financial status and credit rating in order to qualify for a home loan. A study by Accenture^[3], a large consulting firm, found that consumers trust their employers, banks, and health insurance providers with private data much more often than they do an online retailer or a supermarket. The same study found, however, that consumer concerns do not necessarily prevent sharing of personal information. Despite their stated concerns, 69% of the consumers surveyed said they are willing to exchange their personal data for cash, convenience, and bonus points.

^[3] Accenture News Release, "Accenture Study Reveals Wide Chasm Exists Between U.S. Businesses and Consumers Regarding Privacy and Trust Related to Personal Data," Jan 2, 2004 at http://www.accenture.com/xd/xd.asp?it=enweb&xd=_dyn%5Cdynamicpressrelease_691%.xml.

Trust

Consumers usually disclose private data if they are relatively confident that the business can and will protect their data and use it only for a promised purpose. This element of trust facilitates the transfer of information and is bolstered by both the reputation of the business, legal mandates governing an enterprise's use of data, and a consumer's legal rights for the protection of such data.

The consumer that trusts the business with which she is working will likely have few privacy concerns. Interestingly, the aforementioned Accenture study found a wide gap between consumer perceptions and business perceptions of what factors engender and undermine trust. Whereas business respondents most frequently cited good customer service as the best way to engender trust, the majority of consumers cited company reputation or the length of their relationship with the business. In regard to factors undermining trust, 74% of business respondents cited online security fears, whereas 67% of consumers blamed aggressive marketing. More than half of those surveyed avoid dealing with companies whose privacy policies make them uncomfortable. These findings underscore the importance for businesses to develop and adopt a framework for RFID privacy best practices.

RFID Privacy Best Practices

As previously noted, consumers do not share identical privacy protection preferences, and it is impossible to address all concerns of all consumers. The Internet provides a useful point of comparison as using it raises inherent privacy issues. Today, a number of consumers still refuse to conduct business over the Internet for fear of invasion of their privacy. Nonetheless, a critical mass of consumers who feel comfortable enough to conduct business over the Internet has emerged. As shown in Figure 10.2, retail e-commerce sales estimates in the United States show sales went from $7.4 billion in the third quarter of 2000 to $17.6 billion in the third quarter of 2004.

Figure 10.2. E-Commerce Sales Estimates^[4] (Dollars in Millions)

^[4] Source: The Census Bureau of the United States Department of Commerce (http://www.census.gov/mrts/www/current.html).

RFID technology advocates who share the goal of gaining consumer trust can assist expected growth and eventual ubiquity of RFID in the years to come. To this end, we describe a framework of RFID privacy best practices in the following sections.^[5]

^[5] Because RFID shares many of the same privacy issues with the Internet, the best practices framework here reflects the spirit of more general privacy principles promoted by the European Union's Directive on Privacy and Electronic Communications, as well as the United States Department of Commerce Safe Harbor Framework.

Education

Because RFID is a relatively new technology for most consumers, education programs about the technology, its uses, benefits, and limitations are important. For example, educating a consumer on the range limitations of RFID readers and the existence of transponder shields may reduce fears about Big Brother. At the same time, articulating specific benefits such as convenience, cost savings, and life-saving features of different RFID applications may give consumers the information required to make informed decisions that balance the benefits of an RFID application with its potential to violate privacy. For example, consider a scenario where a patient wearing an RFID bracelet in a hospital room is informed that the RFID bracelet can avoid life-threatening situations because it helps reduce the chance of medication error. This patient might then become less concerned about invasion of privacy associated with surveillance or access to her medical history.

Legislation

Legislation can play a big role in calming consumer fear of privacy rights violations. Knowing that the law limits the use of personal and private data is a powerful factor that can boost consumer confidence regarding protection of data. In the United States, several states (for example, California and Utah) have already introduced bills to address RFID privacy issues.

Disclosure

Disclosure is an important factor that creates a certain level of assurance for the consumer. A business using a consumer facing RFID system can provide such assurance to its customers by disclosing the following:

• Notification that the business is using RFID technology

• An explanation regarding the exact nature and details of why it is using RFID

• Statements about the specific personal data it does and does not collect

• Statements about how it will and will not use the data collected

• An explanation regarding how it protects data

• A statement about whether or not it will give this data to any other entity, and, if so, an explanation regarding the data use and protection policies of those entities

• References to any official, legal, or other types of privacy policies it follows

Consent

Simple disclosure of privacy practices and policies is generally not adequate. A trustworthy business should also seek the consumer's consent to collect and use her personal data. There are two types of consent: explicit and implicit. Explicit consent requires that the consumer explicitly agrees to having her personal data collected and used. Implicit consent essentially involves informing the consumer that by "using" the RFID system, she is giving consent to the collection/use of her personal data.

Seeking explicit consent can be difficult and/or impractical. For example, in a retail store where all items are tagged and consumer traffic is constant, it is impractical to seek consent on an ongoing basis or to remove RFID tags based on consumer consent. In such a case, entering a store may constitute a form of implicit consent, assuming the store has informed the consumer of this policy. However, there are further enhancements that can be made where explicit consent is not possible. The previously mentioned Mylar shielding bag that FasTrak supplies its users, allows drivers to place their tag inside the bag to avoid detection when they are not going through a toll plaza. In this scenario, removing the tag from the bag may be a form of implicit consent.