Tracking devices were once solely the stuff of superheroes and foreboding sci-fi satire featuring a shadowy, technologically advanced Big Brother. Over the last two years though, RFID technologies have been utilized all over the globe, from China’s national ID card program to Germany’s World Cup tickets. In the United States, the State Department’s 2006 passports began including RFID chips. Also in 2006, the New York City subway system tested the RFID-enabled Mastercard PayPass at a portion of its turnstiles, and markets such as Philadelphia, Dallas, and Orlando, Fla., underwent PayPass trials, as well.
It’s hard to deny that the future of RFID technology has arrived. IDTechEx, an RFID consulting company with offices in the United Kingdom and Ann Arbor, Mich., predicted an increase in the worldwide use of RFID ticketing from 100 million in 2007 to 450 million in 2010. And the reported earnings for 2005’s RFID manufacturing hover just over $74 million. In turn, privacy rights groups are increasingly vigilant when it comes to identity theft and the lack of regulations being placed on the manufacturing and development of RFID technology. These concerns were once dismissed as sheer sci-fi hype—when RFIDs were used less, cost more to produce and weighed more. But now, the chip itself is only the size of half of a grain of sand; it can be affixed cheaply; and information can be stored, read and sent with much more facility. Industry growth is inevitable. It’s so inevitable, in fact, the California Senate attempted to limit access to RFID information through a bill known as the Identity Information Protection Act of 2006. (Eventually vetoed by the governor, the Act will be proposed again in 2007.) The San Francisco-based Electronic Frontier Foundation (EFF), which supported the Identity Information Protection Act, has been handling privacy and technological advances since its 1990 inception.
Lee Tien, an EFF senior staff attorney, handles the organization’s RFID technology efforts. In Tien’s words, EFF is “a high-tech civil liberties group.” As RFID technology evolves, the EFF and others seek to nip privacy infringements in the bud—before the technology’s actual capabilities surpass its potential. The debate surrounding the protection of information and RFID centers on regulating how personal information is stored in such devices, and who has access to it.
Wal-Mart was highly influential in introducing the technology’s usage into the mainstream marketplace. Since the company made RFID tags a requirement for its top 100 suppliers’ pallets in 2005, the supply chain community has been forced to utilize RFID technology, which in turn sharply increased the availability of tags, tickets and labels among label manufacturers and suppliers. Wal-Mart’s suppliers are serviced by Donnick Label Systems, a Jacksonville, Florida-based converter of stock into finished labels and tags. According to David Frederick, director of sales and operations, the retail advantages of employing RFID will become clearer when tags are affixed to retail items, rather than only being used for warehouse inventory and identification—which is what privacy rights groups are honing in on, too.
“As the technology increases to item-level marking, RFID’s uses increase exponentially,” Frederick explained. “You can track sales; volume; movement; theft; temperature; time in transit; and store location. The advantage to a manufacturer providing RFID-tagged product over bar-coding is that every RFID tag has a unique identity. The manufacturer knows how every case has progressed through the retailer’s supply chain in order to avoid out-of-stock [issues] and insure promotion coordination.” Eventually, this will affect the supply chain right down to the consumer, he added, when better prevention of inventory losses will drive down costs.
Despite its advantages, the EFF contends that the evolution of RFID technology introduces a host of open-ended questions about tracking people’s movements, locations and buying decisions, as well as making consumers even more vulnerable to identity theft. Frederick observed that RFID technology is already used in fairly ubiquitous applications such as EZ Pass and grocery store discount cards. But, what will companies (not to mention criminals) do with records of what consumers buy? Is the eerie, individually customed marketing found in movies like “Minority Report” right around the corner?
Frederick, for one, looks positively on the increase in personalizing retail experiences for consumers. “[T]he future for the end-user could include your favorite stores offering you a buying experience custom-fitted to your likes and wants,” he said. “Customer service [would improve], where a clerk could go into the back room and actually find what you are looking for, even though the shelf was empty ... [and] your cell phone could read and inventory your pantry, with minimum and maximum quantities and send your list ahead to be ready for pickup to reduce your shopping time.” Yet, the abuse of such information is exactly what privacy rights groups fear. So, how can consumers protect themselves from privacy violations or identity theft? Tien suggested that if consumers won’t have the resources to protect themselves, some of the responsibility to question possible tracking transgressions lies with RFID chip manufacturers.
“How are you going to design your technology?” Tien argued. “Are you going to design it with the privacy equivalent of seat belts, making sure the engine doesn’t blow up when it gets hit by a car, or not? Because the design is really and crucially important for technology whose tracking or surveillance capabilities are really covert.” He went on to explain that built-in protections, including “encryption with mutual authentication,” would allow only authorized readers to read information. Tien also stated that an ID number representing personal information is safer than the tag holding direct personal information, but the ID number should be randomly rotated to protect the consumer.
When it comes to privacy, Tien and Frederick both note a general industry awareness of the risks involved. “But there is much less understanding, or much less agreement,” Tien said, “that even if only a static and a unique ID number is broadcast by the tag, the tracking issues that are presented are significant. I think we still find a lot of resistance to that, but I think that it’s a very, very serious deficiency in this area, and what we would most need is for everyone in the industry and in the government to say, ‘Okay, yeah, you’re right, that is a problem and we have to figure out how to do this without a static, unique ID number.’”
Frederick placed the responsibility for consumer protection “on the software interface, to be able to lock data from non-authorized users.” He added, “The RFID industry is working very hard to provide both the technology and execution guidance to suppliers and customers of the technology to ensure the public welcomes the use of RFID technology. Generally, the guidance consists of informing the consumer about the use of RFID and the choices and advantages the consumer has both at the point of sale and after the sale.”
Regardless of whether manufacturers and privacy rights groups ever find common ground on limiting RFID capabilities, the demand for RFID products increases every year. To stay competitive in the marketplace, more label manufacturers are offering RFID tag manufacturing and/or affixing as an available service. In order for manufacturers to keep up with RFID technology, Frederick advised, “Read as many articles as [you] can. One very inexpensive way [to stay informed] is to participate in as many Webinars as you can.” As for the future of RFID-related products, the director of sales predicted “global acceptance in the next decade.” No matter where one stands on the privacy rights of the public, RFID tags, tickets and labels are a far-off, sci-fi omen no longer.