Tuesday, October 5, 2004

RFID and personal data privacy

I wonder if it is sheer coincidental or the situation has matured to a real management issue on personal data privacy. Another RFID article appeared in CNet on 30 September and this time it raised more concern on personal data privacy than the convenience of the technology on inventory control. Please see an extract below on how some people have taken back their words on removing RFID tags after the device has served the purpose.

---begin quote---
RFID systems work by placing special microchips--RFID tags--on merchandise. The tags signal their location across a network of readers placed on shipping docks, in warehouses and stores, allowing retailers and manufacturers to monitor products as they travel from factory to store shelves. Through an EPC code, a one-of-a-kind serial number, RFID tags can also store a wealth of information about the item with which it's associated, including where it's been, who bought it and when.

Privacy activists worry that consumers could leave stores broadcasting all kinds of information about their belongings. They fear that, with the right tools, anyone--including thieves--could detect what's in your purse or pockets. Another concern is that people's things would leave an electronic trail of their whereabouts and shopping habits for law enforcement officials, investigators, lawyers or marketers to collect.

RFID defenders say such concerns are overblown. One argument is that the only information companies are interested in storing on RFID tags are serial numbers, which are meaningless without access to the database where all the information about the item lives. Only the privileged eyes of certain employees would have access to that database, executives say. Another argument is that RFID tags only submit signals only when prompted by a reader within close range, generally a few feet at most.

EPCglobal, which guides RFID standards development, is also urging companies with RFID initiatives to follow its privacy policy, which focuses on informing consumers. Wal-Mart did with its Dallas test involving HP products, Board said. Wal-Mart posted notices on shelves carrying the tagged items with an 800 number and a Web site address offering more information about the tags. However, Wal-Mart did not remove or disable the tags after consumer bought the items--a practice that privacy advocates have demanded. Board noted that the tags were attached to the packaging, which consumers were likely to throw away.

Retailers and consumer-goods companies are hesitant to agree to removing tags from items at the time of purchase for several reasons. One reason is that RFID tags could help with returns by exposing people trying to get a refund for a product they never really bought, or one they purchased from another store. In the future, technology proponents envision medicine cabinets and home appliances equipped with RFID readers, alerting people to expired drugs and automatically selecting the gentle cycle on the washing machine for delicate clothing.

One of the valid concerns about RFID is what companies plan to do with all the detailed data they'll be able to collect about consumers, said Daniel Engles, director of research at Massachusetts Institute of Technology's Auto-ID Lab, an RFID research group. But, Engles added, that's a concern for all kinds of technologies that record people's activities and whereabouts, including cell phones and credit cards.

"Most people don't realize they're giving up a certain amount of privacy every time they use their cell phone," Engles said. "The question is how that information is being used. That's where the real concerns are.”

And on that issue, as with many in the developing realm of RFID--the jury is still out.
--end quote--

No comments:

Post a Comment