The Coming Privacy Storm Over RFID Chips

by Mike Banks Valentine
http://PrivacyNotes.com/RFID

RFID stands for Radio Frequency Identification and is a term that will become increasingly well known as usage of the new technology becomes pervasive. There is no question that the tiny chips, which enable tracking of physical goods from the assembly line to warehouse to retail outlet to checkstand, will replace the barcodes previously used for that purpose.

Some RFID chips are tiny, less than a millimeter square, they are nearly indistiguishable from dust in many cases.

These dust sized RFID chips are capable of transmitting their own SKU (Sales Keeping Unit), the same info currently encoded in barcodes, distances of up to 20 feet to an "RFID Reader". But that's not all these diminuitive little chips can do. They are capable of sending a unique serial number that can identify the item it's embedded in - down to it's date and location of manufacture. Barcodes were limited to carrying information that identified classes of products. RFID carries information equivalent to the product DNA, while allowing a number for every item on the planet!

When that item passes an "RFID reader" at the manufacturer's door, the tracking system knows the item has passed out of the building. Another reader signals that it has now passed into a train or plane to be shipped to a warehouse, where another reader tracks arrival and storage information, then successive readers know it passes to truck, grocery shelf, retail checkstand and out the door. All of this can now be accomplished without opening containers, leading to huge cost savings throughout the "supply chain".

Privacy issues don't arise until consumers link that chain. Walmart is now REQUIRING their 100 largest suppliers to use RFID tags at the pallet level. Meaning that those tags are currently in use to identify and track groups of products as they arrive at the Walmart warehouse up until shelving at the giant retailer. Walmart is also tracking prescription drugs with RFID chips in the packaging and labels. Some products, such as Gillette razors, had been testing individual item tracking up until final sale and removal from the Walmart store. Privacy advocates slowed that practice by launching a boycott of Gillette over the use of the tags at the individual item level.

If the privacy concerns over tracking of a single product through the store to sale caused slowing of implementation of this technology, what can we expect when EVERY product is RFID tagged? There is no doubt this is coming and not in the distant future, but within the next 5 years or so. The US Department of Defense is now requiring ALL vendors to use RFID technology and embed tags in products sold to the US military by next year.

Clearly there will be little or no outcry from military and government personnel about privacy invading technology since government is rarely expected to respect privacy "in-house". But if all military vendors are compelled to use RFID chips in every item used in every one of the millions of supplies sold to and used by the military - by next year, 2005 - then there is little doubt that the entire US goverment will soon implement this same policy for all items purchased by Uncle Sam and used by government employees.

More and more giant retailers like Walmart are requiring suppliers to use RFID technology. The German chain Metro Group, which operates 2300 stores in Europe and Asia has demanded the same of their suppliers. Metro Group has gone even further with RFID to operate what they call the "Store of the future" where shoppers needn't remove items from shopping carts to pay for them. They simply pass by RFID readers and all items will be tallied and paid for. Metro stores provide RFID tagged "loyalty cards" to consumers that identifies those shoppers by reading within purses and wallets as those consumers enter and leave any of the 2300 Metro stores.

Metro Future Stores faced a public outcry and a boycott that lead to picketing of the store on February 28, 2004 that eventually lead to the withdrawal of the store loyalty card with the embeded RFID chips.

Target Stores announced this month that they too, would be requiring suppliers to RFID tag at the pallet and case level by 2005.

Privacy loving Americans may not stand for the "Big Brother" implications of a system like that used by the German retail chain. An anti-RFID web site has been launched by privacy advocates and named "Spychips" for the ability of the chips to track consumers and link their buying habits to other personally identifiable information.

http://spychips.com

A recent piece by technology commentator Jeffrey Harrow has a chilling description of how RFID technology might betray consumers movements and link their buying habits in a huge database. Harrow is a consultant and analyst of emerging technology. He often comments on privacy implications related to implementation of emerging technology.

Harrow paints a harrowing picture of RFID readers.

"The issue is that these many sensors . . . would also note the passing of your car key's unique ID; the unique ID of your driver's license, and even the unique ID of each and every dollar bill in your wallet. ... And if all the chains' main computers and those of smaller stores made this mass of random information available to say, a Marketing firm, or to other stores along your path (for a fee, of course), or to a government organization upon demand, then a very detailed picture of "You" - your travel habits, your spending habits (remember those individually tagged dollar bills?), almost everything about you, could be mixed, matched and dissected in ways that you might, or might not, agree with. This might be the ultimate "data mining" warehouse."

Read complete Harrow Technology Report article

RFID is publicly discussed only by technology enthusiasts like Harrow and a few privacy advocates concerned about the implications of that "data mining warehouse". But as those RFID chips supplant barcodes over the next couple of years, we'll be hearing from privacy advocates when the Big Brother implications become clearer to consumers. Mark your calendar for early in 2005 and prepare to weather the coming storm of privacy concerns that could reach hurricane proportions.

Finally, lawmakers are taking notice of the public concerns about privacy and have begun proposing legislation that calls for privacy issues of RFID tracking to be addressed before widespread adoption. Privacy advocates are calling for the disabling of tags as they leave the store to prevent further tracking.

------------------------------------------------------------
Mike Banks Valentine is a web journalist covering privacy issues http://PrivacyNotes.com where you can learn about Automotive Event Data Recorders or EDR's, Computer SpyWare, Identity Theft, Surveillance, HIPAA, COPPA, TIA, GLB and privacy implications of the USA Patriot Act.