title for RFID profile
home | about | site use | resources | publications | timeline   spacer graphic   Ketupa
overview

technologies

applications

implants

numbers

issues

advocacy


















related pages icon
related
Guide:

Privacy

Economy

Security
& InfoCrime

Consumers





related pages icon
related
Profiles:

Passports

Australia
Card

Surveillance

Internet
Refrigerator   

Biometrics










section heading icon     issues

This page considers issues and advocacy regarding RFID technologies and applications.

It covers -

section marker     introduction

Consideration of radio frequency identification has followed a similar trajectory to that of the net, with

  • conflicting claims by supporters and critics, particularly characterised in terms of revolutions, unprecedented breakthroughs or threats
  • focus on the technologies at the expense of their economic, cultural and legal contexts
  • technological determinism in forecasts by proponents and opponents, eg that tags are innately pernicious and must necessarily be prohibited from retail applications

Hyperbole assists constituency-building and for entertainment in the media but militates against understanding and building practical regimes that embrace legislation, standards and best practice.

The depth of consumer awareness and disquiet is unclear. It is likely that there is a substantial gap between stated attitudes and practice, consistent with

  • the tendency of some consumers to express outrage about violations of their privacy but readily supply data in response to minimal rewards
  • perceptions that "you can't fight WalMart" or that "privacy has already disappeared in the surveillance state, so get over it".

Responses by some anti-RFID advocates have included claims that consumers cannot be allowed to commoditise their privacy, as

chips are a gross intrusion into physical privacy. Clearly, insertion into the body is the worst example: but insertion into things that people habitually carry or wear is also seriously intrusive. Offering inducements doesn't change that. Voluntariness and consensuality are illusory. Corporations utilise the technological and marketing imperatives. The State uses the technological, the economic, the social control, and most recently the national security imperatives. You get choice during the trials. You don't after that. The use of chips also leads to intrusions into the privacy of personal behaviour, because of the increased observability and recordability of people's activities.

section marker     privacy and commercial data protection

Consumer RFID-related privacy issues essentially take several forms and inspire a range of responses -

  • are consumers aware that tags are being used and in a position to consent to that use?
  • is an appropriate regime in place for dealing with data collected through RFID systems, including protection under privacy and other legislation and codes of practice for the storage, dissemination and disposal of that data?
  • are tags used in retail, library and similar applications still 'active' once they leave the premises?

One response has been consumer boycotts.

Another has a more techno flavour, with hype about development of devices that will allow consumers to 'kill' tags.

Some enthusiasts have mooted housing documents, books, banknotes and other tagged entities in radio opaque wallets - most crudely in sandwiches of aluminium foil. Others urge civil disobedience, with monkey-wrench campaigns centred on swapping retail tags pre- and post-sale.

Others have concentrated on development of effective industry codes and exploration of the need for strengthening legislation, arguing for example that existing privacy law is generally not technology-specific and thus covers data collection/handling in principle.

That argument is consistent with suggestions that major retailers have a commercial interest in addressing substantive/perceived consumer concerns and are thus likely to be wary of a potential backlash if tags in packaging, jumpers, razors, books, CDs and other items are misused after leaving their premises.

A resolution by agencies at the 2003 International Conference of Data Protection & Privacy Commissioners called for "all the basic principles of privacy law to be adopted when designing, implementing and using RFID technology", emphasising that:

a. RFID tags should only be linked to personal information or used to profile customers if there is no other way of achieving the goal sought
b. individuals should be fully informed if personal information is collected using RFID tags
c. personal information collected using RFID tags should only be used for the specific purpose for which it is first collected and destroyed after that purpose is achieved
d. individuals should be able to delete information, or disable or destroy any RFID tag that they have in their possession.

section marker     crime and safety

Concerns regarding safety encompass a continuum from the credible to conspiracist.

We suspect more time has been spent reading about subdermal tagging of Mexican law enforcement officials - and debating whether claimed objectives are realistic - than implementing that scheme. Supposedly it will be possible track kidnapped supremos using the tags, although sceptics have commented that tagging might instead only be useful for identifying pieces of the body (in the event that the body is found), since few cities and little of the countryside feature the requisite networks of readers to substantiate the claims.

Chatter on one of the sillier Australian ICT policy newsgroups has similarly featured speculation about passive RFIDs being read by satellites, delivered by a sort of blowpipe or used to trigger bombs in Iraq or other places where tourism is inadvisable -

RFIDs are complicit assassination tools as a "pre-scanned and identified RFID chip in a credit card, vehicle, or other device known to be on or near the targeted individual" can trigger a device when the target comes into range.  If the RFID is inside the target's body, so much the better.

Another pundit frets that

passport holders are continuously broadcasting their name, nationality, age, address and whatever else is on the RFID chip. It means that anyone with a reader can learn that information, without the passport holder's knowledge or consent. It means that pickpockets, kidnappers and terrorists can easily - and surreptitiously - pick Americans or nationals of other participating countries out of a crowd.

One response to such concerns is to encrypt the data or protect the passport in a radio-opaque shield (eg an aluminium or copper foil).

Some developers have promoted 'safety' applications such as the 'smart gun' or the 'smart car'.

Smart gun schemes, for example, centre on implanting a tag in a law enforcement official's hand, linked to a reader inside that person's handgun. If there is a match the gun is unlocked and can be fired; when the gun is held by an unauthorised person such as a child the gun supposedly won't operate. Subdermal implants linked to an in-car breathalyser have also been mooted as a mechanism for restricting car theft or drunk driving, extending existing immobilization schemes that prevent a vehicle's engine from starting unless the reader senses a tag embedded in the key.

section marker     productivity and other issues

[under development]

section marker     frameworks and regulators

Because RFID applications potentially affect a large number of sectors (from consumer protection in retailing through to aged person care and firearms safety) no single agency in Australia, the US or other jurisdictions has assumed overarching responsibility for regulation of the technologies.

Statements by government agencies have instead reflected their existing charters, with spectrum management bodies for example considering interference issues, privacy watchdogs considering data protection matters and health agencies dealing with licensing of implants or foreshadowing guidelines on medical information system integration questions. In the US the Federal Trade Commission and Federal Communication Commission have accordingly rejected calls by advocacy groups such as Privacy Rights Clearinghouse for comprehensive regulation of RFID use.

That is likely to be the case in future, particularly if sectoral bodies within industry articulate effective policies relating to their specialisations and consistent with existing legislation.

An examples of sectoral regulatory frameworks is the RFID Policy for Retailers developed by the Australian Retailers Association, centred on use of EPC tags. EPCGlobal has released succinct Guidelines on EPC for Consumer Products.




icon for link to next page    next page  (advocacy)




this site
the web

Google

version of November 2004
© Bruce Arnold
caslon.com.au | caslon analytics