WASHINGTON - Privacy advocates and some lawmakers are pushing a debate over potential privacy abuses from the growing use
of radio frequency identification chips as huge retailers such as Wal-Mart Stores Inc. move toward large-scale use of the
technology.
While a number of privacy groups have raised concerns about the potential uses of radio frequency identification (RFID) chips,
the U.S. Congress hasn’t yet drafted legislation to regulate their use. But the Utah and California legislatures have both
considered RFID privacy legislation this year, and the U.S. Federal Trade Commission (FTC) has scheduled a workshop on the
uses of RFID and the effect on consumers for June 21. The FTC is asking for written comments about the uses of RFID; the deadline
to submit those comments is July 9.
RFID uses small computer chips and antennas that are integrated into a paper or plastic label. Those chips can then be read
by an electronic scanner, and unlike barcodes, RFID chips withstand dirt and scratches and can be scanned from distances upward
of 25 feet (750 centimeters).
Privacy advocates worry that the technology will allow other uses, such as real-time tracking of customers in stores, or even
after they leave stores. Privacy advocates see the potential for retailers and other companies to be able to track consumers
long after a consumer purchases an item -- for example, a tennis shoe manufacturer scanning a sporting event for the number
of people wearing its product.
Those advantages are why large retailers such as Wal-Mart and Target Corp., as well as government agencies such as the U.S.
Department of Defense (DOD), are embracing RFID technology as a way to improve their supply-chain efficiency. Wal-Mart, leading
the way on RFID adoption, plans to phase in use of RFID, with major suppliers of its north Texas stores required to use RFID
chips on pallets and cases by January 2005. The DOD plans to require suppliers to use RFID tags by early 2005.
But early experiments with RFID haven’t gone smoothly, at least in the public relations arena. In early 2003, Wal-Mart and
The Procter & Gamble Co. tested the use of RFID chips on individual packages of lipstick in an Oklahoma store, and the supposedly
secret test raised the hackles of privacy advocates everywhere. The RFID chips allowed Wal-Mart to track the customers as
they took the lipstick off shelves.
Wal-Mart’s test of RFID chips on individual products also prompted Senator Patrick Leahy, a Vermont Democrat, to suggest that
federal legislation may be necessary at some point. He criticized what he called Wal-Mart’s "clandestine" testing of RFID.
Leahy, speaking at Georgetown University in March, praised the potential of RFID, but also suggested a federal law may be
needed before privacy intrusions "reach the point of behavior that is absurdly out of bounds."
"The RFID train is beginning to leave the station, and now is the right time to begin a national discussion about where, if
at all, any lines will be drawn to protect privacy rights," Leahy said.
But Wal-Mart says its RFID tests have been less clandestine than critics claim. Customers in the Oklahoma store where RFID
chips were tested on lipstick were notified with signs on the shelves, said Gus Whitcomb, a Wal-Mart spokesman. After the
lipstick test, Wal-Mart decided to focus on the store-room uses on RFID.
In the Dallas area, where Wal-Mart’s first large scale implementation of RFID is scheduled to go live in early 2005, the retailer
has talked repeatedly to the media about its plans to use RFID chips, Whitcomb said. The retailer will use "passive" RFID
chips, which require an RFID reader device to transmit information, and chips will be placed on cases and pallets, not most
individual items, he said. In the cases where large items are shipped with RFID chips, customers will be notified about the
chips, he said
Asked about concerns that customers picking up individual products could be tracked with RFID chips, Whitcomb downplayed those
fears. "That’s all a big hypothetical that we’re not planning to do in the first place," he said. "We have tried to address
the big concerns of privacy advocates."
So far, retailers and other RFID users have time to work out privacy concerns with critics. While Congress has introduced
several technology-related privacy bills in the past year, none deal specifically with RFID chips. A Leahy spokesman said
this week he’s heard of no effort to introduce legislation focusing on RFID and privacy.
In November, a group of privacy advocates, including the American Civil Liberties Union and the Electronic Frontier Foundation
(EFF), issued a position statement on the use RFID in consumer products. The statement called for retailers to give notice
to consumers when RFID chips are being used, what the purpose is and to have security measures in place verified by third
parties.
The statement, available at http://www.cdt.org/privacy/031114rfid.pdf, calls on merchants to voluntarily comply with RFID
privacy measures, and asks retailers to comply with a moratorium on item-level use of RFID chips until a technology assessment
involving consumers and other stakeholders can be completed. The statement asked retailers not to force consumers to buy products
with RFID tags and advocated that consumers should be able to remove or disable the tags, but the statement did not advocate
federal legislation.
Notifying consumers is a start, but notice alone is not enough, said Ari Schwartz, associate director of the Center for Democracy
and Technology (CDT), one of the groups signing on to the November privacy statement. "There has to be a way to kill these
chips," Schwartz said.
The CDT and other privacy groups have brought their concerns to retailers and RFID vendors, and so far, the two sides are
making progress, Schwartz said. Most retail uses of RFID so far are limited to stock rooms, and with retailers and vendors
open to privacy discussion, Schwartz doesn’t yet see the need for federal legislation.
"The question is really what it’s used for and how it’s done, rather than the technology itself," Schwartz said of RFID. "Most
of the benefit out there comes on the back end, in the stock room, and most of the privacy concerns come when it leaves the
stock room."
Despite the lack of calls for federal legislation, RFID vendors aren’t keeping quiet in Washington, D.C. In late April, Royal
Philips Electronics RV hosted a forum on RFID at the National Press Club. Philips, which has shipped more than a billion RFID
tags, sees a potential for the technology in the stock room more than on individual products, said Scott McGregor, president
and chief executive officer of Philips Semiconductors.
Right now, RFID chips cost between US$0.20 and $1 each, making them too costly to use on many consumer products, McGregor
said.
Current privacy laws should protect consumers against nefarious uses of RFID, added Richard Varn, technology policy advisor
for the National Retail Federation.
He encouraged Congress to focus on broad policy instead of drafting legislation to address every new technology that comes
along.
"We see a lot of laws existing out there," he said.
But some privacy advocates question if there’s been enough of a debate about the uses of RFID as government agencies and retailers
move toward large-scale RFID adoption. Lee Tien, senior staff attorney with the EFF, decried a move toward what he called
a "world of surveillance" during the Philips forum on RFID.
"There are a lot of ways the government is looking to use RFIDs, but it’s not clear that we’ve had any kind of discussion
in Congress," Tien said.
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
