RFID policy panel raises privacy concerns

Radio frequency identification (RFID) technology has many current and future benefits, but U.S. policymakers need to be aware of potential privacy and security problems of the rapidly evolving technology, a privacy advocate and a security expert said Wednesday.

A parade of RFID vendors and users championed the potential of the technology at a U.S. Department of Commerce workshop on RFID and its policy implications, but Paula Bruening, staff counsel at advocacy group the Center for Democracy and Technology, warned that RFID is one example of a growing trend toward businesses collecting and using their customers' personal data.

While most current forms of RFID aren't capable of compromising privacy by doing things such as tracking customers' movements, the technology is rapidly moving forward and may soon catch up to consumer and privacy advocates' fears, Bruening said. "We need to be forward-looking and address privacy concerns around this technology," she said.

RFID uses small processors and antennas that are integrated into a paper or plastic label. Those chips can then be read by an electronic scanner, and unlike barcodes, RFID chips withstand dirt and scratches. As the range of RFID scanning grows beyond the current 25 feet (7.6 meters), RFID could allow corporations and governments to track people's movements and purchases, privacy advocates have said.

But representatives of RFID technology vendors including Texas Instruments  and Microsoft, along with users PepsiCo  and General Motors, talked of the potential for RFID to revolutionize the way companies manage their inventories, fight counterfeiters and stop shoplifters.

No one offered concrete cost savings numbers, however, and Pam Stegeman, vice president of the Grocery Manufacturers of America, noted that because of the cost of RFID chips and readers, the technology is still not for everyone. Companies that often carry counterfeited or stolen products, or that ship mixed products on pallets, can most benefit from RFID, she said. RFID isn't a good solution for companies that sell many low-cost items, she said. RFID labels now cost about $0.50 each.

Already, RFID technology is used to track livestock, to find lost pets and to pay for gas and subway fares simply by passing an RFID-enabled card close to a reader. Applied Digital, an RFID hardware vendor, even received U.S. government approval in October 2004 to offer RFID chips that can be implanted in humans, just as the chips are now implanted in dogs and cats. Such chips could contain a person's health records that doctors could access in emergencies, said Scott Silverman, Applied Digital's chairman and chief executive officer.

"This is going to be bigger than cell phones," said Jeff Fischer, chief RF architect at Reva Systems, another RFID hardware vendor.

With large retailers including Wal-Mart Stores and Target requiring their suppliers to move to RFID on shipping containers, the technology will become more prevalent in the next couple of years. But Tom Kellermann, senior data risk management specialist at The World Bank Group, warned audience members at the U.S. Department of Commerce forum that like Wi-Fi and other wireless technologies, RFID has major security challenges.

"Radio frequency is impossible to secure," Kellermann said.