Web-Only Content: Private Eyes Are Watching You

Part two of a Q & A session with leading RFID and privacy experts

Katherine Albrecht

Liz McIntyre

Nicholas Chavez

Elliot Maxwell

What are the major misconceptions that you believe the general public has about RFID technology?

Albrecht and McIntyre: The RFID industry tries to downplay the privacy and civil liberties problems associated with RFID by setting up straw men like, "You can't read RFID tags from space," or "No one can drive down the street and scan the contents of your home." However, no privacy advocates we know are seriously making these claims -- the problems are more insidious. The industry has also said short read ranges on passive tags make them useless for tracking people. The truth is you don't need to read tags from satellite or from down the block to invade people's privacy. In fact, a short read range can be more powerful. For example, if you want to read an RFID tag in someone's shoe to determine exactly who is standing in a particular place, a short read range would be more effective than one that would pick up all the tags in the room. If you want to identify people by scanning tags in the items they are wearing and carrying as they walk through the doors to your store, you only need about two feet of read range. Passive tags planned for consumer products can already be read from several feet away and still be imperceptible to consumers. We expect those ranges to get longer over time, especially with the advent of inexpensive disposable batteries.

Another myth perpetuated by the industry is that because RFID tags do not contain customer information, they do not pose a privacy threat. They fail to mention that the unique ID numbers in the tags can be easily linked to customer information in a database. Indeed, many of the patented plans we disclose in Spychips take full advantage of this capability by suggesting that the unique ID numbers in tags be linked with point of sale information about customers to later identify and track them.

Chavez: Unfortunately, the vast majority of the general public has no opinion at all. While RFID is an influential and prolific technology even in its relative infancy, it's not similar in any way to a technology craze like the iPod. The big difference is that RFID does not intrinsically allow for pleasure (or pain) in the day to day life of the general public like an iPod would; therefore, there is seemingly zero impetus for the public to educate themselves to the point of credible opinion or misconception.

The infinitesimal minority that is aware of RFID might have misconceptions surrounding tag size and read range. Obviously, it is currently impossible for something as small as a grain of sand to track anything or anyone at a distance of more than a few millimeters, let alone in an intercontinental fashion.

Maxwell: One important misconception is about how easy it is to read RFID chips and gather useful information from them. Chips and readers vary widely in terms of power and read range; the chips proposed for use in the retail supply chain are designed to be small, dumb, passive, and cheap, with short read ranges. Even now, it is not easy to read chips with 100% accuracy in supply chain systems designed to do so; thus the idea that chips will be successfully read by satellite or from some other great distance, or that huge crowds will be easily monitored using these chips ignores the difficulties in reading the chips and sorting the data. It is, of course, possible to power up readers so that they can read passive chips from a greater distance, but the added power would harm other objects in the way and would trigger responses from far more chips than the one targeted. Moreover there are limits on what information will be available and technological means to further reduce the utility of the intercepted data. Finally, many of the scenarios that have been presented assume a pervasive infrastructure of coordinated readers, something that is not present today, nor likely to exist for a number of years.

The second important misconception is the idea that most businesses secretly plan to act in ways that their customers find offensive. Successful businesses realize that the trust of their customers is a very valuable asset and work hard to gain it. If a company acts in a way that jeopardizes that trust, consumers have a choice to vote with their feet and patronize another provider. The market will also react. For example, in the early days of the commercial Internet an advertising company that was found to be secretly gathering data about customers lost a large percentage of its market value when it was revealed. There will be companies who abuse their customers' trust and it is important to disclose their bad practices, but most companies will act so as to please their customers, not offend them.

How likely do you think a Big Brother-like future reality is, and how far away from that reality do you think we are?

Albrecht and McIntyre: We are teetering on the brink of a future where people will be continually tracked and monitored by the companies they do business with and, more ominously, by their own governments. How far we are from that reality depends upon whether consumer-citizens are alerted to the encroaching surveillance agenda and choose to take action to stop it. If we allow manufacturers and retailers to achieve their vision of "tagging the world" with an RFID device on every manufactured item, it's almost inevitable that governments will appropriate the RFID infrastructure and turn it to their own surveillance purposes. There is much reason to be concerned. The RFID industry and governments around the world have been working closely to develop and promote the technology. What's more, the U.S. government is already mining retail database information in the name of national security.

The endpoint of this nightmare scenario would be a world in which every human being is tagged. Former Secretary of Health and Human Service Tommy Thompson has suggested chipping the American people themselves with the VeriChip implant to link them to a giant medical records database. (Thompson joined the board of VeriChip, maker of glass encapsulated RFID devices for humans, shortly after leaving his Bush Administration cabinet post.) And Senator Joseph Biden made a chilling comment about human tagging during John Roberts' Supreme Court Confirmation hearings on September 12, 2005. Biden said, "Can a microscopic tag be implanted in a person's body to track his every movement? There's actual discussion about that. You will rule on that -- mark my words -- before your tenure is over." The RFID infrastructure being built by industry will only fuel such developments.

Chavez: Have a quick look at your mobile phone. That phone has a Global Positioning Satellite (GPS) unit embedded within it. All phones sold in the U.S. in this millennium will have them -- it's the law. This law was passed to increase the accuracy of routing for 911 emergency calls and has ostensibly saved many lives.

RFID could be used in the same way for the benefit of our countrymen; however, you will always have a vocal minority that says that the government is "spying" on them. As the great American activist Susan Sontag once said: "I envy paranoids; they actually feel people are paying attention to them".

Maxwell: The future is likely to be marked by pervasive computing -- RFID tags and sensors and other computing devices all around us, transmitting data via interconnected networks. As I recently described in a speech at the OECD, this future can be one bringing great benefits while raising new challenges to our control of information about ourselves. Imagine a world in which sensors revealed the weaknesses of the levees in New Orleans or the presence of biological weapons. Pervasive computing, which would make "Big Brother" possible, is not yet here (and won't be for a number of years). We have some time to have a full discussion of the concerns that are emerging. We should begin to reexamine our privacy and security practices to take into account the effects of pervasive computing and ensure that our policies and practices reflect the realities of the world that is likely to face us in the years ahead.

Of special concern in the context of "Big Brother" is the use of these technologies where individuals have no choice, such as in government identification documents, or in specific applications where they are used for tracking people, such as in hospitals or prisons. EPCglobal, which is overseeing the major retail supply chain application of RFID, has a policy against using EPC tags for tracking people. In applications where individuals have no choice or where tags are used for tracking people, much greater care needs to be taken to ensure that fair information practices are followed to the greatest extent possible. In particular, personally identifiable information should be minimized on tags. Any personally identifiable information gathered with RFID for one purpose should not be readily available for other governmental purposes without some form of due process available to the data subject.

Ultimately, companies cannot afford to alienate customers. What are mass market retailers doing right now to moderate the privacy concerns of consumers, and what else should they be doing?

Albrecht and McIntyre: When they realized the extent of the RFID consumer acceptance problem, mass market retailers and consumer product manufacturers began emphasizing supply side uses of RFID. ("Dont worry, we're only using it in the warehouse.") This served to distract consumers from the RFID industry's ultimate plan to tag every manufactured product on earth and bought the industry a bit of breathing space. They've also played word games, calling the technology things like an "improved bar code," "blink," "easyPay," and "intelligent labels" to distance it from the privacy concerns the public has about RFID.

But rather than work on better ways to get the technology past the public, we'd like to see the industry rethink its item-level tagging agenda from a broader societal position. What will it mean for our children and grandchildren to live in a world where everything -- and by extension, everyone -- can be remotely identified and tracked?

Chavez: Again, it is highly likely that consumers will not take an active interest in this technology for another year to three years. Given the overwhelming consensus of mass market-retailers to upgrade their narrow and inefficient bar-coding systems to RFID-enabled systems, consumers may have little choice of where they shop for "non-tagged" items.

A campaign to educate consumers regarding the presence of this mark could be instituted, whether it will affect what type of breakfast cereal that Junior eats on any given morning, or where that cereal is purchased is improbable. Price and selection will continue to prevail in retail, the presence or non-presence of an RFID tag will not change that.

Maxwell: Mass market retailers have been focused on RFID use in the supply chain, primarily to get pallets and cases of the right goods to the back of their stores at the right time in the most efficient way. Pervasive use of item-level tagging on store floors is still several years away (although item-level tagging is present when the item is also a "case"). EPCglobal, which is overseeing the implementation of the Electronic Product Code, has moved forward before the advent of broad item-level tagging and has adopted a set of guidelines calling for notice of the use of RFID and special markings on items that bear the tags. The guidelines also provide for choices for the customer to remove or disable the tags; given the rapid state of technological change, the guidelines foresee changes as the technology evolves to efficiently provide customers with more choices. EPCglobal is also working on improved consumer education about RFID usage and on a system for accountability for proper use of EPC tags. This is an important effort and needs to be linked to a means for consumers and others to identify misuses and for consumers to have enough information so that they can make informed shopping decisions.
As the marketplace develops, EPCglobal and its members need to continue to review the guidelines. They should consult with consumers and privacy advocates to determine whether the guidelines are working and whether changes need to be made. This process will never be complete, but should reflect economic and technological changes as well as changes in societal expectations about privacy and security.

If the technology cannot be sufficiently controlled by regulation, do you think privacy advocate groups could stop mass market retailers from implementing item-level RFID tags?

Albrecht and McIntyre: Privacy advocate groups like CASPIAN are an important force in educating consumers about RFID technology, but consumers will have the ultimate say over item-level RFID. If they vote with their shopping dollars and choose to avoid products from companies promoting RFID technology, while lavishing their dollars on privacy friendly companies, they will win the right to a spychip-free marketplace.

CASPIAN does not believe RFID can or should be controlled by regulation, nor do we believe it should be banned. We believe decisions about item-level RFID should be made by the free marketplace. It is our hope that once consumers realize the downsides of buying spychipped goods and shopping at privacy-invading stores, they will switch brands and stores. If the free market works as it should, new privacy friendly alternatives will spring up as we shower our shopping dollars on them. Likewise, irresponsible 800-pound gorillas like Wal-Mart and Tesco will begin to suffer in the marketplace unless they respond to consumer concerns.

Chavez: The effects of privacy advocate groups are varied depending on the methods they use. Entities such as Albrecht's CASPIAN may win a battle with a local store by staging a very visible protest on the premises forcing the entity's management to make a temporary judgment call for the sake of publicity. This is a micro effect, please now consider the macro:

Every member of every RFID privacy group in the United States does not add up to even one tenth of one percent of the aggregate number of customers that Wal-Mart serves annually. Many of Wal-Mart's customers are low-income families who can't pay the 17-20% higher prices that UBS Warburg claims other supermarkets must charge to maintain profitability.

Maxwell: There are substantial benefits to be gained from item level tagging -- e.g. easier returns and warranty protection, greater product selection, the ability to track goods that contain toxic materials, more efficient recalls etc. -- as well as privacy concerns. I believe that technological changes providing greater choices to consumers over how they control personally identifiable information about themselves, and the development of best practices for RFID usage (based on fair information practices and tied to a system of accountability) is preferable to an attempt to block item level tagging.

Is the government's use of RFID in passports a good idea or bad idea, and why?

Albrecht and McIntyre: The government's use of RFID in passports runs counter to the majority view of the American people. When the State Department opened up a comment period on RFID in passports, it received thousands of comments from U.S. citizens, 98% of which opposed the plan. The government overrode that public mandate and proceeded anyhow.

While the government has proposed adding new security features to the new "e-passports," like requiring the passport to be open in order to be read, passport holders will still be vulnerable to eavesdropping on the conversation between the reader and the tag. Of course, there's also the concern that corrupt government officials and third world dictators will collect and abuse Americans' passport data once it can be so easily collected by agents at the border. But our biggest concern is that the mandated use of RFID in identity documents will condition the public to accept ever-increasing technological control over people's identity and whereabouts, with the endpoint being a mandatory, government-issued RFID tag embedded in our flesh.

Chavez: The chipping of passports is requisite to neutralize sophisticated criminals who counterfeit bar coding, watermarks, and laminates (the only security measures inherent in today's passports). If one expands the issue to the utilization of counterfeit passports, this is an excellent tool to stymie illegal immigration into this country.

The same logic can also be used to promote RFID chips in currency. Given that the chips in currency and legal documents have sufficient encryption (128-bit or better), there should be little cause for concern, if any.

Maxwell: When the government compels an individual to utilize an RFID enabled identity document such as a passport, it has a greater obligation to ensure the protection of his or her privacy than a business does because the individual has no real choice. The initial governmental decisions regarding RFID enabled passports were based on a poor understanding of RFID and insufficient attention to the means that could be used to enhance privacy protection. On the other hand, the review process (and the strong criticism) has led the government to considerably improve its proposals. I'm sure that there will be additional helpful comments suggesting further improvements.

There are several lessons to be learned. One is to determine early in the process what problem is to be addressed and what technology is best suited for the particular solution. A second is that if individuals are compelled to use a particular technology that has privacy implications, the government has a greater obligation to protect privacy than if individuals had actual choice. Finally, any group that uses technologies such as RFID should welcome input and suggestions and be willing to change its plans when presented with good analyses.

Any other comments?

Albrecht and McIntyre: We're encouraged by the fact that the people involved in the RFID industry are themselves consumers and parents. We recognize that most people implementing RFID systems today are focused on earning a living, not taking advantage of consumers or controlling people (though some of them clearly are, based on the patent documents and other evidence we lay out in our book). Most have never really thought about the societal implications of what they do or considered that the same technology that allows them to track a warehouse full of paper towels could someday be used to enslave future generations.

We hope RFID developers and promoters will read our book Spychips: How Major Corporations and Government Plan to Track Your Every Move with RFID with a critical eye and open mind. Once they learn the truth about RFID, we believe that many people within the industry itself will begin to demand better accountability and societal safeguards on the technology.

Chavez: Regarding topical information dissemination, RFID LTD. is truly leading the industry. To my knowledge, we are the only RFID integrator that has allocated significant funds with the intent of educating the privacy activists and the general public regarding the whole RFID picture. In the first quarter of 2006, we will have announced our partnership with a major university for an RFID laboratory that will be the first in the Rocky Mountain region.

I have always advocated a public or televised debate regarding the RFID privacy issue, and this article is a definite step in the right direction. It allows the public to immediately read related but opposing viewpoints written by those who are considered to be credible in the industry. I have asked Ms. Albrecht to accept my invitation for RFID certification and subsequent debate; however, she has repeatedly declined both invitations.