RFID Law Reflects the Yin and Yang of a Government-Driven Market

A high-level overview on several representative RFID legal topics of 2006

By Kevin R. Davis

Federal government mandates, policies, and spending decisions made their mark in driving RFID adoption in 2006, spurring the expansion of a compliance-driven RFID marketplace. However, just as the government can promote sector growth, industry watchers observed initiatives, including privacy and data protection legislation, which could temper the growth of the RFID industry and its applications.

In 2006, the Department of Defense (DoD) demonstrated its leadership as one of the critical early adopters. On the heels of its RFID mandate (DFAR 252.211.7006), which went into effect in November 2005, the DoD piled on significantly more stringent requirements in 2006, including its May, 2006, interim amendment that tripled the number of affected classes of goods and increased the number of depots affected by the RFID mandate by a 10x factor. Over the summer, the DoD engaged in a broad campaign to notify and train suppliers about its passive RFID tagging requirements and completed the wiring of 21 CONUS (Continental U.S.) depots.

Coinciding with these efforts, the DoD shifted its approach from the "carrot" to the "stick" (Contracting & Production Policy Memo No. 06-20 and Memo No. 06-32) by eliminating a contracting officer's discretion to grant exemptions or waivers of the RFID shipping requirement and requiring non-compliant suppliers to "get well" (by developing a RFID-compliant shipment process) as a condition of contract. A supplier's failure to undertake these steps constitutes a breach of contract and negatively impacts a vendor's score card. In 2007, the DoD will shift into the last year of its passive RFID rollout with the potential of affecting the shipping practices of more than 50,000 suppliers.

Tracking animals and drugs

The USDA has established an aggressive timeline for its rollout of NAIS (National Animal Identification System), its system for identifying and tracking agriculture animals. NAIS aims to protect the nation's livestock by enabling faster detection of outbreaks and implementing containment measures. NAIS consists of three components: premises identification, animal identification, and animal tracking. The USDA targets 25% premises identification by January 1, 2007; 70% by January 1, 2008; and 100% by January 1, 2009. Although the NAIS does not mandate the use of RFID, it is viewed as an enabling technology (especially for tracking cattle herds) critical to the initiative's success.

In 2006, the FDA continued to move at a far more circumspect pace than its federal agency counterparts. While Associate Commissioner Lutter said: "[The industry] stakeholders should move quickly to implement this technology [RFID]," and the FDA deemed RFID as the "most promising technology" for implementing track and trace in the pharmaceutical supply chain, the FDA steered clear of a track-and-trace mandate. In June of 2006, the FDA Counterfeit Drug Task Force issued its latest report, which recommended lifting the "stay" on implementing pedigree rules (which had been on the books since the original PDMA). It also issued a draft Compliance Policy Guide (CPG 160.900) that requires inspections of wholesale chain of custody activities in January, 2007. The FDA Task Force recommended that: "manufacturers take a risk-based approach to implementation," meaning, in essence, rationalizing their tagging policies based upon metrics like sales, price, volume, demand, ease of counterfeiting, prior history of counterfeiting and diversion, etc. A finalized CPG is expected by year-end, but as things stand, a phased-in approach seems likely.

Tracking traveling humans

In 2006, the Department of State and the Department of Homeland Security moved on parallel paths to support the use of electronic passports by U.S. citizens and visitors from the 24 authorized VWP countries. Thirteen million people travel annually to the U.S. under this program to study, conduct business, visit family, and vacation.

An electronic passport contains a small, contactless integrated circuit embedded in its back cover, displays (when read) the same biographical information found inside one's passport, and includes a digital photo enabling biometric comparison. All valid e-passports comply with ICAO technical standards. After completing a successful pilot of its e-passport among diplomats, the Department of State started issuing e-passports to the general population in August, 2006, with a goal of expanding its reach to all 7,000 passport offices by year-end. Meanwhile, the DHS completed its installation of e-passport readers at numerous U.S. ports of entry to satisfy a congressional deadline (See U.S. Border Security Act of 2002), which requires equipping U.S. ports with equipment to compare and authenticate data in e-passports issued by VWP countries. Policy makers consider these efforts the "first steps" toward enhanced security for international travel documents.

As these various government agencies support expansion of RFID applications in the coming years through their mandates, policies, and spending decisions, an ongoing debate concerning the privacy and security implications associated with widespread RFID deployments underscores the government's ability to dampen the growth of potential RFID applications. In 2006, a number of lawmakers stepped up their efforts to begin formally educating themselves about such issues, including Senators Dorgan and Cornyn, who launched the RFID Caucus to facilitate a better understanding of RFID.

Meanwhile, siding against human identification applications, one DHS privacy policy paper, "The Use of RFID for Human Identification" for the DHS Emerging Applications and Technology Subcommittee to the Full Privacy and Integrity Advisory Committee (May, 2006) urged DHS policy makers to "disfavor" the use of RFID for human identification purposes. The Wisconsin legislature banned the "non-consensual" implantation of RFID microchips in humans. The most significant legislative effort, however, was California Senate Bill 768, which was vetoed for being "premature" by Governor Schwarzenegger, who regarded the technical requirements on RFID-enabled ID cards and public documents as unnecessarily restrictive and unduly burdensome. Industry proponents and detractors alike can likely agree on at least one thing: such legislative and agency initiatives are likely just the first shots across the bow for the RFID industry.

In 2007, it seems likely that RFID legal developments will follow three trends from this past year:

• RFID governmental mandates will expand and drive further adoption.
• Governmental policies and spending decisions will continue to support additional adoption.
• The privacy debate will continue, and as a result, frame many of the discussions relating to governmental deployment decisions.

Kevin R. Davis is a corporate attorney in Washington, D.C. He is the General Counsel of several emerging technology firms, including Adaptive RFID Inc., a nationally recognized provider of turnkey RFID compliance solutions, and Aginity, LLC, a business intelligence firm. Davis is an Articles Contributor to the RFID Law Journal. You can contact him at kdavis@adaptiverfid.com. Visit www.rfidlawjournal.com.