(Page 3 of 3)
While the privacy risks are mostly theoretical so far, so are the potential benefits. That's where RFID will face the test: 69% of those surveyed by Accenture will part with personal information in exchange for rewards such as cash, convenience, and bonus points.
That's essentially the conclusion research firm Forrester Research came to in its December report, "The X Internet And Consumer Privacy" (the X stands for "extended" and refers to the set of technologies, such as RFID, that connect business information systems to physical assets, products, and devices). The report observes that the "fight for the public mind" being waged between privacy groups and industry can be won by companies that offer the public real value for its information, particular higher security, better health, more time and money, or an improved lifestyle.
- How Attackers Identify and Exploit Software and Network Vulnerabilities
- Quick Tips for Managing Mobile Users
White PapersMore >>
- Strategy: 3 Steps to a Hands-Free Cloud
- Best Practices: Using Apple's Global Proxy to Boost Mobile Security
Many technologies with privacy implications have been accepted because they provide obvious value and the data hasn't been abused. Glover Ferguson, a chief scientist at Accenture, points to automatic toll-payment systems such as FasTrak in California. "Some people have gotten edgy about that, but most have not," he says.
But with RFID so new, there aren't many uses available to show people that the value-privacy risk balance can work.
The Alexandra Hospital in Singapore is one. The hospital's Department of Emergency Medicine is running a pilot program in which ER patients are tracked using RFID tags. With patients turning over daily and moving in unpredictable patterns around the ER, the system was created to let staff spend less time tracking people down. According to a hospital official, the system was developed with patient privacy in mind. All information--patient names and contact numbers--is accessible by designated staff with individual passwords. And tracking data is kept for only 21 days, as required by the Ministry of Health.
The U.S. Department of Defense is another early RFID adopter, with one pilot program under way and more planned as it pushes its suppliers to adopt the technology. Though insulated from consumer concerns, it certainly faces far greater security questions than most companies. But Alan Estevez, assistant deputy undersecretary of defense, emphasizes the department's confidence in being able to protect RFID-generated data. "I would argue that RFID enables a more secure supply chain," he says, "because you're able to have a better handle on where your material is and what you're doing with it."
It's the Marks & Spencer RFID trial, however, that people in the industry point to as an example of best practices. Employees discussed the project with Albrecht of Caspian and the United Kingdom's National Consumer Council. When the main privacy concern that came up was the possibility of RFID embedded in products, they put them on the removable tags.
Yet openness won't prevent mistakes, bad decisions, and emotional charges when it comes to collecting and using data. Metro's approach didn't prevent accusations of deception when the first-generation technology it uses for tag deactivation didn't do all that the company wants or that customers expect.
It also shows that the closer RFID technology comes to the customer, the hotter the privacy issues. "Customers are naturally going to be worried about items being tagged at the item level," says Vijay Sarathy, product line manager for Sun's RFID solutions. "There are some very germane concerns and there are some very uninformed concerns." It's clear from companies' experience so far that the privacy discussion needs to reach customers before the chips do.