The closer RFID gets to consumers, the hotter privacy issues become
German retailer Metro Group hasn't shied away from its role as a living laboratory for radio-frequency identification technology. And it hasn't always been pleasant. Just this month, Metro invited one of the most-vocal critics of RFID to its "future store," where the tags are being field-tested--and ended up defending itself against charges it hid RFID chips in its loyalty cards.
It's going to be that kind of year. At a time destined to determine the viability of this technology as a means of supply-chain management, privacy fears could stall it. Beyond a rising storm of privacy activism, there are public doubts and even the prospect of regulation. Most companies can't afford to wait for the privacy concerns to sort themselves out before experimenting with RFID technology, so they need to do more to prove that RFID is about big savings and not Big Brother.
"We say it's absolutely not Big Brother, and we are absolutely willing to explain that to people," says a spokesman for Metro, which this fall plans to be the first to use RFID technology along its entire product chain.
Metro's experience shows that openly addressing the issue won't necessarily be comfortable. After visiting Metro's Extra Future Store, RFID's leading critic, Katherine Albrecht, founder and director of a group called Consumers Against Supermarket Privacy Invasion and Numbering, known as Caspian, which opposes marketing data collection, raised the alarm about Metro's loyalty cards and warned that the serial numbers in the store's RFID tags couldn't be deleted. Metro says Albrecht was told the tag deactivator was a first-version test that can delete only the Electronic Product Code number, which functions much like a bar code, and the technology to erase the serial number from the tag will arrive in about six months.
Metro uses the chip-based Payback loyalty cards to let customers preview age-restricted DVDs. Metro has RFID tags on CDs and DVDs for theft protection and to let customers preview films. Without a loyalty card as a key, customers can watch only the equivalent of G-rated films. There are no readers in the store tracking customers, the Metro spokesman says. "It's a bit crazy to be saying that [our test] is the beginning of the end of the world," he says.
Most retailers and their suppliers, particularly in the United States, are concentrating on using RFID to better track and manage pallets or cases of products. That's Wal-Mart Stores Inc.'s mandate to its top 100 suppliers, with a January deadline. And most of the privacy concerns come from the possibility that every item in a store might include a tag and might therefore be tracked.
Still, even scientists familiar with the technology say companies haven't done enough to address privacy concerns. "RFID privacy hasn't really been thought through past the checkout," says Kenneth Fishkin, a researcher at Intel Research Seattle and an affiliate professor of computer science at the University of Washington. Fishkin notes that the technology for past-checkout scenarios is years away, but that shouldn't stop companies from tackling the issue. "It's sort of a premature concern. But better premature than never, I guess," he says.
A few lawmakers, too, are starting to raise concerns. California state Sen. Debra Bowen plans to introduce legislation this month to restrict the use of RFID tags, most likely on retail items.
Manufacturers and retailers are depending on each other to implement RFID in a way that works for everyone, Procter & Gamble's Hughes says.
Photo by Bob Stefko
Industry members say they're doing their best to address these issues even as the technology emerges. Sandy Hughes, global privacy officer for consumer-products manufacturer Procter & Gamble Co., heads a newly formed subcommittee at RFID industry group EPCglobal, called the Chief Privacy Officer Forum. "One thing that's really important with this technology is the reliance that retailers and manufacturers have in this together," she says. "So it's not something where we can just say for P&G, here's our privacy program, so everybody implement it the way we say. Since it's supply chain, we're all dependent on each other on how we implement it."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.