Privacy Fears Create Roadblocks For RFID
Bills in California and Utah seek to restrict retailers' use of the technology
Fear is a potent emotion, and it has been used to rally people to oppose many well-meaning but poorly understood initiatives. Radio-frequency identification proponents are beginning to understand that as they fight legislative efforts to clamp restrictions on a technology that's just beginning to be deployed by a few businesses.
Last month, the Utah House of Representatives passed the Radio Frequency Identification Right to Know Act. A week earlier, California state Sen. Debra Bowen introduced similar legislation. The bills in Utah and California require that consumers be notified if RFID tags are placed on products and that those tags be "killed," or deactivated, before they leave the store. The California bill also requires a consumer's consent before personal information can be collected by RFID or sold.
Bowing to public pressure, German retailer Metro Group ended the use of radio tags in its frequent-shopper cards. |
The day after the Utah House voted to regulate RFID, Metro Group, a large German retailer that is perhaps furthest along in implementing RFID throughout its supply chain, bowed to public pressure and ended the use of radio tags in its frequent-shopper cards. The company said in a statement that it would stop using the technology "to dispel any doubts, even if they are chiefly of an emotional origin."
Utah state Rep. David Hogue, the sponsor of the Right To Know Act, says he introduced the legislation after researching RFID technology and consulting with RFID critic Katherine Albrecht, founder and director of Consumers Against Supermarket Privacy Invasion and Numbering, a group fighting the collection of consumer marketing data. The potential for using RFID technology to track consumer purchases "made me real nervous," Hogue says.
While lawmakers worry that RFID will be used to violate privacy, other people fear that legislation may do more harm than good. There are legitimate RFID privacy concerns, says John Jordan, a principal at consulting firm Cap Gemini Ernst & Young, but it seems premature to pass laws dealing with a technology that's years away from entering most retail businesses. Many companies testing the technology are still struggling to get RFID to work, Jordan says.
Mandatory tag destruction also could deny customers some of the benefits that RFID tags might bring post-sale, says Dan Mullen, president of AIM Inc., an association that represents companies involved in developing mobile automatic-identification and data-collection technology. Those benefits could include receipt-free product returns and automated item-location services for the handicapped. AIM supports notifying customers of when and where RFID is being used, as do most RFID vendors and trade groups.
The deactivation provision in both state bills also troubles Ari Juels, manager of applied research at security firm RSA Laboratories, which is developing RFID signal-blocking technology. "This approach of mandatory killing--while admirably seeking to address real privacy concerns--may needlessly and myopically impede the beneficial deployment of RFID," he says.
RFID tags already are being used in places other than retail stores, Juels notes, such as automatic toll-payment systems. "Without a comprehensive understanding and approach to the legislation of such technologies," he says, "legislators risk ineffective and perhaps detrimentally reactionary legislation."
About the Author
You May Also Like
2024 InformationWeek US IT Salary Report
May 29, 20242022 State of ITOps and SecOps
Jun 21, 2022