"Radio Frequency Identification"

Big Brother in a Chip?

One of the most controversial technologies these days is RFID, which stands for Radio Frequency Identification.  It's of special interest to me because I've worked on several projects in the RFID realm.  RFID allows a device, called a tag, to be affixed to some object and accessed by a special reader using radio waves.   At one time, RFID tags were the size of a credit card or larger, but as technology progresses, they have shrunk to tiny chips that are barely visible.  RFID is a hot item, because it allows product information to be encoded in a very small form, which can be used by retailers  as an alternative to bar codes. They are more expensive, but they provide several benefits:

a) They can store more information, and that information can be updated. b) They can be accessed several inches away from the reader. c) They can be read almost simultaneously – an entire shopping cart full of merchandise could theoretically be read in a single scan. d) Like bar codes, most RFID tags do not require their own power source (though the application sometimes requires it, if they need to be read over long distances.)

As with any new technology, it causes a lot of apprehension in the public.  Many people see it as a way to track the public via their purchases, as a frightening kind of “big brother” technology.  Of course, you can remove the RFID tag from an item you buy, but considering the small size of many tags, what if you don't know where it is, or even if it's on there?

Those of us with privacy concerns appear to be in the minority. Retailers have had great success with the idea of “shopper cards”, which provide discounts in return for allowing the store to track personal purchases.  A few stores provide the option of signing up for a card anonymously – but in many cases, a person has the choice of paying a jacked-up price, having their privacy invaded, or assuming a false identity.  Even so, these stores cannot track what customers do with their purchases once they leave the store.

RFID is different in the sense that the tags can be read without the owner knowing about it – providing the tags and their scanners have a sufficient operational range.  But the technology is not perfect.  For cost reasons, most RFID tags are “passive”, which means that they do not have their own power source.   In this case, the RFID tag reader broadcasts a signal periodically, looking for any and all tags in its range.   The tag absorbs power from the reader's broadcast, and sends a return signal using this scavenged power.    Of course, the return signal's power is a fraction of that of the reader signal, so the reader's receiving circuitry must be quite sensitive.  Timing is critical, because the broadcast needs to be turned off before the tags answer them, or these weak signals will be drowned out by the reader's powerful one.   Tags also need to answer with random delay times, or they may end up answering the reader simultaneously, producing garbled data.  At the same time, tags must respond quickly, before they run out of power.

The use of passive tags means their range is limited.  (However, larger, battery-powered tags can be detected over a much greater distance.)   A store that is using tags for its point-of-sale system will not want to reread tags for merchandise the customer has already paid for (such as articles of clothing, a pack of gum in the pocket, etc.) or they may lose customers.  The cheapest way to do this might be to just disable the tags, which would eliminate the potential privacy concerns.  On the other hand, many tags are writable and could be marked as “paid” but remain active. This could become an issue on merchandise returns.  On one hand, stores would be more confident the goods were not stolen.  They could also become more finicky about the returns they do allow.  And requiring the tags on returned merchandise to be readable could cause a bigger problem for privacy advocates.

Some people are out to demonize RFID, and would like to restrict its use for retail trade.  Even if this happened, it would still have many important applications, such as warehousing, shipping, and for any business that needs to track its property.  It has also been used successfully to fight crime.  A few years ago, I participated in a project where the Postal Service used hidden RFID tags to catch a ring of mail thieves.

But even in grocery stores,  RFID could conceivably be a privacy-enhancing technology.  If, for example, RFID tags help prevent shoplifting, that means that, theoretically at least, there's no reason for them to inspect the customers' person or belongings – that is, unless they have a problem with false positives.  But regrettably, it seems that any data that can be abused will be abused by somebody.  I remember hearing about bars using the new electronically readable drivers licenses as a way to mine their customers' personal data for marketing purposes – under the guise of preventing the use of fake ID's.   Some clever store chain will station RFID readers throughout the store to check on what brands of clothing people are wearing.  This seems innocent enough, until you realize that if every tag is given a unique identifier, these could be tied to their purchaser, and a lot of personal data could be captured.

What I'd like to see is a good-faith effort by retail stores to address their customers' privacy concerns.  There should be (a) an indication or symbol on any product that uses RFID and (b) a straightforward way to remove the things after  purchase.  Stores might be reluctant to share this information for fear shoplifters may utilize it inside the store. But stores could still use a separate anti-shoplifting tag (like the old “checkpoint” system) that is disabled at the point of purchase.

One place where I personally worry about the applications of RFID is its potential use for tagging human beings.  Already it's commonly used as a form of identification for pets.  I expect that the use of human RFID tags will expand gradually, starting with soldiers and then with school children, who will be tagged by their parents as a response to an overblown threat of kidnapping.  (This could lead to terrorists or kidnappers mutilating their victims in an attempt to disable any hidden RFID devices.)

Although I don't believe RFID to be the grave threat that some perceive, it's a useful technology that should not be thrown away simply because of its potential for abuse.  Still, as citizens and consumers, we need to watch carefully.  Like anything, it could be used for good or evil, to increase freedom or to limit it.

References:

On the RFID industry:  www.rfidjournal.com On misuse of RFID:  www.spychips.com On driver's license scanning:  www.we-swipe.us On public RFID fears, “RFID Strategy -- RFID And The Black Helicopters Of The Apocalypse” , www.industryweek.com/ReadArticle.aspx?ArticleID=11270 On RFID advocacy:  www.aimglobal.org/technologies/rfid