Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

Consumer Reports Looks at RFID

The consumer watchdog magazine examines the privacy and security concerns linked to the use of RFID in consumer products.
By Mary Catherine O'Connor
Tags: Privacy
May 08, 2006In its June 2006 issue, Consumer Reports rates laptops and PCs, considers the safety and comfort of bike helmets and lists the top gas grills for $500 or less. It also provides its 4 million subscribers with a seven-page, in-depth look at RFID tags, which will likely one day be embedded in just about every product the magazine writes about.

"The purpose of the report was to explain what the technology is and what kinds of concerns need to be addressed," says Andrea Rock, Consumer Reports senior editor and the author of the article. The main concern, she explains, is that identity thieves might find a means of using RFID technology to aid in the unauthorized collection of personal information.

The article points out some advantages to be gained from the use of RFID technology. "Radio-tagging products from CDs to shampoos can offer huge cost savings to business, consumer conveniences such as speedier checkouts, and public benefits, including ways to manage toxic waste and encourage recycling," Rock writes in her report. But her primary focus is reflected in the article's title, "The End of Privacy?"

"Could a high-tech thief 'break into' the tags and cull your banking or medical information? And what about your privacy?" the article poses. Setting out to answer those questions, Rock interviewed industry associations, security experts, end users and RFID technology vendors. In so doing, she found that despite pending legislation and technological measures designed to address concerns over RFID being turned into a tool for surveillance or theft, the RFID industry has thus far done little to ensure consumer privacy.

The article does not prescribe who should be responsible for addressing privacy concerns. However, Jim Guest, president of Consumers Union—the company that publishes Consumer Reports—states in his June 2006 magazine column: "What we need is an array of strict and enforceable state and federal laws that safeguard consumers' privacy rights against all types of current and future gizmos. The laws should apply to any entity that collects and holds information. They should regulate, for example, the kinds of data collected, how the data can be used, consumer notification of security breaches and consumers' ability to see and correct their information. These rights should be enforceable by federal, state and local officials, and by consumers themselves."

The article maintains that by 2004, more than half of all U.S. companies were under mandates to implement RFID, a statistic Rock says was culled form a 2004 report written by consultancy Accenture. Despite that, she says, relatively few consumers even know what RFID is and how it is being used now—in applications many consumers enjoy, such as electronic toll collection—or could be used in the future.

RFID industry group EPCglobal has a list of guidelines for how the technology should be deployed in consumer items, and how its use should be communicated to consumers. Overall, Rock notes, the industry is pushing for self-regulation and against the passage of any laws that would prescribe how the technology could or could not be deployed. In fact, the article quotes Jack Grasso, EPCglobal's senior director of corporate communications, as saying legislation is not needed at this time.

Still, that doesn't mean privacy concerns are being completely disregarded, according to Mark Roberti, editor and founder of RFID Journal, whom Rock also interviewed. "Corporations, even if they're self-interested, know that the way to make money generally is to do the right thing, so they won't alienate customers by violating their privacy," Roberti told Rock.

Last week, the Center for Democracy and Technology (CDT), a Washington, D.C., policy group, released a set of best practices as a means of establishing a baseline for companies using RFID to regulate how data linked to RFID tags is used, and how consumers should be educated about the technology (see Policy Group Spearheads RFID Best Practices). The best practices document is supported by a number of vendors of RFID technology, including IBM and VeriSign, as well as such end users as Visa USA.

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations