Nov 25, 2003California State Senator Debra Bowen (D-Redondo Beach), chair of the Senate Subcommittee on New Technologies, held a follow-up last week to her seminal Aug. 18 informational hearing on the potential privacy concerns posed by the implementation of RFID technology. As with the first hearing (see California Legislature Probes RFID), this meeting did not include any formal decision to introduce legislation. But Bowen told RFID Journal after the meeting that she believes one thing is certain: Consumers have no real legal protection against loss of privacy through the use RFID technology.
"Legislators felt that the first meeting was very informative, and that we had heard enough from advocates but not enough from the business side–the people actually implementing the technology," said Bowen, explaining one of the main aims for the second hearing. The ultimate goal for Bowen in holding both hearings has been to better understand RFID and foresee any areas that might cause problems for consumers regarding RFID and privacy.
“If policy makers are going to legislate, they better understand the technology first,” Bowen said. Two panels provided testimony. The first, which addressed the use of RFID technology in manufacturing and retail, included Jack Grasso, director of public relations for EPCglobal, a not-for-profit group charged with leading standards and guidelines for members of the EPC Network. Also on the panel were Kristin Power, director of state affairs for the Grocery Manufacturers of America, and Lee Tien, senior staff attorney with the Electronic Frontier Foundation, a privacy rights advocacy group. Representatives from the International Mass Retailers Association, Wal-Mart and Procter & Gamble declined the senator’s invitation to testify.
"I was disappointed that Wal-Mart and Procter & Gamble did not come. But I think that if we get to the point of talking about legislation, those people will be able to find Sacramento very quickly–with or without an RFID chip,” said Bowen. Overall, Bowen said she was pleased with the steps that the industry is taking, but she left no doubt that lawmakers will consider taking legislative steps to make sure consumer privacy was adequately protected.
"They [EPCglobal] talked today about enforcing compliance to guidelines and standards," Bowen said. "But it is clear that in all of the existing laws that deal with data collection, there is nothing that covers the use of RFID-related technology."
Grasso, the first to testify, said that “nothing is of higher priority” to EPCglobal than issues of consumer privacy. EPCglobal guidelines, developed over the past few months, include requirements that consumers be given notice on each item that contains an EPC code. This would be done through an EPCglobal logo, which he said is currently in development, with no release date. The guidelines also require that consumers be provided instructions on how to dispose of RFID tags, either by discarding packaging or physically removing the tag from an item, and that they be given access to information on the technology behind EPC and RFID tags. In addition, the guidelines state that companies will be required to make public their “policies regarding the retention, use and protection of any consumer-specific data generated through their operations, either generally or specifically with respect to EPC use."
The second panel addressed the introduction of RFID into library checkout systems. Jackie Griffin, director of the Berkeley Public Library, sat on this panel, along with Tien, of the Electronic Frontier Foundation. Karen Schnieder, with the California Library Association, was scheduled to speak but was not able to attend. (On Sept. 4, the San Francisco Public Library Commission approved plans to start tagging books by 2006.)
Griffin addressed Berkeley library’s pending decision on whether to replace manual checkout systems with self-serve RFID-enabled stations in order to reduce the burden on its staff, many of whom are hampered by repetitive-stress injuries from checking books in and out. These injuries were responsible for approximately $200,000 in direct and $200,000 in indirect costs to the library through workers' compensation each year for the past five years. “As a library, we function on the basis of individual privacy and freedom,” she said. “We take questions [about privacy] very seriously.”
In order to avoid infringing upon the privacy of its patrons, the library would use a closed system, that is, one in which the tag would not be linked to a book's identifying International Standard Book Number (ISBN). Six digits in the EPC tag's 10-digit system would be used to identify the book; the other four digits would be unused. The patrons’ name, address and other identifying information would be kept separate from records detailing which books they checked out, except when the library is required to provide such records under subpoena or by the Patriot Act.
Tien, who spoke on both panels, said he sees the benefits that RFID technology poses, especially in terms of tracking drugs and toxic substances and uses in the supply chain. His concern lies in what he called the “stealth deployment,” in which individually tagged items are sold to consumers without their knowledge. “We’re happy to hear that EPCglobal has these voluntary guidelines, but we’re concerned that they won’t be used. So it’s important that consumers be able to use their rights to know what parts of their personal information has been collected.”
When asked what measures EPCglobal would take in the future against retail member companies that defied its guidelines with respect to item-level tagging, Grasso conceded that those prescriptions have not yet been set, but that they would likely include expulsion, at least temporarily, from the network.
“The decision to introduce legislation is up to lawmakers and regulators,” he told RFID Journal. “We [EPCglobal] have no position on that.”
“No one has privacy concerns about most of the applications being rolled out right now,” Bowen told RFID Journal. “In fact, there is a lot of applause for the advances being made at the supply chain level. But at the retail level there is a different set of concerns.”
Bowen said that she and other subcommittee members will continue to follow RFID and consider steps to take to safeguard consumer rights. No further hearings are scheduled at this time.
