Jul 07, 2003By Mark Roberti
July 7, 2003 - Today, Caspian, a group that claims to oppose RFID because it will be used to invade consumer privacy, has itself invaded the privacy of the Auto-ID Center. The group downloaded documents from the Auto-ID Center's Web site and encouraged others to create mirror sites to ensure the information would remain available even after the center removed them from its site.
Caspian didn't hack the Auto-ID Center's site. It simply typed the word "confidential" in the center's Web site and downloaded documents. The documents were reports to the center's sponsors that were either public or would soon be made public. There was nothing sensitive about the information.
One document, however, contained the phone numbers of some of the representatives from the companies sponsoring the Auto-ID Center. Not only did Caspian make this available; it encouraged its members to call certain executives on the list. Gee, do you think Caspian would be upset if Auto-ID Center sponsors gave me the phone numbers of all Caspian members to publish, so I could encourage pro-RFID people to bug them?
You really have to wonder about a group that claims to be fighting for consumer privacy but thinks it's okay to breach someone else's privacy. Caspian's excuse is that the ease with which it obtained the material shows the center can't be trusted with sensitive information. You'd think that Katherine Albrecht, the group's founder, could come up with something better than that. The real conclusion one should draw is that the center is not the Machiavellian organization Caspian makes it out to be. If it were, it would spend a lot more on security.
There's an interesting dynamic going on here. Caspian has to keep doing stuff like this to get media attention. But the more it exaggerates the RFID "threat" and the more extreme it becomes in its language and actions, the less relevant it becomes to the average consumer. Ms. Albrecht is very bright and understands history. Surely she's aware that extremists always wind up hurting their own cause.
But there's another dynamic that worries me. The media spotlight that Caspian has focused on the RFID/privacy issue has scared some companies. They are now reluctant to go public about in-store pilots for fear of generating bad press. The problem is, when a privacy group finds out about a particular test and exposes it, the company will look like it is guilty of something. Why else would it hide the test? That's bad for the company and it is bad for RFID adoption.
I would implore any company currently running a smart-shelf pilot or considering one to brief the press on it and be as open about it as possible. Openness will convince your customers that you have no ill intent. Secrecy breeds mistrust. I know companies are risk-averse, and it's easy to think that not publicizing a trial reduces the risk of bad publicity. In fact, it only increases the risk that your company and this technology will be portrayed in a negative light if consumers take home products and find RFID tags in them.
I know in my gut that this is going to happen sometime soon, and it will be a setback for RFID. So, as someone who would like to see both consumers and companies get the tremendous benefits that RFID offers, I'm asking you: Folks, please, do the right thing.
Mark Roberti is the Editor of RFID Journal. If you would like to comment on this article, send e-mail to