It’s Time to Address Privacy

Sep 17, 2006By Mark Roberti

Katherine Albrecht, founder of Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN), was quoted in a recent Globe and Mail article (see Who's Watching the Watchers?) as saying: "Promoters have a lot more funding these days to make their case. Privacy advocates don't get as much press."

In reality, vendors of radio frequency identification technologies have spent little or nothing on educating the public about RFID. And privacy advocates get all the press because stories about Big Brother spying on you sell more newspapers than stories about improved supply-chain efficiency.

From recent conversations I've had with end users and vendors, people feel there is a growing need to do more to explain what RFID is, how it is being used, what it can and can't do and so on. EPCglobal, the group commercializing Electronic Product Code technologies, and AIM Global, the association for automatic data capture companies, have been focused on educating legislators in the United States and Europe. They also provide information for the press, but I'm not sure either has the resources or the desire to make educating the public a high priority.

I believe it's time to create a nonprofit group that focuses on education. Any organization funded by the RFID industry will, no doubt, be considered a tool for misinforming the public. But I still think it would be worth creating a group to do the following:

• Promote and encourage companies using RFID in any consumer application to adhere to best practices that protect consumer privacy.
• Educate the public, legislators, journalists and privacy advocates about the potential privacy issues RFID raises, and the ways they can be addressed.
• Coordinate the work of various RFID industry bodies to ensure a unified approach to RFID labeling.

What I would like to see is an organization headed by someone who understands RFID systems and can intelligently address questions about read range, the potential for surreptitious reading of tags and so on.

The person who undertakes this task should not be someone who simply wants to shoot down every piece of legislation and encourage governments not to regulate RFID. Rather, the head of this body should be someone who understands that to achieve the benefits of RFID technology, companies need to respect consumer privacy and behave responsibly. He or she should have credibility among end users, vendors and the press and be able to promote best practices that protect consumers.

As this group educates companies about the benefits of adopting privacy best practices, it should also educate the public about what RFID can and can't do, and how companies are likely or unlikely to use the technology. Informed consumers can make intelligent choices about whether they want to shop in stores that use RFID. Unfortunately, almost every article written about RFID and privacy has had serious inaccuracies that hamper the public's ability to make an informed choice about whether this technology is good or bad for them, which is why educating journalists should be a high priority.

And when I say "educating," I don't mean just selling RFID—talking about all the potential benefits RFID could bring consumers, businesses and societies as a whole. I mean helping people understand the technology, the systems behind RFID and the business practices that will use RFID information. (As an aside, I wrote an article on Oct. 17, 2005—Target, Wal-Mart Share EPC Data—that must rank among the most misquoted articles in history. Although it clearly states that Wal-Mart and Target are sharing data with individual suppliers about the location of the suppliers' products in the supply chain, the story is repeatedly cited as refuting my oft-made claim that retailers won't share data about their customers with their competitors. It does nothing of the sort, as anyone who has actually read it would know.)

Finally, it is clear that the industry needs to create a universal label to be placed on all consumer products, indicating that the product contains an RFID tag. EPCglobal has its label. AIM Global has created its own for non-EPC RFID systems. But manufacturers don't want to have two or more labels on products that have RFID. It is imperative that we have a single, global label, and this group I'm proposing could help achieve that.

I think an organization that is not controlled by a single group—end users, vendors, standards bodies—within the RFID industry, one that focuses on getting companies to adopt best practices for protecting consumer privacy, educating the public at large and promoting standardized labeling, would be invaluable. If you agree, or if you think your organization would support the creation of such a group, please send an e-mail to editor@rfidjournal.com.

Mark Roberti is the founder and editor of RFID Journal. If you would like to comment on this article, click on the link below.