Yesterday, I examined claims made in a report from security software vendor McAfee that radio frequency identification tags could pose a threat to IT systems (see McAfee Report Hypes RFID Threat). Today, I’ll dismantle McAfee’s claim that RFID is a threat to privacy, point by point.
Here’s what the company’s April “Sage” report claims: “Imagine a world in which every item you purchase has an embedded RFID tag. When you buy the item, your entire inventory of purchases can be stored in a central database. Advertisers could track your spending habits. When you wear the tagged clothing, you can be tracked and profiled as you travel through strategically placed scanners. This is why lawmakers in many states, including Utah and California, are scrambling to pass legislation that would prevent the use of RFIDs [sic] in order to eliminate the potential to spy on consumers.”
Okay, then. Let’s take these claims one by one.
“When you buy the item, your entire inventory of purchases can be stored in a central database.”
Oh, really? So Wal-Mart, Target, Sears, the Gap and every other retailer in the world are going to set up one centralized database, and every time I buy something at any retail, information about my purchase will be collected there for all competitors to share? Right. Anyone beside me think this is beyond farfetched? Retailers do not share information about their customers with their competitors.
“Advertisers could track your spending habits.”
Here’s some bad news for the folks at McAfee: You don’t need RFID to track spending habits, and unless you pay cash for absolutely everything, retailers are already tracking your spending habits. Credit cards, anyone?
“When you wear the tagged clothing, you can be tracked and profiled as you travel through strategically placed scanners.”
It’s unlikely that people will ever wear clothing with live tags in them—but even if they did, you would only be able to track people if the systems were standardized. If one retailer were using UHF tags and another were to choose HF, they would not be able to read each other’s tags. What’s more, if both used random serial numbers, the numbers would be meaningless to anyone but the retailer that sold a particular item.
“This is why lawmakers in many states, including Utah and California, are scrambling to pass legislation that would prevent the use of RFIDs [sic] in order to eliminate the potential to spy on consumers.”
No legislatures are “scrambling” to pass laws to protect consumers against RFID. In fact, the only laws relating to RFID that have ever been passed are those prohibiting companies and government agencies from forcing someone to get an RFID transponder implanted under their skin. A couple of state senators have proposed bills, yes—some well meaning, others silly—but no legislature has ever come close to accepting the view that RFID is such a threat to consumer privacy that laws need to be passed, and it’s unlikely they ever will.