Privacy Nonsense Sweeps the Internet

Even once-respectable publications, such as Scientific American, have found the need to publish utter nonsense about RFID and privacy, in the wake of the news that Wal-Mart plans to track some clothing items with the technology.
Published: July 27, 2010

It was inevitable. The moment Wal-Mart announced plans to track some clothing inventory with radio frequency identification (see Wal-Mart Relaunches EPC RFID Effort, Starting With Men’s Jeans and Basics and Wal-Mart Takes a New Approach to RFID), there was a wave of articles and commentary on the Internet raising concerns about the privacy implications of the move. The articles were often incorrect, misleading or thoroughly stupid.

Let’s begin with factually incorrect. The Wall Street Journal‘s article on Wal-Mart’s plans to tag some clothing items stated, “While the tags can be removed from clothing and packages, they can’t be turned off, and they are trackable. Some privacy advocates hypothesize that unscrupulous marketers or criminals will be able to drive by consumers’ homes and scan their garbage to discover what they have recently bought” (see Wal-Mart Radio Tags to Track Clothing).

This is both factually incorrect and stupid. The tags are based on the EPC Gen 2 standard, which requires that they have a kill command that would permanently disable them. So the tags can, in fact, be disabled. Wal-Mart does not plan to kill the tags at the point of sale (POS), only because it is not using RFID readers at the point of sale. If, at some point, the retailer decides there is a business benefit to putting readers in POS devices—to speed up checkout, for instance—then the company might well opt to kill the tags, or to switch them into a mode that protects consumers from individuals reading the tags.

Now for the stupid part. Criminals will drive by and determine what you recently bought? Really? So if I’m home with the lights on, I could get robbed because criminals reading RFID tags in my garbage will know I recently bought a pair of Bottega Veneta sneakers for $600? And they’ll bypass the empty house down the street with all of its lights off, because my neighbor only bought a pair of Nike Air Force Ones? The folks at The Wall Street Journal need to come down from their posh Manhattan apartments and find out how the real world works: Criminals rob empty houses with easy access to main roads. They look for cash and jewelry, not purchase receipts.

Two years ago, Scientific American posted an article about RFID and privacy, written by Katherine Albrecht, the founder of CASPIAN and a well-known anti-RFID activist (see An Unscientific Article on RFID and Privacy). Perhaps in an effort to seem relevant and current, Scientific American published a comment by Philip Yam on the Wal-Mart news. In it, Yam quoted a section of Albrecht’s article dealing with a patent filed by IBM that would enable a retailer using the system to track consumer buying habits in their stores without consumers’ knowledge. The patent was filed in 2001, when RFID was still more a concept than a reality, and was approved in 2006.

This patent played a big role in Albrecht’s book, Spychips, and was central to the article she wrote for Scientific American. It’s important to her, because it’s the only real “evidence” she can cite that retailers want to employ radio frequency identification to track consumers. The problem is, IBM is not a retailer, and no retailer has ever deployed the system (I doubt IBM ever built it, in fact). The simple truth is, we all know retailers want to know more about what people want to buy so that they can sell it to them. We also have nine years of proof, since the IBM patent was filed, that Wal-Mart and other retailers will not use RFID to infringe on privacy, because they don’t want to lose customers.

Yam wrote: “…the fact is, it can play Big Brother if it wants to.” Yeah, and it can also go out of business, when customers decide they don’t like shopping with Big Brother watching. Maybe this never occurred to Yam, but customers can choose where they spend their money. I can tell you with absolute certainty that Wal-Mart is painfully aware of this fact.

If Scientific American were adhering to scientific principals, it would point out that Albrecht’s theory that this technology will be abused by retailers has thus far been disproven. Nine years after IBM patented a way to do it, there is not a single instance in her 300-page book, her six-page Scientific American article or anywhere else of a retailer ever using RFID to capture data on consumers without their knowledge. Moreover, Wal-Mart is requiring tags to be placed on labels, hangtags and exterior packaging that will be removed and discarded by consumers. And it has no readers at the point of sale, so it can’t link RFID tags to personally identifiable information.

My theory, from the day this issue came up, was that retailers would respect customers’ privacy because they would want to keep them as customers. I also wrote, in 2004, that “it’s clear that the capitalist system forces technology to evolve in ways that benefit consumers.” And I offered the Internet as an example (see Faith in the System, Part II). With the new privacy features built into new chips from Impinj and NXP Semiconductors, I believe my theory is holding up pretty well.

I’d write an article for Scientific American, but they don’t seem to be interested in science these days.

Mark Roberti is the founder and editor of RFID Journal. If you would like to comment on this article, click on the link below. To read more of Mark’s opinions, visit the RFID Journal Blog or the Editor’s Note archive.