Privacy Conversation

California State Senator Debra Bowen (D-Redondo Beach) is a leading advocate of preemptive legislation to control the use of RFID technology. Her main goal, she says, is to prevent retailers invading people’s privacy, while enabling companies to achieve supply chain efficiencies from the technology. Bowen introduced legislation in the California Senate in March. A month later, the body approved an amended bill on a 22–8 vote. At press time, it was about to be

considered by the state’s Assembly. In an e-mail exchange with Mark Roberti, the editor of RFID Journal, Bowen explained her position.

RFID Journal: When there are real and present dangers to consumer privacy, why focus on RFID?

Bowen: Waiting for a problem to develop before setting standards prompts the argument that “we already have all of this infrastructure in place, and it’s too expensive to change now.” Government limits on new technologies have typically come after personal privacy and security have become a problem, after people have had their identities stolen or their credit card numbers ripped off or their privacy invaded. It’s much better and much cheaper to address the social and ethical implications of emerging technologies in a systematic way early on, so government isn’t constantly running to catch up—for example, by passing laws dealing with identity theft and fraud on the Internet.

RFID Journal: What specific threat does RFID pose to consumer privacy?

Bowen: Using RFID technology for inventory tracking is one thing, but the new Wal-Mart tests in Texas involve putting the RFID chips on three types of individual products that people will buy and take home. That tells me RFID use at the item level on stores shelves is going to come much faster than any of us thought. The next natural step is for manufacturers and stores to place RFID chips in clothes, on shampoo bottles, and on everything else people buy, so they can eventually tie it all to people’s names for tracking and marketing purposes.

RFID Journal: The industry has adopted guidelines saying that companies should not link RFID numbers in products to their purchaser, that products containing RFID tags should be labeled and that signs in stores should alert consumers when RFID readers are being used. Why not wait and see if these guidelines are followed before introducing legislation?

Bowen: I don’t place a lot of faith in industry guidelines, because they’re optional. RFID labels and signs in stores may be a start, but just telling people you’re tracking them with RFID is not enough. You have to give people the ability to control what information a store does—or doesn’t—collect.

RFID Journal: If consumers agree to allow their behavior to be tracked in exchange for some benefits from the retailer, should that be illegal?

Bowen: The question is really: Will people have that choice if every store tracks its customers with RFID and people can’t go somewhere else? California already has a law prohibiting supermarkets from selling customer data gathered as part of club-card programs. If supermarkets move away from club-card programs and start using RFID to track and monitor their customers’ shopping behavior, then we have a gap because that privacy law applies only to club-card programs.

RFID Journal: Why did you drop the bill’s original provision that all tags be killed upon checkout?

Bowen: It became clear that killing RFID tags at the point of sale could take away some of the benefits the technology offers. Recycling is a good example.

RFID Journal: Do you envision any benefits from the use of RFID tags in consumer products?

Bowen: There’s no doubt that RFID can and will provide tremendous efficiencies and benefits to manufacturers, shipping companies, retail stores and even shoppers—if used properly. But before we dive headfirst into it, we have to develop solutions and standards that let people keep control over their personal information.