Protecting Consumer Privacy

By Mark Roberti

An article in BusinessWeek about new video surveillance systems shows the focus should be on business practices, not technology.

BusinessWeek recently ran a fascinating article on retail surveillance systems and the enhancements being made to counter organized shoplifting gangs (see Attention, Shoplifters. The article raises some poignant questions about privacy and, indirectly, about the concerns some privacy advocates have about radio frequency identification.

The article says retailers are being beset by gangs of professional shoplifters who snatch large numbers of items and resell them at a discount. As a result, the average loss per shoplifting incident rose to $855 last year, up from $265 in 2003, with theft now costing U.S. retailers $30 billion annually. Retailers are fighting back with new high-tech tools, including smarter video cameras and RF-based systems.




What caught my attention was BusinessWeek's description of Video Investigator, a package "whose advanced surveillance software can compare a shopper's movements between video images and recognize unusual activity. Remove 10 items from a shelf at once, for instance, or open a case that's normally kept closed and locked, and the system alerts guards sitting in a back room—or pacing the sales floor—with a chime or flashing screen."

This raises some interesting privacy questions. Stores clearly have the right—even a fiduciary duty—to try to reduce shoplifting and employee theft. But how far should they go in terms of using technology to examine the behavior of customers? And how far should they—can they—go in terms of informing customers of what they are doing? (You want to tell your customers they are being watched without tipping off the thieves.) It's one thing for consumers to be watched by the six million video surveillance cameras BusinessWeek says U.S. retailers have installed. It's another to know that software is being used to analyze behavior and, perhaps, to remember faces.

The article made me realize that, with the increasing power of computers, the day might not be far off when retailers can identify customers the moment they walk in the store, by using facial recognition software. Privacy advocates fear that companies will use RFID to build up giant personal profiles of their customers—by embedding tags in clothes and linking them to personal information when they pay—that could be used to identify them in stores, and then pitch them products. They say this makes RFID a unique threat to privacy. But the BusinessWeek story suggests retailers might not need RFID at all to do this, that intelligent video-surveillance systems would work just as well—or better.

The story also says retailers are looking at RFID's potential role in thwarting thieves. It mentions the possibility of using smart shelves with built-in RFID readers and antennas to detect when several items have been removed, indicating a possible theft in progress. The system could alert security guards to watch the person who lifted the items to make sure he or she pays. This could work better than electronic article surveillance systems, which don't alert security until someone has passed a portal at the door—when it's often too late.

The BusinessWeek story also mentions Gatekeeper Systems' Purchek product, which it describes as RFID—even though it's not. The system uses a transmitter that emits very-low-frequency (below 9 kHz) RF signals to a digital circuitry board in the shopping-cart wheel. The wheel translates the coded signal and, depending on the specific signal received, triggers a motor inside the wheel either to engage or disengage an internal brake. If someone is leaving the store without paying, the cart locks up. This system is not RFID because the receiver in the shopping-cart wheel does not have a unique identifier. There is no transponder and no exchange of data.

It's not a given that RFID will ever be used in theft-prevention systems in stores, but even if it's not, it will be in stores for inventory control and other purposes. So RFID will continue to be a technology privacy advocates will be watching. That's understandable. But what the BusinessWeek story clearly shows is that the privacy issue—and any legislation to protect privacy—must not be tied to any one type of technology. Rather, it must focus on the rights of consumers to privacy, and the rights of businesses to protect themselves from being robbed while doing business in the most cost-efficient way.