What Privacy Problems Do RFID Tags Cause, If Any?

By RFID Journal

  • TAGS
Ask The ExpertsWhat Privacy Problems Do RFID Tags Cause, If Any?
RFID Journal Staff asked 12 years ago

What issues most concern privacy advocates when it comes to radio frequency identification technologies?

—Name withheld


Radio frequency identification is simply a tool that can be employed for a wide variety of applications. It, in and of itself, cannot cause privacy problems, though it can be abused in ways that might infringe upon a person's privacy. Potential abuses that some are concerned about include the use of RFID to track individuals within stores, to monitor people outside of stores and to know what a person owns, for the purposes of stealing his or her belongings. I'll address each of these scenarios below.

Privacy advocates are concerned that a retail establishment might, for example, sell a shirt containing a unique serial number on an RFID tag inside a shirt (or pants, shoes or other apparel), and then associate that number with that particular buyer in its database. The next time that the customer shopped at that location, the store would then be able to read the clothing's tag, look up that person's identity, as well as what he or she may have purchased previously, and try to sell similar goods.

GS1's guidelines state that Electronic Product Code (EPC) tags used in clothing should not be associated with personal data, and most retailers with whom I have discussed the issue are uninterested in utilizing the technology in this manner. It could potentially cost them customers, and they consider it much better to ask people to opt in to a loyalty program. In addition, it would likely be very easy to reveal which retailers were secretly tracking customers, so they would face a PR nightmare.

Another concern is that a tag in clothing or other personal articles might be used to track or identify someone outside of a store. An ex-husband, for example, might deploy readers at locations that his former spouse frequented, in order to find out when he or she was there, and then follow that person home. Or a government might read tags in a citizen's clothes during a protest march, ask for that person's driver's license and then associate the tag with that individual's name. Then, if that tag were ever read again, the police would know the protestor's identity.

I consider the first example farfetched. RFID is a short-range technology, and installing readers at your spouse's lover's house to prove he or she is having an affair would be very difficult to accomplish. It would not be easy to hide the interrogators, or to connect to power outlets and the Internet—and, in any case, a GPS tracker would do the job more effectively.

The second example is a legitimate concern. A government could assemble a database of tag ID numbers and associate each ID with a specific protestors. The solution is either not to put tags in clothes, or to enable tags to be killed. To date, most companies have stayed away from embedding tags in apparel, and are instead putting tags on a hangtag or label that can then be removed and discarded before a customer wears the item.

The last concern is that everything a person buys will be tagged, and that robbers will then be able to drive by a house, know what's inside and break in to steal it. This strikes me as dumb. Thieves don't rob houses based on what's in them, but rather on whether anyone appears to be home. They look for cash, or items that can quickly be turned into cash. Besides, they know that a family with a Mercedes-Benz in the driveway of their house in Bel Air will have nicer stuff than folks with a jalopy outside their home in Hoboken.

—Mark Roberti, Founder and Editor, RFID Journal

Previous Post