“It is poor civic hygiene to install technologies that could someday facilitate a police state.” -Bruce Schneier
Imagine a world where your every possession-clothes, books, cash-could be precisely and invisibly tracked. In this world, your purchases, movements and activities could be monitored in real time or recorded for posterity by marketers or the government, all without your knowledge or consent.
Now imagine a different world, a world where you control whether your movements and belongings are tracked, and can even “turn off” this silent surveillance permanently. Which would you choose?
This is the choice that RFID technology poses. But if the RFID industry and the government get their way, you won’t have much say in the matter.
Touted as the new barcode, RFID technology uses tiny computer chips and antennas integrated into tags that hold a small amount of data and report that data when read by an electronic scanner, thus enabling the automatic identification and tracking of tagged goods. RFIDs the size of a grain of rice can be near-invisibly embedded in the sweater you’re wearing, the disposable razor you buy, or the book you’ve just checked out of the library.
Retailers like Wal-Mart and Target want every pallet and case of consumer goods, or even individual items, to have a cheap tag that reports an electronic product code, or EPC.
But tags with EPCs are far more than barcodes. RFID tags can be read from up to 25 feet away, even through external packaging, and multiple tags can be read simultaneously. Also, bar codes only identify a class of products. To an RFID scanner, every tagged bottle of Coke is different. Some in the RFID industry envision that each unique tag would be logged in a distributed, worldwide database that would allow computers to identify any tagged object anywhere instantly.
For retailers, as well as government agencies like the Defense Department, RFIDs are a convenient way to keep track of inventory. But they’re also a convenient way to do something less benign: track people and their activities through their belongings. Unless RFIDs are killed or removed at the point of sale, you’re as easily “read” and tracked as the items you’ve purchased.
Unfortunately, most current RFID tags are promiscuous and inconspicuous. They’ll talk to any compatible scanner, and you won’t even know about it. Here are a few of the privacy threats that could arise from widespread RFID, scanner, and database use.
c Association threat-Your personal identity could be associated with one or more tags, as when you buy a tagged good with a credit card, or if your tags are read when you use your credit card for an entirely different transaction.
c Transaction threat-Once your identity is associated with any of the tags you carry, any transaction you engage in can be associated with you, even if you’re paying cash.
c Inventory threat-Should someone with an RFID scanner be able to know that you’re carrying a pregnancy test kit?
c Location threat-If readers can learn where a tag is, they may learn where you are. Michelin is putting RFIDs into tires, for example.
c Preference threat-Marketers may be able to profile you based on tagged goods you carry, like books, music, clothing or other personal items. The book industry is studying RFIDs for inventory control.
c Constellation threat-Even if none of your RFIDs contains or is associated with your personal information, you’re probably carrying a unique group or “cloud” of tags. A reader could detect that cloud of tags at one place, another reader could detect the same cloud somewhere else, and so on.
In these examples, there’s no need for the tag itself to carry any personal information; that data can simply be associated with the tag’s own unique ID number. (Even without RFIDs, lots of databases already have huge amounts of information about you, which could be associated with the tags you carry. Who can read your virtual biography in these databases?)
Until now, consumers have been in the dark about the stealthy but steady testing and deployment of RFIDs. It’s time to confront RFIDs. Let’s work for a world where you can know about and kill your RFIDs, or decide who can read them if you don’t kill them. Retailers could use RFIDs for inventory management, but not for tracking people.
The point is pretty simple. People should be free to go about their daily lives without being tracked and without wondering whether they’re being tracked. But unless we take control of promiscuous RFIDs, secret tracking will be a serious threat to privacy.
Lee Tien is a senior staff attorney with the Electronic FrontierFoundation http://www.eff.org.
