RFID and privacy
Tracking your patterns?
CBC News Online | May 31, 2006
Radio Frequency Identification Device. Sounds innocuous enough — but this tiny chip is causing big concerns.
Retailers say the chip, which can be implanted in products, is good as gold. They use it to track the flow of goods from supplier to store shelf and out the door. It tells them, for instance, when they're running low on razors so they can get in touch with the supplier and get more product in quickly.
Wal-Mart — which began using RFID tags to track stock in January 2005 — says the chips have reduced out-of-stock problems by 30 per cent. A Wal-Mart executive estimates that the top 100 retailers in the United States lose $69 billion a year in sales because they run out of product too often.
The devices can also tell a big retail chain if a featured product is properly displayed at its outlets across the country. If, for instance, the product tags show the stock still in the warehouse rather than on the display tagged to receive it, the discrepancy is known immediately. That means the chain doesn't have to send out people to survey a sampling of stores to see if the product is displayed the way it is supposed to be.
The technology isn't new. It has its roots in the Second World War, when radio frequency transponders were installed on Allied aircraft. They helped identify the planes so they wouldn't be shot down by "friendly fire." By the 1980s, the technology had developed to the point where it could be used to track railway cars and identify cattle.
The technology has also been used in the automotive industry for two decades, mainly to track parts. But new developments are moving the devices inside cars where they will eventually be able to tell you when the air pressure in one of your tires is too low. They're also used in engine immobilizers that shut down a car unless its RFID reader detects the right tag in the key used to start the car.
But the technology doesn't stop at tracking products. It can also keep tabs on you. Got one of those retail loyalty cards? It contains information about you — and that bottle of hair dye you just bought may contain an RFID tag. Buy the same product a few times over the course of a year, and the retailer might be able to detect a pattern and target you with product-specific advertising.
It's issues like that that have caught the eye of the Office of the Privacy Commissioner of Canada. In her May 2006 report to Parliament, Jennifer Stoddart listed several reasons for concern.
Stoddart's office surveyed 14 Canadian corporations to get some idea of how the use of RFIDs is evolving in Canada. Twelve responded. Two of the companies were involved in the production of RFIDS. Of the remaining 10, four were using RFIDs, two were considering them, and four had tested or would be testing them. Stoddart's office asked those companies to respond to its concerns about security. Her report says:
- Surreptitious collection of information. The tags are small and consumers may not know they've been embedded in products. The tags can be read from a distance, so the person doesn't know when s/he has been scanned.
- Tracking an individual's movements. If a tag's been embedded in your car or in clothes you've bought, and there's a dense enough network of readers, somebody may know where you are — and where you're headed. Like a political rally or a protest.
- Profiling of individuals. What you buy could be linked to your credit card number — or that loyalty card — making it easy to create a profile of your buying habits.
- Secondary use of information. What if an insurance company or potential employer got hold of your profile and had concerns about some of the medication you may or may not be on?
"Six of the ten organizations responded in some way to the privacy issues mentioned in the survey letter. Of the six, one indicated that it would conduct a privacy impact assessment (PIA) in reviewing the possible use of RFIDs, one would not, two others might consider a PIA or privacy compliance test in their consideration of RFIDs, and two reported that they believed a PIA was not required, since their RFID application did not identify individuals and/or link with personal information."
Stoddart's report concludes that "greater public and political awareness of the potentially intrusive nature of RFID technology is essential now."
Her office will look at developing guidelines to help ensure that RFIDs don't erode privacy rights.
Meanwhile, Levi-Strauss & Co. — one of the world's largest makers of jeans — says it has begun a test of embedding the chips in its clothing at one U.S. location. It won't say where.
In Holland, a bookstore in a suburb of Amsterdam opened in April 2006, claiming to be the world's first fully RFID-tagged store. Part of the Boekhandels Groep book chain, the store expects the system to reduce labour costs, improve stock control and increase sales. The chain says customers are told about the tagging system — and that the tags are disabled as soon as the customer walks out with his/her purchase. The store has not been targeted by privacy groups.
We want out of privacy rules: Nfld doctors (Aug. 20, 2003)
'Grave deficiencies' in B.C.'s new privacy bill (May 8, 2003)
'Big brother' travel database restricted (April 9, 2003)
Plan to track air travellers may violate rights (Nov. 22, 2002)
Bell blasted for privacy infraction (Nov. 20, 2002)
Shared airline records violate travellers' rights: privacy commissioner (Sept. 27, 2002)
Air Canada guilty of privacy breach: federal commissioner (March 21, 2002)
Air Canada drops customer credit requests (July 19, 2001)
New privacy law requires client's consent (Dec. 14, 2000)
New rules 'long overdue': privacy commissioner (Oct. 23, 1999)