Privacy a hot topic as RFID tagging grows in use

Industry needs to explain the value of RFID, advocate says

Privacy concerns over RFID tagging are reaching new heights, with US state legislators introducing and increasingly passing new measures to restrict their use, while employers face a barrage of concern from workers over RFID-embedded identity badges.

Those worries were aired by speakers and attendees at RFID World: Boston even as some RFID technology defenders worried that they haven't done enough to promote the value of RFID in tracking tainted foods or counterfeit drugs and of reducing the cost of tracking inventory.

To indicate how extreme the national RFID hysteria has become, one speaker said privacy advocate Katherine Albrecht had urged consumers to microwave new underwear to disable any RFID tag and prevent someone from tracking your whereabouts. However, a check of Albrecht's website revealed the opposite -- the site actually urges users not to do so, because it could cause a fire.

"[RFID and privacy] are taken very seriously in state governments across the US," said Ben Aderson, manager and counsel for technology policy and state government affairs at the American Electronics Association, an industry trade group. Unfortunately, most legislators don't know RFID technology well, he added.

Aderson said 50 bills involving limits on RFID were introduced in 19 states in 2007, and three of them became law, the largest number of the past four years. "Nothing catastrophic has passed to completely ban RFID in a state," he said, adding that activity at the federal level has not been as extensive, he said.

The biggest action in states is for bills to ban implantation of RFID chips in people without their consent, and seven states have taken up measures, with Wisconsin and Idaho passing them, Aderson said. However, he said the laws are unnecessary, since implanting anything in a person would be akin to hitting someone in the face, punishable under laws of battery.

Other measures restrict governments from tracking people's movements or with linking RFID data with personal information, he said. Still others, such as one in California, require notifying consumers that a product has a tag, done either on an article of clothing or with a sign in a store.

"A concern of ours is that people don't realise how predominant RFID chips already are, and this [legislation] would include mobile phones [equipped with RFID-type chips]", Aderson said.

Aderson agreed with one questioner who said the industry had not established in the public's mind why RFID chips were necessary to preempt the privacy concerns. "[The industry] has to create knowledge of the value of RFID," Aderson said. "That's a key element, to emphasise what is out there that consumers benefit from." In addition, Aderson said legislators need to be educated about the values of the technology.

Among some positive examples of RFID usage is Michigan, where cattle must be tagged with RFID, so that if an outbreak of mad cow disease occurred, the source could be easier to locate, Aderson said. In Florida, fish and wildlife officials are requiring owners of exotic pets, such as snakes, to tag the animals in case they are lost or escape.

While Aderson generally opposed restrictive legislation as unneeded, a speaker from the Cato Institute in Washington urged a dialogue between RFID opponents and advocates. The speaker, Jim Harper, director of information policy studies at the think tank, also said the RFID industry should cooperate and agree to oppose the use of RFID in areas that identify individuals, their locations and backgrounds.

"Let's not do human identity stuff, and collectively say that's a bad idea, and that doing so will provide the rest of the industry protection [from attacks by privacy advocates]", Harper said. "Great things are coming from RFID, but we want it done right to protect privacy."

Harper said he is concerned that Washington state was considering inserting long-range RFID tags into driver's licenses to enable them to be a kind of border-crossing permit for drivers entering and returning from Canada.

"That's quite concerning," Harper said. "If you have long-range RFID to communicate license information, that's an identifier. And in 50 years that could be misused. It's not the panacea as a lot of people think it is. Stand down everybody; let's not push."

By comparison, Harper noted the US State Department went a long way toward creating the e-passport with an RFID chip, but decided to add encryption and other protections that still required a customs official to slide the passport through a visual scanner, "which did nothing to speed up the process".

Further, third-party tracking was a "distinct problem" for RFID, he said, noting that security analysts have worried that a terrorist group could place an RFID reader somewhere outside an embassy, and find a diplomat carrying something in his briefcase that has an RFID tag.

"That leaves the opportunity to set up an explosive device, really anywhere in an airport, that explodes after the [terrorist] is gone for three to four months if the RFID system is not well designed," Harper said. "Think about the misuses that would be made of that, and that's the kind of thinking you get from privacy advocates, who exaggerate to make a case."

Lee Tien, senior staff attorney for the Electronic Frontier Foundation in Washington, gave a separate presentation, noting that there had been at least eight news reports of hacks or spoofs of RFID-tagged identity cards in recent months. Part of the problem with RFID tags is that they are often promiscuous and will respond to any compatible reader, he said.

"Our concern has to do with wedding this technology with information about people," Tien said. Noting he has a daughter learning to drive, he said, "the last thing I want is for that driver's license card to have information capable of being skimmed for her name, address and photograph."

Other speakers said they have encountered strong opposition from employees over RFID chips installed in identity badges. At Boston's Beth Israel Deaconess Medical Center, attempts to add RFID to emergency staff's badges were abandoned about a year ago because of worries that managers would be trying to find workers on breaks who might be smoking or at the far reaches of the hospital, said John Halamka, the center's CIO.

"The staff reaction was, 'Oh my God, Dick Cheney just wants to watch me,' " Halamka said. While the identity cards do not have RFID, Halamka has installed the chips on expensive medical equipment to track it, he said, reducing the staff time needed to find the devices.

At Boeing Integrated Defense Systems, Steven Georgevitch noted that 150,000 employees in 70 countries have RFID-embedded badges that are needed for access to buildings. But imposing the radio technology has not been easy, he said. The experience should serve as a lesson to other companies that IT managers need to work closely with employees to explain the purpose of the technology and to hear the workers' concerns.

RFID in badges is a "really, really" big concern, said Georgevitch, senior manager of supply chain technology at Boeing. "Employees will always ask: 'will they track me in the bathroom?'"

In one case, Georgevitch recalled, RFID information from badges was not being broadcast from one reader device in one location at 6pm daily as it was supposed to. Boeing staff tried to track what happened by installing a video camera near the reader. IT employees discovered that every day a worker was leaving the building, unplugging the reader, then plugging it in again on his return.

When confronted, the worker said he unplugged the machine because he was leaving to use the bathroom and was concerned someone would track his location. "Somebody would laugh at me," the worker said, according to Georgevitch.

As a result, Georgevitch urged IT groups to test RFID with small groups of workers, and to talk with people to find out their concerns. "Most IT people never want to talk to workers, but I say go test this so people feel comfortable," he said.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matt Hamblen

Show Comments


Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >


Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >


HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >


Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?