Radio-frequency identification technology, also known as RFID, has its supporters and detractors. Both groups now have something to talk about.
A working group of major companies—IBM is the charter member—and advocacy groups announced May 1 a set of RFID best practices to protect consumer privacy as it relates to item level tagging.
The group, led by the CDT (Center for Democracy and Technology), includes a whos who list of companies involved one way or another in RFID testing or software development: Microsoft, Intel, Cisco Systems, Proctor & Gamble, Eli Lilly and Co., American Library Association, National Consumers League, aQuantive, VeriSign and Visa.
On the flip side, Levi Strauss & Co., one of the nations largest clothing manufacturers, confirmed April 28 its testing of RFID “hang tags” on clothing shipped to two retail outlets in Mexico and one in the United States—a move that many consumer advocates point to as an outright invasion of privacy rights given the tags will be attached to individual items consumers wear.
Levi is using RFID to track inventory at the test stores at the retailers requests; it has no plans to use RFID in any of its 18 Levis brand stores, according to Jeff Beckman, director of worldwide and U.S. communications for Levi Strauss in San Francisco.
“Our philosophy is that [RFID tests] are being driven by retailers,” said Beckman.
“So future tests, whether it happens, is being driven by retailers, and only if they are consistent with guidelines [put forth by consumer privacy advocate group CASPIAN], which is very transparent.”
The item-level tags used in the Levi stores, hung from a pair of jeans much like a price tag would be, are identified as having an RFID chip in them—and removable, according to Beckman.
There are also signs posted in each test store explaining RFID.
“Its a little 2-by-4-inch tag thats removable,” said Beckman.
“Its absolutely not embedded. Its readable from 1 to 3 feet and really has no value to anyone,” other than for inventory tracking.
RFID uses microchips to track items through radio waves that can be detected at a distance.
The fear with privacy advocates is that, particularly in the case of embedded tags in everyday items like clothing, peoples movements will be tracked by retailers looking to extract marketing information or, in a worse-case scenario, by the government.
The privacy advocacy group CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) along with about 40 other privacy and civil liberties organizations, in 2003 called for a moratorium on RFID-chipped items for consumers until there is more technology-specific information available—a moratorium Levi Strauss has declined to honor.
It also published guidelines for using RFID at the item level that call for tags to be removed before they reach consumers, according to Katherine Albrecht, founder and director of CASPIAN, as well as co-author of the book “Spychips: How Major Corporations and Government Plan to Track Your Every Move with RFID.”
Despite being transparent with its RFID tags, Levi is not being so open with the identification of the U.S. retailer (Beckman confirmed it is not Wal-Mart or Target, two major retailers with RFID mandates for their top suppliers).
Part of the reason Levi may be staying mum on the whereabouts of its RFID program is past experience from fellow clothing manufacturers.
Following a 2003 consumer boycott led by CASPIANs Albrecht, Benetton backed off its plans to embed RFID chips in its Sisley line of clothing.
“If we knew where [the Levi test store] was, we would alert our membership,” said Albrecht, in Nashua, N.H.
“Many people feel very strongly that this is a dangerous technology and there is really an issue. [At the same time] there is an abysmally small percentage of Americans—between 10 and 20 percent—that have heard of RFID. Thats what we need to do—stimulate awareness before these companies start using RFID,” in item level goods.
Privacy Matters
Released at the RFID Journal Live Conference in Las Vegas from May 1-3, the CDTs best practices document is essentially a privacy guideline for companies that are looking to move to item level tagging—an expectation that IBM has as it develops RFID technology, for example.
The document outlines how consumers should be notified about RFID data collection, what choice they should have with respect to their own personal information, and how that information should be treated by companies that collect it.
It also offers guidance to companies that collect RFID data in providing that information.
“RFID is a fast-evolving technology that may soon become ubiquitous in our lives. While it offers great promise, it also raises serious privacy concerns,” said Paula Bruening, staff council for the CDT, who led the working group, in a statement.
“This document establishes a carefully crafted balance: recognizing the core privacy needs of citizens while acknowledging that early-stage technology needs the flexibility to change as it evolves.”
The best practices group worked for more than a year to hammer out details of the document, and has plans to keep that work alive—particularly after it determines the impact of the May 1 document release, according to Ann Breidenback, director of Sensor & Actuator Solutions Product Line Management & Strategy, at IBM.
“Essentially this paper addresses the issue of notification,” said Breidenback, in Armonk, N.Y.
“Its a first start at defining how RFID should be handled responsibly, with the expectation that we will be going to item level tagging, especially in pharmaceuticals, apparel and footwear.
“This paper is designed as a first step to really outline what best practices are. Its a first draft in a series of drafts that will continue to morph.”
IBM, for its part, is working on providing technology to help privacy concerns.
At the RFID Journal Live conference May 1 the company previewed its “Clipped Tag” technology that enables consumers to either tear or scratch off the RFID antenna of a tagged item—which essentially eliminates the tags ability to communicate with other devices or systems.
The first step down this road for IBM was to develop and patent the technology.
It now has several partners that have developed prototypes of the technology that they can demonstrate with Gen 2 tags.
(Gen 2, an RFID frequency standard that was ratified by EPCglobal in 2005, and is just being productized this year, has some of its own security code written in.)
The next step, according to Breidenback, is for tag manufacturers to decide whether or not they want to put the Clipped Tag technology into production or not.
Check out eWEEK.coms for the latest news, reviews and analysis on mobile and wireless computing.