RFID: Proceed With Caution

Technologists must become aware of the privacy issues raised by RFID.

Radio-frequency identification is quickly moving from hype to reality. At the first conference dedicated to the technology this month in Chicago, researchers worldwide launched the Electronic Product Code Network, an open technology infrastructure that uses RFID. However, the technology has Orwellian characteristics that, if not addressed, will impede its ability to deliver the substantial return on investment of which it is capable.

The promise and potential of RFID for the supply chain is enormous. RFID manufacturers could embed an RFID tag with a computer chip and antenna into products to better track their movement through the supply chain. The tags respond with

identification information when radio waves are sent to them from transmitters that enterprises would place in a store or warehouse.

RFID proponents claim the technology will be the death of the Universal Product Code and will transform the way businesses manage the supply chain— and they could be right. IBM claims there is $40 billion in excess inventory in the wholesale and retail supply chain. Using RFID to track those goods would enable enterprises to see productivity gains that include tighter inventory control, the ability to respond to consumer preferences and the prevention of theft.

When Wal-Mart gets on a bandwagon, it quickly becomes a juggernaut. It announced a few months ago it will require its top 100 suppliers to ship their products with RFID tags on all cases and pallets by 2005. And at the EPC Symposium, IBM launched an RFID service based on its WebSphere platform. Sun Microsystems is also jumping on the bandwagon with its own RFID business unit.

Of course, tracking pallets of goods is one thing. Tracking the consumers who purchase those goods is another. At the symposium, a public interest group, Consumers Against Supermarket Privacy Invasion and Numbering, protested the launch of the EPC Network—and the issues raised by that group should not be taken lightly. Technologists, enterprise adopters and consumers must become aware of the privacy issues raised by RFID and cooperate to set appropriate boundaries.

There is work under way that goes far to address CASPIANs concerns. We hail efforts by the Auto-ID Center, an RFID research group at the Massachusetts Institute of Technology, for its work on a "kill command" so RFID tags could be permanently disabled at checkout. The center has also established three policies that form a basic bill of rights for users of RFID technology. Consumers should have the right to know whether the goods they are buying are RFID-tagged. They also have a right to purchase products without having their personal data electronically linked. And they should be alerted when they are in a place where RFID readers are used. How widely the technology is deployed—and how much productivity is derived from it—depends on how surely privacy is protected.

Send your responses to eWEEK@ziffdavis.com.