RFID Threat Overblown

Sure, RFID tags pose privacy risks, but their benefits are many.

If privacy advocates have their way, RFID tags would be banned like meat from a mad cow. They envision the worst-case scenario: total loss of consumer privacy.

But these advocates fail to see that most people are careless about privacy. The average consumer is apathetic about privacy and willing to sell his or her privacy for free or cheap gifts. Consumer data, often lightly regarded by the owner, is a valuable commodity, and retailers will pay dearly for it. A company that sells high-end badminton shuttlecocks will pay a premium for a list of high-end badminton shuttlecock enthusiasts.

Retailers obtain this information from banks and other entities that report on consumer purchases. There are ways to ensure that ones purchasing data is not easily shared, for those who desire such levels of privacy. Paying with cash is the simplest answer.

/zimages/3/28571.gifClick here to read about an RFID hack that could lead to retail fraud.

Critics must also concede that every technology has negative aspects. As a society, we tolerate tens of thousands of people dying in automobile accidents annually and a similar amount getting ill and dying from adverse effects of pharmaceuticals. Spam accounts for most e-mail messages, but no one is suggesting that SMTP be banned because of spam.

This tolerance is due to the recognition that theres risk in everything—life is inherently risky. When it comes to RFID tags, there are indeed privacy risks. But these risks must be weighed against the benefits of this new technology, which are many.

Imagine having an easy way to track lost children, stolen goods and more. The retail industry is investing heavily in RFID, expecting extensive inventory and labor cost savings.

In a report, A.T. Kearney predicts that retailers will see three main benefits: reduced inventory through a one-time cash savings estimated at 5 percent of total inventory, an annual 7.5 percent reduction in store and warehouse labor expenses, and reduction in out-of-stock items, resulting in a recurring annual benefit of $700,000 per $1 billion in annual sales.

RFID in 2004 is about logistics and maximizing profitability. There will be privacy issues in the future, but they can be handled. In fact, RSA Security and others are developing locking technologies that protect consumers from being tracked after buying products with RFID tags.

But even the rocket scientists at RSA cant find a solution for the No. 1 privacy problem: consumer apathy. The moment the populace decides to take privacy seriously, it will be dealt with accordingly. Until then, consumers will sell their privacy down the river for a free candy bar—and concern over the threat of RFID is misplaced. ´

Ben Rothke, CISSP, is a New York-based security consultant with ThruPoint Inc. McGraw-Hill has just published his book "Computer Security: 20 Things Every Employee Should Know." Rothke can be reached at brothke@thrupoint.net. Free Spectrum is a forum for the IT community. Send submissions to free_spectrum@ ziffdavis.com.

/zimages/3/28571.gifCheck out eWEEK.coms Mobile & Wireless Center at http://wireless.eweek.com for the latest news, reviews and analysis.


Be sure to add our eWEEK.com mobile and wireless news feed to your RSS newsreader or My Yahoo page