Feb 24, 2006 (03:02 PM EST)
Analysis: RFID Privacy Debate Leaves Questions Unanswered

Read the Original Article at InformationWeek

A fiery debate on privacy at the AIM Global conference late Thursday unearthed more questions and problems than answers and solutions.

The panel debate addressed concerns around lack of communication by government agencies, and privacy and security of personal data used in connection with radio frequency identification (RFID) technology.

Ross Stapleton-Gray, president and principal analyst at Stapleton-Gray & Associates Inc., led the discussion. The panelists included Lee Tien, senior attorney at Electronic Frontier Foundation, a non-profit civil liberties group focused on high-tech issues; and J. Howard Beales III, associate professor of strategic management and public policy at the George Washington University School of Business.

Data security problems are real. Beales, who worked at the Federal Trade Commission when the government agency created the Do Not Call List, said the FTC will prosecute retailers that don't secure customer information. Inventory scanning devices have led thieves into entire corporate networks that store customer data and transactions.

In one case, Beales said, wireless technology in a retail store transferred customer data unencrypted from the cash registers to the back-office computer system, so thieves could sit in the nearby coffee shop with a laptop, pick up transmissions and write down credit card numbers. "Companies don't want to create those problems in RFID applications," he said. "These are large and sensitive databases, and companies need to worry upfront about the security of information in a world where people try to steal it."

The group also debated protecting consumer privacy without eliminating the benefits, such as monitoring warranties and repairs. And whether or not to kill the tag embedded in a product at the time of purchase. "No one can tell me it's wrong to collect sales data by individual if no one identifies that individual," said conference attendee Alan Haberman. "Why doesn't someone say that?"

Haberman, who pounded his fist on the table and called on industry or government to define privacy, co-developed the bar code and co-founded the Massachusetts Institute of Technology (MIT) Auto-ID Center. "We have a bunch of 1776 slogans and no real structure of law that people, manufacturers and retail understands," he said. "Without an understanding, we are blocking technology."

Although industry focuses on inventory tracking applications today, Beales said, the world will slowly see an environment, perhaps in 10 years, where everything is connected. When that happens, readers might capture 1 percent of intended tags and read 99 percent of unintended.

Tien said technology slowly is taking privacy from consumers. "One snap shot of me walking down the street from a camera above, sure that's not really an invasion of privacy, but when you're able to connect the dots of my entire routine throughout the day, that's another story," he said. "Our laws haven't kept up with that, and yet technology is creating those problems for us."