RealTime IT News

Lucky Year For RFID Privacy?

With the start of the Consumer Electronics Show (CES) in Vegas and the world of gadgetry and fun sloshing into the gadget-obsessed marketplace, it's pure tech catnip these days. If all that media overload isn't enough, the Mac faithful will be gathering in San Francisco to hear the oracle of cool, Steve Jobs, talk about the next Big iSomething – music, digital media, TVs, phones or all of the above coming to you from Apple.

At CES, we'll be seeing digital media distribution systems, VoIP, mobile phones, and digital media piped from one device to another to be viewed on the clearest, flattest screens ever. We'll be seeing more phones with GPS systems embedded that can help you track your kids' whereabouts -– or just track you. It's also expected to showcase RFID and its systems and illustrate how to use it to keep track of traffic, gadgets and security.

It's all so cool and so very busy, and it leaves a digital trail for a digital database called You.

What? You didn't know you'd be tracked with RFID? If you're a member of Consumers Against Supermarket Privacy Invasion and Numbering, the privacy group founded by privacy advocate Katherine Albrecht, you would be expecting some notification that RFID systems are in use.

If privacy issues and data protection in the digital age were pushed to the forefront last year with all the notification of lost or stolen customer data, then this could be the year that RFID gets pushed into wider discussion, as well.

Why? Well for one thing, vendors are expecting 2007 to be a breakout year for RFID. Symbol Technologies, one of the biggest providers of RFID scanners and software systems for scanning products, said it is expecting to see a big jump in the use of item-level tagging, especially on apparel and consumer electronics on store shelves, as well as the use of more hybrid tags (a mix of active and passive tags on some products), tags with longer frequency ranges (more devices can scan from a farther distance), growth in pharmaceuticals, security, government and access control.

IBM is also moving aggressively to take advantage of the growth, but also to take a leadership role in helping to shape industry best practices about notification and use of RFID systems. It's a smart move for a company that's been awarded a bunch of RFID patents. The most recent one reads like something out of a Philip K. Dick novel: "Identification and Tracking of Persons Using RFID-Tagged Items in Store Environments" (Patent #7,076,441).

It pretty much does what the patent title says it does: tracks you and your products throughout the store and can also be used to identify you against other databases. It's got Albrecht's consumer privacy group lobbying for companies to disclose when this technology is in use.

Congress has yet to take up the issue, but plenty of states are considering legislation that would at least notify consumers when they're being tracked by the RFID devices. It's just one among many reasons that I think RFID will be one technology that helps push tech companies into taking part in drafting RFID privacy policies and best practices.

A crazy quilt of legislation?

There are plenty of positive and good uses for RFID, but it's what consumers don't know and aren't clear about that raises suspicions between them and the companies or governments that use the technology. That's why the industry has to be more active about best practices and notification policies. Otherwise, a crazy quilt of state legislation about this awaits.

Harriet P. Pearson, IBM's vice president and chief privacy officer, heads up IBM's efforts to embed privacy thinking into the company's design efforts across all its technology divisions. RFID is just one of them, which is evident in the titles of some patents it's been awarded: "Method to address security and privacy issue of the use of RFID systems to track consumer products" (Patent 7000834); "Anti-tracking system to ensure consumer privacy" (Patent 7086587); "System and architecture for privacy-preserving data mining" (Patent 6931403).

Among Pearson's priorities is to make sure that IBM's policies, once set, are being managed. To speak with her is to get a glimpse of the rapidly expanding use of technology and how that data can impact our livelihoods -- for better and for not so good.

About a year ago, IBM adjusted its human resources policies to ensure its employees that it would not use genetic information, or any kind of genetic data, to make hiring decisions. Sure, if you want to disclose information voluntarily in order to get different coverage for health care, so be it.

But the point is, our genetic data is in the mix, too, not just our buying habits, monthly expenditures, food preferences and the like.

There was a time when Web sites didn't post anything on their sites about how they would use the information you left there when you registered, or purchased something or typed in your credit card info, for example. Now, we wouldn't even dream of doing business with a site that doesn't have a clear privacy policy posted.

Only after a few bankruptcies of early dot-com flameouts, which landed many customers' information in a bankruptcy court, did the industry start to get religion about best practices regarding privacy policies.

This could be a similar breakout year for RFID and how companies use it with consumers -- it's a great opportunity to be aggressive in shaping policies about disclosure of that RFID use and how information is used.

For example, the RFID tagging system on a person could help keep track of workers who toil in dangerous environments, such as coal mines or oil refineries. They could opt-in for a system that could locate them should they become trapped in a mine.

On the other hand, IBM's Pearson adds, there should be strong policies in place for item-level tagging for which IBM has helped a diverse group of citizen and companies devise policy. "IBM strongly supports notification that these are in use. We actively promote these best practices and a role for these innovations to enable privacy as well," she told internetnews.com. "The issue about privacy is how we think and act on the issue. Trust is the name of the game. Privacy is absolutely part of that trust equation."

Erin Joyce is executive editor of the internet.com news channel.