Katherine Albrecht’s work as a humanities researcher led to her discovery of the growth and use of RFID, Radio Frequency ID tags
If you thought bar codes were creepy, the group has news for you about RFID’s ability to track your every move. She recently discussed with internetnews.com why item-level tagging use of RFID is the major focus of her group and whether there is goodness with RFID.
Q: Can you summarize your position on RFID use?
We wrote the position statement on RFID in consumer products, which I think has pretty much stood the test of time on privacy and civil liberties community on RFID usage.
In 2003, we co-authored with the privacy rights clearinghouse a statement of privacy that was endorsed by over 40 of the world’s leading privacy and civil liberties organizations. That year, the first shot was fired across the bow with the Boycott Benetton campaign, after we learned they would be putting RFID tags into women’s clothing. We put together a Boycott Benneton Web site to protest Benneton’s plan. [Benneton later backed down, saying in a press release that no microchips would be present in garments on sale, but made no decisions on industrial uses.]
Q: So, for your group, the issue is privacy and how this information is collected and used?
One of the things about RFID is that it lends itself to [becoming a] secret scanner because the consumer is not aware they’re there. They can be sewn into seams of clothing or embedded into packaging. In addition, they can be seamlessly integrated into an environment. So RFID sort of lends itself to a surreptitious tracking model, simply because of the way the tech operates, silently and through radio waves. If people have an interest in surreptitious tracking, RFID is a natural candidate.
Some of the early trials using RFID really took advantage of that capability, such as the “Broken Arrow” trial in Oklahoma, in which Proctor and Gamble embedded RDIF tagging systems in lipstick and set up a Webcam to watch as women [unknowingly] interacted with tagged devices.
The only way that story came to light is [because] a whistleblower came forward and told the story to a reporter for the Chicago Sun Times. The question is, now many other trials have taken place? There’s simply no way to know.
Q: How is that different from cameras in stores to guard against theft, even employee theft?
People are aware that there are cameras in stores. Most people have no problem with cameras positioned about 20 feet [away] to make sure that no one’s stealing products.
I think most consumers would be appalled to know that these cameras [with RFID trials] are installed for marketing purposes. In cases where they’re actually trained on individual people and following them through their trips through the store and then linking up that video footage with their identity when they scan out on frequent shopper card or credit card at the checkout: I think that is quite problematic.
During my research of this, I coined the term “retail zoo,” where the customer is the exhibit. As a humanities researcher, I’m subject to a number of ethical restrictions and how I have to have informed consent of the people I’m researching for my own work.
When I look at what happens with the market research community, it’s the bad boys of market research that take advantage of people who have to go about their daily lives. I think they are abusing their ability to watch people for market research purposes.
Q: What are the nefarious uses of that data that worries your group?
There are different ways to look at nefarious. First, it’s an insult to my dignity. I do not walk into a store to be somebody’s research subject. I think that’s problematic from an ethical standpoint. If a guy standing next to me in the supermarket turns out to be a market researcher recording my conversation, as opposed to a fellow shopper, I think that crosses a line.
I think we’re already seeing the dangers of having these huge consolidated databases out there. If there’s one thing we’ve learned in the last couple of years with these mandatory disclosure laws requiring companies to tell when their databases are compromised, is that none of these databases are safe. Even if you trust the company collecting your info, you have to ask yourself, is it appropriate for them to collect it, given that it could be worse down the road?
Q: How so?
I think it includes identity theft. There are over 20 million cards issued with [RFID tags] right now. Researchers [the University of Massachusetts at Amherst] recently revealed that almost none of those credit cards had any kind of data protection whatsoever. Any device you can buy for $200 off the Internet can pick up that information data and replicate it, and use it to make charges. It makes it possible for criminals to scan your credit-card number, expiration date and name right through your wallet or backpack.
We’ve identified three groups we think pose a risk to the public with RFID use: marketers, government agents who could use RFID to violate our 4th amendment rights, and criminals, such as identity thieves, stalkers and domestic abusers.
Q: So item-level tagging is where you draw the line?
We are opposed to item-level tagging, of any use of RFID to track humans, including in the pharmaceutical industry, such as on bottles [of medicine]. Some of our most personal information is about our health conditions. That being said, we have no problem with RFID being applied to the pharmaceutical supply chain [to protect from counterfeiting], just not anything dispensed individually to a consumer.
Q: Technology always has its good and bad uses. RFID also has positive uses, such as tagging miners to keep track of where they are in dangerous environments, or tagging medicines to keep counterfeiters’ bogus drugs out of the supply chain.
I think there’s a bigger argument saying that people shouldn’t be RFID-tagged inadvertently. If I’m a worker going down into a mine then [RFID] it is to my advantage. But if I’m a shopper in a store, and unbeknownst to me, somebody slipped an RFID tag on my shoe and is using it to follow me around, that’s the [problem].
Q: What about the argument that only people with something to hide are worried about this?
Most people don’t have anything to hide. It’s just not your business. If I’ve done nothing wrong than you don’t need to be watching me. I’ll add another piece to that. It’s not healthy for society to be continually watched. Humans are very social creatures. And if we don’t have an opportunity to just be left alone, then I think we’d all go crazy.
Q: So why don’t you lobby for public policy or legislation?
I should clarify that CASPIAN is unusual from the perspective of a public advocacy group in that we’re not pushing for legislation and restrictions. What we have called for is full disclosure so that consumers can [decide]. We’ve never called for the technology to be banned and restricted. What we have called for is disclosure that it’s being used.
[Right now], it’s a one-sided equation. If somebody hides a tag in my shoe, there’s not really much I can do about that. We’re trying to level the playing field so that consumers have full knowledge to be told, “Hey there’s a tag in your shoe.”
I think that’s why the industry has lobbied so heavily to prevent [mandatory disclosure] over labeling legislation. So I have to ask myself, if this industry is sincere about full disclosure, why do they fight that?
Q: But why not ask for labeling legislation?
I’m a libertarian. I’m not a big fan of legislation. In my observation, whenever governments get [these laws] in place, they save the data for themselves. I’m a big believer in the free market. If you give them all the facts and information, for the most part people will act in their own best interest. If you give people all of the facts and let them make up their own mind, the more opposed they become to RFID.