Thursday, August 13, 2009

Problems with RFID (Remaining Forever unIDentified)

Before anything else, I admit that this entry's title is a bit of a stretch.

In a world dominated by technology, it can be difficult to remain anonymous. Persons leave traces of themselves in any place they have been or any transaction they have entered into and potential problems regarding privacy could exist when such traces are recorded and utilized. Such privacy-related issues arise in a relatively new tracking mechanism called an RFID tag. RFID stands for Radio Frequency Identification and the name alone suggests its use. In simplest terms, an RFID system consists of two things: 1) a tag and 2) a reader. The tag is attached to the object to be tracked and the reader functions to retrieve data from the tag. RFID systems operate using radio frequencies depending on the distance needed for coupling the tag and the reader. Close-coupling systems work with short ranges whereas long-range systems can function in distances beyond one meter.

In the Philippines, there has been a growing interest in RFID use. For instance, in sports activities such as fun runs, RFIDs have been used to keep track of the participants. In the AFP, key tags with RFID chips are now distributed to military personnel and such tags keep track of fuel consumption. In transportation, the MMDA installed RFID chips public utility buses for monitoring and also as a way to identify illegal public utility operators.

The European Commission drew up a working document with regard to data protection issues in RFID use. RFID systems actually come in handy in profiling, especially in the light of consumer purchasing habits. For instance, a shopper picks out goods in a store which are all tagged. With the tagged items in the possession of the customer while walking around the store, the store’s monitoring team can get an idea of what items are usually bought together and could aid them in how goods in their store are arranged or priced.

It becomes slightly more comprehensive when the information derived from tracking the customer as to which items were bought are connected with the personal information on a credit card. It then becomes easier to market goods and services if the seller knows exactly what the customers want along with their buying habits.

However there is a crucial issue at hand. Does the customer actually want such buying habits to be revealed? Does the customer have the right to know that he is being tagged and his habits and preferences are also being monitored? Is his right to privacy, even in the most mundane activity of purchasing Gatorade and Cheese Curls, violated by such monitoring?

It is also important to note that RFID tags in themselves have an intrusion issue. The tags can be accessed by a generic reader thus there is no way to be assured that the information from the tags goes to its intended recipients. Any person who holds a reader can also access the tags and acquire the information they hold.

Since the technology is somewhat in its stage of infancy, the question of whether or not regulations should be imposed is sparking a debate. Naturally those who call for regulations are wary of the serious privacy implications when RFID use goes about unfettered. On the other side of the fence, anti-regulation supporters echo the “burning a house to roast the pig” argument, saying that the technology should first be allowed to fully develop before hedges are erected.

No comments: