Citing privacy concerns, hearings held in California late last year could lead to regulations that would slow the development of contactless technology in the U.S. Although the hearings were aimed at regulating how retailers use RFID sensors for inventory control or at points of sale, any future regulations could end up impacting all uses of RFID.
The hearings were held by Sen. Debra Bowen, an attorney from Redondo Beach, Calif., who on Feb. 20 filed SB 1834 seeking to establish the first-in-the-nation privacy standards involving RFID use.
She currently chairs the Senate Subcommittee on New Technologies of the Energy, Utilities and Communications Committee. The first RFID hearing, last August, was entitled: “Who?s Watching What You?re Buying? RFID Technology and Privacy Issues.” A second hearing two months later was designed to elicit more input from industry.
“New technologies can make businesses more efficient and shopping more convenient, but they?re going to have an effect on people?s personal privacy that we need to explore and understand before they become embedded in our everyday lives,” said Senator Bowen prior to the first hearing.
“Businesses are looking at putting RFID tags in everything from razor blades to cell phones to track them from the factory to the warehouse to the store shelf to your shopping cart,” she said. “Is RFID technology simply a sophisticated way to track inventory and store data, or can it be used to invade people?s privacy and be used to compile data on people?s movements and shopping behaviors?”
Those testifying at the first hearing included Dan Mullen, Association for Automatic Identification and Data Capture Technologies (AIM); Kevin Ashton, Auto-ID Center; Beth Givens, Privacy Rights Clearinghouse; Katherine Albrecht, Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN); and Dr. Greg Pottie, Center for Embedded Networked Sensing (CENS) and electrical engineering professor at the University of California, Los Angeles.
Hailed by some as the replacement for the Universal Product Code, or UPC, the newer Electronic Product Code, or EPC, is what?s causing all the heartburn among privacy enthusiasts. The concern is just how much personal information can be stored in an RFID environment.
While contactless uses, such as California’s FasTrak used to pay bridge tolls, and EZ Pass for gasoline purchases, came up for discussion, the focus of the hearings was on RFID tags used on products sold at retail locations. For example, one United Kingdom supermarket chain had begun selling Gillette razors with RFID chips embedded in them to track customer behavior – when they picked up razors, when they put them back on the shelf, and when they carried them to the register. The project was designed to give the retailer insight into shopping behavior, prevent shoplifting, and to alert employees when shelves needed to be re-stocked. This “smart shelf” project was also briefly implemented by Wal-Mart, but halted the tests after a month.
However, the U.S. -based retail giant has seen the opportunity to improve its supply chain management. Wal-Mart is currently urging its top 100 suppliers to affix RFID chips to shipments of merchandise they send to the retailer by 2005. By the end of 2006, the rest of Wal-Mart’s suppliers, about 25,000 vendors, are being asked to do the same. Still, Wal-Mart is only interested in tracking the products by palettes and cases, not individually at retail.
Testimony at the first hearing went so far as to predict that unchecked RFID technology could eventually produce the ultimate Big Brother universe similar to that depicted in the movie, “Minority Report,” which featured iris scan technology that allowed businesses to personalize ads geared to an individual customer’s buying habits.
Ms. Givens, a representative for the Privacy Rights Clearinghouse, testified at the first hearing that RFID should be subjected to fair-use guidelines. In other words, customers should be told when the product they’re purchasing has an RFID chip embedded. Another witness, CASPIAN’s Ms. Albrecht, went so far as to recommend a moratorium on commercial RFID use until legal guidelines are in place. According to information released at the first hearing, the concern of both these organizations is who will have access to the data RFID technology allows companies to collect and how that data can be aggregated.
The National Retail Federation outlines a practical approach to RFID regulation
Leading up to the second hearing the National Retail Federation offered a different perspective. “RFID has the potential to revolutionize the way retailers do business and the way consumers shop as much as the bar code did a generation ago, but it has to be done right,” said NRF’s senior vice president for government affairs, Steve Pfister.
“Retailers place the concerns of their customers No. 1 on the priority list,” he said. “We know that customers want a technology that eliminates empty shelves and scanner accuracy problems and makes it possible to get through the checkout line without unloading your shopping cart or to return a purchase without a receipt. But we also know that customers don’t want to worry that every purchase is being tracked by ‘Big Brother’ or to think that their privacy has been invaded. We want to make sure that all of these issues are carefully addressed and that the public policy decisions that are made on RFID strike the proper balance.”
Added Dave Hogan, NRF’s chief information officer: “The technology for RFID is still being refined. “Those of us on the technical side can make RFID do as much or as little as policymakers want, but it’s important to have clear guidance as early on in the process as possible so that research and development can focus on the way this technology will actually be used.”
In a joint letter to Senator Bowen, NRF and the California Retailers Association urged her and legislators to consider four areas:
“Education–Consumers need to be educated on the benefits of RFID, such as the ability to make returns without a receipt, to aid law enforcement in the recovery of stolen property, or to aid in the recall of defective or contaminated products.”
“Notice–To gain consumer trust and confidence, standards for RFID must provide notice to consumers about RFID’s uses; how information collected via RFID will be maintained or used; the choices and benefits available to consumers; and the impact that consumer choices will have.”
“Choice–Policymakers must address options for consumers on whether RFID tags can be turned off after a purchase and how the information they help gather can be used.”
“Value–The wide range of benefits of RFID must actually be delivered to consumers, and retailers need to be able to deploy the technology cost-effectively.”
California’s Senate Bill 1834 looks to place guidelines on RFID usage
“The privacy impact of letting manufacturers and stores put RFID chips in the clothes, groceries, and everything else you buy is enormous,” said Senator Bowen after filing her SB 1834. “There’s no reason to let RFID sneak up on us when we have the ability to put some privacy protections in place before the genie’s out of the bottle.”
The bill requires any business or state government agency using an RFID system that can track products and people to:
–Tell people they’re using an RFID system that can track and collect information about them.
–Get express consent before tracking and collecting information.
–Detach or destroy RFID tags that are attached to a product offered for sale before the customer leaves the store.
“It really comes down to three basic principles,” said the senator. “First, you have a right to know when and where RFID technology is being used. Second, anyone using RFID should get your consent before they collect information about you. Third, the “default” should be that RFID tags on products get removed or destroyed when you walk out the door, which takes care of many of the privacy concerns, not the least of which is the fear that as you walk through the mall, everything you’re wearing and carrying could one day be identified as you walk by RFID readers.”
For more information (such as transcripts or witness testimony) on her RFID hearings, go to: http://www.senate.ca.gov/ftp/sen/committee/standing/energy/_home/11-20-03agenda.htm