California Senate hearing considers RFID regulation to protect personal privacy
The California Senate may be the first legislative body to take a hard look at the privacy implications surrounding radio frequency identification (RFID) technology. This month, the Senate’s Subcommittee on Information Technology held a hearing entitled, “Who’s watching what you’re buying? RFID technology and privacy issues.”
Framing the meeting’s purpose, Senator Debra Bowen stated, “New technologies can make businesses more efficient and shopping more convenient, but they’re going to have an effect on people’s personal privacy that we need to explore and understand before they become embedded in our everyday lives.”
Testifying at the hearing were a collection of individuals polarized on the different sides of the debate. These included:
- Dan Mullen, Interim CEO, Association for Automatic Identification and Data Capture Technologies (AIM)
- Kevin Ashton, Executive Director, Auto-ID Center
- Beth Givens, Founder and Director, Privacy Rights Clearinghouse
- Katherine Albrecht, Founder and Director, Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN)
- Dr. Greg Pottie, Deputy Director, Center for Embedded Networked Sensing (CENS) and Professor, Electrical Engineering Department, University of California, Los Angeles.
Both sides of the debate suggested a willingness to consider government regulations to protect the consumer from potential privacy invasions made possible via RFID technology.
Mrs. Givens stresses that now is the time to actively regulate the ways in which RFID can be used to the detriment of personal privacy. She recommends an approach to these regulations, based upon the principles set forth in the Fair Information Principles.
(1) Individuals have a right to know what products contain RFID tags via clear labeling.
(2) Individuals have a right know exactly when, where, and why RFID tags are being read.
(3) Individuals have the right to have RFID tags removed or permanently deactivated.
(4) Individuals have the right to own and use readers to detect tags and permanently disable them.
(5) Individuals have the right to access an RFID’s stored data pertaining to him or her.
Mr. Ashton shared many of the same directions for potential regluation stating, “Our recommendation on EPC and Privacy will likely embody three principles:
(1) Notice. The right to know whether a product contains and EPC tag, and whether a public place is using RFID readers
(2) Choice. The right to have the EPC tags in the purchased products deactivated without cost
(3) Control. The right to have Personal Identity Information kept separate from Object Identity Information.”
While the hearing was just a first step in what would certainly require a long process if it were to regulate RFID’s uses, the significance of the event is clear. The public has concerns about the utilization of RFID technology and the industry must take notice. Already this year we have seen major RFID projects shelved due to public concern.