Among other things, part of the USDA response to the BSE case earlier this month is to back a plan to tag all animals and log them in a national database:
Agriculture head backs national livestock ID system
While this system does not directly involve personal privacy, it's deployment (or lack thereof) will offer many lessons in the interaction of public and private interests in large-scale id tracking systems.
MIT Technology Review Columnist Michael Schrage thinks that RFID privacy concerns are overblown, largely because companies have no incentive for item-level tagging.
(subscription required)
Robin Good comments write about the RFID tags in Geneva and makes some interesting observations. He notes:
"While most participants didn't even pay attention to this detail, a few of them were there to actually uncover detailed information about this illegal practice which has been banned through several international laws and treaties.
"The badges were handed out to more than 50 prime ministers, presidents and other high-level officials from 174 countries, including the United States. Researchers questioned summit officials about the use of the chips and how long information would be stored but were not given answers.
"It is a dramatic irony of sorts that the WSIS Summit was focused on Internet governance and access, security, intellectual-property rights and privacy.
"What they were able to uncover reveals the lack of cultural understanding of the issues at stake on this front and the rapidly raising threats that this may pose to us in the near future."
Read the whole thing here.
Here is an excerpt:
Amsterdam, Netherlands - Dec 24, 2003 (PRN): Regulations that mandate the ability to trace the origins of food are being put in place to control the food chain, solve food scares quickly, and prevent bioterrorism. In Europe, The Health and Consumer Protection Directorate will come into law on 1 January 2005, and The Bioterrorism Act in the United States came into effect last week. According to a new brief by Forrester Research B.V. (Nasdaq: FORR), tagging food with RFID tags will help manufacturers and retailers comply.
"To address the problem of food traceability, retailers and consumer packaged goods firms should use RFID tags to: meet traceability compliance deadlines; integrate agricultural firms into the food chain; slash product recall costs with case-level RFID tags; and probe RFID tags benefits with a clear business case," said Forrester Senior Analyst Charles Homs. "Regulations don't specify the use of RFID tags to comply with food safety regulations, but using them to find goods in distribution centers, retail stores, and trucks in transit will help firms respond within the predefined time limits to any official inquiry."
Traditional tracing technologies, such as ear tags in animals and bar codes on packaged meat, provide data for one or two steps in the food business but don't connect up the entire food supply chain. To achieve multistep, forward-and-backward food traceability, Forrester advises firms to turn to vendors that offer RFID tags to link unprocessed agricultural products to retail-environment-ready consumer products.
Firms can use RFID in multiple strategies to get a better understanding of: how goods flow through the supply chain; stock control; anti-theft strategies; buying pattern analysis; and food tracking. But only 9 percent of all US retailers are experimenting with RFID tags, and the majority of CPG manufacturers have no plans to do so. Rather than using RFID tags for multiple purposes, food industry firms should focus on food tracking to better understand the business benefits of a limited deployment.
"While the need for more sophisticated food tracing regulations is generally accepted, some basic questions still need to be answered," Homs added. "For instance, EPCglobal, the retailers' organization that tries to standardize item numbering, specifies that RFID tags should only contain an electronic product code (EPC). While this will suffice in principle, it doesn't allow for complete traceability across firms that handled the food, as they probably run their operations on a range of different enterprise apps. Without consensus on the data model, regulators may get exactly what they are asking for -- traceability one level up or down the supply chain, and not a single step more.
"Also, RFID tags allow retailers to analyze in great detail which goods have been bought by which consumers. But while consumers worry about potential invasions of privacy, they should also consider the benefits of RFID-tagged food stuffs, such as greater confidence that genetically modified food or hormone-treated meat won't end up in their shopping basket unnoticed. To put consumers further at ease about privacy concerns, retailers in particular should provide an opt-in choice regarding the storage and analysis of the data collected and they should emphasize the advantages of food traceability."
Forrester is an independent technology research company that provides pragmatic and forward-thinking advice about technology's impact on business. Business, marketing, and IT professionals worldwide collaborate with Forrester to align their technology investments with their business goals. Forrester offers products and services in four major areas: Research, Data, Consulting, and Community. In February 2003, Forrester acquired Giga Information Group. Established in 1983, Forrester is headquartered in Cambridge, Massachusettes.
###
A cautionary article about deploying RFID in retail from Bruce Hudson of Meta Group.
http://www.eweek.com/article2/0,4149,1413468,00.asp
"Privacy advocates warn that radio frequency identification (RFID) technology could be used to track our movements and there have been calls for a boycott. But IT analysts at META Group say the scare stories ignore common sense, practicality and basic physics."
http://www.out-law.com/php/page.php?page_id=rfidscarestoriesi1071488883&area=news
At a world internet summit in Geneva last week, the badges contained RFID tags, according to this Washington Post story.
"During the registration process, we requested information about the future use of the picture and other information that was taken, and the built-in functionalities of the seemingly innocent plastic badge. No public information or privacy policy was available upon our demands that could indicate the purpose, processing or retention periods for the data collected. The registration personnel were obviously not properly informed and trained," the report said.
InternetWeek.com says that the Defense Department is Slowing Down RFID Adoption, but from where I am sitting it looks like DoD is moving full speed ahead --- this time with realistic goals.
Specifically, DoD is saying that its top 100 vendors must supply RFID tags on their paletts and cases by January 2005; the top 500 vendors must comply by July 2005, and all vendors (more than 10,000) must "be on board by January 2006."
These numbers turn out to be the same requirements that Wal-Mart recently put on its own suppilers.
Mind you --- this is not item-level tagging, just cases and paletts. But what I find disturbing is that neither Wal-Mart nor DoD seems to ahve any plans for what to do about the tags once they get into soldier/consumer hands. Is the plan to let people walk around with live tags, or are the tags going to be attached to packaging so that they are thrown away when the consumable is unpacked? Either way, there are staggering implications for both privacy and security. (Just imagine what happens when the Iraqi resistance starts equipping their pipe-bombs with RFID-based triggers.)
London motorists pay 5 pounds a day for driving in the congestion zone during day hours, if they pay either in advance or on that day, or pay even more if they pay later. Image recognition is used to catch people who don't pay.
This article reports on Sun's proposal to track all of the cars in London via RFID to save costs by "eliminating the image recognition piece and the camera checking." What I don't get is how you can eliminate those things. If there are no cameras double checking the system, how do you catch the people who disabled or did not have transponders? The Sun representative says RFID system "would be far less easy to evade." Wouldn't it be far easier to evade unless there are expensive, obstructive, or invasive cross checking systems to ensure operational transponders?
On the other hand, is it reasonable for motorists to expect much in the way of privacy as they are already required to tag their cars with a unique serial number, readable from a distance: the license plate?
Item level tagging has it uses...
http://bbspot.com/News/2003/12/fruitcake.html
RFID Privacy in the comics:
http://www.ibiblio.org/Dave/Dr-Fun/df200312/df20031208.jpg
