Here's an offer for you. A store gives you a card. When you make a purchase at that store, the card gets you a discount. But there's a catch. At the checkout counter, your card is scanned, so that your shopping history is recorded to a database. Are the discounts worth the loss of privacy? Many shoppers think so, and "customer loyalty cards," as they are known in the trade, have joined credit cards and drivers licenses as a staple of the wallet.
Now, what if that card did something more? What if, when you walked in the store, the card incorporated a technology that broadcast to the staff who you were-even if the card never left your pocket ?
The technology that makes this possible is called RFID-radio frequency identification. A page on the Texas Instruments website says it would be a good deal for customer and retailers, alike. The store would know your likes and dislikes, how you want to be served from the moment you walked in the door. Retailers would know "exactly who's in their store at any given moment while offering full purchase histories for each shopper. In addition, stores will know what the customer bought at their last visit and what they might need for accessories.... Restaurants can record information such as favorite table, beverage choice, and even meal preference. Hotels may register data such as room preferences, climate control settings, and even personalized voice mail."
Privacy advocates read this description, and see a bad tradeoff-in which people give up their anonymity for a false sense of interpersonal service. That salesman, waiter, or hotel clerk doesn't really know who you are except by a technological magic trick, and what the RFID tag says about you may be more than you care to reveal.
"With technology, consumers vote with their pocket books and feet on whether to adopt a technology," counters Bill Allen, marketing communications manager for Texas Instruments RFID Systems. "If they are comfortable with it, they will embrace it. If not, they will reject it. Consumers will have the final say so and that will be the true test for the RFID community." He says that in the U.
Bar code alternative
At its core, RFID is a technology for identifying things: shipping pallets, tires, cattle, automobile parts and people. The list is long and growing. The most prominent applications involve the "supply chain,"-the sequence of events that brings manufacturing goods to stores. But there are plenty of other uses. Ski resorts embed the technology in the plastic slope passes that are hooked onto jackets. Here in the San Francisco Bay Area, you can cross bridges without having to fetch money from your pocket for the toll. An RFID device on your windshield automatically identifies your car to a reader, charging the toll to your account. Some six million Americans carry a device called Speedpass, which fits on their key rings or is integrated into a Timex watch). Wave it in front of a fuel pump at a participating Exxon/
Looked at benignly, RFID systems are a more versatile alternative to the ubiquitous bar code. Bar coding's biggest advantage is cost: a simple label marks the object and a laser scanner reads it. But in order to do so, the reader must have a "line-of-sight" view of the bar code. The disadvantages can be seen at the check-out counter at any large supermarket. While nearly every item is encoded, the clerk must still maneuver each one so that the bar code can be read.
By relying on radio transmission, RFID systems remove the line-of-sight requirement. The optical bar code is replaced with a transponder, commonly called a "tag." The barcode reader is replaced with an RFID reader, which includes an antenna, digital signal processor, radio, network processor and power supply. With RFID, the line-of-sight requirement is eliminated. Any "tagged" object within range of the antenna automatically gets read. RFID proponents say that the technology is more accurate, with "first-pass" rates of 99.
RFID implementations vary, especially in the type of transponder. Tags are manufactured in different sizes and transmission ranges-from below 500Khz to above 1Mhz. Low frequency is cheaper to implement and is better able to read through materials; high frequency, including UHF (ultra high frequency) works over longer distances, is less susceptible to noise, and uses a faster data rate. "Over the long run, an application like pallet identification can be handled by any high frequency technology-and it will be useful for the companies like Wal-Mart to have a universal frequency that everyone agrees on," says Christian Huff, a spokesman for Escort Memory Systems. "But low frequency still has advantages where you only want to pick up a tag within close proximity to the reader. A car immobilizer is a good example-you only want the owner, not some passerby, to trigger it,"
Tags may be powered by a battery, or passively through a capacitor that gets recharged on the spot. Passive tags, which are far more common, receive their power from the reader, via the antenna. They have a tiny amount of memory, minimal computational power and no cryptographic functions. Active tags have more range and are used for applications like automatic toll taking and real-time merchandise location within warehouses. Most tags do one thing, and one thing only-they transmit their identity. Memory sizes vary from about 20 bits to 32 KB, though passive read-only tags don't hold much above 700 bits. Tags are usually encased in plastic to shield them from dirt and moisture. But you can also combine a memory chip with paper or polyester-creating a disposable tag, or "label."
The supply chain and beyond
The first uses of RFID were military: the technology technically dates back to World War II, when British forces used radio frequencies to identify their aircraft. But it has taken the invention of the cheap integrated circuitry, coupled with the database, to bring RFID into its own.
These days, the most common RFID applications revolve around the supply chain-the process of tracking products from manufacturing through delivery. Texas Instruments, which has been in the business for 15 years, is the largest supplier of RFID tags-about 400 million to date. Its customers include a pharmaceutical wholesaler fulfilling customized patient orders from its warehouse and a brewery tracking barrels. Semiconductor manufacturers use RFID in their clean rooms to minimize loss and process errors. Chevrolet Creative Services tracks containers containing tradeshow material moving through its warehouse. A bonded warehouse in the UK tracks pallets storing expensive malt whiskey as a way to prevent theft. Another RFID technology supplier, Matrics, Inc., is providing International Paper with a warehouse tracking system. Matrics is also the supplier for a luggage tracking system at McCarren International Airport in Las Vegas.
These are largely internal applications: a facility elects to use RFID and nobody else beyond that facility is involved. But RFID applications that span many companies will soon come online. The most closely watched is Wal-Mart, the world's largest retailer., which is requiring its top 100 suppliers to track products at the pallet and shipment level, with another 26 suppliers voluntarily joined the program. "We don't have any reason to think suppliers won't be able to meet the deadline," says Sara Clark, a company spokesman. "We hope that all suppliers will be on board by the end of 2006." Wal-Mart is not alone. Germany's Metro Group is asking its suppliers to do the same, as is another large purchaser-the U.
"You can use RFID within your own four walls, but the real value proposition is within a global network," says Jack Grasso, spokesman for the Uniform Code Counsel. "Companies have realized there is no competitive advantage in having a closed system. Why invest and maintain your own system when you share in a universal system that everyone can use. Grosso says that the global supply chain has "gross inefficiencies based on incorrect and flawed information." He says that billions can saved "improving the accuracy and flow of that information.
Grosso's organization, the Uniform Code Counsel, is best known as for its Uniform Product Code-the succession of protocols that allows a bar code affixed to an object to be translated into information about that object. The Uniform Code Counsel has entered into a joint venture with its European counterpart, EAN International, to form EPCglobal-which will do the same for RFID technology. Each RFID tag will carry an Electron Product Code-a unique number that identifies a specific object. The tag ID is sent to an Object Naming Service database, which produces the address of a server, where the object information is stored. Objects are described using Page Markup Language, or PML.
Last January, EPCglobal named Verisign to provide the Object Naming Service root directory. Verisign was an obvious choice: the company already operates the Internet Name Domain System, and the RFID identification, known as EPCglobal Network, will operate similarly.
Grasso says that while EPCglobal Network is already live, it won't be used in any significant way until later this year-as the Wal-Mart supplier requirements begin to take effect. "They are the largest retailer, and every manufacturer seeks to deal with them. Leaders lead," he says. January 2005 is also the deadline for the U.
RFID is also used to as a kind of electronic regulated gateway. FedEx has tested it on its delivery trucks as a replacement for ignition keys: the driver wears a RFID unit embedded on a Velcro wristband. Brinks does something similar with its armored cars. The plastic card affixed to my windshield that allows me to cross Bay Area bridges without stopping for the toll collector uses RFID.
The industry is now buzzing about so-called "smart labels," which are cheap enough to place on individual items-including consumer products and rental DVDs. Currently, smart labels sell as low as $.30 each. Some observers think they could go for $.05 each or less. Smart labels could be used on library material, airline baggage, and shipping parcels.
RFID can also be used to track people, and that has become a source of controversy. Some uses here seem benign enough: a water park tracking children, a ski resort tracking skiers. Whatever loss in privacy those applications represent seems more than offset by the advantages of safety. Or so many would argue. For critics of RFID, the problem is the dropping price-which could lead to tags being placed everywhere, and shrinking size, which leads being embedded, and worn, without the person's knowledge.
A cartoon featured in a presentation by Ari Juels of RSA Laboratories neatly summarizes the concerns. A man walking down the street has RFID tags everywhere: in the book he carries, the goods he purchased, the inner lining of his wig, and on his hip replacement.
RFID tags may also be found in the cash he carries-woven in to the paper using tiny tags like those made by Hitachi. The European Central Bank is rumored to be considering adding RFID tags to its currency-presumably to prevent counterfeiting. But Juels suggests there may be other, less salutary uses, like "more efficient muggings"-because the thief knows how much you are carrying.
Even so, Juels doesn't believe RFID tags will prove a cost-effective deterrent to counterfeiting, and he doubts they will see deployment in currency in the next several years. "If they do, it is possible that their read range will be very short, probably on the order of millimeters, in which case they pose a minimal threat to privacy," he wrote in an e-mail correspondence.
Katherine Albrecht, founder of Customers Against Supermarket Privacy Invasion & Numbering (CASPIAN), has become one of the more visible critics of the RFID industry. Albrecht describes herself as a "free market libertarian"-meaning that she prefers educating the public rather than instituting laws and banning technology. And so she has no objection to putting tags on warehouse pallets. Her complaint begins when an RFID tag is, say, embedded in a purse or knapsack-especially if the purchaser doesn't know it's there. She also has a problem with hidden RFID readers, which can be embedded into floor tiles, carpeting, and grocery shelves.
Ironically, says, Albrecht, some of this activity might be done in the name of better customer service-and she doesn't think the tradeoff is worth it. She cites an internal IBM project called "Margaret." The project was named after the mother-in-law of Paul McKeown, who works with IBM's smart cards and smart tags products. One day, Margaret visited her local bank. Even though she had been a customer for many years, a new employee didn't recognize her and insisted on proof of identity. So McKeown thought: what if you put an RFID tag onto the a customer's bank tag? Then when Margaret walked in, her identity and customer track record would be known and she would be accorded proper respect. Indeed, the longer the customer, the more money you had in the bank, the better you would be treated.
So what's wrong with that? "People tell me they don't mind, Albrecht says, "because they are preferred customers-and so they would be the beneficiaries. But I think even preferred customers would be worse off because you would be the target of the entire network. You become the rat in the maze. Your information is even more prone to being scrutinized or sold." And what if you are an "unpreferred" customer-someone who doesn't spend a lot, whose bank balance is small? "The people the industry dismissingly call 'bottom feeders' are worse off, as well. They could be charged higher prices or given worse service. So either way, there's an inherent sense of unfairness."
Albrecht also sees potential for abuse in stores that track the movement of their customers. She notes a report from Nikkei Electronic News on a system, first demonstrated at the Tokyo International Book Fair in 2003, that would track how shoppers browsed for books: tracking what titles were picked up.
Albrecht's organization and others, including the American Civil Liberties Union and the Electronic Frontier Foundation, worry that RFID tags are capable of uniquely identifying every object on earth. In a position paper, the group claims that RFID readers "have already been experimentally embedded into floor tiles, woven into carpeting and floor mats, hidden in doorways, and seamlessly incorporated into retail shelving and counters..." The danger, they say, is two-fold. All this data can be amassed and linked with personal information. And RFID tags could themselves be linked with individuals, enabling people's locations to be tracked.
To reduce the risk of abuse, transparency is key. Anyone carrying a tag should know it. Nobody should be forced to buy a product with an activated RFID tag, and people should be able to detect tags and disable them. No tag reading should be done in secret. Information collection should be limited. People should not be tracked. The technology should not be embedded in currency. More broadly: RFID policies should be formulated and considered publicly-the technology should not be allowed to grow without oversight.
Texas Instruments' Bill Allen, who is also chairman of the privacy committee of the Association for Automatic Identification and Data Capture Technologies, says that the industry is aware of the issues. "We want to make certain we can to instill confidence in consumers that their privacy will be secure," he says. "We will put in a 'kill mechanism" [a code that permanently disables the tag] if that's what's deemed necessary. We suggest that consumers be notified when the goods they buy contain tags." But ultimately, he says, it will be up to manufacturers and retailers to implement RFID responsibly. And if they don't-then governments will pass new laws governing RFID use. He notes that in the U.
Meanwhile, he says, the benefits of RFID technologies are undeniable. "According to some surveys, somewhere between 50,000 and 100,000 people die in American hospitals from taking the wrong medication or getting the wrong surgery. If RFID could reduce that by even one life, would that be worth it?"
Encryption and privacy schemes
RSA's Ari Juel says that one way to protect consumer privacy is through short transmission distances. That way, your loyalty card is only read by the appropriate reader. "But only certain tags can be useful if their ranges are short, e.
Other suggested approaches involve electronically disabling the tag done by sending a "kill command," or letting a consumer "lock" a tag after purchase. Juels and some colleagues suggest a what they call a "blocker tag, in which a low-cost, passive RFID tag appears to the reader not just as a single tag identifier, but as a subset of all possible identifiers. As a result, says Juels, a reader that attempts an unauthorized scanning gets "spammed" by other irrelevant addresses. "Blockers permit consumers to keep their tags live, yet preserve their privacy," he writes. "Live tags may have many home uses, which 'killing' would entirely negate."
Various encryption hash lock schemes have been proposed. One approach involves a queried tag requesting a key from the reader. The tag then uses that key to calculate a hash function and compares it with its own meta-ID. If the data agree, the tag sends its ID.
Sozo Inoue and Hiroto Yasuura of Kyushu University suggest tags that hold the unique ID of the tag in ROM. Access to that value is governed by another value, held in non-volatile rewritable memory. The tag thus has two modes: a ROM mode where the ROM is readable, and the RAM mode, where the RAM is accessible by a limited number of users. An alternative scheme would combine two tags with non-unique IDs to create a single unique number. The purchaser of a product could then decide whether or not to keep the tags together.
Kenneth P. Fishkin of Intel Research and Sumit Roy of the University of Washington suggest that the distance of the reader from the tag could be used to establish a degree of trust-on the assumption that the closer the reader is, the better likely it is to be detected by the person being scanned. Tags might reveal only cursory information to a distant reader, more detailed information to a closer reader.
Ultimately, says Juels, neither technology or legislation will provide a complete solution. "In isolation, either approach is subject to abuses that the two, working in concert, will be much more effective in preventing."