Thursday, January 31, 2008

Microchips everywhere: Boon for retailers, bane for privacy advocates

If you have concerns about RFID's and their potential to serve as a kind of ubiquitous dystopian techology of the future you're not the only one. As many of you probably are aware, we at the Consumer Federation of California have been very active in supporting legislation to regulate the use of RFID's in our state, from government ID's, schoool uniforms, drivers licenses, and yes, even subtucaneous implants.

This year, we once again will be monitoring and supporting Senator Joe Simitian's (and Ellen Corbett) series of bills designed to reign in this technology and protect our privacy.

On that note, this article in CBN News, does about as good as a job as I have seen in breaking down the clash between retailer and business interests with those of the the individual's right to privacy...and the rather Orwellian future that could await us:

Already, microchips are turning up in some computer printers, car keys and tires, on shampoo bottles and department store clothing tags. They're also in library books and "contactless" payment cards (such as American Express' "Blue" and ExxonMobil's "Speedpass").

At home, convenience is a selling point: RFID-enabled refrigerators could warn about expired milk, generate weekly shopping lists, even send signals to your interactive TV, so that you see "personalized" commercials for foods you have a history of buying.

The problem, critics say, is that microchipped products might very well do a whole lot more. With tags in so many objects, relaying information to databases that can be linked to credit and bank cards, almost no aspect of life may soon be safe from the prying eyes of corporations and governments, says Mark Rasch, former head of the computer-crime unit of the U.S. Justice Department.

Using sniffers, companies can invisibly "rifle through people's pockets, purses, suitcases, briefcases, luggage - and possibly their kitchens and bedrooms - anytime of the day or night," says Rasch, now managing director of technology at FTI Consulting Inc., a Baltimore-based company.

...

Presently, the radio tag most commercialized in America is the so-called "passive" emitter, meaning it has no internal power supply. Only when a reader powers these tags with a squirt of electrons do they broadcast their signal, indiscriminately, within a range of a few centimetres to six metres.

Not as common, but increasing in use, are "active" tags, which have internal batteries and can transmit signals, continuously, as far as low-orbiting satellites. Active tags pay tolls as motorists zip through tollgates; they also track wildlife.

...

"Once a tagged item is associated with a particular individual, personally identifiable information can be obtained and then aggregated to develop a profile," the U.S. Government Accountability Office concluded in a 2005 report on RFID.

Federal agencies and law enforcement already buy information about individuals from commercial data brokers, companies that compile computer dossiers on individuals from public records, credit applications and other sources, then offer summaries for sale. These brokers, unlike credit bureaus, aren't subject to provisions of the Fair Credit Reporting Act of 1970, which gives consumers the right to correct errors and block access to their personal records.

That, and the ever-increasing volume of data collected on consumers, is worrisome, says Mike Hrabik, chief technology officer at Solutionary, a computer-security firm in Bethesda, Md. "Are companies using that information incorrectly, and are they giving it out inappropriately? I'm sure that's happening. Should we be concerned? Yes."

...

A 2005 patent application by American Express itself describes how RFID-embedded objects carried by shoppers could emit "identification signals" when queried by electronic "consumer trackers." The system could identify people, record their movements, and send them video ads that might offer "incentives" or "even the emission of a scent."

RFID readers could be placed in public venues, including "a common area of a school, shopping centre, bus station or other place of public accommodation," according to the application, which is still pending - and which is not alone.

In 2006, IBM received patent approval for an invention it called, "Identification and tracking of persons using RFID-tagged items." One stated purpose: To collect information about people that could be "used to monitor the movement of the person through the store or other areas."

...

Another patent, obtained in 2003 by NCR Corp., details how camouflaged sensors and cameras would record customers' wanderings through a store, film their facial expressions at displays, and time - to the second - how long shoppers hold and study items.

Then there's a 2001 patent application by Procter & Gamble, "Systems and methods for tracking consumers in a store environment." This one lays out an idea to use heat sensors to track and record "where a consumer is looking, i.e., which way she is facing, whether she is bending over or crouching down to look at a lower shelf."

...

Katherine Albrecht, founder of CASPIAN, an anti-RFID group, says, "Nobody cares about radio tags on crates and pallets. But if we don't keep RFID off of individual consumer items, our stores will one day turn into retail 'zoos' where the customer is always on exhibit."

Our position on this technology is pretty simple: as a society, before we jump head first into the future this article details, let's take a step back and do the kind of thorough review of the pros and cons first. Then, based on what we find, put in place common sense regulations and safeguards...using the constitution and our right to privacy as the most important factor in formulating these public policies...rather than so called "consumer convenience" and corporate profit.

No comments: