October 21, 2005
The Ultimate Privacy Argument Against RFID
By Evan Schuman, Ziff Davis Internet
Privacy arguments tend to be emotional, often expressed in terms of "security versus privacy."
A new book out about the future of RFID goes far beyond that. The authors of Spychips do not hesitate to go for the emotional jugular frequently, using references and examples from the Bible, the Nazis, the Russian government and the George Orwell classic 1984.
But they also make a stunningly powerful argument against plans for RFID being mapped out by government agencies, retail and manufacturing companies. Sources and evidence for their arguments come from patent applications, interviews and confidential documents carelessly left on vendors' Web sites.
This won't be comfortable reading in the IT departments of major retailers and manufacturers, but it is essential. IT is the group charged with being creative and making the technology do the magic that marketing needs it to do.
But who is charged with being the corporate conscience? Whose job is it to make sure that the corporation, in its pursuit for greater profits and market share, doesn't go too far in exploiting information on their customers? Far too often, that decision falls on marketing executives who, the book eloquently argues, are stunningly ill-suited to the task.
A favorite anti-marketing passage: "Researchers have found that marketing students score lower on measures of ethics and academic integrity than any other university majors."
The passage said business majors cheated more than their peers and that "marketing majors cheat significantly more than their peers in other business disciplines."
The book's thrust, though, is a detailed analysis of RFID trends. It effectively debunks many of the top arguments about why RFID is not a privacy worry.
Consider the use of RFID in hospitals and the frequently-cited media comment that the leading cause of death due to medical errors in caused by patient or drug misidentification. The book talks about that comment on the Web site for Precision Dynamics Corp., which is attributed to The Institute of Medicine Report, written by two doctors from the Harvard Medical School of Public Health.
There's just one problem with that reference, the book says: That report makes no reference whatsoever to patient or drug misidentification having any impact on patient deaths.
The book quotes one of the report authors as saying the attribution as "a complete misrepresentation" and adds that, in reality, misidentification accounts for fewer than five percent of medical errors.
When Ziff Davis contacted PDC, the claim was still on their Web site and they promised to get back to us with an explanation. No one ever did but the claim has magically vanished from their site.
The biggest RFID argument that the authors attacked was the industry's claim that retailers and manufacturers have no interest nor intention in tracking products once they leave the stores and certainly no intent to track consumers.
The authors—Katherine Albrecht and Liz McIntyre—use vendors' own patent filings to show their thinking, such as an IBM filing titled "Identification and Tracking of Persons Using RFID-Tagged Items." A Phillips Electronics 2003 patent application talks about placing RFID tags in shoes so that they can be detected by RFID scanners embedded in floors.
Note to vendors: A little subtlety is probably not a bad idea when trying to patent ideas that your PR people are denying you're thinking about.
Consider Procter & Gamble's August 2001 RFID patent filing dubbed "Systems and Methods For Tracking Consumers In A Store Environment." The book then quotes Sandy Hughes, P&G's "global privacy executive" as assuring that P&G has "never even considered tracking consumers with RFID."
It then quotes Gillette's Dick Cantwell, the manufacturer's VP of global business management, saying the company wants to use RFID "to track consumer use of its products at home."
The authors had the most fun with a promotional RFID piece produced by NCR, including using RFID to price-discriminate against customers, especially those trying to bargain hunt.
"With RFIDs on loyalty cards to identify the customer and a customer shopping history database, items could be priced differently depending on characteristics of the person who was buying them." One appalling possibility: A consumer known to be hungry or who just got a raise could get charged more for groceries.
The book methodically debunks the argument that RFID chips can only be read from very short distances, making the idea of tracking consumers outside of stores difficult.
The authors argue that strategically placed readers—such as at highway exits—could track consumers quite effectively, particularly as RFIDs get themselves into the home (refrigerators that alert the retailers when certain groceries run low), the car (for repairs or intelligent navigation systems) and cell phones (for payment).
The retail and manufacturing tracking capabilities are spooky, but the book gets downright freaky as it discusses government plans for embedding RFID chips into the flesh of people (military, prison inmates, sensitive government employees, etc.).
The book talks of the implants and casually debunks the frequently-cited claim that the glass-encased insert is "about the size of a grain of rice." The chip "actually measures 12 mm (.47 inches) long, making it a bit shorter than the diameter of a dime.
That's a lot larger than any rice we've ever seen—and we both eat long grain rice." That one hurt as Ziff-Davis has used the "grain of rice" comment often enough, but we won't anymore.
The books talks about former Mexican attorney general Rafael Macedo de la Concha having an RFID chip inserted into himself and some of his employees "as a way to secure access to a sensitive records room." It then makes the case that, far from being secure, it encourages those employees to be kidnapped and have the chip removed by force.
The authors found a patent application from an RFID company called Persephone Inc. that proposes installing RFIDs deep within the body and it discusses ways for the implanted chip to "electroshock the implantee."
There's no question that the books pushes the anti-RFID a bit far—citing biblical passages and asking how a Hitler would use RFID—but those arguments are still something that RFID developers and retail/manufacturing execs need to hear.
If you need to hear a worst-case scenario and know the perception—and possibly reality—challenges of RFID, reading SpyChips is the ideal first step.