You need not be paranoid to fear RFID
The Boston Globe October 10, 2005
By Hiawatha Bray


  It's one of the cutest of those cute IBM Corp. TV commercials, the ones that feature the ever-present help desk. This time, the desk appears smack in the middle of a highway, blocking the path of a big rig.
  ''Why are you blocking the road?" the driver asks. ''Because you're going the wrong way," replies the cheerful Help Desk lady. ''Your cargo told me so." It seems the cartons inside the truck contained IBM technology that alerted the company when the driver made a wrong turn.
  It's clever, all right -- and creepy. Because the technology needn't be applied only to cases of beer. The trackers could be attached to every can of beer in the case, and allow marketers to track the boozing habits of the purchasers. Or if the cargo is clothing, those little trackers could have been stitched inside every last sweater. Then some high-tech busybody could keep those wearing them under surveillance.
  If this sounds paranoid, take it up with IBM. The company filed a patent application in 2001 which contemplates using this wireless snooping technology to track people as they roam through ''shopping malls, airports, train stations, bus stations, elevators, trains, airplanes, rest rooms, sports arenas, libraries, theaters, museums, etc." An IBM spokeswoman insisted the company isn't really prepared to go this far. Patent applications are routinely written to include every possible use of a technology, even some the company doesn't intend to pursue. Still, it's clear somebody at IBM has a pretty creepy imagination.
  And it's not just IBM. A host of other companies are looking at ways to embed surveillance chips into practically everything we purchase -- and even into our bodies. It's a prospect that infuriates Harvard graduate student Katherine Albrecht.
  ''I think the shocking part is they've spent the past three years saying, oh no, we'd never do this," Albrecht said. But instead of taking their word for it, Albrecht and her colleague, former bank examiner Liz McIntyre, began reading everything they could find on the subject. Now they're serving up the scary results of their research in a scathing new book, ''Spychips."
  That's Albrecht's preferred name for a technology called radio frequency identification technology, or RFID. If you use a Mobil Speedpass to pay for gasoline, you're already using RFID. Your Speedpass contains a microchip and a small antenna that allows it to broadcast information to a receiver. The chip has no power source of its own. Instead, it picks up radio signals from an RFID chip reader, turns these radio waves into electricity, and uses the power to broadcast data to the reader.
  Because they need no batteries, RFID chips can be made small enough to attach invisibly to practically anything. One company is even working on a way to print RFID chips onto newspapers, using electrically conductive ink.
  Why is this so scary? Because so many of us pay for our purchases with credit or debit cards, which contain our names, addresses, and other sensitive information. Now imagine a store with RFID chips embedded in every product. At checkout time, the digital code in each item is associated with our credit card data. From now on, that particular pair of shoes or carton of cigarettes is associated with you. Even if you throw them away, the RFID chips will survive. Indeed, Albrecht and McIntyre learned that the phone company BellSouth Corp. had applied for a patent on a system for scanning RFID tags in trash, and using the data to study the shopping patterns of individual consumers.
  ''Spychips" reveals a US government plan to order RFID chips embedded in all cars sold in America. No big deal -- until you realize the police could then track your comings and goings by putting inexpensive RFID readers at key intersections.
  Then there are the RFID pajamas from a California maker of children's clothing. It's a clever way to prevent kidnapping: Just put RFID readers in your home, to alert you if Junior's taking an unauthorized trip. It's easy to imagine parents buying into this idea, but they'll now have to install RFID readers in their homes. ''There's the nose in the camel's tent," said Albrecht. At first, companies will just scan your kids' jammies. But later they'll ask permission to scan the tags on your groceries and your clothes. The consulting company Accenture has patented a design that builds an RFID reader into a household medicine cabinet, to make sure you're taking all your medications.
  There are countless applications for RFID, and viewed in isolation, some are downright appealing. It would be nice for the medicine cabinet to send you an e-mail -- ''Time to buy more Viagra." But what if it's also sending that data to consumer marketing companies, eager to bombard you with unwanted advertising? Worse yet, what if they're sending the data to government investigators, or to hackers who've figured out how to break into the system?
  Not to worry, said Jack Grasso, spokesman for EPC Global of Lawrenceville, N.J.,, the nonprofit organization that sets technical standards for RFID systems. His organization has a code of ethics that requires notifying consumers about the presence of RFID tags. The group also recognizes the right of consumers to deactivate RFID tags, and is working to develop systems to make this easy.
  So how about putting these principles into law? No thanks, said Grasso. ''We believe it is far too early." Because the RFID industry is so young, any regulation ''would have a chilling effect that would put us back years."
  And that's a bad thing?
  Somebody needs to sit down and think this through. Dozens of companies and government agencies are planning to use RFID to track nearly every move we make. And although many of the individual applications make sense, what would happen if they were all implemented, without oversight or restraint? We'd then live in a world in which everything we own gossips about us behind our backs.
  And it would be too late to call the IBM Help Desk to ask for our privacy back.

Hiawatha Bray can be reached at bray@globe.com.