You need not be paranoid to
fear RFID
The Boston
Globe October 10, 2005
By Hiawatha Bray
It's one of the cutest of those cute IBM Corp. TV commercials, the ones
that feature the ever-present help desk. This time, the desk appears smack in
the middle of a highway, blocking the path of a big rig.
''Why are you blocking the road?" the driver asks. ''Because you're
going the wrong way," replies the cheerful Help Desk lady. ''Your cargo
told me so." It seems the cartons inside the truck contained IBM
technology that alerted the company when the driver made a wrong turn.
It's clever, all right -- and creepy. Because the technology needn't be
applied only to cases of beer. The trackers could be attached to every can of
beer in the case, and allow marketers to track the boozing habits of the
purchasers. Or if the cargo is clothing, those little trackers could have been
stitched inside every last sweater. Then some high-tech busybody could keep
those wearing them under surveillance.
If this sounds paranoid, take it up with IBM. The company filed a patent
application in 2001 which contemplates using this wireless snooping technology
to track people as they roam through ''shopping malls, airports, train
stations, bus stations, elevators, trains, airplanes, rest rooms, sports
arenas, libraries, theaters, museums, etc." An IBM spokeswoman insisted
the company isn't really prepared to go this far. Patent applications are
routinely written to include every possible use of a technology, even some the
company doesn't intend to pursue. Still, it's clear somebody at IBM has a
pretty creepy imagination.
And it's not just IBM. A host of other companies are looking at ways to
embed surveillance chips into practically everything we purchase -- and even
into our bodies. It's a prospect that infuriates Harvard graduate student
Katherine Albrecht.
''I think the shocking part is they've spent the past three years
saying, oh no, we'd never do this," Albrecht said. But instead of taking
their word for it, Albrecht and her colleague, former bank examiner Liz
McIntyre, began reading everything they could find on the subject. Now they're
serving up the scary results of their research in a scathing new book,
''Spychips."
That's Albrecht's preferred name for a technology called radio frequency
identification technology, or RFID. If you use a Mobil Speedpass to pay for
gasoline, you're already using RFID. Your Speedpass contains a microchip and a
small antenna that allows it to broadcast information to a receiver. The chip
has no power source of its own. Instead, it picks up radio signals from an RFID
chip reader, turns these radio waves into electricity, and uses the power to
broadcast data to the reader.
Because they need no batteries, RFID chips can be made small enough to
attach invisibly to practically anything. One company is even working on a way
to print RFID chips onto newspapers, using electrically conductive ink.
Why is this so scary? Because so many of us pay for our purchases with
credit or debit cards, which contain our names, addresses, and other sensitive
information. Now imagine a store with RFID chips embedded in every product. At
checkout time, the digital code in each item is associated with our credit card
data. From now on, that particular pair of shoes or carton of cigarettes is
associated with you. Even if you throw them away, the RFID chips will survive.
Indeed, Albrecht and McIntyre learned that the phone company BellSouth Corp.
had applied for a patent on a system for scanning RFID tags in trash, and using
the data to study the shopping patterns of individual consumers.
''Spychips" reveals a US government plan to order RFID chips
embedded in all cars sold in America. No big deal -- until you realize the
police could then track your comings and goings by putting inexpensive RFID
readers at key intersections.
Then there are the RFID pajamas from a California maker of children's
clothing. It's a clever way to prevent kidnapping: Just put RFID readers in
your home, to alert you if Junior's taking an unauthorized trip. It's easy to
imagine parents buying into this idea, but they'll now have to install RFID
readers in their homes. ''There's the nose in the camel's tent," said
Albrecht. At first, companies will just scan your kids' jammies. But later
they'll ask permission to scan the tags on your groceries and your clothes. The
consulting company Accenture has patented a design that builds an RFID reader
into a household medicine cabinet, to make sure you're taking all your
medications.
There are countless applications for RFID, and viewed in isolation, some
are downright appealing. It would be nice for the medicine cabinet to send you
an e-mail -- ''Time to buy more Viagra." But what if it's also sending
that data to consumer marketing companies, eager to bombard you with unwanted
advertising? Worse yet, what if they're sending the data to government
investigators, or to hackers who've figured out how to break into the system?
Not to worry, said Jack Grasso, spokesman for EPC Global of
Lawrenceville, N.J.,, the nonprofit organization that sets technical standards
for RFID systems. His organization has a code of ethics that requires notifying
consumers about the presence of RFID tags. The group also recognizes the right
of consumers to deactivate RFID tags, and is working to develop systems to make
this easy.
So how about putting these principles into law? No thanks, said Grasso.
''We believe it is far too early." Because the RFID industry is so young,
any regulation ''would have a chilling effect that would put us back
years."
And that's a bad thing?
Somebody needs to sit down and think this through. Dozens of companies
and government agencies are planning to use RFID to track nearly every move we
make. And although many of the individual applications make sense, what would
happen if they were all implemented, without oversight or restraint? We'd then
live in a world in which everything we own gossips about us behind our backs.
And it would be too late to call the IBM Help Desk to ask for our
privacy back.
Hiawatha Bray can be reached at bray@globe.com.