RFID Is Not The Real IssueRFID Is Not The Real Issue

When I started covering radio-frequency identification technology, I have to admit I was inclined to sympathize with those voicing reservations about the technology. Katherine Albrecht of Caspian (Consumers Against Supermarket Privacy Invasion And Numbering) argues her views well, and I've yet to hear anyone outside of retailer The Metro Group answer her charges effectively. That's to be expected, since fear wins minds more easily than reassurances. Of course, the problem with asking people to be afraid of the future is that the future hasn't happened yet.

The difficulty I see with the way businesses are approaching the RFID debate is that they don't see consumer concerns as anything more than a public-relations issue. I was just speaking with Amar Singh, VP of applications solutions management, global RFID, at SAP, and he observed that privacy tends to be a consumer term, whereas for businesses the issue was data security. I think he's right about that, and therein lies the problem: It's all about data. And businesses need to recognize that data concerns everyone to whom it pertains. Companies get into trouble when they treat data like it's their property, without recognizing there are wider concerns. My desire not to be included in a particular marketing database should carry equal weight to a celebrity's or CEO's desire not to have the GPS coordinates of his or her children posted on a Web site. We should all have the right to be left alone.

RFID is one data-gathering technology among many. And people should be worried about how data related to them gets handled and regulated. That's much more important than how it's gathered, because it will be gathered one way or another. The possibility that someone might be able to read a code in an RFID tag embedded in the shirt I'm wearing is no more worrisome than the possibility someone might be able to gather that same data by using a biological data gathering device like a pair of eyes, or a mechanical one like a street-side surveillance camera. In fact, you can tell a lot more about a person by looking at him or her than you will ever be able to using RFID tags.

The problem with data is that it can be used against people, sometimes unfairly. The next time you apply for a job, what facts about your life will you omit from your resumé? The fact that you have children, and thus might be less inclined to pull long hours or travel? Your religion? Your political views? Your sexual orientation? Any of these things could be guessed, perhaps inaccurately, based on a sufficiently detailed purchase history, or even a Google search. Imagine getting embroiled in a lawsuit. What data could be used against you? If time logs created by your RFID-enabled toll-payment pass indicate an average commute speed of 80 mph, will your reckless driving habits buttress your spouse's assertion that you should not have custody of your children? Then there's the government, which you may or may not view as entirely benign in its various activities. And of course there are criminals, who have turned poorly regulated data into a profitable enterprise, using it for identity theft and fraud.

All of this is to say that RFID is not the issue. Data protection is, because there isn't much of it. Section 215 of the Patriot Act gives law enforcement the power to demand customer data from pretty much any business, in secret, with minimal judicial oversight. Now, you may feel the government has the right to know everything about you, despite Constitutional guarantees to the contrary. That's fine. Let the IRS do your taxes for you. Buy a CPU that says "FBI Inside." What, me worry? But add the vast quantities of data stored in commercial databases, and the extent of the surveillance that data represents becomes so extensive that, with sufficient access, anyone determined to harass, blackmail, defraud, embarrass, harm, or refuse to serve you has the informational weapons to do so.

Comprehensive data-regulation laws are needed, ones that balance the concerns of businesses with the rights of consumers.