Search This Blog

Thursday, March 10, 2011

RFID and privacy

     There are a number of various types of uses for radio frequency identification units (RFID). The purpose of the chapter from Digital Privacy(Acquisti, Gritzalis, Lambrinoudakis, & Vimercati, 2008) was not necessarily to discuss the numerous applications, but to discuss the issues surround privacy concerns. However, discussing some of the applications may make the privacy issue easier to understand.

     The entire point of the RFID is to track, locate and identify an object. That object being a piece of clothing, an animal or a piece of machinery. From there, different attributes can be allocated to their purpose. In the case of clothing, a merchandiser can determine size, color and other customer traits, especially when associating them with some type of charge card.

     RFID can track inventory, streamlining shipments as they arrive and their location. RFID is used by local municipalities (in the northeast, EZ-Pass as an example). The use of EZ-Pass is the first type of RFID that I thought of that could invade privacy, as did thousands of others in its inception. If doing the speed limit between exist should take 45 minutes and I arrive in 20 minutes, does law enforcement have the right to use the EZ-Pass to give me a speeding ticket. I did several searches on this topic and found numerous similar concerns, but no actual prosecuted case of it in any state.

     My concern with this chapter is how the author details the RFID as a potential threat to privacy and civil liberties. I believe that this is overkill, however upon further reading; someone with malicious intentions could in fact use this against an individual.

     He lists several features of privacy violations;

• No tag presence awareness – I could understand if the tag is used outside of a store, but while merchandise is still unpaid for, I do not see this as a privacy violation.

• No reader presence awareness – if a customer intends on stealing an item, why should they know where the reader is located? Again, I do not see this as a privacy violation.

• Silent readings – again, as long as the merchandise is still owned by the store, no violation.

• Line of sight – same as silent readings.

     Where I do see the privacy threats as a concern is since there are no line of sight requirements, there is technology that exists that can identify items that an individual is wearing or carrying. Thereby making personal theft an easy target.

     If the RFID is not killed upon purchase, then there is a direct violation as a merchant can track the movements of a potential consumer.

     The author states that there is a school of thought in favor of RFID technology and that the privacy community has exaggerated its effect. I tend to agree with this school of thought.

      Where I believe the largest privacy violation can occur is where there are unauthorized readers. The author uses the example of someone stopping b briefly by the window of a sex shop and a reader took the information from a charge card in his pocket, identified him and is now on a mailing list of sex related items, when the individual may have only spent seconds at the window.

     Probably the best forms of legitimate use to not violate privacy are utilizing a kill command (rendering the device useless) or an active jamming device.

      I understand that there is the potential for privacy invasion with these devices, and I am not suggesting that the thought is irrational, just highly improbable due to the cost of mitigating the problem if caught violating privacy vs. its actual practicality.


Acquisti, A., Gritzalis, S., Lambrinoudakis, C., & Vimercati, S. D. C. d. (Eds.). (2008). Digital Privacy: Theory, Technologies, and Practices. New York: Auerbach Publications.