2
Society and Culture

In an experiment at the San Francisco Exploratorium, a hands-on science museum, families are given a handheld radio frequency identification (RFID) reader and assigned a unique Web address that will document their visit to the Exploratorium. As they move through the various exhibits looking at different parts of the displays, they can use the reader to query tags posted throughout the museum, and the system logs their interests. When they get home, the particular exhibits that they visited come up on the Web site created for them, linking to additional educational material to spark further interest. The same handheld reader is being developed for senior citizens to help with elder care.1 In manufacturing contexts, RFID systems in warehouses track inventories of goods with the aim of substantially reducing theft and loss while increasing efficiency, and thus potentially reducing the cost of goods to consumers.

Given these sorts of informative, helpful, and cost-reducing applications, it is interesting to note that more than 40 of the best-known European and U.S. consumer, privacy, and civil liberties organizations endorsed a moratorium on RFID tags applied to consumer products.2 In addition, retailers Benetton and Wal-Mart both halted their early in-store tests of RFID inventory control systems—Benetton was even threatened with a boycott, and for both companies tangible economic benefits were not immediately obvious. While the potential benefits of the technology are vast, there are risks inherent in large-scale deployment of RFID. Until stakeholders (including industry leaders, policy makers, and advocates) grapple effectively with those concerns, it seems likely that interest groups will seek alternative means to make their voices heard. Strikes, boycotts, and protests have already been organized to effectively block RFID implementations.3 This chapter provides a brief overview of many of the ethical, legal, cultural, and social issues related to RFID technology, drawing on discussions and presentations at the workshop.

1  

This is the iReader, developed by Intel. For a brief description, see Adam Rea, Waylon Brunette, and Gaetano Borriello, 2004, “Designing for Flexibility: A Look at the iReader,” presented at the Second International Conference on Pervasive Computing. On the topic of elder care, see Celeste Biever, 2004, “RFID Chips Watch Grandma Brush Teeth,” March 17, NewScientist.com News Service, March 17, 2004, available online at <http://www.newscientist.com/article.ns?id=dn4788>, accessed December 14, 2004.

2  

“RFID Position Statement of Consumer Privacy and Civil Liberties Organizations,” November 20, 2003, available online at <http://www.privacyrights.org/ar/RFIDposition.htm>, accessed December 14, 2004. A moratorium is being called for until a formal technology assessment, with substantial public participation, takes place.

3  

The 2002 longshoremen’s strike, a boycott threatened against Benetton, and other protests against RFID technologies are mentioned in the sidebar entitled “Dealing with the Darker Side” in Roy Want, 2004, “RFID: A Key to Automating Everything,” Scientific American, January, pp. 56-65.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 21
Radio Frequency Identification Technologies: A Workshop Summary 2 Society and Culture In an experiment at the San Francisco Exploratorium, a hands-on science museum, families are given a handheld radio frequency identification (RFID) reader and assigned a unique Web address that will document their visit to the Exploratorium. As they move through the various exhibits looking at different parts of the displays, they can use the reader to query tags posted throughout the museum, and the system logs their interests. When they get home, the particular exhibits that they visited come up on the Web site created for them, linking to additional educational material to spark further interest. The same handheld reader is being developed for senior citizens to help with elder care.1 In manufacturing contexts, RFID systems in warehouses track inventories of goods with the aim of substantially reducing theft and loss while increasing efficiency, and thus potentially reducing the cost of goods to consumers. Given these sorts of informative, helpful, and cost-reducing applications, it is interesting to note that more than 40 of the best-known European and U.S. consumer, privacy, and civil liberties organizations endorsed a moratorium on RFID tags applied to consumer products.2 In addition, retailers Benetton and Wal-Mart both halted their early in-store tests of RFID inventory control systems—Benetton was even threatened with a boycott, and for both companies tangible economic benefits were not immediately obvious. While the potential benefits of the technology are vast, there are risks inherent in large-scale deployment of RFID. Until stakeholders (including industry leaders, policy makers, and advocates) grapple effectively with those concerns, it seems likely that interest groups will seek alternative means to make their voices heard. Strikes, boycotts, and protests have already been organized to effectively block RFID implementations.3 This chapter provides a brief overview of many of the ethical, legal, cultural, and social issues related to RFID technology, drawing on discussions and presentations at the workshop. 1   This is the iReader, developed by Intel. For a brief description, see Adam Rea, Waylon Brunette, and Gaetano Borriello, 2004, “Designing for Flexibility: A Look at the iReader,” presented at the Second International Conference on Pervasive Computing. On the topic of elder care, see Celeste Biever, 2004, “RFID Chips Watch Grandma Brush Teeth,” March 17, NewScientist.com News Service, March 17, 2004, available online at <http://www.newscientist.com/article.ns?id=dn4788>, accessed December 14, 2004. 2   “RFID Position Statement of Consumer Privacy and Civil Liberties Organizations,” November 20, 2003, available online at <http://www.privacyrights.org/ar/RFIDposition.htm>, accessed December 14, 2004. A moratorium is being called for until a formal technology assessment, with substantial public participation, takes place. 3   The 2002 longshoremen’s strike, a boycott threatened against Benetton, and other protests against RFID technologies are mentioned in the sidebar entitled “Dealing with the Darker Side” in Roy Want, 2004, “RFID: A Key to Automating Everything,” Scientific American, January, pp. 56-65.

OCR for page 21
Radio Frequency Identification Technologies: A Workshop Summary The so-called “internet of things” enabled by RFID systems conceptually “make[s] it possible for computers to identify any object anywhere in the world instantly.”4 Such a vision holds tremendous promise in contexts such as inventory management and shipping and handling, as well as in hospital care, education, and safety monitoring. But, clearly, the promise is burdened by equally tremendous possibilities for misuse. The RFID Position Statement mentioned above (see footnote 2) lists five potential threats to privacy and civil liberties from the large-scale deployment of RFID technologies: hidden placement of tags, unique identifiers for all objects, massive data aggregation, hidden readers, and individual tracking and profiling. As described previously, “Big Brother” scenarios in which commercial interests or government can track an individual’s every purchase and move by compiling vast quantities of minute data from electronic product codes within RFID tags are some time away from being realized. But possibilities for immediate misuse remain. Workshop participants argued that addressing social, ethical, legal, and cultural concerns is crucial for RFID technologies at every stage, including technological design and the development of industry standards, policy and regulation, and specific applications. Developing policy to incorporate social norms in emerging technologies is often a discouragingly long process in an industry that seems to move at lightning speed, almost always ahead of the policy discussions as well as ahead of the purview of government regulators. For that reason, this chapter on the societal and privacy concerns associated with RFID technologies necessarily takes a long view of the technology and its potential implications. Particularly in the realms of social norms, ethics, and policy, RFID technologies confound simple discussion in a number of ways. First, the differences in the speed at which policy and technology develop forces policy into what would seem to be the realm of science fiction. If policy discussions are forced to make assumptions about future technological developments, policy may fail to fit appropriately with societal interests as they evolve along with the technology. Second, because of what is often referred to as “function creep,” technologies designed for one task are often adapted to accomplish another. Thus the stated purpose of any new system will be an incomplete description of that system’s eventual use. Third, two primary means exist for incorporating social goals (be they privacy, security, manageability, reliability, or usability) into a system. The two means are regulation and design. Each is very differently motivated into action. Fourth and finally, thus far the most articulate discussion of social goals related to RFID technologies centers on notions of privacy. Privacy, however, is not universally defined, nor is it a flexible enough concept to encompass all of the issues that must be taken into consideration as RFID-incorporating systems become prevalent.5 And, of course, privacy is far from a homogeneous or single-dimension concept.6 Not only must the complexity of privacy as a concept be recognized, but other (sometimes related) concerns should be explicitly articulated as well. Now is a good time for a thoughtful consideration of societal, cultural, and ethical issues related to RFID systems. A brief workshop cannot do justice to the complexity of all these 4   “The Internet of Things” was the title of a Forbes article in March of 2002 by Chana R. Schoenberger <http://www.forbes.com/global/2002/0318/092.html>. Accessed December 14, 2004. (The quote is taken from <http://archive.epcglobalinc.org/aboutthecenter.asp>, accessed December 14, 2004.) The AutoID center has been incorporated into EPCglobal, and archives of the former organization should be available at <http://www.epcglobalinc.org/>, accessed December 14, 2004. 5   One thing that makes “privacy” particularly challenging is that it has a weak feedback loop—it is not always immediately obvious when privacy has been affected or violated. 6   Individual thresholds vary with respect to privacy—what one person might consider deeply private, another might casually disclose. Moreover, some argue that privacy encompasses more than merely the concealment or revelation of information, also being connected to autonomy and trust. Privacy is also deeply tied to context—behavior in one circumstance may be considered much more acceptable from a privacy standpoint than that same behavior in another situation.

OCR for page 21
Radio Frequency Identification Technologies: A Workshop Summary aspects of RFID technologies, but discussions did present some of the basic issues and challenges. An early step is to identify stakeholders—both those who interact directly with the technology and those whose lives may be affected by it. The technology is currently rolling out, and will continue to evolve in the coming years, becoming much less expensive and presumably gaining wider application and currency. At present, development is driven, as noted in Chapter 1, by supply-chain market forces. While wholesale pallets of goods and designer shoes may be tagged for such purposes as managing inventory and controlling forgery, few consumers are piqued by these applications. But both function creep and speed of development will push seemingly neutral applications into the public sphere of debate. Some workshop participants argued that, to address public concerns most effectively, it makes sense to develop and deploy RFID technology—even in these first, seemingly relatively neutral domains—with social norms in mind. CHARACTERISTICS OF RADIO FREQUENCY IDENTIFICATION TECHNOLOGY IN SOCIAL TERMS RFID technology poses interesting challenges in terms of its cultural significance because of the following interrelated features: the tags are minuscule, and some do not require their own energy sources; the systems are mobile and potentially invisible; the readers operate wirelessly at relatively close range; and components (especially tags) are cheap.7 Altogether, these features characterize a technology that is likely to have broad applications and distinctive conceptual and cultural implications. For example, tags on or near individuals can be read without their knowledge, the tags can potentially be on everything in an individual’s possession, and individuals could carry a complex, unique constellation of data (that is, of the full set of IDs on an individual’s person or in his or her possession). RFID systems enable at least a scaling up, if not a change in the nature of surveillance and in the character of information collection that is possible. Often discussion focuses on the tags, but the reader is a significant component of the system both technologically and with respect to social implications. In their most rudimentary implementation, the tags are passive whereas the readers are active agents. Thus, the tag and tag-bearer (be that a can of beans or a person) are in an asymmetric relationship with the reader or power source. The latter’s agent has the capacity to interrogate the pervasive tags, and this imbalance means that readers, which can themselves remain hidden, will be able to gather information with relative impunity. The relatively short range at which tags currently must be interrogated will be extended to some degree as the technology improves. The fact that tags currently can identify themselves to any reader that supplies them with power means that data compiling can occur in unintended or unanticipated ways. It is important not to lose track of the reader in discussions about RFID technologies. The specific characteristics of RFID technology have social implications. The most basic form of RFID tag is the passive tag that, in EPCglobal’s taxonomy, for example, carries only its unique Universal Product Code (UPC)-like identification code: its electronic product code (EPC). The technology is poised at the head of several likely paths. Each makes clear that there are even 7   Sensor networks (of which RFIDs could be considered a rudimentary version) also exhibit a distinctive collection of characteristics and operate under unique constraints. The challenge is to build large systems that are tightly coupled to the physical world and to one another in a resource-constrained environment that will persist for long periods of time while consisting of many interacting components and being used and interacted with by nonexpert users. The Computer Science and Telecommunications Board’s 2001 report, Embedded, Everywhere: A Research Agenda for Networked Systems of Embedded Computers (Washington, D.C.: National Academy Press), articulates some of the technical, research, and social challenges presented by such systems.

OCR for page 21
Radio Frequency Identification Technologies: A Workshop Summary greater cultural implications as technological capacity is increased. The implications include the following: (1) Passive tags are already being designed to contain more than an ID code. There will be increasing storage capacity for other types of data. (2) The tags will shift from read-only to read-write. (3) They will move from being passive tags to behaving as active nodes in a sensor net. With each of these shifts, the privacy-related questions are compounded, and ethical concerns grow. The basic questions move from “Will I tell you my ID?” to “Will I let you write my data?” to “Will I let you tell me what to do?” In this chain of events, the reader’s functional advantage over the tag becomes more serious. What ethicists and privacy advocates worry about is that at each step, path determinism will occur—that is, current developments will determine certain subsequent outcomes and preclude other evolutionary alternatives. For example, when tags store more data in their next iteration, will they inevitably forgo privacy protections that will be needed, say, 3 years from now? At present, the incipient application driving RFID evolution is the supply chain and to a lesser extent, military applications. Producers and vendors will tag products so that they can be read throughout the supply-chain process, from the production source possibly all the way to the retail outlet. RFID-enabled systems have the potential to reduce error, loss, waste, and theft in the supply chain, thereby increasing efficiency and profits. In this early stage of the evolution of the technology, tags report their IDs from pallets or cartons, and in-shelf readers can monitor stock inventory. At the same time, relatively expensive individual products are tagged at designer clothing stores or, for example, on the cartons of home entertainment systems. Later, when the cost becomes low enough, all products could be tagged. Analogous to UPCs, the RFID tags on pallets and shelves have limited implications with respect to cultural and social values. Once tags are embedded in individual products, privacy and trust concerns become much more salient. Similarly, the location where tags are queried makes a difference. Tagged consumer goods in warehouses raise few social issues (although the dockworkers’ strike on the West Coast in 2002 against tagged pallets demonstrated that the fear of lost jobs and on-site worker privacy could be significant concerns). In-store tracking of tags holds more social implications than the tagging of goods in warehouses, although in-store tracking, too, might be manageable through thoughtful policy development. When tags remain active after leaving the store, however, the social implications are potentially vast. When thinking through these issues, it is crucial to understand when individual identity becomes associated with a tag (or data within the system), whether that needs to happen, and what the implications are. The capacity for data cross-referencing and linkage, though, means that even without explicit links to personal identity, connections to individuals will be possible. A current example, the prospect of RFID tags in car tires, serves to elucidate some of these issues. The scenarios begin to unfold regarding information that can be collected and tied to a unique individual, even if only passive tags are embedded in the tires and those tags are not associated with any particular individual. Commercial interests could canvass sports arena parking lots and market targeted products when those same tires park at regional shopping malls. Law enforcement could document cars parked at a political rally or at a rave where drug use is anticipated. Data logged at gas stations could be queried to track suspected criminals through the use of their cars. With read-write tags, data logs containing information about location, time/date, and service could be kept in the tire’s tag memory. Particular products could be linked to unique personal identification—say, linkage of the tire’s EPC with credit card data at the point of sale—enabling clear linkage of data and potential invasions of privacy. But even without the link to a specific individual, RFID technology poses potential problems due to the possibility of unintended, unauthorized, and undesired uses. Absent some type of notice, those negative uses can transpire without a consumer’s knowledge.

OCR for page 21
Radio Frequency Identification Technologies: A Workshop Summary TYPOLOGY OF RISK—PRIMARY SOCIAL CONCERNS Beyond privacy, there are many contexts in which RFID and related technologies will have social and cultural impacts. At the extremes, commentators’ narratives of those contexts describe either a utopian view of the future, in which emerging technology plays an enabling and empowering role, or a dystopian one, in which technologies fundamentally bring about civilization’s demise. Mark Weiser’s oft-cited prediction that ubiquitous computing “will make using a computer as refreshing as taking a walk in the woods” portrays an optimistic future.8 By contrast, some privacy activists tend to believe that they must demonstrate what they believe to be the otherwise underestimated negative implications of technologies. Instead of either extreme, what is called for, as was discussed by participants at the workshop, is critical analysis and debate so that both risks and benefits can be explored. Most importantly, those risks and benefits must be explored before the technology is fixed—that is, before the technology has been fully designed and developed for its various, specific applications. There is likely to be tremendous benefit in a design approach that precedes any sort of legislative or regulatory solution, not only because the resultant technology will almost certainly be more elegant, but, more importantly, because the public trust would not have been undermined. Should cultural concerns (privacy, security, legality, equity, and so on) be inadequately accommodated, a backlash of some sort is more likely to occur. Moreover, if lack of attention to privacy and social concerns means that advocates are forced to be more confrontational in order to have their concerns heard, it is possible that socially constructive uses of RFID technologies, from education and medicine to commercial applications, will be stymied. Because social norms evolve, the technologies and the regulations for RFID technology must be agile. While some privacy advocates want government standards and public policy to regulate these technologies, the Federal Communications Commission (FCC) takes a relatively hands-off stance (see Box 1.3 in Chapter 1). The FCC sets minimal standards primarily to control interference, with the intention that broad, flexible rules will not only encourage innovation but also spur private industry to develop its own standards. This approach seems to make more sense for standards that promote technical and functional interoperability than for standards that seek to reflect social norms. Many argue that society’s interests are best represented through public processes that include representation by various stakeholders. In taking up the challenge of addressing privacy issues, EPCglobal has set forth in the Generation 2 (Gen2) standard, which comprises global standards for RFID, not only commercial guidelines to ensure uniformity, but also a basic response to privacy concerns.9 The Gen2 standard establishes the basic tag as one with a 32-bit “kill” password, along with access control. The kill feature permanently disables the tag, acknowledges when the kill has been performed, and then goes silent.10 According to the Gen2 standard, access-controlled tags cannot be written until the reader supplies the correct 32-bit password. Public concerns remain about whether the passwords could be intercepted or the tags broken into in some way. In addition, imposing authentication requirements on a technology raises a host of new technical and privacy 8   Mark Weiser 1991. “The Computer for the 21st Century,” Scientific American, September, pp. 94-104. For the Web version, see <http://www.ubiq.com/hypertext/weiser/SciAmDraft3.html>, accessed December 14, 2004. 9   See the press release dated May 13, 2004, from Matrics, Inc., for example, in “Industry Leaders Propose EPC UHF Gen 2 RFID Standard,” available online at <http://www.matrics.com/news/releases/20040513.shtml>, accessed December 14, 2004. 10   Of course, for this feature to be effective, it will be important for users to be able to verify that a tag has been killed. Potential solutions for enabling this verification include home readers, public kiosks, or some sort of certification of trusted vendors, among other things—such solutions of course raise a host of additional infrastructural and social challenges.

OCR for page 21
Radio Frequency Identification Technologies: A Workshop Summary challenges.11 Other design options might be considered. For example, a system could be designed to limit the disclosure of data, depending on who (which reader) is requesting it, but again this solution requires a more sophisticated infrastructure than the most basic passive tags could accommodate. It is impossible to lay out the exact components of a socially acceptable RFID technology, in part because the public has multiple interests and in part because RFID technologies have not undergone thorough assessment from a policy standpoint. Indeed, the primary recommendation of advocacy groups is to conduct a formal technology assessment of RFID. At present, the Fair Information Practice Principles should be noted, along with the privacy guidelines of the Organization for Economic Cooperation and Development.12 A minimum set of guidelines culled from these sources yields five basic provisions for a possible RFID policy: Notice/awareness—transparency in the use and maintenance of RFID systems, with clear labeling, and without secret databases or tag reading; visibility; Purpose specification—notification of the purpose of any tag or reader; Collection limitations—collection of information limited to the purpose at hand; Accountability—RFID users responsible for complying with privacy provisions; formal entities to be established for monitoring and complaints; and Security safeguards—verifiable security and integrity in transmission, databases, and system access.13 In addition, a number of technical strategies are being explored to begin to address these principles. Kill switches in tags to be activated at the point of sale are the most obvious. Some advocate that RFID tags be permanently deactivated before being taken out of the store. Blocker tags provide another possibly strategy: Consumers would mask the transmission of any RFID tag in their possession through the interference generated by a blocker tag.14 Features that enable anonymity are also useful in some contexts. Fundamental to the success of each of these strategies is the principle of notice/awareness: Users must be able to see that a tag is deactivated, has been interrogated, is concealed, or is active. While each strategy has particular utility, none is fail-safe and thus does not fully address the range of concerns expressed by consumer groups. Another debate about ethical, legal, and social implications of RFID concerns consumer choice. Many civil libertarians would grant individual choice under all circumstances. Because these technologies can be complicated and their use coerced (through incentive programs, for example), however, it is hypothesized that two groups will form among consumers: those who want the ability to kill the RFID tags on their products and care enough to undertake the required actions, and those who do not. One of the principal concerns about RFID is that it will be difficult 11   See the following Computer Science and Telecommunications Board report: National Research Council, 2003, Who Goes There? Authentication Through The Lens of Privacy, The National Academies Press, Washington, D.C. 12   The Federal Trade Commission’s articulation of Fair Information Practice Principles can be viewed online at <http://www3.ftc.gov/reports/privacy3/fairinfo.htm>, accessed December 14, 2004. The 1980 OECD privacy guidelines are available online at <http://www.oecd.org/document/18/0,2340,en_2649_201185_1815186_1_1_1_1,00.html>, accessed December 14, 2004. 13   These five minimum guidelines are taken from “RFID Position Statement of Consumer Privacy and Civil Liberties Organizations,” November 20, 2003, available online at <http://www.privacyrights.org/ar/RFIDposition.htm>, accessed December 14, 2004. 14   See Ari Juels, Ronald L. Rivest, and Michael Szydlo, October 2003, “The Blocker Tag: Selective Blocking of RFID Tags for Consumer Privacy,” pp. 103-111 in Proceedings of the 10th ACM Conference on Computer and Communication Security, ACM Press, New York.

OCR for page 21
Radio Frequency Identification Technologies: A Workshop Summary for individuals as well as companies not to use the technology. Consider one of the primary applications of RFID currently in use: E-ZPass or FasTrak toll road systems in the eastern United States and California, respectively, allow cars to speed through tollbooths. Such applications, along with similar bus passes or gas-purchasing cards, have raised little skepticism. Grocery store loyalty cards that offer discounts, airport passes that divert “trusted travelers” through convenient screening, medical tags that ensure prescription tracking—such benefits will be difficult to refuse. These applications might involve a version of informed consent, but they can also result in unanticipated side effects. And the use of the tags without some of the measures described above means that subsequent tracking and profiling would be possible. Robust systems based in part on RFID will create an infrastructure that could serve many purposes, from government surveillance to targeted marketing by advertisers. ESTABLISHING PUBLIC TRUST Workshop panelists noted that what is most apparent in public discourse about emerging information technology is a lack of public trust. RFID technologies and systems will be most smoothly adopted and implemented if those involved take this issue seriously. Grappling with social and cultural considerations may alter the goals of scientists as well as manufacturers and retailers, but investment up front will make it more likely that significant dissonance can be avoided at a later stage (as in other research areas resulting in controversy such as agricultural biogenetics and stem cells). A key question is how to establish public trust as RFID technologies evolve and are implemented. As sociologist Anthony Giddens argues, contemporary society is riddled with abstract systems that require a nearly blind trust, akin to faith.15 In order for emerging technology to earn this trust, workshop participants argued that safeguards, such as those mentioned above from the Fair Information Practice Principles, should be in place. To evolve RFID technology such that societal, commercial, and governmental interests work together will require significant and meaningful participation by a range of stakeholders, including advocates of the public interest. A technological fix that begins to address primary concerns might be simply to kill all RFID tags at the point of sale and to make this operation straightforward and obvious. While some argue that this answer would eliminate many privacy threats that RFID poses, including the most chilling effects such as profiling and tracking, it raises other issues.16 And what of consumers interested in doing their own tracking of products for reasons related to public interest issues, such as monitoring food spoilage or finding the source of defective products? Or consumers personally interested in using RFID tags and readers to identify spoiled medications, for example? In general, understanding the topology of the application space and how values (such as privacy) are contextualized will be important.17 Some application areas could be characterized as having large benefits and small risks, and others the opposite. Understanding how to describe various application areas and where the boundaries between them are will be helpful moving forward. Ethical, legal, and social issues related to RFID technologies reflect some of the same concerns raised about other emerging, wireless and embedded technologies. Public concern centers on risks to privacy, and a number of public interest groups have issued guidelines for 15   Anthony Giddens. 1990. The Consequences of Modernity, Stanford University Press, Stanford, Calif. 16   However, privacy advocacy groups cite examples of intrusive in-store surveillance, which makes the strategy of killing tags at the point of sale only a partial solution. 17   Characteristics of application area requirements to consider might include these: mobility versus fixed tag location, the sort of data that are involved (ID only or not), whether the tags are associated with individuals, the ability to turn a tag off, the visibility of tags and readers, and so on.

OCR for page 21
Radio Frequency Identification Technologies: A Workshop Summary policy and technology development. By their doing so, the notion of “privacy” has become a more complex and nuanced issue and, arguably, no longer the proper name for all of the societal concerns subsumed under it. No matter which list of concerns over RFID technology is chosen, themes that arise repeatedly in the literature include privacy, trust, safety, security, fairness, accountability, accessibility, reliability, and informed consent.18 Another notion that has received little consideration is “publicity,” the flip side of privacy—the notion that emerging technologies, including RFID, be developed consistent with an obligation to contribute to the shared, public sphere. Incorporating publicity is another means, like that of widening stakeholder participation, to enhance public acceptance of and trust in systems. In the discussion of social norms, privacy advocates seek to have protections built in so that consumers can control the exposure of their identities. But it is obvious that there are no absolute norms that can be applied in contemporary society, with its great diversity. Consider individuals willing to have an RFID chip implanted for purposes such as clubbing (a rice-sized chip embedded in the upper arm allows its wearer to jump entry queues, reserve a table, or pay for drinks).19 While some privacy advocates suggest that this type of use is undesirable over the long term, there are undoubtedly numerous closed-system contexts in which some people will wish to be “tagged.” In some cases, trust may be the result of a negotiation between the provider and the user of the technology. A technology or service provider’s reputation (regarding privacy, security, trustworthiness, and so on.) may become an important component of such negotiations. Given the vast differences in individual preferences regarding privacy, along with a range of social norms, the establishment of public trust with respect to RFID technology will be a complicated, long-term undertaking. Indeed, it may be that trusted technology developers will hold a special corner on the market.20 If RFID systems are not designed, developed, and deployed with public trust in mind, privacy advocates may feel the need to resort to less restrained efforts—worst-case scenarios hold powerful sway in the public imagination. Moreover, because privacy for individuals is the most well-articulated societal implication of RFID, the technology may be skewed in this direction. That means that the collective benefits that RFID systems might enable—for instance, bringing down prices on consumer goods, improving security in response to terrorist threats, and enhancing health and education applications—could be secondary to individual privacy goals. Thus, it was argued at the workshop, the desirability of developing RFID systems with societal concerns in mind is clear, and developing means to do so will be an important strategy for all stakeholders as the technology moves forward. 18   One issue mentioned at the workshop does not seem to come up very frequently—the notion of environmental sustainability. A proposed 96-bit identity space would (conceptually) allow every person on the planet to have billions of billions of tags. Even though each tag is very small, numbers like this raise questions about reusability, reprogrammability, and recycling. 19   Duncan Graham-Rowe, 2004, “Clubbers Choose Chip Implants to Jump Queues,” New Scientist, May 21, available online at <http://www.newscientist.com/news/print.jsp?id=ns99995022>. See also Sherrie Gossett, 2004, “Paying for Drinks with Wave of the Hand,” WorldNet Daily, April 14, available online at <http://worldnetdaily.com/news/article.asp?ARTICLE_ID=38038>, accessed December 14, 2004. 20   One suggested possibility is to start assigning trust ratings, like a Good Housekeeping Seal or an e-Bay “feedback score,” to RFID manufacturers, with high marks going to those that anonymize their data, demonstrate visibly that a tag is on, off, or killed, and so on.