Welcome to RFID 24-7

NH passes RFID restrictions;
privacy concerns may rise in 2010

01/04/10 | John R. Johnson | email

It looks like 2010 is shaping up as a busy year when it comes to RFID and privacy legislation. Six days into the New Year, the New Hampshire House voted 186-170 on Wednesday to limit the use of RFID technology. The bill will be taken up by the New Hampshire Senate next, most likely in March.

The bill requires notification on all consumer products and ID documents, and would eliminate the use of RFID for state applications like driver's licenses and tolls. It also prohibits human implantation without consent, electronic tracking of individuals, and amends the definition of payment card and re-encoding for purposes of the crime of using a scanning device or re-encoder for fraudulent purposes. Including notification on all products carrying RFID could be a burden for retailers and other users of RFID such as ski resorts, which would need to inform each skier if they embed RFID on lift tickets, another common and growing use of RFID technology.

It should be noted that this is the fourth straight year such a bill has passed the House in New Hampshire; it has yet to make it out of the Senate. It's generally agreed that the RFID industry received a pass on privacy issues in 2009, when the federal government and most state legislators were overwhelmed with fixing the financial crisis. As a result, many issues took a backseat, including privacy and RFID.

The New Hampshire vote sends a signal that as RFID continues to become near-ubiquitous, the technology is not close to being out of the woods when it comes to privacy fears and concerns of lawmakers.

Last year, 34 bills were generated in 19 states that sought to limit the use of RFID. Only a handful progressed beyond the committee stage. Elizabeth Board, executive director of public policy at GS1, expects a similar number of bills to be introduced this year. However, she expects that some bills will advance further in the legislative process in 2010, similar to what happened in New Hampshire this week.

"In the U.S. Congress, health care has been a big focus and food safety legislation will be a focus," says Board, "but we keep hearing that we'll see some movement toward generic privacy legislation. I think that is very possible this year. I don't think it would focus entirely on RFID, but hopefully something more technology neutral."

A researcher at Carnegie Mellon University in Pittsburgh thinks that RFID technology could be headed for more battles with privacy advocates. In a recent opinion piece in Science, Tom Mitchell says that privacy concerns could limit the benefits from real-time data analysis. Mitchell, head of the Machine Learning Department in Carnegie Mellon's School of Computer Science, notes that data-mining techniques are increasingly being applied to personal activities, conversations and movements, such as information about specific individuals by monitoring a person's smart phone.

"The potential benefits of mining such data range from reducing traffic congestion and pollution, to limiting the spread of disease, to better using public resources such as parks, buses, and ambulance services," Mitchell wrote in Science. "But risks to privacy from aggregating these data are on a scale that humans have never before faced."

RFID, for example, continues to be embedded in places where the public wouldn’t think to look for it. In a pilot at MIT in Cambridge, RFID and sensor technology have been placed in taxi cabs and other vehicles to study traffic patterns, record road conditions and eliminate congestion. RFID use is also exploding in the apparel sector, where item-level tagging is becoming commonplace.

Those consumer-facing applications grab the attention of lawmakers, many of whom are uneducated about the technology. Supply chain applications carry few privacy issues and do not stand to be the cause of any challenges moving forward.

Kathleen Carroll, director of government relations at HID Global and also a certified information privacy professional, says that the RFID industry needs to take a stronger stance on educating the public and lawmakers.

"All of the anti-RFID legislation has its roots in the fear that it will infringe on people's privacy," she says. "The RFID industry needs to start to take ownership of the privacy issue, whether it is real or imagined. If the industry is not careful and does not take action, there could be privacy implications."

As for other developments in 2010, keep an eye out for the first deliverables pertaining to the RFID Privacy and Data Protection Recommendation handed down by the European Commission last May. At the time, the EC asked that all users of RFID in Europe provide a privacy impact assessment (PIA) within 12 months to ensure that electronic data gathering from individuals is evaluated for privacy risks and that proper privacy protection devices are in place. The clock is ticking for PIAs to be in place.

However, Board says the requirement has been met with optimism in the EU community.

"I don’t think that they are looking at this as a negative in Europe,” she says. “It does provide a sense of certainty, because for so long there was uncertainty on how the Commission would deal with RFID. So that uncertainty has possibly hindered adoption. It's been pretty clear there isn’t an issue with supply chain applications, but obviously more concern when personal identity is at stake. The PIAs are self-regulatory tools, not binding regulation. I's a good compromise to ensure that people's privacy will be protected, and it might really help to drive adoption."

click to jump to top

For more information:

RFID 24-7 ©2008 · all rights reserved · sign up for our email newsletter

website by Fat Cat Design · last updated Mon Aug 29 2011