GeoMetrick Enterprises - Helping Companies Understand and Manage Their Laboratory Data

INTRODUCTION
RFID (Radio Frequency Identification) is a technology that, like most technologies, promises both a myriad of advantages as well as creating its own category of problems. Although RFID promises a number of benefits such as fraud prevention, it also helps to defraud. It also brings up some ethical issues, such as the potential to invade personal privacy.

Although this technology is currently under discussion as it were a new technology, it has been around since World War II, although it is only recently that it has become cost-effective for more widespread use. (EPC Global) Because of this, this paper will refer to RFID technology as a “new” technology.

BENEFITS PROMISED BY RFID
In order to understand why organizations are so interested in this technology, it is important to understand that, despite any other issues it incurs, it does appear to promise a number of benefits to those organizations that wish to embrace it. It promises to accelerate the supply chain. (Kushinskas, 2004) It can allow better inventory tracking. (Sweberg, 2004) There can be fewer empty shelves in retail establishments. (Baard, 2004) “[W]asteful overproduction of goods” (Baard, 2004, p. 2) can be eliminated.

To provide one illustration of the potential advances promised by RFID technology, let it be compared to one current and popular technology, Barcoding. Currently, the standards organization, EPCGlobal, is working on RFID to define a unique identifier for that can of peas that can be sent back to a central database. (Kushinskas, 2004) The significance of switching to RFID over barcoding is that it appears that the information potentially provided by RFID would only be limited by an organization’s imagination. This, as compared to the relatively small amount of information a barcode can provide.

RFID technology can help the flow of logistics as it makes pallets or items more easily tracked, which is also intended to prevent fraud. (Hachman, 2004) There are plans to use this technology to prevent the increasing incidents of counterfeit drugs. (Baker, 2004) There is also a plan to use the chips to prevent auto theft. (RFID Journal, 2002)

ETHICAL AND LEGAL CONSIDERATIONS

The Violation of Privacy
It does appear that RFID promises a number of benefits while it also provides an opportunity to gather a variety of information. Fears are that the information provided could have a host of unintended consequences. There is a powerful potential for intrusion into personal privacy for one. (Kewney, 2004)

The potential for a violation of privacy is an issue so significant that legislators are trying to address it before it becomes a significant problem as it is thought that “retailers and government spies” (Baard, 2004, p. 1) could use product data to “monitor customers.” (Baard, 2004, p. 1) For example, RFID readers could be scattered around public places to gather data based on the RFID tags a person has with them. (Baard, 2004)

First, let us suppose that most stores will obtain RFID readers, and that these readers might even be placed in common areas, such as the walkways of a shopping mall or the sidewalk areas within a shopping district. Then, let us suppose that a consumer shops in one store then moves along to another store. If any of the goods that person purchases contain an RFID tag, potentially, that information could be read and stored by the subsequent stores that the consumer shops in. (Fisher, 2004; Hackman, 2004; Kushinskas, 2004) The same is true of the clothes a consumer is wearing, as some or all clothes could have such a tag in the future. Another possibility is that, wherever the consumer might walk with their RFID-marked clothes or purchases, marketing messages could be given to that person, based on these goods. (Baard, 2004) Consider, though, that a consumer might carry something with an RFID chip that carries more personal information, such as a consumer preference card or driver’s license. That information is specific-enough, that a person could actually be followed if there were enough RFID readers around and they were linked in a way where they could share the information they are collecting. (Fisher, 2004; Kewney, 2004) Keep in mind that data that is read can be stored and shared. Whether or not that is probable, it is technically possible.

With these issues in mind, legislators are concerned that industry will see enough of a benefit to using this technology that it will not consider privacy issues. (Baard, 2004) Wal-Mart performed some initial tests with RFID tags, tests that did not include information that would invade a consumer’s privacy and, although these tests were intended to be kept confidential, consumers found out about them and became concerned about them. (Baard, 2004) The issue appears to be one not just of the intended information to be stored and gathered using the RFID technology, but of the data that can be stored and gathered using the RFID technology. There is enough concern on this issue that legislators such as U. S. Senator Patrick Leahy have spoken out about the issue of providing consumers with the information that an RFID tag is present on an item. (Sweberg, 2004) Congress has been hearing opinions from consumer advocate groups andfrom the ACLU (American Civil Liberties Union) on this subject, as well. (Mark, 2004)

The ACLU referred to this technology as “Orwellian” (Mark, 2004, p. 1) which will give an indication to the level of concern some groups have with regard to this technology. As another example, one article’s author wondered if he will have to travel around with his goods in a “lead-lined case.” (Sturdevant, 2004, p. 2) There is even a web-site devoted to stopping RFID, www.spychips.com, which refers to the chips as “spy chips.” Some consumers are frightened further by seeing examples of similar technologies in science fiction movies – technologies that could follow our every move, leaving no piece of our lives unexamined. (Roberti, 2002)

The Violation of Security and Fraud
There has already been evidence that the security can be “hacked” and it does not require any equipment more sophisticated than a PDA, a power supply, and the software that can do the “hacking.” (Hachman, 2004) Ironically, one of the things that RFID is meant to prevent is fraud. The RFID systems are also easy to disrupt, which creates another potential area for fraud, if one imagines that a shipment being tracked using this technology still has the potential for diversion if there is a strong method created that can impair the tracking signals. (Technovelgy)

Although the focus of the problems with the RFID technology is currently on the rights of the consumer, the consumer might turn out to be a threat, in themselves. The consumer might now have the ability to perpetrate fraud if they have the right tools to change these chips. If a consumer has the right equipment and software, they can change a high-priced item to a cheaper one. (Hackman, 2004) Or, even worse, suppose the consumer rewrites the chip to hack into a supply chain or logistics operation. (Hackman, 2004) There is a tool out called RFDump that would allow the consumer to change the item’s code so that a children’s video would show up as a porngraphic video, or a jar of mustard would show up as a television set. (Hachman, 2004) If that merely sounds mischievous, imagine what the former would do for a consumer’s preference card, and what the latter would do for inventory-tracking.

It sounds as if the DOD (Department of Defense) is expected to have the money to purchase tamper-proof tags, but that private industry will likely try to save money and stick with the cheaper, tamperable tags, (Hachman, 2004) making the potential for problems even greater in areas that might require greater security.

For one more security issue, consider that, even if individual goods were not to be tagged, that is to say, if the technology is used only on shipping containers and pallets, there is concern about the possibility of terrorists coming across our military shipments and scanning that data to learn what is being shipped and to where it is being shipped. (Sweberg, 2004)

There are also concerns that employing RFID technology will give companies a false sense of security about fraud prevention and other such issues, leaving them too dependent on the technology to take care of it. (Ponemon, 2004) This compounds the issues in that there is not just a fear that they might happen, but that they will not be noticed or tackled in a timely manner.

CAN OR SHOULD IT BE STOPPED?
At this point, it sounds as if it would be difficult to stop the push toward RFID technology. Although they are currently working at the pallet and case level, (Mark, 2004) companies such as “Wal-Mart, Proctor & Gamble, and Gillette want to use RFID tags to track [every product] from the factory floor to the store shelf.” (Baard, 2004, p. 2) Gillette has already started using RFID tags in Europe to stop the theft of its razor blades. (Hackman, 2004)

The DOD (Department of Defense) has plans to implement a mandatory RFID program for all its suppliers by 2006 (Hachman, 2004) and to have the program fully implemented at an item level by 2007. (Best, 2004) Some of the benefits could include ensuring that goods are delivered as promised by suppliers, as well as verifying billing for those goods, efforts which could prevent fraud in these activities, saving money for the taxpayers as well as securing shipments to ensure that troops get deliveries as planned. (Military Logistics)

Besides the efforts of some major retailers and the government that are underway, we are actually already using this technology in the United States. Some examples are systems such as the tollway automated pass systems, where you drive right through the tollbooth and it takes your toll “virtually” or with the gas station tags that allow you to buy gas using one swipe of the gas stations special card, such as the Exxon-Mobil SpeedPass tags. (Kewney, 2004; Sturdevant, 2004) Germany is already using the technology in its passports in its effort to prevent their fraudulent use. (Germany Picks Philips Chips)

Then, there are benefits to the RFID technology that can protect us, too. This technology is in a pilot to track cattle in an effort to prevent mad cow disease, as well as the identification of pets. (Sweberg, 2004) The technology has already been implanted in the Mexican Attorney General and several of his staff members to aid in security clearance functions. (Lewis, 2004) RFID technology is already inexpensive-enough to be considered a cost-effective method to aid in the prevention of counterfeit drugs. (Baker, 2004) In some cases, receiving a counterfeit drug could actually cause a person’s death, and this particular problem is beginning to grow, according to the FDA. (Baker, 2004) This technology can aid in meeting the FDA handling requirements for pharmaceuticals. (Smith, 2004)

Even if RFID technology is not prevented from gathering information about us, there is so much information that is already gathered, that RFID technology is just another piece to an a problem that already exists. (Kewney, 2004)

Keep in mind, too, that because this technology is so expensive to implement, organizations that spend the money on it will not be easily persuaded to give it up. (Kewney, 2004) It would be in their best interests to find ways to accommodate some of the privacy and security issues rather than allow the technology to be so heavily restricted by law that it cannot meet its intended potential.

At the least, steps should be taken to alleviate public concerns, both by educating people on the intended uses for the technology as well as ways to fight its improper use. (Roberti, 2002)

STEPS TOWARD DATA AND FRAUD PROTECTION

Laws
Current efforts among lawmakers seem to focus on preventing problems at an early stage; i.e., start now, and be ready when the technology hits its full stride. (Kuchinskas, 2004; Sweberg, 2004) At the same time, groups such as the ACLU (American Civil Liberties Union) are asking for laws to protect consumers. (Baard, 2004)

Utah’s legislation is proposing labeling all goods bearing an RFID tag, (Baard, 2004; Radio Frequency Identification, 2004) and Missouri and California are considering such bills, as well. (Baard, 2004) California wants to keep RFID tag data separate from personal consumer information. (Baard, 2004) The California law, for example, encompasses not only stores, but libraries, as well. (Kuchinskas, 2004) As an example, the California law allows “stores and libraries to collect the same information they already collect now using bar codes, while at the same time banning the use of the technology to track people as they shop or after they leave the store.” (Kuchinskas, 2004, p. 1) Similarly, there is a Senate bill that has been proposed that would not allow tracking anything beyond what the consumer is purchasing, meaning that items that consumers merely handled, were wearing or otherwise brought with them could not be tracked. (Kuchinskas, 2004)

At the least, lawmakers need to become familiar with the issue in order to determine whether and what portions need to be addressed by laws. (Mark, 2004) These laws need to be clear on how the consumer will make use of them. For example, the current proposals to identify which goods are tagged so that a consumer can make a choice whether to purchase it would be more appropriate than suggesting that the goods be labeled so that consumers can later remove the tags, as these tags are supposedly quite difficult for a consumer to find and to remove if found. (Technovelgy)

Procedures
The non-profit organization of standards, EPCGlobal, is setting privacy standards for the supply chain, as well as planning to provide oversight to privacy issues. (Baard, 2004; Why Focus on Radio) Enforcement is still a problem with these standards, though, as motivational punishments must be created that only punish the organization that violates them and not those organizations doing business with them that were not involved in the violation. (Roberti, 2002)

Other groups are taking the initiative to create procedures, as well. One example is the Center for Computing and Social Responsibility. They have formed a number of ideas for discussion that they intend will form the basis for ethical use of RFID technology. (Radio Frequency Identification) The San Francisco library system is considering using RFID technology but also creating a policy to limit what information it will collect. (Sturdevant, 2004)

Based on the number of consumer notification laws produced, maybe it comes down to notifying consumers so they can choose which products to buy, based on which ones have the tags and to promote consumer awareness and increase the consumer comfort-level. (Mark, 2004)

Technical
Refinements are being made to provide technical solutions to these data issues. One example is the “blocker tag” that RSA Security, Inc. is working on. Essentially, this tool would “confuse” the RFID tag readers so they could not read the tags within the vicinity of the blocker. (Fisher, 2004) One possible way to use the “blocker” is that a customer’s purchase could be put into a bag where the bag has the “blocker tag” on it. (Fisher, 2004) Then, as the customer walks around the mall, the other retailers cannot tell what goods are in the customer’s bag. One downside to the “blocker tag” is that tools such as RFDump can still access and modify the information as it works somewhat differently than the RFID readers that the “blocker tag” is meant to confuse. (Hachman, 2004)

Tags can be “killed” at some point, such as when a customer leaves a store with an item but, unlike other technologies currently in use, there is no way to verify that the tag has actually been “killed.” (Fisher, 2004; Hachman, 2004; Sturdevant, 2004)

Some stores are using video cameras to double-check that an item is what it was scanned to be. (Hackman, 2004) Passive tags can only be read, versus the active tags, which can also be written on. (How do RFID Systems Work) Using a combination in various situations could alleviate some issues, as would using some combination of stationary versus mobile readers. (How do RFID Systems Work)

CONCLUSION
Considering the benefits that RFID technology promises to bring with regard to improving productivity and decreasing fraud, (How do RFID Systems Work) compounded by our love of new technologies and the promises they bring, added to the fact that we are already using this technology or planning to do so in many cases, this is a technology that should not be ignored. Rather, the effort to find ways to mediate the downside must be managed, whether by technology, laws or procedures.

Additionally, any new technology brings with it issues that are not understood until those technologies are widely put into use. Someone has to go first and flush out those problems. We can already see that some of the current technical solutions to these problems still leave gaps in protection. Using modest plans for implementation and watching them closely is likely to be more practical than planning that theorists find all the problems on paper before any implementations can take place.

At this point, though, it is possible that none of the proposed solution will satisfy an already-uncomfortable public, unless that proposal includes a strong public relations campaign to assist it. (Roberti, 2002)

REFERENCES
Baard, Mark. (February 26, 2004) “Lawmakers Alarmed by RFID Spying.” Retrieved October 2005, from http://www.agrnews.org/issues/268/nationalnews.html#2

Baker, M. L. (June 8, 2004) “HHS: RFID Will Thwart Drug Counterfeiting.” Retrieved October 2005, from http://www.eweek.com/article2/0,1759,1608453,00.asp

Best, Jo. (August 10, 2004) “Defense Department Reveals Its RFID Rollout Plans.” Retrieved October 2005, from http://www.silicon.com/research/specialreports/enterprise/0,3800003425,39123039,00.htm

Fisher, Dennis. (February 23, 2004) “RSA Keeps RFID Private.” Retrieved October 2005,
from http://www.eweek.com/article2/0,1759,1536569,00.asp

Germany Picks Philips Chips. “RFID News Roundup.” Retrieved October 2005,
from http://www.rfidjournal.com/article/articleview/1654/1/1/

Hachman, Mark. (July 29, 2004) “RFID Hack Could Allow Retail Fraud.” Retrieved October 2005,
from http://www.eweek.com/article2/0,1759,1628696,00.asp

How do RFID Systems Work. “Learn About RFID.” Retrieved October 2005,
from http://www.savi.com/rfid.shtml

Kewney, Guy. (January 23, 2004) “RFID? They’re Already Following You.” Retrieved October 2005,
from http://www.eweek.com/article2/0,1895,1454477,00.asp

Kuchinskas, Susan. (April 30, 2004) “California Crackdown on RFID.” Retrieved October 2005,
from http://www.wi-fiplanet.com/news/article.php/3348011

Lewis, Peter. (August 5, 2004) “RFID: Getting Under Your Skin.” Retrieved October 2005,
from http://money.cnn.com/2004/08/05/commentary/ontechnology/rfid/

Mark, Roy. (July 14, 2004) “Privacy Groups Tag RFID.” Retrieved October 2005,
from http://www.internetnews.com/security/article.php/3381261

Military Logistics. (2003-2004) “Military Logistics.” Retrieved October 2005,
from http://corpwatch.org/article.php?list=type&type=20

Ponemon, Larry, Dr. (January 2004). “Case Study: The Supply Chain’s Missing Link.” Retrieved October 2005,
from http://www.darwinmag.com/read/010104/rfid.html

Radio Frequency Identification. (February 13, 2004) “House Committee Amendments.” Retrieved October 2005
from http://www.le.state.ut.us/~2004/htmdoc/hbillhtm/hb0251.htm

Radio Frequency Identification. “Tag Ethics.” Retrieved October 2005,
from http://www.ccsr.cse.dmu.ac.uk/resources/general/ethicol/Ecv14no5.print.html

RFID ID Tags Are Difficult. “Technical Problems With RFID.” Retrieved October 2005,
from http://www.technovelgy.com/ct/Technology-Article.asp?ArtNum=20

Roberti, Mark. (August 12, 2002) “The Privacy Nightmare.” Retrieved October 2005,
from http://www.rfidjournal.com/article/view/144/1/1/

Smith, R. W. (May 6, 2004) “Oracle and Microsoft Expand RFID Efforts.” Retrieved October 2005,
from http://www.bio-itworld.com/newsletters/pharmait/2004/05/06/20040506_8347

Stealing Cars (June 3, 2002) “Stealing Cars Will Get Tougher.” Retrieved October 2005,
from http://www.rfidjournal.com/article/articleview/33/1/1/

Sturdevant, Cameron. (March 23, 2004) “No RFID for Library Books.” Retrieved October 2005,
from http://www.eweek.com/article2/0,1759,1553170,00.asp

Sweberg, Claire. (March 24, 2004) “Sen. Leahy Voices RFID Concerns.” Retrieved October 2005,
from http://www.rfidjournal.com/article/articleview/843/1/1/

What is RFID. “What is RFID?” Retrieved October 2005,
from http://www.spychip.com/

Why Focus on Radio. “Frequency Asked Questions.” Retrieved October 2005,
from http://www.epcglobalinc.org/about/faqs.html#6

Web Development TMB Creative Services