04 May 2006
RFID, privacy and domestic bliss
You may have read the controversy surrounding RFID (Radio Frequency Identification) tags. There are passive tags (which require no power source) and active tags (which require a power source and have a greater range).
Much of the controversy has surrounded their deployment in shops and on consumer goods and the associated invasion of privacy, especially when passive tags can be made in volume for less than 7 cents.
However, why were those people not complaining when websites over the last 10 years have routinely been doing the same thing?
I've long been an advocate of setting an appropriate privacy level on the web - see this press release from 2003.
In a normal shop, it's perfectly possible to do your shopping, pay for your goods and then go home without the shop forcing you to "register", "supply a password, min 8 characters including a number" "set up an account" "give us your date of birth" "your mother's maiden name for security reasons" "think up a username that no-one else has" and "you'll need to tick this box if you don't want spam". Yet many of these are routine questions when shopping online. Not only does shopping on line force you to set up an account, but the shop then tracks all your purchases under this account and builds up a shopping profile.
Fantastic news for the shop, not so fantastic if you simply want to shop and not build up a life story in the process or waste 10 minutes setting up an "account". Shopping online is like shopping in a store and using a loyalty card, your every purchase is tracked and collated. However, people were wary of the invasion of privacy that these loyalty cards posed and so the stores introduced an incentive for people to use them - money back. 1% for many shops but up to 10% in some cases. But for the web, no such problems existed - people were forced to register, forced to set up an account and forced to have their details tracked from purchase to purchase if they wanted to use the site. Where was the loyalty bonus for handing over all this data? Which purely online stores offer between 1 and 10% back for purchases? Other than online versions of existing stores, hardly any!
I'm not against people having to enter their details to make a purchase online, clearly you need to enter an address if you want things delivered. You need to enter your credit card details if you want to pay by credit card. There's also an advantage in registering in that you don't have to type your details in again the next time you use the shop. But forcing people to set up an account every time, and often gathering spurious information such as date of birth and mother's maiden name "for security reasons" does seem to be going too far. Especially when such data, often gathered via insecure forms, is a treasure trove for any identity theft merchant. Especially if the data is sent unencrypted, who knows what cache on your PC or en-route the data will be stored.
So to the controversy of RFID. Once again there are potential privacy issues but this time there doesn't seem to be any payback for the public or opt-out. I'm not against RFID, it's not the technology that's the issue it's the way it's applied.
As an example of a positive use of RFID, let me say that living in a house with three young children, things often end up in unusual places despite my best attempts to be organised.
Popular pastimes in our house include Treasure Hunt For The Lost Remote Control for the TV or VCR or DVD or Digi Box. Another game is Where Have My Keys Gone This Time. Unlike lost DECT phones or mobiles you can't just simply dial them and listen for the ring. So perhaps a really productive implementation for RFID would be to deploy it in the home, fit the things you tend to lose with tags and then track their locations via a central box the same way that RFID is used to track products in a warehouse.
Now to think what I'll do with all that spare time I've just created. In the meantime, I'd better not buy a cordless mouse, who knows where it will end up.