Privacy concerns surrounding certain RFID applications are completely legitimate. If our government adds RFID to identity cards or cash money, then people are forced to allow themselves to be tracked. This should be strongly resisted. If a retailer adds RFID to their loyalty cards, we can easily opt out and send the retailer a message. This has already happened to Metro and Tesco and that makes me believe that RFID-based loyalty cards will not become common any time soon.
Those examples are pretty clear, but what happens when the local public library starts tagging books? Actually some libraries have been doing this for years, but only now are consumers becoming sensitive. There are at least two contributing factors to this new sensitivity. One is the general association between RFID and loss of privacy that triggers automatic concern. I believe the other factor is the emergence of the Federal government’s Patriot Act. This law can compel libraries to share customer reading preferences with the so-called intelligence communities in the government.
Why does a library tagging books provoke outcry but RFID-based transit cards do not? In Hong Kong, 6 million people use their RFID-based Octopus cards every day to commute around that metro area. I believe that transit systems where people gain access with RFID-based cards will be successful for a number of reasons that are worth examining.
First of all, the Octopus card and others like it are massively convenient. A single payment card provides access to transportation services from over 40 separate private companies and publicly owned systems. This is important because most people use more than one service on their daily commuter trips. Also, the cards work at Starbucks, 7-Eleven and vending machines. The conclusion: Using the card can significantly reduce hassles every day.
Second, these systems are worthy of consumer trust. Trust is built from multiple sources, some easier to qualify than others. For some reason, commuters in Hong Kong and other cities are willing to let the transport operators know where they travel and when. It’s hard to know exactly why. In contrast, technological trust built on security and authentication algorithms is easier to quantify and explain. The Octopus card uses strong encryption for all airborne communication and it uses two-way authentication based on Public Key Infrastructure (PKI). This is important. Not only must the card be authenticated with the readers, but the readers must authenticate with the cards. No rogue cards and no rogue readers are allowed.
What can we learn from this? Here are some conclusions:
- We need to resist broad and general statements that RFID degrades privacy.
- Applications from governments that force people to relinquish privacy should be resisted strongly.
- Enterprises can collect information from consumers if they earn the consumers’ trust and this can be earned with both technology and trustworthy behavior.
- Applications that deliver extreme and compelling value to consumers are more likely to succeed.
Issues of RFID and privacy should be discussed openly and judiciously without bias. I am leading several panels at RFID conferences this spring. I hope to devote at least one of them to this type of discussion on privacy and trust related to RFID.
Certain RFID applications shouldn’t spark any privacy fears at all. If Wal-Mart wants huge boxes of disposable diapers to have tags on them, that’s fine. Those applications should be allowed to develop, unhindered by privacy concerns. Let’s focus the attention where it’s needed and where it can create a positive benefit.
|
