The area of Information Security is closely related to concerns of privacy of information. One of the newest technologies to raise serious concerns about privacy of information is that of RFID. This is a technology poised on the brink of having a major impact on consumer privacy policy, as well as being a major force to contend with in marketing of consumer goods.
RFID is a technology that has three central parts: the antenna, the transceiver, and the transponder. The transponder is the actual RFID tag that is place on the object to be identified, while the transceiver is the component that analyzes the signal from the transponder. The antenna is the go between, allowing data to pass between the two. There are two distinct types of tags, passive and active. Active typically contains its own power source and can have read/write capablities with variable amounts of storage, while passive tags do not contain their own power, are capable of being read at shorter distances, and are much cheaper to manufacture. RFID's have been used for years in certain applications (loss reduction tags, Toll tags for EZ Pass toll roads, Mobil has used them for their MobilPass), but the economics of them are slowly hitting the sweet spot for retailers. They are becoming inexpensive enough that they can be included on products without significant profit loss. The two companies that have recently been in the news for their backing of this technology are Gillette and Bennetton. However, other retailers are sure to follow their lead.
What is in it for retailers? Much more accurate inventory control is the standard answer. You have a system that would be capable of knowing each item on the shelf, where it came from, how long it has been there, and when it gets removed from the shelf the same system can initiate an order for a new one. All inventory can be done in real time.
From a user standpoint, depending on the level of inter and intra network communication and database sharing, there are tons of possibilities for useful application. Imagine being able to wave your shirt in front of your home PC, tell the web shopping applet that you want one just like this, except purple. The applet could record your size, location, and either ship one to you or tell you which store closest to you has one.
So what is the threat to privacy here? The same systems that track inventory can, in theory, be set up to track you.
Imagine buying a pair of slacks at Bennetton in your home town, and paying for that purchase with a credit card. That particular pair of pants can now be linked to your credit card number, and thus to you. Bennetton can now choose to "track" that ID anytime you go into one of their stores by simply placing a reader on the door. Imagine walking in to a store in Miami and having the clerk come to you and say "Welcome back, Mr. Anderson....we have a sale on your size slacks on the far wall. How is the weather in Pittsburgh, by the way?"
The advantages for marketers is enormous. But one can imagine that once these tags become more popular, and most major retailers are using them, that this invasion of privacy will increase geometrically.
From an information security standpoint, the linkage between one type of personal information (credit card number) and another (anything from color preferences to the fact that you bought a box of condoms at the Safeway) will reside in a database somewhere under the control of the advertisers, the credit card companies, or the forces of retail. None of these facts makes me sleep better at night. Even worse, this database will be cumulative...once RFID becomes entrenched, your entire purchasing history becomes much more available, with any number of negative consequences. Credit Card companies have a LOT to lose if they compromise your information. Will random retail outlet have the same level of security?
Even more interesting: what happens if there is a "standard" for these tags that can be read by any reader, even handheld ones? Someone might not be able to access your credit information without connection to that particular database, but they could certainly profile your purchase if they ID the tags that you are wearing. Who knows what kind of information that could yield? Real time tracking of your location is possible (not that we need RFID...we've got GPS Cell Phones for that).
The future of this technology is rife with controversy, and if I had to bet, less control over personal information. When this sort of database is combined with other efforts to eliminate privacy (PATRIOT, PATRIOT II, CAPPS II, the recent change to the US Privacy Act of 1974...lets just say that I'm predicting very bad things. Basic rights are being suspended, and with more information will come more incorrect assignments of guilt. I'm certainly becoming increasingly concerned about the future of privacy, and RFID, while only one small piece, is a key component in a degeneration of personal privacy.
Much more information can be found at:
http://www.alientechnology.com/product/rfid_products.html
http://news.com.com/2010-1069-980325.html?tag=fd_nc_1
http://www.boycottbenetton.org/
ADDENDUM
On April 8, 2003, Bennetton announced that they were NOT going to be including RFID wihtin their clothing. Most likely explanation is that they were unhappy with the negative publicity. We can guess that they will probably continue with plans, but attempt the launch with less fanfare next time.
Links to news stories:
http://www.eet.com/semi/news/OEG20030405S0001
http://www.computerworld.com/securitytopics/security/privacy/story/0,10801,80126,00.html