Privacy advocates and some lawmakers are pushing a debate over potential privacy abuses from the growing use of radio frequency identification chips as huge retailers such as Wal-Mart Stores Inc. move toward large-scale use of the technology.
They see the potential for retailers and other companies to be able to track consumers long after a consumer purchases an item – for example, a tennis shoe manufacturer scanning a sporting event for the number of people wearing its product.
Those advantages are why large retailers such as Wal-Mart and Target Corp., as well as government agencies such as the U.S. Department of Defense (DOD), are embracing RFID technology as a way to improve their supply-chain efficiency. Wal-Mart, leading the way on RFID adoption, plans to phase in use of RFID, with major suppliers of its north Texas stores required to use RFID chips on pallets and cases by January 2005. The DOD plans to require suppliers to use RFID tags by early 2005.
But early experiments with RFID haven’t gone smoothly, at least in the public relations arena. In early 2003, Wal-Mart and The Procter & Gamble Co. tested the use of RFID chips on individual packages of lipstick in an Oklahoma store, and the supposedly secret test raised the hackles of privacy advocates everywhere. The RFID chips allowed Wal-Mart to track the customers as they took the lipstick off shelves.
Wal-Mart’s test of RFID chips on individual products also prompted Senator Patrick Leahy, a Vermont Democrat, to suggest that federal legislation may be necessary at some point. He criticized what he called Wal-Mart’s “clandestine” testing of RFID.
In November, a group of privacy advocates, including the American Civil Liberties Union and the Electronic Frontier Foundation (EFF), issued a position statement on the use RFID in consumer products. The statement called for retailers to give notice to consumers when RFID chips are being used, what the purpose is and to have security measures in place verified by third parties.
The statement (pdf) calls on merchants to voluntarily comply with RFID privacy measures, and asks retailers to comply with a moratorium on item-level use of RFID chips until a technology assessment involving consumers and other stakeholders can be completed. The statement asked retailers not to force consumers to buy products with RFID tags and advocated that consumers should be able to remove or disable the tags, but the statement did not advocate federal legislation.
Ari Schwartz, associate director of the Center for Democracy and Technology (CDT), one of the groups signing on to the November privacy statement.
There has to be a way to kill these chips. The question is really what it’s used for and how it’s done, rather than the technology itself. Most of the benefit out there comes on the back end, in the stock room, and most of the privacy concerns come when it leaves the stock room.
Most retail uses of RFID so far are limited to stock rooms, and with retailers and vendors open to privacy discussion, Schwartz doesn’t yet see the need for federal legislation.