Privacy advocates tune in to concerns about ID technology.After watching Tom Cruise get his retinas scanned as he maneuvers through security facilities in the 2002 thriller Minority Report, you laugh about the Jet sonian technology on your way out of the theater. That kind of personal identification won't happen in your lifetime.
You unlock the Zipcar you rented by waving the key card near the windshield, use an EZ Pass to whiz through the highway tollbooth as you drive your friend home, and watch as she waves her purse containing a key card at the apartment building's front door, which opens after reading the information through the bag. You top off the tank before returning the car, flipping an ExxonMobil Speedpass in the general direction of the gas pump.
Each of those everyday actions uses radio-frequency waves to verify your identity and even access your bank account. Welcome to your lifetime.
Radio-frequencyidentification (RFID (Radio Frequency IDentification) A data collection technology that uses electronic tags for storing data. The tag, also known as an "electronic label," "transponder" or "code plate," is made up of an RFID chip attached to an antenna. ) technology is used in retail businesses to improve shipping and stocking, in libraries and schools to track books and supplies, and in the health care field to track drugs and equipment, boost efficiency and accuracy, and even monitor patient movement in hospitals. In June 2006, Consumer Reports estimated that $1.3 billion would be spent on RFID tags that year, and a business research firm found RFID technology revenue may exceed $7 billion by the end of this year.
An RFID "tag" contains a transponder A receiver/transmitter on a communications satellite. It receives a microwave signal from earth (uplink), amplifies it and retransmits it back to earth at a different frequency (downlink). A satellite has several transponders. with an integrated circuit integrated circuit (IC), electronic circuit built on a semiconductor substrate, usually one of single-crystal silicon. The circuit, often called a chip, is packaged in a hermetically sealed case or a nonhermetic plastic capsule, with leads extending from it for and antenna that emit a short-range radio signal picked up by a transceiver (or reader), which reads the radio frequency conraining at least a chip's unique number and possibly other information. The number can then be used to access a database of detailed information about the tagged item.
There are two types of RFID: passive systems, in which the reader sends a signal to the transponder in the tag, which reflects back a signal; and active systems, in which the transponder actually broadcasts a signal.
RFID tags can be read from a distance. Passive systems usually have a range of inches to several yards; more powerful active tags with their own power supplies can broadcast information for several hundred feet.
Civil liberties activists warn that, for all its potential advantages, RFID technology raises serious issues of personal privacy and data security. At a December 2005 forum held by the National Conference of State Legislatures
The abbreviation NCSL redirects here. For the British educational institution see National College for School Leadership.
The National Conference of State Legislatures (NCSL NCSL National Conference of State Legislatures
NCSL National College for School Leadership
NCSL National Conference of Standards Laboratories
NCSL National Council of State Legislators
NCSL National Computer Systems Laboratory (NIST) ), expert panelists expressed concern about linking RFID data to people and noted that the chips are invisible to the common consumer and can track a tagged item's location, which prior technology couldn't do. Potential misuses include "skimming," unauthorized reading of a signal, or "eavesdropping Secretly gaining unauthorized access to confidential communications. Examples include listening to radio transmissions or using laser interferometers to reconstitute conversations by reflecting laser beams off windows that are vibrating in synchrony to the sound in the room. ," when an unintended recipient intercepts the data flowing between the tag and the reader.
The American Civil Liberties Union American Civil Liberties Union (ACLU), nonpartisan organization devoted to the preservation and extension of the basic rights set forth in the U.S. Constitution. (ACLU ACLU: see American Civil Liberties Union. ) warns that RFID technology could lead to identity theft and security breaches and give the government away to track people. It cautions that adequate privacy and security protections are needed before the technology goes forward.
Certainly, RFID now provides some access to identity--the RFID card Refers to an identification badge or credit card that transfers its contents to the reader via RFID. See RFID and RFID tag. a consumer uses at the gas station charges his or her account directly, and the card issuer can share the person's name and information with consumer reporting agencies, banks, insurance companies, and others unless the consumer reads the fine print of the contract and "opts out" of that provision.
RFID is already part of an identification standard--the U.S. passport. Those issued after October 2006 contain RFID chips that hold biometric information (biological traits that uniquely identify a person--currently a digital photo for facial recognition Noun 1. facial recognition - biometric identification by scanning a person's face and matching it against a library of known faces; "they used face recognition to spot known terrorists"
automatic face recognition, face recognition ; perhaps fingerprints in the future) and the other information printed in the passport. The U.S. State A U.S. state is any one of the fifty subnational entities of the United States, although four states use the official title "commonwealth". The separate state governments and the federal government share sovereignty, in that an American is a citizen both of the federal entity and Department says the documents are identify-theft protected, with "anti-skimming" film on both front and back covers (the chip is embedded in the back cover) and encryption of the stream of data that travels from chip to reader.
Currently, RFID is much more commonly used to track goods, not people. Farmers use RFID tags to monitor cattle, tire companies Manufacturer Country Est. Brands and Subsidiaries
Aeolus Tyre China
Alliance Tire Company Ltd. Israel 1950 Amtel-Povolzhye, Kirov; Amtel-Chernozemye, Voronezh
Apollo Tyres Ltd. like Goodyear tag certain tires to track them, and shipping companies tag pallets and crates of goods so they can be accounted for without scanning bar codes or using other physical tracking methods.
IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) researchers envision RFID tracking the life cycle of a product--such as a pharmaceutical drug or grocery item-from raw materials to end use. In March 2007, IBM announced new software that will let companies consolidate and analyze RFID information, link it to other parts of the operation, and share the data.
But consumers are wary. After Gillette Co. announced in 2003 that it would test marking cases of its razors with RFID tags, consumers became alarmed that tagged packages could be traced to purchasers, which the company denied. Tagging individual items worried so many customers that Benetton backed off plans to put RFID tags in a clothing line after consumer protests.
A recent article in the Journal of the American Medical Association JAMA: The Journal of the American Medical Association is an international peer-reviewed general medical journal, published 48 times per year by the American Medical Association. JAMA is the most widely circulated medical journal in the world. cited two basic uses for RFID technology in a health care setting: improving management of drugs and medical devices and providing complete access to medical in formation at the point of care. The authors noted that RFID could be used to track and identify patients; track equipment, assets, and drugs; match blood; provide data for the electronic health record; and authenticate medical products. (Binita S. Ashar &Ann Ferriter, Radiofrequency Identification Technology in Health Care, 298 JAMA JAMA
Journal of the American Medical Association 2305 (2007).)
In 2004, the FDA FDA
Food and Drug Administration
n.pr See Food and Drug Administration.
n.pr the abbreviation for the Food and Drug Administration. approved passive RFID chips for human implantation. This was hailed as a medical breakthrough, because implanted tags could provide access to medical information in situations where the patient is unresponsive. The American Medical Association American Medical Association (AMA), professional physicians' organization (founded 1847). Its goals are to protect the interests of American physicians, advance public health, and support the growth of medical science. said the devices could improve "the safety and efficiency of patient care," help identify patients, and give secure access to medical information.
The implant is a microchip and copper antenna encased en·case
tr.v. en·cased, en·cas·ing, en·cas·es
To enclose in or as if in a case.
en·casement n. in glass the size of a grain of rice that's usually inserted into the patient's upper arm. It transmits a unique 16-digit number, which is used to locate the medical record stored on a secure Web site. As of 2006, manufacturer VeriChip had sold about 2,500 chips for human implantation worldwide, but only about 100 had been implanted in the United States, most in the company's own employees.
VeriChip says the device is a passive one that doesn't track anyone, but privacy advocates wonder: Who will have access to personal health records? Health care professionals only? Clerical and administrative staff?. Police officers and public health officials? And hackers may be able to eavesdrop eaves·drop
intr.v. eaves·dropped, eaves·drop·ping, eaves·drops
To listen secretly to the private conversation of others. or skim information from the RFID implants.
One available protection is the Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996.
According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when of 1996 (HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, ), which governs how private medical information is shared. "If a database contains RFID-gathered information for a person who's covered by HIPAA, then the information should be protected," said Joy Pritts, an assistant research professor at the Health Policy Institute at Georgetown University who studies privacy and patient records but has not yet examined the role of RFID.
For some trial lawyers, a promising medical use of RFID is tagging pharmaceuticals. In 2006, the FDA Counterfeit Drug counterfeit drug Pharmacology A formulation sold or marketed as if it were a particular proprietary substance produced by a particular manufacturer with specified ingredients, which it may or may not, in fact, contain. See Generic drug, Proprietary drug. Task Force called RFID "the most promising technology for implementing electronic track and trace in the drug supply chain." The FDA has not mandated that drugs be tagged, but it has asked the pharmaceutical industry to develop standards and pilot processes for RFID.
"We want a secure pharmaceutical supply chain; we have to have one," said attorney Eric Turkewitz of NewYork City, who has represented patients harmed by counterfeit drugs. He said the pharmaceutical industry has been talking about using RFID for years, but it's still years away from implementation.
"The problem is having a databank saying a particular drug has been given to a particular person," he said. "We want to track drugs from the manufacturer to the consumer to make sure all the loopholes [for counterfeit drugs] in the supply chain are closed; on the other hand, it becomes information in a databank that a consumer gets HIV HIV (Human Immunodeficiency Virus), either of two closely related retroviruses that invade T-helper lymphocytes and are responsible for AIDS. There are two types of HIV: HIV-1 and HIV-2. HIV-1 is responsible for the vast majority of AIDS in the United States. medication, so there exists that potential privacy issue."
Civil rights groups like the ACLU, the Electronic Frontier Foundation See EFF.
(body) Electronic Frontier Foundation - (EFF) A group established to address social and legal issues arising from the impact on society of the increasingly pervasive use of computers as a means of communication and information distribution. , and the World Privacy Forum would like a voluntary moratorium on RFID technology in consumer goods consumer goods
Any tangible commodity purchased by households to satisfy their wants and needs. Consumer goods may be durable or nondurable. Durable goods (e.g., autos, furniture, and appliances) have a significant life span, often defined as three years or more, and until safety and privacy standards have been set.
Privacy advocates are also seeking federal legislation to require all RFID users to label items that use the technology.
"We absolutely must have labeling. It is crucial.... If someone desired to hide an RFID tag in a product, there is no way a consumer could visually protect themselves from that," said Katherine Albrecht, director of Consumers against Supermarket Privacy Invasion and Numbering.
In 2003, the grassroots group proposed the RFID Right to Know Act "to require that commodities containing radio-frequency identification tags bear labels stating that fact, to protect consumer privacy, and for other purposes." It would have amended several parts of the U.S. Code A multivolume publication of the text of statutes enacted by Congress.
Until 1926, the positive law for federal legislation was published in one volume of the Revised Statutes of 1875, and then in each sub-sequent volume of the statutes at large. but did not pass.
Many privacy activists say the collection, use, and disclosure of RFID data will have to comply with existing privacy laws. For instance, the Electronic Communications Privacy Act
At the state level, various bills have been introduced. At its forum, the NCSL reported that at least 12 states had introduced privacy legislation to control the use of RFID. But experts at the conference said the technology is still expanding too rapidly to expect legislation to provide standardization.
Some states have tried. In 2004, the California senate passed S.B. 834, perhaps the first attempt in the country to govern the use of RFID by requiring businesses that use it to tell customers and get express consent before tracking and collecting information. The assembly didn't pass the bill. Last year, the California senate passed a bill forbidding companies from requiring employees to have RFID chips implanted; it too failed in the assembly.
Another California bill, the Identity Information Protection Action of 2006, would have imposed new regulations on the use of RFID by government agencies. Gov. Arnold Schwarzenegger said the bill was "premature" and vetoed it. It was reintroduced last year, along with four other bills with RFID provisions.
RFID and discovery
RFID may crop up in civil cases when e-data needs to be discovered.
"Much of the information gathered from RFID is discoverable," said Nicole Ozer, technology and civil liberties director at the ACLU of Northern California. "For example, the EZ Pass records are discoverable for divorce and other cases. You do not know when RFID tags are being read, and if they proliferate, more and more data about [people's] activities and location will be collected and stored."
Craig Ball, a trial lawyer and computer forensics expert in Austin, Texas, agreed that RFID data is discoverable--"it's just digital information, like any other"--but refined the point. "When it's stored, reliable, and relevant, you can ask for it and are likely entitled to receive it in discovery, subject to the same considerations of undue burden and cost that serve as a governor on all forms of discovery," Ball said.
Relevance is the key factor, he cautioned. For example, he said, if a vet uses RFID to track a pet's medical records and hurts the pet after using the wrong records, then that data is probably discoverable, just as RFID data a hospital relies on to administer drugs would be discoverable when a medication error medication error Malpractice An error in the type of medication administered or dosage. See Adverse effect, Error. harms a patient.
"When it's evidence, it's discoverable, unless the burden and cost outweigh the relevance and materiality," Ball said.
Regarding concerns about the use of RFID to track what shoppers buy at the supermarket, Ball noted that millions of consumers have freely given up personal information by signing up for store loyalty cards. But, he conceded, "limiting the use of RFID is fine, if that's what the public wants. My only point is that, if the information is collected, stored, and relevant, it's discoverable."