Ellen Perlman was a GOVERNING staff writer and technology columnist.E-mail: firstname.lastname@example.org
Gary Stillman had a great idea for taking quick and efficient attendance at the Enterprise Charter School in Buffalo, New York, where he was CEO. The idea was for the children to walk through the front door wearing a lanyard with an ID card containing a little chip, read by an electronic reader. The school would know who had arrived each day without teachers having to go through the time-consuming attendance process. But parents didn't think much of the idea. Stillman started getting calls "saying I was the Great Satan and we were planting little microchips under the skin."
Something similar happened when the Brittan School, in Sutter, California, tried to start an electronic ID program. Parents were outraged that they had not been contacted and some said their children were being tracked like cattle.
There are places where people don't react this way, but they are in other parts of the world. In Japan, after the shocking murders of several children, parents of fourth graders at Rikkyo Elementary school were only too happy to find out there was a simple way to keep tabs on their kids. When pupils enter and exit the front gate at Rikkyo, the information is sent to a computer that e-mails the information to parents' cell phones. The system can read as many as 100 tags at once, and if someone without a tag enters the gate, an alarm goes off. For school administrators, it's all about ensuring the safety of their charges.
If the United States were more like Japan, it might be reasonable to predict that Radio Frequency Identification (RFID) would soon be all over America's schools and other public institutions, now that the technology is safe, reliable and relatively simple to install. But no matter how efficient RFID becomes, adoption is not going to come easily here. Almost any time the subject comes up, privacy advocates go ballistic. The Brittan School episode in California has led to serious legislative proposals to strictly limit the use of RFID tags. California legislators argue that the tags should not be connected in any way to an identity card such as a school ID or a driver's license. A bill may become law before the end of this year's session.
For all the privacy concerns, RFID is poised to become a major public issue in the years ahead. It simply solves too many problems for governments to ignore its potential. On the other hand, it raises a host of difficult questions that go beyond the monitoring of schoolchildren. Should law enforcement agencies be using the technology to track the whereabouts of motorists? What about the books that people take out of the public library? Are these uses of RFID inherently intrusive and objectionable, or are there ways to minimize the concern? Thousands of retailers use RFID to check on merchandise, and few customers complain about that. Shouldn't public entities be allowed to do essentially the same thing? Or are governments somehow different?
RFID technology was developed by a Scottish physicist during World War I to help identify friendly aircraft. RFID tags contain tiny computer chips linked to small antennae. Devices called readers pick up information from the tags using radio-wave transmitters when the tag moves close to the reader.
There is no question that RFID can speed up and make more efficient a variety of tedious processes, in government and in the private sector. Nor is there any question that significant numbers of people are instinctively suspicious of it, fearing that it will lead to the compiling of electronic dossiers filled with all sorts of personal information about them. It is the latest in a series of related concerns about privacy and technology. Similar discussions came up with the advent of bar codes in the 1970s, networked computers and the Internet in the 1990s and cell phones and wireless technology in the past decade.
The fact is that RFID tags already are being used in cell phones, at toll booths, in hospitals, on ID badges for office-building and parking lot entry. The real issue is how far and how quickly government will be able to move in taking advantage of them. Virginia was one of the first to try: After the September 11 terrorist attacks, in which nine of the terrorists were carrying illegal Virginia licenses, the state began looking at the idea of creating a foolproof driver's license with RFID and biometric data. But no concrete steps have been taken.
Meanwhile, privacy advocates argue with increasing vehemence that public use of RFID for identity purposes threatens to lead the country down a terribly invasive path. Legislators in many states have been convinced. In the past year, nearly a dozen have seen the introduction of bills addressing RFID use, including one in South Dakota prohibiting any implantation of an RFID chip in humans.
Most of these fears are unrealistic, says Robert Atkinson, director of the Technology & New Economy Project at the Public Policy Institute, a think tank. Atkinson says it would be extremely unlikely for anyone to track children wearing RFID tags or people carrying library books. "Overblown claims against RFID, in which the technology becomes a magnifying glass into people's personal lives, either overestimate the technology or ignore applicable laws," Atkinson wrote in a recent report. Active RFID tags must be read from just a few feet away and can't be read through metal, water or most walls. "Rogue scanning" of people on streets or in their houses would be extremely difficult to perform.
Even if somebody bought one of the $1,000 readers that pick up the signal from the tag, the information in most cases would be useless. The RFID tags have numbers on them that are unique to a particular database, such as the one for a library or a school. The "stalker" would need access to those databases to do anything with the information he might manage to obtain. The RFID tags that have been tried in schools and are being used in libraries do not contain names, addresses or any other personal information.
Most Americans, even those who profess to have privacy concerns about RFID, probably aren't aware of how often they are already coming into contact with it. If they work in a large office building, the chances are good that they get through the front door by waving a card with an RFID chip in front of a reader. If they drive on a turnpike along the East Coast, and increasingly in other places, they save precious time at tollbooths by using an E-ZPass with a transponder, avoiding long lines for cash payment, but allowing information about their whereabouts to be collected. If they use a rail system in any of several big cities, they most likely use a "smartcard" to pay for their train rides. In exchange for establishing a public record of what time they enter and leave the system, they get a much faster and smoother entry and exit.
And, of course, most citizens willingly trade even more detailed personal information when they use pharmacy and supermarket discount cards or buy via the Internet, all traceable activities. Credit card companies know what's been bought, where and when and by whom. But no one is lobbying for a ban on credit cards or limiting how the Internet is used. Instead, people are searching for ways to safeguard the use of these conveniences. RIFD enthusiasts view this emerging technology in the same manner, as a practical technology with many beneficial uses. They want the technology to proliferate and the privacy and security kinks to be worked out along the way.
But plausible as those arguments may be, they aren't enough to reassure militant privacy advocates who continue to be alarmed by the whole idea of RFID tags. Jerome E. Dobson, president of the American Geographical Society, argues that it's time for an "explicit national debate on human tracking." Dobson wrote recently in an article in the Chicago Tribune that some laws may need to be amended to put electronic means on a par with traditional means of "branding, stalking, incarceration and enslavement."
The information technologists in Virginia Beach, Virginia, weren't giving a lot of thought to stalking or enslavement when they launched a plan to use RFID tags in the city's public libraries. The tags have been in use there for a year, and there has been little public controversy.
The way it works in Virginia Beach is simple. Each book contains a tag with a code stored on it. Patrons can just dump their books on the check-out counter, slip a library card into a slot, and all of them are scanned at once. There's no need even to run them under a scanner individually, as would be the case with older, less sophisticated bar- code technology. Nobody waits in line, and the librarians are freed up for other tasks, not to mention avoiding risk of repetitive motion syndrome. The whole process stretches budget dollars, which are increasingly scarce in most library systems right now.
Moreover, says David Sullivan, the former city chief information officer, RFID checkout is in some ways more confidential than regular procedures. Library staff and other patrons are prevented from seeing what's being checked out. Patrons don't have to come face to face with anyone while picking up something they feel embarrassed about. The technology allows the library to know only that a book has gone past security gates at the door, whether checked out or not. That information is then in the database and librarians have a better handle on their inventory. Other than that, there is no customer information on the tag. "We're not storing anything on the book tag," says Sullivan. "You couldn't find it later and see who checked it out."
"People should be more concerned about cell phones that take pictures," says Karen Saunders, the acting city librarian in Santa Clara, California, which uses a similar system. "With a cell phone, you can take a picture of a person walking out of the library with a book under his arm. But if someone were to stand outside the library and happen to have a handheld reader that would read the RFID chip, all they would read would be a bar code number. Unless they knew how that related to the item, they wouldn't know anything."
Privacy advocates worry that bar codes can easily be "reverse engineered" and that someone could figure out what books are in a person's possession, even if those books are inside a bag, by using a reader near the tags. Technically, if such a library stalker were to spend $1,000 on a reader, he could get close enough to the low-powered tag to read the information. But it seems unlikely that someone would sidle up close to a patron for the purposes of learning what books he's carrying. Critics counter that a hackers' convention event found that some of the devices could read from as far away as 70 feet.
In any case, the remote possibility of gleaning information about a book someone is reading is enough to make privacy advocates unhappy. The price of RFID readers could go down markedly as the technology advances and more people could buy them, points out Kurt Opsahl, staff attorney with the Electronic Frontier Foundation, a not-for-profit organization dedicated to defending digital freedom. If the cost weren't prohibitive, the likelihood that someone might try such shenanigans would increase.
"The privacy of your thoughts and ideas is fundamental to a free society," Opsahl insists. "People may not want you to know they're reading an unpopular book," he says. If that becomes easier to find out, library patrons may be deterred from looking at information they otherwise would and it could have a chilling effect on someone's choices or movement. "It shouldn't be a question of whether you need privacy but whether you need to track information," Opsahl says. "Anything that allows you to be tracked is concerning."
The Book Industry Study Group and the American Library Association agree with critics such as Opsahl that widespread fears about lack of privacy could chill users' choices, suppressing access to ideas. But the libraries do not interpret that to mean that RFID is the vampire that will bite vulnerable necks.
When it comes to RFID in schools, the concerns are more emotional and the critics are even more militant. There are fears that if a student wears an ID with an embedded RFID tag, someone will use the information from that tag to harm the child. Opsahl offers a hypothetical example: "Someone could come to the school and say, 'Hey, Billy, your mother said I could come pick you up.' They would get that information off the RFID tag." Parents at the Brittan school in California worried their children would be tracked on the way home. The ACLU of Northern California, during debate on the legislation to restrict RFID, warned that RFID in schools would allow criminals to "steal a person's identity, stalk them or even kidnap them."
It's not exactly clear how that would work. For one thing, the devices can be encrypted, and encryption can be required by law. Even if they are not encrypted, a stalker still would have to set up enough RFID readers for the victim to pass within the confined distance needed for his ID tag to be read. The stalker would probably have a better chance of success just following the kid home in a car. Because the technology is new, Atkinson argues, many legislators and public officials are "susceptible to a lot of misleading 'sky is falling' claims."
Not every RFID use is controversial, even when it is implemented by government. The state of Indiana has been experimenting with RFID for four years and nary a negative word has been uttered. That's because there is virtually no interaction with the public.
This summer, when Debra Jackson went to inspect the Tornado, one of 43 rides at the Indiana State Fair, she was able to head straight to a 2x3-inch RFID chip affixed to the ride and get all the information she needed to do her work. The chip included the name of the ride, the serial number, the date of the last inspection, the type of inspection, the date of compliance, the owner's name, and every violation in its history, such as a frayed wire or broken gear. It would be helpful if other states used the same technology, Jackson says, since those traveling rides operate across state lines. It would save a lot of searching for paperwork and other duplicative efforts.
Indiana is now moving forward with RIFD tags for inspection of its 17,000 licensed elevators and for the tens of thousands of pumps, valves and sensors that have to be inspected in the belly of buildings, such as heat pumps and gas pumps.
Even schools, although they have run aground in their experiments at using RFID tags on students, are finding that they can employ the same technology profitably in some of the less conspicuous aspects of their routine. Electronic chips can keep track of inventory, protect equipment, capture relevant information about supplies, security and sale of cafeteria meals, and improve the efficiency of school administration in general.
Where the technology goes from here will be determined to a large degree by how restrictive legislators get with the laws they pass. The bill now working its way through in California is pretty restrictive: It prohibits the use of RFID in driver's licenses or identification cards, I.D. cards issued to schoolchildren and college students, public library cards and health insurance and benefit cards issued in conjunction with any government supported program.
This legislation was sponsored by state Senator Joe Simitian, in the wake of the federal government's decision to embed RFID tags in new U.S. passports. California had been looking at embedding tags in driver's licenses and other state-issued forms of identification. Privacy advocates insisted this was tantamount to tracking people as they go about their daily lives. Simitian says he doesn't want Californians to be forced to carry around documents that could "broadcast" their identities.
The bill was softened somewhat as it passed the Senate, so that instead of imposing a flat prohibition on RFID for most governmental purposes, it would allow electronic tags if they contain a random identifier and no personal information. The amended bill also calls for encryption to protect against unauthorized reading of the information in I.D. documents.
Even some privacy proponents, however, claim that legislation aimed specifically at RFID technology may take too narrow an approach. The Center for Democracy and Technology, a think tank that describes itself as working "for democratic values in a digital age," says it worries about companies and organizations sharing and linking information as RFID readers proliferate. But the organization also believes that legislation geared specifically to RFID "would risk technology mandates that are ill suited to the future evolution of the technology." Privacy issues, it says, should be addressed in "technology-neutral ways."
In the end, concerns about personal security, rather than privacy, may turn out to be the most important issue as the technology becomes more sophisticated. Airport passengers have already grown accustomed to the all-but-strip-search activities they sometimes have to endure while going through security. The use of E-ZPass records to catch lawbreakers has not attracted any significant public criticism.
As for the charter school in Buffalo, CEO Gary Stillman still thinks RFID tags are a valuable technology, and he plans to continue experimenting with them. The three-year-old school doesn't have a cafeteria yet, but when it gets one, Stillman plans to use the tags for cafeteria purchases. When students get to the cashier, the system will help keep confidential whether they pay full price or get a free or reduced-cost lunch. Used in that way, he hopes, RFID tags will contribute to privacy--rather than erode it.