BIG BROTHER DEBATE HEATS UP!

Should concerns about privacy be allowed to impede RFID's progress?

Comments from ML Hayes
location: Houston, TX USA

The question of RFID privacy is not as thorny or sticky as one might be led to believe. If you are not concerned for your privacy, you are not going to have any. Impedance doesn't necessarily mean denial or undeterminably delay. The question is how to provide the security of ID while distributing the benefits of product tracking and it's real-time life cycle phasing. The problem is how to protect privacy, not RFID technology or corporate or other types of marketing strategies.

Naturally, the individual wants to avoid the negatives of privacy invasion while gaining the advantage of passive consumption. Passive consumption, in this sense, would place a great deal of the planning and decision making on the manufacturers and distributors. There is no way anyone could expect a corporation to foresee all of the possibilities for which any given individual might utilizes their product. Passive consumption implies that this is possible, but reality historically (legislatively, litigationally, and institutionally) dictates otherwise.

This may or may not be good for the consumer. The line that separates those positives and negatives is still being drawn on a product-by-product basis. However, in the case of GPS activation of location reporting transmissions for victims of auto-accidents, there is little doubt that there are benefits. Using this example, the negatives would be demonstrated when the wreckers arrived before the ambulance and emergency rescue services due to their superior monitoring capabilities. [Or you're discovered somewhere you don't want to be discovered - use your imagination! NH ] Kind of reminds me of the animated cartoons of my youth (do not ask...if you have to, you're too young to understand).

The positives, beyond the obvious, would be in the near real-time calculation of the product's performance under stress. Projecting the products purpose (to provide safe and reliable transportation) into the future reporting associate with a given RFID and it's user/consumer, on to insurance rates and health related issues such as passenger fatality, injury and recover data; could produce safer and more efficient vehicles.

The problem is that the misuse of the technology could also allow discriminatory practices to be applied to the detriment of some economically distinguishable members of certain communities. This is where the line must be unalterably defined. As a rule, the poor drive less desirable and under performing vehicles. A license plate RFID tied to the VIN would quickly accomplish the distribution of RFID technology and provide the automotive industry with a way to capture every vehicle that ever refuelled at every point of capture between refuelling.

That's too much Big Brother for me, but this kind of application could be implement world wide in as little as 6 or at least less than 24 months. The effort required to track every vehicle on the planet is a different story. The point is that such information would be available to be collected, analyzed and manipulated by whosoever had the will to do so.

Economic mobility must not be impeded by RFID technology. It is not a question of individuals being singled out for manipulation. That is the essence of the market place. All marketing has that purpose. RFID take the capabilities and extend them beyond marketing to the point of empowering malicious observation and intent.

In the modern electronic age, almost every transaction is a one-to-many confrontation where the buyer is engaged with the representative of a chain of suppliers, vendors, and manufacturers. To combat malicious observation, the RFID's owner(s) must be enjoined to make public not only their stated intent, but also their identifications clear and defined. The instance where a stated intent and a private action by the owners or the RFID conflict would give rise to the individual's right to redress.

Truly, if anything, the RFID technology should allow the determination of vicarious liabilities with a specificness that gives greater power to the individual to seek redress from those links in the chain that failed to provide the quality of product or service necessary to meet practical contingencies. Not everyone in the chain, but the negligent or malicious who take advantage of the user/consumer through deceptive or extraordinary contradiction of the statement of intent included in the RFID's registration.

Governments should make sure that the standards acceptable for the inclusion of RFID technology in products sold within their jurisdiction have mandates for identification of all of the component contributors, suppliers and distributors. This part of the RFID would be registered in a publicly accessible data-repository so that comparison of the attached RFID to the registry could be easily and quickly performed. The purpose of the registry would be to serve as a checkpoint for determining alteration of the product to which the RFID was attached.

Protection of the individual's right to privacy must be linked to the product's component manufacturers' right to protect their work product (trade-secrets etc.). This kind of quid-pro-quo makes the cost of malicious observation and subsequent acts too costly for legitimate corporative to ignore rogue or imposter organizations that might utilize their good RFID’s to conduct malicious observation and discriminatory marketing. In other words, the price of the information would be the cost of protecting the interest of those whose IDs you are allowed to gather.

Keep in mind that, legitimate uses of data and individually targeted data mining of information collected by the organization that provided the RFID would, as it should, be permissible. The goal would naturally be to provide the consumer with the power to disconnect their IDs from the RFIDs. Passive consumption would require active selection and governments role would be to ensure that the option to repeatedly renege and/or re-activate these options were not exclusively in the hands of the providers.

This would outlaw tactics such as time limits for acceptance including deadlines that removed the choice from the consumer/user. The universal default should be anonymous and the user would be required to 'activate' the RFID by attaching an ID of the user/consumer's choice. Yes, the consumer/user would be allowed to opt to use an alias.

The provider's would be allowed to provide additional incentives to get the user/consumers to provide IDs that were useful to the providers, however, a purge rule would be applied that gave the ID'd user/consumer the option to withdraw permission to market their ID and associated individual specific data. A reasonable time could be determined to complete the purge and proof by subsequent evidence of failure to purge would be established by legislation on a local govermental basis.

Enforcement of these types of rules would be the job of the registry contractors. They would provide liaison to the participating governments who could address legislation and litigation of such matters in their culturally suitable manners. Cross-border confusion could be kept to a minimum because the user/consumer would have a redress in every community where this proposal were acceptable. This is the point of the registry. It provides the kind of transparency necessary to make the RFID an acceptable tool for all concerned.

RFIDs are placed on specific products and conveyances. The ID of the user/consumer is not necessary to the products specific phase of life. The identification of that user/consumer is very desirable, however so care should be taken to protect the user's identity. If you have every had too much SPAM, you can see why we must do everything possible to keep the RFID technology from emulating the EMAIL industries shortcomings.

Unlike email, RFIDs can be totally identifiable right down to the name of the UPS truck-driver who is pulling up in your parking lot. After you take possession however, you must make the decision to participate in the products life cycle decision making process or to give-up your autonomy and let the batteries run your life.

May the force be with you and the energy never run out (or we're going to be in a real fix), whatever...

ML Hayes

Come on; don’t be shy, if you have the technology, or even just an opinion, let us know by March 4, 2002, when our part-time judge, part-time jester Nicki Hayes summarizes the debate and puts the issue to the vote. Send comments to HoldingCourt@wirelessdevnet.com

Home