And that’s a shame, because RFID is a marvelous technology.
RFID is somewhat similar. When an object with an RFID tag attached to it passes within a certain distance of an RFID reader device, the device picks up information, too. It can tell what the object is and details about it, just like with the barcode.
The difference with RFID is that the item does not need to pass directly in front of a scanner. It only needs to be within a certain distance — anywhere from a few inches away to a few yards away. The reader picks up the information wirelessly via a radio frequency signal, instead of via an optical scanner. That means the tagged item just needs to be close by, not positioned carefully in front of a scanner or reader item by item — allowing more items to be “read” much more quickly than with barcodes.
Urban Myths by Conspiracy Theorists
Unfortunately, RFID just can’t seem to get away from its bad reputation. It is like the dirt cloud that accompanies PigPen, the character in the Peanuts comic strip, everywhere he goes.
RFID in recent years has been the subject of urban myths that stubbornly persist, despite being debunked over and over.
RFID has been claimed to be the ‘mark of the beast,’ a myth linked to extreme conspiracy theories. Even though that myth has been soundly debunked at Snopes.com, people continue to spread it.
Another urban myth is the false assertion that Big Brother government is watching us via RFID chips embedded in $20 bills. That led to the comedy of people running around microwaving twenty-dollar bills in an effort to prove they contained RFID chips — and leading some to wonder, ‘don’t these people have anything better to do?’. Not to mention being a waste of good money. That myth too has been debunked. Still, some believe it.
RFID’s Powers are Over-estimated
OK, so most of us will quickly dismiss the conspiracy theorists and the tinfoil hat types. But a deeper issue is the way RFID’s powers are seriously over-estimated and misunderstood by the public, media and elected officials.
The big concern of the public is privacy. And privacy is a valid concern.
But privacy is a concern that applies to a much broader range of consumer practices and not uniquely to RFID. Today with proliferating marketing databases and a Google index containing billions of pages, not to mention highly-publicized identity thefts, sometimes it feels like nothing is private anymore.
Who shouldn’t be concerned about privacy? That’s why consumers pay more attention to companies’ privacy policies and data security these days.
However, the issue with RFID is that people connect dots that don’t exist. RFID gets put under the microscope in ways it does not deserve.
For instance, a huge practical limitation to RFID privacy breaches is distance. Most RFID tags are activated only when they come into very close proximity to a special RFID reader. And most RFID tags can only broadcast within a very short distance, i.e., inches or feet. That means the item with an RFID tag has to be pretty close to an RFID reader. Yet, people often assume that if somehow you have consumer goods in your home with RFID tags, someone spying from miles away could make a list of everything you have. Or that your movements could be tracked hundreds or thousands of miles away.
As an aside, a technology such as GPS can in fact track a thing or, say a person in a vehicle, remotely from far away, by triangulating off of satellites. Yet GPS, for whatever reason, is not dogged by the same bad rap as RFID. (Read: What is GPS?)
Another protection is encryption. When RFID is used in payment applications or highly sensitive situations, the data is either encrypted or it simply transmits a numeric code back to a computer system. The computer system, not the RFID tag, contains the customer’s private account information. Even if someone managed to get within a few feet and could eavesdrop on an RFID signal, they would not get any identifying information. All they would get is encrypted data or a numeric code that is meaningless without also cracking into the computer system.
And if hackers are going to break into a computer system, why would they bother with RFID tags in the first place.? It would be easier to skip that step and go straight to the computer database.
Let’s face it. If someone wanted to track your consumer purchases or steal your identity, there are easier, cheaper and better ways to do that. For instance, what about store loyalty cards that record everything you buy? What about Amazon wish lists that can be publicly searched? What about plain old dumpster diving?
Overreaction Due to Misunderstanding
The result has been media reports that whip up fear; public relations debacles for organizations that underestimated the public’s misimpressions and failed to proactively address privacy concerns; and misguided legislative initiatives to “protect” the public from this so-called “spy” technology.
What Should You Do?
(1) If you are a consumer don’t fear RFID. There’s nothing inherently dangerous in the technology itself. It’s less of a threat to privacy than many other practices and technologies today. Look for responsible companies and do business with them, and don’t worry about which technology they happen to be using. And remember, you’re probably using RFID technology whether you know it or not, because RFID is used in so many ways today.
(2) If you are in a business or governmental agency that employs RFID in consumer-facing applications, or is considering it, don’t underestimate the public’s concern over privacy. Privacy is a big issue. Take precautions, such as encryption, or disable RFID tags before they leave the store, to protect privacy. Also, don’t assume the public knows what you know about RFID. Go out of your way to explain how you are safeguarding the public’s privacy. Be responsible AND proactive.
(3) If you are in a law-making position, seek to learn about the technology before enacting laws. Get some expert advice. Don’t hear from privacy advocates only. Seek out technologists to explain the technology’s practical limitations and safeguards, not just its theoretical powers. As one commentator pointed out recently, if laws under consideration today had been passed years ago, the public would never have enjoyed such conveniences as the EZPass toll payment system, which uses RFID. It would have been banned. And that would be a shame.