RFID bows before privacy

Government from the outset must consider privacy issues when using radio frequency identification or it will face problems down the road, according to a Transportation Department official.

“Privacy is king,” said James Zok, a DOT official with the Maritime Administration’s associate administrator for ship financial approvals and cargo preference. Everyone who deals with personal or business information must fundamentally start from a privacy impact assessment perspective, he added.

“And in that privacy impact assessment we basically have to describe what we think are fair information practices,” he said. “We have to talk about where we’re going to store the data? Who’s going to store it for us? How long is it going to be stored? Who gets access to it? When they get access to it? How long can they have access to it?”

He said the private sector has a lot to offer in terms of privacy models, such as in banking. But unlike the private sector, government cannot share a lot of data with other parties. “And if it’s perceived we’re doing that, then oops, we have problems,” he said.

Zok was one of the panelists at a RFID conference June 14, sponsored by SAP and the National Chamber Foundation, which is part of the U.S. Chamber of Commerce. The conference, which focused on the global potential and the future of the technology, focused on the need for global standards and the issue of privacy and security.

While RFID technology – essentially sensors – has been around for decades, the private and public sectors have only recently began employing it, most notably in supply chain systems to track and monitor goods and cargo shipments to ensure they have not been tampered with. However, privacy advocates and consumers have expressed concern that RFID tags could be used in government issued identity documents. Such tags would presumably contain personal data or identifiers that could be scanned from devices known as readers.

But panelists at the conference, which did not feature any representatives from privacy or consumer groups and focused heavily on industry’s uses of RFID worldwide, said trust among the public is paramount in advancing this technology.

Elizabeth Board, executive director EPCglobal’s public policy steering committee, said consumers have to be comfortable with the technology and argued for a single global standard so RFID technologies developed worldwide are interoperable.

“Now is really the time for industry to get it right,” she said. “We need to show that we can get our act together.”

EPCglobal, a non-profit international consortium of private sector companies, has developed a series of specifications that address tag placement, coding structure, data specification and interface systems. The group formed a steering committee last year to foster dialogue around public policy and other important areas relative to electronic product code, which is a number for uniquely identifying an item, and RFID.

Bill McDermott, president and chief executive officer for SAP America, which is one of the market leaders in developing RFID applications, said the technology could help industry and government manage their inventories more efficiently because it provides greater visibility.

For example, he said the Defense Department, which has been using the technology for some time, can be assured that goods and other products are delivered “from factory to foxhole” because they can monitor and track shipments. Another use is tracking cattle using the RFID tags, something SAP officials called the “Mad Cow solution.” If all cattle have their own unique tags and an incident of Mad Cow or some other bovine disease is detected, then farmers or others can detect exactly where that particular steer or herd came from, they said. Still another solution is using RFID on AIDS vaccines and other drugs that could be distributed through a global supply chain.

McDermott said industry is addressing privacy concerns. While government should cooperate internationally in developing standards and privacy policies, it should not “over legislate,” he added.

“RFID is nothing more than a sensor,” he said. “Until you link it into business applications there’s not productivity to be gained.”