Paul Saffo on RFID’s Impact on Consumer Privacy

Ready or not, radio frequency identification—or RFID—tags are poised to show up in a supply chain near you. These tiny chips will revolutionize inventory logistics, but the prospect of their deployment into retail environments is already giving privacy advocates the willies. The bad news: Commerce will trump privacy concerns. The good news: While deployment into the back end of commerce is imminent, the economics of RFID will delay consumer point-of-sale presence for some time. The only certainty about RFID deployment is that it’s going to be a turbulent ride.

Blame much of RFID’s buzz on Gillette, whose order for 500 million RFID chips earlier this year thrust the technology into the news. Wal-Mart further fanned the flames by informing its suppliers that it wants all the products it supplies to contain RFID tags. Even Microsoft is getting into the act with an announcement that it intends to develop software and services to support RFID use in the retail and industrial sectors.

Those ambitious plans are driven by the belief that RFID will revolutionize the tracking and management of everything from industrial equipment to pharmaceuticals and even heads of lettuce. Stick an RFID chip onto a part or a package and a previously inert object can now account for itself whenever it is tickled by a radio signal from a questing sensor. Industries with special problems will be early adopters: Gillette’s interest in RFID stems in no small part from its desire to solve shoplifting of razors, while cigarette manufacturers want to enlist RFID in an effort to stop interstate cigarette smuggling. At its most extravagant, RFID represents nothing less than the successor to the ubiquitous bar code.

While the trajectory of RFID is clear, the speed of its adoption is less certain. The cheapest RFID chips today still cost more than two and a half cents in quantity. Cheap in comparison to what gets stuffed in a laptop, but horrendously expensive when contemplating a chip in every milk carton or box of detergent. Then there is the cost of the tag readers and the dizzyingly complex infrastructure required to collect, sift and move the vast amounts of data RFIDs generate. Little wonder that Wal-Mart backed off its previously announced deployment plans.

Sorting all this out is a decade-long task, but the industry has a running start. Thanks to the leadership of the MIT Auto-ID Center, in effect a multi-industry consortium of companies pioneering RFID use, there exists a widely accepted RFID standard.

And islands of RFID use directly touching the consumer are already appearing. Singapore’s National Library chipped all of its books a few years back, and now patrons check out their own books while “smart” book drops automatically check in returns.

Tomorrow’s RFID chips won’t just spit out serial numbers; they will also carry data and myriad sensors, transforming inert objects into “smartifacts”—intelligent artifacts that interact with the surrounding environment. Add this all on top of today’s search engine craze, and I’ll bet we’ll eventually have “IndexBots” running around the landscape hunting and cataloging every RFID chip they find.

No wonder consumer privacy advocates are already fretting over RFID. The privacy implications of a smartifact world are indeed as chilling as they are unpredictable. RFID itself is not privacy-eroding—the risk is determined by the architecture of the RFID standard and supporting systems. But developments in other areas offer no comfort. Consider the FasTrak electronic toll system, a system that could have been made anonymous, but instead dutifully tracks and records where and when cars cross toll points. The promise by developers that FasTrak would never be used for anything besides tolls has already been broken in California where additional sensors are being deployed to track FasTrak transponders to analyze and control traffic flow. Again, the public has been promised that individual data is not being preserved, but in these terror-obsessed times, one does not have to be a paranoid to react with a cynical snort of disbelief.

I suspect that the biggest challenge to privacy will not be from corporate or government push, but consumer pull. In the short run, the same consumers who fret about privacy will likely be happy purchasers of RFID-based home inventory systems. Even as they object, they will be sticking RFID chips on their pets and into their kids’ schoolbags.

And when in-store RFID deploys, proponents will inevitably establish links to in-home devices. Consider a future home-shopping scenario in which sensor-equipped refrigerators track what is used, generate and place shopping orders, and even warn consumers if the milk they are about to drink is old enough to have a driver’s license. Wary consumers could disable chips in the items they buy, but then they would have to do their ordering manually. Americans may seem to be privacy-hawks, but they are also lazy and suckers for anything that sounds like a deal. Given a devil’s choice between privacy and convenience, the vast majority of consumers will choose the latter.