Like privacy ? beware RFID !

June 11, 2005

my view: Kelly Jones Sharp
If you like privacy, beware of RFID

Just because we can doesn't mean we should.

Manhattan Project scientists wrestled with this moral dilemma while building the atomic bombs the U.S. dropped on Japan in 1945.

Opponents of cloning, fearing a brave new world of test-tube automatons, have expressed similar sentiments.

Now, science brings us again to a moral crossroads. This time the dilemma is our privacy, and the technology in question is the radio frequency identification chip.

RFID is not new technology, but technology that is gaining momentum in a world where consumerism and terrorism rule both policy and zeitgeist. Rebranded for mass marketing as "contactless chips," RFID has wide-ranging applications and implications.

The microchips provide automatic identification of objects, animals and people. They are radio transmitters that can be as small as a grain of rice and have a transmission and detection range of less than an inch to almost 20 feet.

The "passive" type of RFID chip approved last October by the Food and Drug Administration for implant in humans has no internal power supply but gets its juice from a tag reader that enables the chip's antenna to respond with information, typically a serial identification number. These numbers lead the reader to more detailed information stored in databases.

Wal-Mart and other companies have been successfully using RFID for efficient tracking of merchandise within their supply chains. Pet adoption agencies, such as the Humane Society of Indianapolis, offer micro-chipping for dogs and cats.

Those things are fine, presuming that the chip on my Advil bottle won't be read from my medicine cabinet, and that Fluffy and Fido won't be programmed for evildoing. It's the potential for misuse and abuse of information within people applications that concerns me.

Consider some ways RFID chips are already being used. The chips are being embedded in toll road passes, library cards and ID badges. Recent applications include "contactless" credit cards and U.S. passports.

RFID also is being combined with the global positioning system (GPS) and with wireless fidelity (WiFi) for automobile fleet management and prescription drug tracking -- uses that also could be applied to people.

Some hospitals are now using RFID to tag patients for surgery and newborn babies for security.

In the case of medical records -- the use approved last fall by the FDA -- the chip contains an access code to a person's medical information and is inserted into the upper arm. The code points to databases that grant medical providers instant access to a patient's records.

It's easy to see benefits of automatic identification. No mistaking who you are. Not having to carry information. Never having to wait -- for credit approval, for medical histories or clearance to board a plane. Your preferences auto-profiled wherever you go, from the bookstore to the supermarket. It's life in the fast lane, only faster than ever.

But at what cost? Do we really want our movements tracked and our personal data scrutinized out of some intangible fears or to save a few seconds in the checkout lane?

In May, the Government Accountability Office released a report citing privacy concerns related to RFID use among 23 federal agencies. The report says, "The use of tags and databases raises important security considerations related to the confidentiality, integrity, and availability of the data on the tags, in the databases, and in how this information is being protected. Key privacy concerns include tracking an individual's movements and profiling an individual's habits, among others."

Technology does not necessarily beget security. Recently thugs hacked into LexisNexis, grabbing personal data, including Social Security numbers, on more than 310,000 people, 2,602 of them Indiana residents.

Some RFID chips are not only readable but "writeable," meaning that tag readers could alter information on them. Reader "collision" happens when two tag readers try to read the same microchip at once. Surely techno-geeks would find surreptitious reading and switching of information on RFID chips the ultimate challenge.

The slippery slopes of science always have been paved with well-intentioned scholars who pursue their ends despite the consequences. It's time we prevail on lawmakers to set limits, and on those who would exploit this technology to "do no harm."

Sharp is a writer who lives in Indianapolis. Contact her at kelly.jones.sharp@sbcglobal.net