Low-cost, radio frequency identification (RFID) systems will soon become commonplace throughout the business-to-business and business-to-consumer marketplace.

In making this prediction, Simson L. Garfinkel, Cambridge, MA, a researcher with the Laboratory for Computer Science, Massachusetts Institute of Technology, says we need assurances that personal privacy is protected and policies and technologies are put in place to limit exploitation and increase personal security.

Much of the work to date on RFID systems has been in the areas of engineering and electronic product codes. Auto-identification systems are expected to undergo two fundamental changes within the coming years, says Garfinkel, a world-renowned guru in the realm of electronic information technology.

The first change will be the way RFID codes are read and automatically processed; the second change involves the codes themselves.

“These issues must be addressed in the design, implementation and deployment of the system to protect the privacy of individuals,” he explains. Ubiquitous deployment of RFID tags could pose some challenges to user privacy:

  • Tags could be read by unauthorized readers.

  • RFID tags could be read covertly.

  • A database could be used to build long-term tracking associations between tags and holders.

Garfinkel says much of the current thinking on RFID privacy issues is based on the Code of Fair Information Practice developed by the U.S. Department of Health and Education in 1973.

“Any organization creating, maintaining, using or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuses of the data,” he says.

In an effort to take RFID and database security beyond this code, Garfinkel testified before the U.S. Senate Committee on Commerce, Science and Transportation on computer privacy issues. He proposes a “Bill of Rights” for RFID systems (at right).

RFID Tomorrow

It's widely believed that RFID tags will migrate into consumer items as the price of tags drops. It only takes a little imagination to figure how RFID might find application in the food business.

For example, individually serialized RFID tags could be embedded into individual consumer packages at the site of sorting or processing. These tags could then be used to track the packages from the processor through distribution and ultimately to retail shelves.

Garfinkel says that by giving each package or unit a unique serial number, RFID would allow the manufacturer to:

  • Track product in the supply chain.

  • Maintain product identity.

  • Pinpoint and prevent theft and diversion.

  • Locate tainted goods on store shelves.

  • Alert the consumer to product recalls.

The technology could also permeate consumers' lives to a large degree.

“Your house, your food, even your clothes, might someday be permeated with such tags,” Garfinkel explains. “A reader built into your washing machine might automatically warn you that the dyes in your red shorts aren't colorfast and will ruin your yellow blouse.”

Microwave ovens might read the tags in frozen-dinner packages and automatically calibrate to cook food properly.

He says tag-embedded meat packaging is already under development that could help trace the spread of E. coli 0157:H7 and other food-borne contaminants.

For more information on security of RFID systems go to http://www.simson.net/.

Bill Of Rights

Simson L. Garfinkel's Bill of Rights consists of five guiding principles for the creation and deployment of RFID systems.

  • The right to know if a product contains an RFID tag.

  • The right to have embedded RFID tags removed, deactivated or destroyed when a product reaches the final consumer.

  • The right to first-class RFID alternatives: Consumers should not lose other rights if they decide to opt out of RIFD or exercise an RFID tag's “kill” feature.

  • The right to know what information is stored inside their RFID tags.

  • The right to know when, where and why an RFID tag is being read.