Industry experts: RFID policy must be measured
Industry representatives, government officials, and consumer advocates discuss how to encourage growth of the identification technology while addressing privacy concerns.
WASHINGTON--The potential applications for radio frequency identification are about as far-reaching and unforeseeable as its privacy and security implications.
Industry representatives, government officials, and consumer advocates met at a workshop on Tuesday hosted by the Federal Trade Commission to discuss how to resolve privacy and security concerns with respect to RFID without stifling the growth of the technology.
"Our discomfort stems from the fact that strong security is not always built into the (RFID technology) to begin with," said Susan Grant, director of consumer protection for the Consumer Federation of America. "Very often, it's an afterthought."
There were security and privacy concerns when the U.S. government began issuing RFID-equipped passports. Evolving private-sector use, such as the migration of contactless payment to mobile phones, has also raised concerns.
Industry representatives, however, said the state of the technology made it difficult to anticipate security weaknesses. Furthermore, they warned, trying to impose broad security standards on the many uses of RFID technology could severely hamper its growth.
"Is it too early for a recommendation for a technology that is still evolving?" asked Paul Skehan, director of the European Retail Round Table. "Probably."
All the participants at the workshop agreed on the need to educate the public about how RFID technology is used.
"If the public's not ready for it, that could kill a technology," said Tom Karygiannis, senior researcher at the National Institute of Standards and Technology.
The European Union Commission is currently preparing a recommendation for member states on how to address privacy, data protection, and information security when implementing RFID technology. In the United States, the FTC is not pursuing any new policies or encouraging any new legislation to address RFID privacy issues because the FTC Act provides a broad mandate that allows for those issues to be addressed, said Katie Ratte, an FTC attorney.