World Backup Day Deals Best Cloud Storage Options Apple AR/VR Headset Uncertainty Samsung Galaxy A54 Preorders iOS 16.4: What's New 10 Best Foods for PCOS 25 Easter Basket Ideas COVID Reinfection: What to Know
Want CNET to notify you of price drops and the latest stories?
No, thank you

Privacy questions arise as RFID hits stores

Companies brace for privacy debate as potentially intrusive applications arrive faster than expected.

BALTIMORE--Proponents of radio frequency identification used to have a quick and easy response to consumer advocates charging that the technology posed an alarming threat to privacy.

Wal-Mart Stores, Procter & Gamble and other big companies pushing the electronic tracking tags said they?d use them only in warehouses to more easily locate and account for stock arriving in cases and palettes. By the time the merchandise hit store shelves, they?d have removed the tags. The placement of tags on items consumers actually take home was projected to be at least 10 years away, last year?s argument went. Some said it may never happen if costs remained prohibitive.

But widespread ?item-level? tagging may actually happen much sooner--more a question of when, not if--discussions here at a radio frequency identification (RFID) conference indicate. Pharmaceutical companies are gearing up to slap tags on individual packages of certain prescription drugs within the next three years, under a mandate from the Food and Drug Administration, according to executives in that industry speaking at this week?s conference.

Retailers don?t have such a mandate but are tip-toeing that direction anyway. A Wal-Mart store in Dallas is already selling Hewlett-Packard printers and scanners with RFID tags on their boxes, said Elizabeth Board, executive director of the public policy steering committee for EPCglobal, organizer of the EPCglobal U.S. Conference 2004 trade show. EPC stands for electronic product code, a new product numbering system linked to RFID that could someday replace the less-precise bar code systems.

Though relatively rare today, RFID tags are marching toward stores and shopping baskets across the country--raising questions about the implications for consumers. Also experimenting with RFID are Albertsons, Best Buy, Target, as well as European chains Metro and Tesco.

?There is a concern that EPC (tags) can be tracked everywhere and that retailers want to track you at all times of the day,? Board, who joined ECPglobal in April to lead the group?s lobbying efforts, said during a panel discussion. ?It?s not realistic, but it has caused a lot of confusion.?

She expects that fears about privacy invasion will continue to be a public relations problem for the technology. RFID supporters must do more to dispel the myths and misconceptions surrounding it, she said. Broad has been meeting with state and federal legislators taking an interest in the privacy debate. Legislators at the state and national level have held hearings on RFID and privacy, and some states have introduced bills that would impose restrictions on the technology. States are keeping Board especially busy--as many as 15 are ?seriously looking at the issue,? she said.

RFID systems work by placing special microchips--RFID tags--on merchandise. The tags signal their location across a network of readers placed on shipping docks, in warehouses and stores, allowing retailers and manufacturers to monitor products as they travel from factory to store shelves. Through an EPC code, a one-of-a-kind serial number, RFID tags can also store a wealth of information about the item with which it?s associated, including where it?s been, who bought it and when.

Privacy activists worry that consumers could leave stores broadcasting all kinds of information about their belongings. They fear that, with the right tools, anyone--including thieves--could detect what's in your purse or pockets. Another concern is that people?s things would leave an electronic trail of their whereabouts and shopping habits for law enforcement officials, investigators, lawyers or marketers to collect.

RFID defenders say such concerns are overblown--a common theme at this conference. One argument is that the only information companies are interested in storing on RFID tags are serial numbers, which are meaningless without access to the database where all the information about the item lives. Only the privileged eyes of certain employees would have access to that database, executives say. Another argument is that RFID tags only submit signals only when prompted by a reader within close range, generally a few feet at most.

EPCglobal, which guides RFID standards development, is also urging companies with RFID initiatives to follow its privacy policy, which focuses on informing consumers. Wal-Mart did with its Dallas test involving HP products, Board said. Wal-Mart posted notices on shelves carrying the tagged items with an 800 number and a Web site address offering more information about the tags. However, Wal-Mart did not remove or disable the tags after consumer bought the items--a practice that privacy advocates have demanded. Board noted that the tags were attached to the packaging, which consumers were likely to throw away.

Retailers and consumer-goods companies are hesitant to agree to removing tags from items at the time of purchase for several reasons. One reason is that RFID tags could help with returns by exposing people trying to get a refund for a product they never really bought, or one they purchased from another store. In the future, technology proponents envision medicine cabinets and home appliances equipped with RFID readers, alerting people to expired drugs and automatically selecting the gentle cycle on the washing machine for delicate clothing.

One of the valid concerns about RFID is what companies plan to do with all the detailed data they?ll be able to collect about consumers, said Daniel Engles, director of research at Massachusetts Institute of Technology?s Auto-ID Lab, an RFID research group. But, Engles added, that?s a concern for all kinds of technologies that record people?s activities and whereabouts, including cell phones and credit cards.

?Most people don?t realize they?re giving up a certain amount of privacy every time they use their cell phone,? Engles said. ?The question is how that information is being used. That?s where the real concerns are.?

And on that issue, as with many in the developing realm of RFID--the jury is still out.