RFID fact and fiction

In an effort to dispel some of the privacy concerns surrounding radio frequency identification technology (RFID), the Information Technology Association of America has issued a white paper covering what the technology is and is not capable of.

The report “RFID Myths and Urban Legends,” available from the ITAA Web site, cites some of the benefits of the technology, including identity management, supply-chain efficiency, pharmaceutical tracking, food safety/recall, security, and stock control. RFID has the potential to have profound impact on industry.

As you know, RFID is an automated data-capture technology. The technology consists of RFID tags, RFID readers, and a data collection and management system. Because RFID can be used for personal identification, there are privacy and security concerns regarding the technology. The ITAA white paper is a useful resource to counter some of these concerns in your company by correcting misinformation:

* Companies and governments plan to track you using RFID. Not true because an RFID tag has no awareness of geographical data. An RFID tag must be within 10 to 30 feet of a reader – outside of that range, tags don’t emit a signal. “Big Brother” type surveillance would require billions of readers and antennas within that range.

* RFID creates a database in the sky. When it’s so difficult for companies to integrate their disparate sources of data, is it really realistic to believe there will be a single database that tracks all your purchases? RFID doesn’t change the way information is used or stored.

* RFID will spur drive-by reads. RFID requires direct line of sight within the 10- to 30-foot range. It does not work through walls, so it’s highly unlikely someone could park at the curb to find out what’s in your medicine cabinet unless your lawn was dotted with readers.

* RFID can lead to identity theft. The tags do not usually contain personally identifiable information. Rather, they transmit unique identifiers that function like license plates. You’d need access to a database that should be secured with encryption and all the other usual standard forms of protection.