RFID industry confronts privacy fears

In recent years radio frequency identification technology (RFID) has found its way or is being tested in a number of different industries. These include tracking retail stock, controlling individuals' access to buildings and even preventing counterfeiting of trademarked clothing.

Libraries are also using RFID technology very successfully. Media circulation, as well as item security, is optimised by the use of this technology. In addition, RFID helps to reduce routine work. This frees librarians to assist patrons with reference materials, research questions and providing instructions. Library users can also utilise the self check-out and check-in kiosks and this helps alleviate long waiting lines at the counters. As a result, libraries that use RFID notice a significant increase in total media being checked-out. For example, in the town library of Winterthur, Switzerland, media checkout has increased by 50 per cent.

Although the benefits across many industries can be enormous, RFID is creating concerns with both consumers and privacy activists. Most of the concerns and public discussions have focused on the popular use in the retail business. Customers fear that shops are spying on their buying behaviour and worry that their personal information could be tracked and transmitted invisibly by radio waves. Many of these concerns are shared by library users, particularly if their library cards hold personal information.

Technical limitations

Because users often do not identify reading devices and RFID is soundless and unseen, unscrupulous misuse might be possible. However, the technology has many limitations that make this difficult. Communicating the benefits and limits of RFID should help to allay many of the users' fears.

Firstly, there are legal issues to consider. The reading of private data in patron cards or debit cards by unauthorised third parties would be an invasion of privacy. At the same time, if employers or insurance companies used this information without permission, this would also be a dramatic violation of privacy rights. To read patron cards, book labels or other forms of RFID cards or labels with hidden readers or satellites would not only constitute a violation of privacy rights, it would also be a criminal act.

Even so, could user profiles be created and misused for market research and other purposes? Is it technically possible to read the data? Could this data be interpreted or used in an automatic process? Would the benefits be worth the economic cost to gain the information? What are the legal consequences? This article cannot address all these issues, especially those regarding commercial profitability, but it will hopefully shed some light on some of the technical aspects that are most relevant for libraries.

Readability of data and interpretability

A major concern among privacy advocates is that the technology could be used to access individual information without the control of the user. However, the RFID tags in libraries do not contain any individual patron data. All patron data are kept in a bibliographic in-house database and that is subject to the strict privacy terms of the libraries. When a library utilises RFID there is no change regarding the use and security of the data stored on the in-house database.

Libraries have very strict privacy terms and patron information is strictly confidential. Like many businesses, associations and institutions, libraries are required to ensure the privacy of personal information. They must adhere to their own strict privacy rules and also take into consideration the serious legal consequences of sharing patron information with anyone else. And it is worth bearing in mind that, until recently, nobody took offence at having their information held in these databases.

RFID does not support a direct connection between the tagged items and the patron. In addition, the chip's data are stored in a binary format. This means that, even if the format could be read by an external person, the data could not be analysed. That makes patron cards useless for gathering individual data for tracking and profiling of single persons.

Read distance

The radio tags in books do not contain batteries so the reader must be close to them to pick up their signals.

Apart from the lack of useful information to be gained from the cards, the extraction of the information would, in itself, be a challenge. The main reason for this is that the read distance limits remote data collecting, compiling and recording of user profiles.

RFID tags are passive because they do not contain a battery. Therefore, they cannot send out strong signals which would cover a large area. The read range of the 13.56 MHz tags that are used in libraries is not more than three or four feet. Active tags that are equipped with a battery would not have as long a life as the books they are positioned in and they would also be too expensive and difficult to attach. The read distance at a self check-out station is about one foot. Patrons who want to check out items using the self check out need to be within that read range as the tag cannot send signals further than the read range.

In addition to the technical reasons, read ranges are limited by government regulations. The transmitting power cannot be optionally increased as this might interfere with other electronic devices. Another limitation is that the read distance could be reduced by the presence of other objects. For example, metal could absorb or deflect radio waves. A patron ID kept in a purse could not be read if it were close to a metalised credit card.

Besides the read range, the tag orientation to the reader is an important factor. Signals can be exchanged only when an RFID tag reader and tag are adjusted to each other in the right distance and orientation. To compensate for a patron's movements, a mobile reader similar to those used at airport security checks would need to be utilised.

All these reasons combine to make it impossible to locate commonly-used RFID library tags from long distances or from satellites, even if useful information could be gained from the tags in the first place.

Wireless acceptance is growing

Modern data communication uses electromagnetic (radio) waves in a wide variety of ways. Both mobile phones and wireless local area network services are examples of very common everyday uses. RFID has been used for many years in a variety of applications and is taken for granted in many fields such as in car keys as an immobiliser, and on highways for toll collection. These examples should not play down the possible risks. Nonetheless, they show that society is already very familiar with RFID. The use of RFID in libraries definitely does not provide a base for internal or external data misuse. Technical and organisational conditions do not allow it.

There are two aspects that are very important in helping RFID to be accepted in a more positive way. The first is to make the technology familiar and the second is to make the functions transparent to the users.

Further information

ISO-Standard 15693 (2001): Part 1: Physical characteristics - Part 2: Air interface and initialisation, Part 3: Anticollision and transmission protocol.
ISO/IEC FDIS 18000-3: 2003 (E) Information Technology AIDC techniques - RFID for item management - air interface, Part 3: Parameters for air interface communications at 13.56 MHz.