The European Parliament’s technology assessment task force has concluded in a study that the public is unaware of what it calls 'considerable threats' posed by radio frequency identification (RFID) technology to the security of their personal information.
The June survey, titled “RFID and Identity Management in Everyday Life,” cited a number of high profile RFID implementations in Europe as examples of the growing prevalence of the technology on the continent, and listed actual and potential problems with each.
“Until recently, RFID was mainly used for logistical purposes to identify cargo,” stated the report. “Now it has entered the public space on a massive scale: public transport cards, the biometric passport, micro-payment systems, office ID tokens and customer loyalty cards."
The report’s authors reviewed case studies, expert meetings and pertinent literature and determined “that users generally perceive RFID as no more than an electronic key or wallet”. The report, however, contended that the technology can “register movements, spending, productivity, preferences, habits and so forth. This gives them a means of providing feedback according to these identities and control over their users.”
The case studies and examples in the report illustrate the value to RFID in cutting business costs and improving customer loyalty, but also noted the potential that companies, governments and law enforcement officials could abuse RFID data.
For example, the report said that plans to embed RFID technology into customer loyalty cards at mammoth German retailer Metro Group as part of its Future Store project, could result in the disclosure of personal data of shoppers, or to track customer movement in a store.
The retailer has long used RFID technology to track the flow of cases and pallets through its supply chain, but pilot programs started in 2003 that added the technology to individual products and to the loyalty cards caused problems for the firm. For example, the report noted, the pilot system that was supposed to de-activate product RFID as customers left the stores malfunctioned several times, allowing tags to be scanned by readers beyond the Metro facility.
The company has since recalled chipped loyalty cards and continues to depend on older bar code technology. A spokesman told the task force that expanding the pilot program "isn't a priority" for Metro Group.
The report also criticised a European Commission mandate that all passports issued by European Union countries include an RFID chip that contains a digital photo of the bearer. At some point, the EC may mandate adding a DNA profile, fingerprint or iris scan, the report said.
The report noted that critics fear that biometric information stored in passports will be held in a database that could be improperly mined for information.
The report’s authors predicted that as the RFID-chipped passports are assigned through Europe, political opposition to the technology will continue to grow.
The report outlines a number of ways to use RFID technologies without threatening personal privacy. "Users need to be aware RFID can be more than just an electronic wallet or key and they [users] leave digital footprints in RFID environments," it said. As part of this educational effort, those who implement systems must create short, easy to understand license agreements for their end users.
End users should also be able to have input on how RFID systems are set up and decide just how much private data is necessary for a company to use in a particular system. And, governments must decide if data gathered through RFID systems should be mined for investigations.