Learn More>>

Overview
Learn More
Applications
SoundTag
Rfid Research
Rfid Privacy
Subni Blog

About Subni>>

Create an Account
About Subni.com
Contact Us

Subni and Rfid Privacy

Personal privacy is a major concern for many people. The emergence of RFID and related technologies has concerned many. Often for very legitimate technological and ethical reasons. Please take a few minutes to review these concerns as well as how Subni's unique approach to RFID mitigates these worries.

1.Consumer RFID & Privacy

As the cost of RFID hardware decreases over time with technological and manufacturing progress, the goal of many companies is to implement item-level tagging of consumer products. This means that individual retail products, which the consumer purchases and physically takes delivery of, will be sold with RFID tags.

Some potential concerns include scenarios in which these tags could continue to be active, and be used for involuntary tracking. For example, a garment purchased at a store (say, Banana Republic) with a late generation RFID tag, the tag could potentially be read by interested third parties. Further more, with the convergence of data sources, this information could be linked to the consumer's credit card information and could be used to aggregate your movement and activities from the millions of tags which could be tracked in an urban environment all without the consumer's knowledge or permission. Another scenario is that as the price of tags decrease, new classes of items may begin to be tagged. These too, could be used to compromise privacy. Several very real examples include the US Government's decision to put RFID tags into passports, the tagging of pets and animals, and of course, the tagging of humans.

These are all very controversial issues. Ethical debates as well as political debates for RFID-related issues are very common. In a recent example, the State of Wisconsin has banned forced-human RFID implants (http://www.spychips.com/press-releases/verichip-wisconsin-ban.html).

2.What makes RFID different from Barcodes

For those who may not know that much about RFID, let's review the following sequence:
A. A RFID tag is placed on an object
B. This RFID tag, which (most of the time) does not require a power source, contains a serial code, similar to a barcode except, in certain types of tags, a challenge key (password) is required to access this serial code.
C. A RFID Reader can read this serial code, at distances ranging from an single inch, up to dozens of feet. The Reader must know the 'password' for many types of tags in order to read the tag.
D. The code which is read from the tag is then linked to information located in a database.

There are several important notes about the model outlined above. First, the challenge-key/response system cannot be relied upon to ensure the security of most tags. We can assume that for the near future, the code in the RFID tag can be read regardless of if there is a challenge-key/response system in the tag. (http://www.forbes.com/home/commerce/2004/07/29/cx_ah_0729rfid.html)

Second, the main difference between an RFID tag and a barcode is that the code in the RFID tag can be read at a distance without needing to have line of site. In other words, you don't need to point anything at the tag, like a barcode reader. Also, in many cases, the reading of the tags cans take place over a much farther distance. Third, current data capacities of tags make it impractical/impossible to store much data on the tag. The tag merely contains a code which is then linked to a database. In other words, while possible to read a tag in a shirt, only the unique code will be read. This can still be used to track the individual tags, but one would need to have access to the database containing personal or other information in order to directly link the tag's code to any really useful information. Surely plenty of useful information can be extracted from the ability to track a unique code and identify it. In other words, if a particular shirt has a tag which was placed by the retailer or manufacturer, a third party would potentially be able to know that this particular tag passed near any number of readers, tracking movement. However, they could not directly discovery what the object actually was, or who purchased it, or any of the information held in the retailer's database without access to the database itself.

The point is the following: The key to RFID privacy is not just the tag itself, but also the information linked to the tag. Current plans for RFID demand that this information is held by a corporation or the government. The current emphasis is on RFID integration so that the universal labeling of tags can help different businesses share data. However, this does little to mitigate consumer privacy worries, since the access to the information is controlled by the corporations and organizations which place the tags on the objects and who also back these standards for storing and sharing data.

3.The Key Is the Information

The wide spread introduction of RFID tags into business environments is one motivated by the added of value by gathering more intelligence from a given transaction. As discussed earlier, valuable information can be derived by being able to track movement of individual tags. The truly important information is created by linking this movement to data, including information about surrounding tags, the characteristics of the tags, and actions which are contingent on these known characteristics.

The way that this information is accessed controls the amount of valuable data a party could draw from a given RFID tag. Under current commercial frameworks, this data is owned and controlled by the company controlling the tag. However, under Subni's framework, this data is entered by the user (consumer), and therefore is owned by the user. The user thus has the ability to control who can access the data which is linked to the tag, who is allowed to be notified when tags are read, and which types of actions should take place when a tag is read by a particular reader.

4.Open-Access Networks as A Solution

Subni's framework provides a way to centralize the data, and from this source, enable end-user controls which can ensure that tags which the end-user places on objects are linked to information which is not only voluntarily linked, but also shifts the authority to control who can read this information to the user themselves. This is the net effect of stripping the tags of many of the potential scenarios where involuntary invasions of privacy could occur directly due to RFID-related technologies.