WASHINGTON-California, already pursuing new laws for wireless carriers, cell-phone drivers and camera phones, has become the latest state to advance privacy legislation governing radio frequency identification applications embraced by retailers, manufacturers and libraries.
The California bill and others like it-either already introduced or in the pipeline-are moving forward as retail giants like Wal-Mart, Target, Tesco, Albertsons and the Metro Group are directing top suppliers to incorporate RFID tags into their products to improve supply-chain inventory control. For the same reason, the Department of Defense also has big plans for RFID technology.
“Allowing manufacturers and stores to put RFID chips in clothes, on shampoo bottles and everything else you buy so they can put it in a database and tie it all to your name will have an enormous impact on people’s personal privacy,” said state Sen. Debra Bowen (D), following recent passage by the California senate of her RFID privacy bill. “There’s no reason to let RFID sneak up on us when we have the ability to put some privacy protections in place before the genie’s completely out of the bottle.”
The Bowen measure limits businesses and libraries to capturing information they already collect using bar codes, while prohibiting use of RFID technology to track people (or personal information capable of being trapped) as they shop or after they leave the store.
The private sector’s RFID push has ignited a privacy backlash as potent and far-reaching as the technology itself. Retailers and manufacturers say they can police themselves, noting EPCglobal is writing privacy safeguards into the RFID standard. And they claim privacy fears are overblown, explaining that RFID radio signals are short range and therefore inherently prevent a store from tracking customers after they walk out the door.
Richard Varn, technology policy adviser to the National Retail Federation, said new RFID privacy laws are not necessary because laws already on the books cover the wireless technology capability. Others disagree.
“I have a problem with chasing the technology tail. You’re not going to catch it,” said Varn.
But where privacy is concerned, fueled by the reactions of consumer advocates and policy-makers-Democrats and Republicans alike-the issue can take on a life of its own. Witness the hysteria that took hold last year when word leaked out that Wal-Mart and Gillette were conducting an RFID trial in Brockton, Mass., a low-income area.
The privacy issue continues to dog the mobile-phone and Internet industries, ranging from protests about location-based wireless services to Internet wiretaps. Now, manufacturers, retailers and RFID vendors have a problem that is not bound to go away anytime soon. The rhetoric is instructive, and the trend is clear. The states are coming.
“When people go through the checkout line, the store can already collect information on what they buy and tie it to their name, but without RFID, the store can’t easily collect information on what products a person picks up in the store but doesn’t buy, what people are wearing or what’s in their wallet or purse,” said Bowen. “RFID technology gives the store-and anyone else with an RFID reader-the ability to collect that type of information, assuming a person’s clothing and items in their wallet or purse have RFID chips embedded in them, tie it to their name, and build personal profiles on just about anyone.”
Bowen’s bill heads to the California State Assembly where it will be debated-and possibly strengthened-in June. The same month, back in the nation’s capital on June 21, the Federal Trade Commission will address privacy and commercial implications of RFID at a workshop.
In February, Utah’s House of Representatives passed RFID privacy legislation sponsored by Rep. David Hogue (R ). The bill requires a product containing an RFID tag to include a label describing it to consumers.
Later this year, Massachusetts State Sen. Jarrett Barrios (D) plans to introduce RFID privacy legislation for consideration in the 2005 state legislative session. Before that happens, Barrios intends to meet with industry representatives and privacy advocates in coming months to gather information to help him craft a legal framework for RFID privacy.
“It is in the interest of retailers and manufacturers to clarify what we’re doing,” said Barrios recently at an RFID forum at the National Press Club.
Virginia Delegate Scott Lingamfelter (R) is backing legislation to be taken up next year that would require public bodies to conduct a privacy impact analysis when authorizing or prohibiting use of technologies such as RFID, Internet wiretaps and spyware. In addition, the bill calls for the state’s Joint Commission on Technology and Science to study legal aspects of tracking technologies, their potential impact on civil liberties and safeguards that may be needed to mitigate privacy concerns.
JCOTS may decide later this month whether to conduct such a review.
Meantime, a Maryland state lawmaker’s bill to create a task force to investigate privacy implications of RFID technology use by retailers and manufacturers failed to make it out of committee. The legislation is apt to re-emerge next year.
States are leading the way on RFID privacy controls, as they have on so many other cutting-edge technologies. The trend invariably means Congress will jump on the bandwagon before long, for no other reason than to placate large manufacturers and retailers that gain enormous supply-chain efficiencies from RFID technology but do not want to deal with a patchwork of different privacy laws throughout the country.
“While it may be a good idea for a retailer to use RFID chips to manage its inventory, we would not want a retailer to put those tags on goods for sale without consumers’ knowledge, without knowing how to deactivate them, and without knowing what information will be collected and how it will be used,” said Sen. Patrick Leahy (D-Vt.) in prepared remarks for a speech in late March. “While we might want the Pentagon to be able to manage its supplies with RFID tags, we would not want an al Qaeda operative to find out about our resources by simply using a hidden RFID scanner in a war situation.”
