UW Society and Technology Group RFID Position Paper
The debate surrounding RFID is one that hits close to home for UW students. The CSE building is currently going through a large scale RFID deployment, foreshadowing what is to come in shops, offices, homes, and cities. In this whitepaper, we explore the broader practical, legal and sociopolitical implications of the technology.
- 1 RFID overview
- 2 Applications
- 3 Technical questions and answers
- 4 Legal questions and answers
- 5 Sociopolitical questions and answers
- 6 Economic questions and answers
- 7 Privacy Questions and answers
- 8 Questions for Matthai
Radio Frequency IDentification (RFID) is a technology that utilizes radio signals to automatically identify unique objects. RFID's first real use was during WWII when Britain and the Allies used RFID to distinguish friendly planes from enemy planes. The costs of the technology, however, have kept RFID out of mass deployment; it is only in the recent past that RFID has become feasible to deploy en masse.
The purpose of an RFID system is to enable data to be transmitted by a tag, which is read by an RFID reader and processed according to the needs of a particular application. Tags are attached to individual items that are to be tracked and contain a small amount of information about the object (usually a unique identification number). When an RFID tag passes through the reader's electromagnetic zone, it detects the reader's activation signal and transmits the information it contains. The reader decodes the data encoded in the tag and the data is passed to the host computer. The data is usually compared against a database. The database may provide information about the item to an application running on the same device as the reader (e.g. a reader on a cell phone that gives detailed information about an item about to be purchased). The data may also simply be recorded in the database (e.g. recording that a person wearing a tag just passed through a doorway where an active reader resided). These databases may be data-mined for many purposes; for example, in monitoring applications that track whether activities of daily living (ADLs) are being performed by elderly citizens who have outfitted their home with such an RFID system.
An RFID tag is an object that can be attached to or incorporated into an object for identification using radio waves. A tag usually has a chip and an antenna. There are two types of tags: active and passive.
Active tags have their own internal power supply. They tend to more reliable, transmit more power, and are better for metal/liquid/distance (300ft) situations. Active tags have larger memories and can often store more information. They are about the size of a coin, sell for few dollars, and last a couple of years.
Passive tags are more common. They use the power from the reader to power up. They then respond with some information (sometimes just an ID). They are lower cost, shorter read range, and battery use is not a concern. They can be really tiny and thinner than a sheet of paper and sell for about 5 cents.
By definition (and usually) an RFID tag is a basic device that simply transmits an identifier when activated by an RFID reader. While this is useful for many applications, the current technology used to implement both active and passive tags allows them to have much more power that simple identification.
Since a tag is just a circuit connected to a large antenna, it is possible for tags to contain state and perform processing as well as simply transmit their ID. As a result, tags could be used to store personal data. They can perform secure/private/encrypted communication. Tags can even be purposely deactivated, e.g. when leaving a store to protect consumer privacy.
The limitations for passive tags are almost always time and power. In order to perform more complex functions more power is needed--which means a stronger reader. Additionally, as more complicated communication is necessary (i.e. encryption), the amount of time that the passive tag must be in contact with the reader is much longer.
A reader interrogates the tag with a radio signal and the tag sends back the information stored on it. Technically speaking, a reader uses an antenna(s), transceiver and decoder to interrogate the tag.
Readers have different ranges and operate at different frequencies. The range is anywhere from a few centimeters to hundreds of meters. The read range depends on:
- the frequency at which the communications take place
- the orientation of the tags (hard to read a tag behind an object)
- the material the tag is on (hard to read a tag placed on a metal surface or under water)
- the number of co-located tags (hard to distinguish which tags are generating which radio signals)
- the number of antenna in the reader (more antennas, greater range)
The readers used in CSE's RFID Ecosystem can read from about 30 ft away.
For more information check out these links:
- The RFID Revolution - UW Colloqium talk by Prof. Chris Diorio on RFID technology.
- keyless entry
- E-Z Pass
- Oyster cards
- Seattle library
- prescriptions and medicine doses in the hospital
- daily activities of the elderly
- actual care provided to elderly by care providers
- race timing
- reminder systems
Technical questions and answers
- Tag technology
- What kinds of data is it feasible to store on tags?
- Is it possible for tags to transmit information only to authenticated readers? How cost prohibitive would that be?
- Reader technology
- What kinds of material can readers read tags through? Are there materials that readers cannot (and will not) be able to eventually read through?
- What are the prospects of readers being able to filter noise created by co-located tags?
- Database technology
- What constraints does storage impose on the collection and archiving of such fine-grained data?
- Can data be scrubbed in order to filter out personal information in such a way that privacy is preserved?
- Activity recognition
- What kinds of activities can be inferred by tagged items? How good are existing techniques?
- How many tags will it take to recognize a large set of activities? How many activities do we need to keep track of?
- If we use a wrist tag-reader, what other sensors should also be included?
Legal questions and answers
- Do existing fair information practice laws help to inform RFID privacy issues?
- Is RFID qualitatively different from other technologies that aggregate massive amounts of data?
- In consumer applications (i.e. clothing) are warning labels. The Gap sells pants with tags that read "REMOVE BEFORE WASHING OR WEARING". This warning does not disclose the potential danger in not removing the tag. What would a better tag warning look like?
- Are tradeoffs between privacy and convenience necessary?
- In what cases?
- Are there policies that can be adopted that minimize the magnitude of the tradeoffs?
- Should privacy regulations restrict the collection of data or the use of data already collected?
Sociopolitical questions and answers
- In what ways can RFID serve to centralize control over individuals?
- Which elements of society will be in control of RFID deployments? Who will have access to the databases of information?
- Is it likely that the availability of such fine-grained information will transform underlying power relations?
- How could labor relations change if RFID is deployed extensively in the workplace? What types of workers will be most likely to be affected and in what ways? How would such systems influence labor relations between unions and employers?
- In what ways have powerful institutions shaped the deployment of RFID systems?
Economic questions and answers
- Are we going to be seeing a mass production of tags that will drop their prices even more?
- Will active tag technology ever reach mass production, or will it always be too cost prohibitive in comparison to passive tags?
- How much are people will to pay for privacy (implicitly, explicitly)? For example, would people stop shopping at a store that used RFID to track products even if it made those products less expensive.
- What is the cost of infrastructure to support using RFID technologies in the applications discussed above?
Elder Care Economic Concerns
Currently there are several economic concerns preventing the adoption of RFID technology for elderly care. Providers fear that the state will reduce funding once this automated tracking technology is implemented because it should be highly cost-effective. Also the state is currently on a trust payment process where they can pay care providers by their discretion. If all care by the providers is logged then its possible the total cost for health care will rise. Worker unions are even more against the use of this technology because they fear it will reduce the number of jobs. In order for this technology to be adopted the State, clients, Providers and workers will need to be satisfied. How can we show that this system will benefit all?
Privacy Questions and answers
Privacy is a concern for many people. And while many of the concerns about privacy also show in other places (e.g. selling of cell phone records), privacy is still a hot topic in this domain for a number of specfic reasons. First, because the size of tags are so small, they can be used without the wearer's knowledge and permission. Secondly, the technology has made tracking and other invasions of privacy much more cost effective. Instead of having to follow someone around to track their activity, this can instead be done cheaply by using passive tags and a scattering of RFID readers. Finally, RFID technology is a concern for privacy because tags can be read at a distance, without physical contact. This means that you can be tracked and/or have private information read without your knowledge.
Currently, while the use of RFID for individual identification purposes is in its infancy, sociological implications involving the use of the technology have already developed. A number of privacy issues arise when the widespread use of RFID technology is used for the identification of individuals. These issues can be divided into a number of categories, each encompassing different methods of possible privacy violations. The list provided here is by no means an exhaustive list, but is an outline of the most critical privacy issues discussed by the UW Society and Technology group.
- Tag Level
- System Level
- Administrative Level
- Corporate Level
- Government Level
At the tag level, the main concern with privacy issues stems from the fact that personal information can be stored upon the tag itself. This personal data has the possibility of being read from a number of sources, where the most critical issue to arise is if criminals intending to commit identity theft could read the information on the tag. Similarly, if a party were able to access the personal information of an individual, there exists the possibility for the personal information on the tag to be altered. While this situation may not seem to be as serious a threat comparatively, the possible implications need to be considered.
There are mechanisms in place to deter the surreptitious collection of personal data by unauthorized parties involving the use of passwords. If the tag receives a query without a corresponding password provided for authentication, then the tag will not reply with the data. This brings about a number of issues related to password security, namely the possibility for the tag to be repeatedly queried with varying passwords (brute forcing, and dictionary search), as well as the possibility for the password encryption and hash to be reverse engineered or defeated.
At the corporate level, a number of varying privacy issues arises involving the internal operations of a company, and the way a company interacts with customers. Within the internal operations of a company, a large amount of data can be gathered concerning the whereabouts and of an employee. As RFID becomes ubiquitous for the use of identifying an employee, there is also the possibility for the employer to collect and monitor the location of the tag through the use of numerous readers throughout the building. Information about the employee can then be inferred from these readings such as: how long of a lunch break was taken, how long a person was at their desk, as well as more personal information including the length of time the employee spent in the bathroom.
At a higher level in the corporate environment, the administrators that maintain the RFID system could be a source of vulnerability involving the misuse of data, either intentional or accidental. The information retained by a company must be securely handled and policies to be implemented so that there are no possible violations. An example of the possible disaster that can be brought about by the release of personal data was when the web search results of hundreds of thousands of users was made publicly accessible, causing a major violation of the user’s rights, and subsequently led to legal consequences.
As for the interaction of a company with its customers, the privacy issues could involve the use of the personal data to create specific advertisements to a consumer.
At the governmental level, privacy violations can occur in the form of the subpoena of information if a particular person is under investigation. In addition to developing the policies of a company concerning the release of stored information, the policies governing the situations under which the government can obtain this information without legal formalities are still under discussion. Given that the United States government can currently conduct wiretaps without warrant, it would not be a stretch to presume that RFID information can be obtained without warrant also.
For all the levels of possible privacy implications, it is clear that development of policy governing the use of information that is stored and collected is critical for the privacy protection of individuals. In addition, policies need to be developed concerning an individual’s right to control of the data about him or her. Will there be an option for people to opt out of the data collection process? Is there a way for the tag to be active only during times when the user desires? In the development of policies governing the use of information, the issue remains in developing either more restrictive use policies with amendments to loosen those restrictions over time, or the opposite, to create policies that have minimal restriction on the use of personal data with the potential for amending those policies to be more restrictive. Corporations are interested in developing policies that have minimal restrictions on the information to their benefit, for example, to target consumers with increasingly personalized advertisements. Alternatively, some consumers may not approve of such use and would rather have their personal information available only to authorized parties.
In the case of elderly care, two methods of detection have been proposed, wrist worn tag-detector or WISP technology. From Matthai Philipose's research and pilot studies they've found that people actually prefer the clunky wrist worn tag-detector over the WISP technology. They've found this is because users know that they can remove the wrist band and no longer have their movements logged. With the built in WISP technology there is no way to turn off data collection. From their preliminary studies, users are more comfortable living in an entirely tracked atmosphere as long as they can choose when they aren't being tracked. However this leads to questions such as how can we be sure the user wears the wristband, what sort of incentives monetarily or socially can we give the client to use the wristband?
Questions for Matthai
- In our discussion, Matthai made the point that elderly citizens preferred to have the RFID bracelet rather than the RFID wisp because they knew that they could simply remove the bracelet whenever they didn't want to be tracked. However, presumably, the parties who have a vested interest in the elderly being tracked (e.g. government (medicaid, etc might be based on their activities), elder home (accountability, human personnel expense)) would want to institute measures to either incentivise wearing of the bracelet or penalize removal of the bracelet. Over time, however, it might very well happen that the practicality of choosing not to be tracked would become unrealistic, due either to financial constraints of being retired or lack of good, non-automated elder care, if left up simply to market forces. What protections can be made such that the ability to lead a more traditional end of life does not become difficult or impossible were it desired?
- In the client concerns section, two of the points are listed as: (1) Lack of trust/understanding of technology and (2) Fear of being monitored (Especially among mentally ill). In the debate over pervasive computing, especially with RFID, it seems like many proponents of pervasive technologies attribute lack of trust specifically to lack of understanding of the systems being designed. How fair is this characterization? How does it play into the ability to have useful debates about its place? The association between trust/understanding in the bullet point is quite curious in this regard. The same issue lies with the second bullet point which seems to imply that fear of being monitored is somehow irrational (or only for the "neo-luddites"). Yet the ability to monitor, measure, and infer is one of the central ways in which power manifests because it gives cheap, actionable information. Thus, power tends to become even more centralized in the institutions that come to have access to such data. Of course, these are probably way too deep readings of the slides, but it seems like they get at the strawmen that are typically setup in the portrayal of RFID. So the questions here are to what extent are the fears and concerns of RFID tied to misunderstanding of the technologies?
- In the deployment of the Eldercare system, who owns the data? If it is the wearer of the bracelet, do the same laws about medical data apply here? In the case where the data is owned by another party, what limits should be placed on what can be done with this data?
- Who verifies that the results of the Eldercare system are accurate and reliable? There is evidence that RFID reads can often be missed, non-uniform or inaccurate. Readers may break, tags may break, the inferring machine may be down. In the Eldercare, these reads feed into a system that eventually makes a "diagnosis" of sorts. In the case that this diagnosis is wrong, where does the responsibility lie?