UPDATE Aug. 23: Now available online at http://galecia.com/included/docs/position_rfid_permission.pdf
Thank you Lori - finally an RFID tech paper that is readable by the lay person. Lori shows us that being the first library out of the gate on this is probably not where you want to be.
She writes that the current standards are designed for container-level tagging (think pallets of goods delivered to Walmart), not for the item level tagging that libraries need.
This leaves early adopter libraries open to privacy issues like tracking and hotlisting. Tracking means people can track the movement of a book (or the person carrying it). Hotlisting means someone can figure out the RFID tag of, say a book on anthrax, and then track the borrowers of those books.
Position Paper: RFID and Libraries by Lori Bowen Ayre, The Galecia Group, August 19, 2004. Write to Lori to see if she can send you a copy: lbayre (at) galecia.com
------------
Here's a draft for part of a mini trustee tip that I just submitted to the CALTAC newsletter:
RFID and Patron Privacy
by Mary Minow, CALTAC Policy Analyst
Although the Patriot Act weakens library patron privacy, in some ways RFID tags pose a greater risk if not handled with great caution. Whereas the Patriot Act requires legal process to obtain information about your reading habits RFID tags are "promiscuous;" that is, they can be read by anyone who has a compatible reader, including your next door neighbor. They are also "stealthy" in that you have no way of knowing when someone is reading your tags.
Lee Tien, Senior Staff Attorney at the Electronic Frontier Foundation, spoke at the American Library Association conference in Orlando. He cautioned us to get public input and give thorough consideration to privacy issues before racing ahead with RFID.
Even without book titles or user names, the tags, by definition, allow tracking. If schools, post offices and libraries all use RFID, then we will have a pervasive public infrastructure set up to track each of us. Booksellers plan to use RFID with title information (that is, ISBN numbers that link to titles). Libraries will need to be sure to "kill" or deactivate those tags if they are still active when the books are shipped.
Some people say, "No one cares what we read." Tien answers that with three words: "Library Awareness Program." This was an FBI program in the 1970s and 1980s that targeted libraries, looking for Cold War spies by asking library employees who was reading certain technical reports and what database searches suspicious looking patrons asked for.
Certain books or materials will certainly be on a hot list. Will you be afraid to check them out? Perhaps law enforcement wants to track the path of a particular book on skyscrapers. If the book is seen at a checkpoint in a government building, then that book may be tracked as it moves from one checkpoint equipped with a compatible RFID reader to another.
Tien closed with an analogy. A proliferation of RFID tags can be compared to pollution. It is economically rational for an individual company to pollute. It gets benefits without having to mitigate the costs. However, the rest of society suffers with lower air quality. Pervasive RFID tags, used by stores, libraries, post offices etc. could make our lives more efficient, but not without social cost.
This is not to say libraries should not consider RFID tags. It is to say that the privacy concerns should not be quickly brushed aside, public comment should be encouraged, and best practices developed.
For further reading:
Berkeley Public Library, Best Practices for RFID Technology at http://berkeleypubliclibrary.org/BESTPRAC.pdf
Ann Cavoukian, Information and Privacy Commissioner/Ontario CANADA, Guidelines for Using RFID Tags in Ontario Public Libraries, June 2004 at http://www.ipc.on.ca/docs/rfid-lib.pdf A good place to examine "best practices"
Beth Givens, Lee Tien, RFID Implementation in Libraries: Presentations to ALA Intellectual Freedom Committee, American Library Association January 10, 2004, at ALA Mid-Winter, San Diego, CA http://www.privacyrights.org/ar/RFID-ALA.htm - good bibliography including a link to Karen Schneider's testimony before the California Senate
Katharine Mieszkowski, The Checkout Line -- or the Check-You-Out Line? Salon.com, July 26, 2004 at http://www.salon.com/tech/feature/2004/07/26/
David Molnar and David Wagner, Privacy and Security in Library RFID Issues, Practices and Architectures, June 8, 2004 http://www.cs.berkeley.edu/~dmolnar/library.pdf - study finds lack of appropriate access control in today's practices fails to protect patron privacy. Proposes new architectures to improve privacy security.
San Francisco Public Library - Radio Frequency Identification Bibliography (updated March 30, 2004) at http://www.sfpl.org/news/releases/rfidbiblio.htm
Yeah, RFID...the exact technology being used in DigitalAngel's Verichip, a Subdermal Implant now on the market. More here: http://dubiousprofundity.com/article.php/20050524103025821
I have news for you folks...we are too late. Big Brother is already online.
Posted by: ChrisJ | May 24, 2005 at 12:57 PM
Zombie Wire RFID World News' main objective is to reach out to the consumer and educate them on RFID and how it will infringe in their private lives.
We would say that 90% of all consumers do not know of the RFID movement. The question are: why are there as many as 90% of the consumers thus far in to the RFID movement unaware of what is taking place behind closed doors? What is there to hide? If informed of the RFID mandate, would they the consumer refute or conform? These and other inquiries need to be approached now before the mandate stands insurmountable.
Get informed now on the RFID movement at Zombie Wire RFID World News. If you want to be a part of Zombie Wire and have something to ad: Contact Zombie Wire for more information.
Go See: http://www.zombiewire.com
Posted by: James | January 08, 2005 at 11:42 AM