LibraryLaw Blog: RFID

Student paper topic idea: Is it feasible to "kill and revive" rfid chips in library books?

Is it feasible to "kill and revive" RFID chips in library books? I got a couple of comments pro and con, and would love to see a smart library student with a technical background evaluate this. Here's some leads:

http://www.rfidjournal.com/article/articleview/1891/1/1/

www.rfidsec.com , http://www.rfidupdate.com/news/08122005.html#article_932

http://www.securitytaskforce.org/dmdocs/workshop2/stephan_engberg.pdf

I see Laura Smart is also looking into this.

If you have an opinion or have done research into this, please let us know.

Comments (3)

Breaking News - California RFID bill born again

9/3 Update: The bill is now posted. Assembly floor analysis is available at the end of this entry.

------------------------------------------------------------------

According to Paul Nicholas Boylan, Senator Simitian has moved to "give new life to SB 682," the RFID bill. Boyan reports that the SB 768, a "Marine finfish aquaculture" bill has been abandoned, and Senator Simitian amended it radically by inserting the language from the last version of SB 682.

I don't see this yet in the bill, but check this link later to see if it shows up.

Boylan also reports that the opposition to SB 682 is in the initial stages of formulating a bill to address privacy concerns, and says it would definitely impact libraries. Read more if you're interested in getting involved.

Continue reading "Breaking News - California RFID bill born again" »

Comments (2)

California RFID legislation is dead

Official history here. It was put in the suspense file - means it won't see the light of day until next year (unless major rule exceptions are made).

Commentary here and at Laura Smart's RFID in Libraries blog.

Does anyone know if other states have similar legislation pending or passed?

Comments (0)

RFID tags under your skin in Barcelona

Analysis of the proposed legislation on RFID in California says:

"A Barcelona nightclub allegedly uses them to admit customers to a V.I.P. room where drinks are automatically put on their bill."

I checked with a friend in Barcelona, and it goes even further than that. He tells me that an RFID tag is placed under your skin, the barman adds your drinks to your tab, and you pay automatically. To see pictures of a bar-goer getting implanted, go to the Baja Beach Club, click on VIP, then click on Verichip:Entrevista/Interview and scroll down.

For more, see BBC - Barcelona clubbers get chipped ; El Mundo - the FDA approves implantable chip containing medical history (in Spanish) ; Silicon.com - RFID chips headed for hospitals?

Comments (1)

You're invited to a panel on RFID and libraries, Monday in Berkeley

First, I have to tell you I am at 35000 feet above Baffin Island in a Scandinavian Airlines Airbus that offers Internet access. $9.95 for an hour or $29.95 for the full flight (10 hours for me). I had to try it out, even tho I've been knocked off twice already. Everyone around me is watching her own movie or killing space invaders. Not like the US planes I've been on at all.

Anyway, if you're in the San Francisco Bay area, come hear a panel on RFID sponsored by the Berkeley Public Library Monday night, August 1. I'll be there, addressing library privacy law.

The announcement is at the Berkeley Public Library website, which says that BPL "is holding a Community Informational Forum on Radio Frequency Identification (RFID) at the South Berkeley Senior Center, 2939 Ellis Street, Berkeley, on Monday, August 1, 2005, 6:30-9:00 pm. For accessibility questions and more information, call (510) 981-6121, TTY 510-548-1240.

Come learn how RFID works, in general, and how it functions in a library setting. One group of expert panelists will address issues of RFID technology such as: What It Is, Uses & Experience; Software Technology; and Public Health and Ergonomic Issues. A second group of expert panelists will address RFID policy issues such as: Privacy; Security; Best Practices. There will be time set aside for questions and comments from the community."

p.s. if there are any techies reading this, here's a bluetooth question: I'm using a bluetooth keyboard with a pocketpc on board the airplane. If I limit my pocketpc's bluetooth to paired devices, am I vulnerable to nearby laptops picking up my keystrokes? I don't think I can limit the keyboard itself or can I? It's a thinkoutside stowaway keyboard. At the moment my pocketpc detects two laptops with bluetooth in the vicinity.

Comments (3)

RFID in the new UC Merced Library

In February, the first version of a bill regulating RFID in California, Senate Bill 682, was introduced. See LibraryLaw's previous posting. The key issues identified by the Assembly were:

      1) Should the government issue identification documents (IDs) that can broadcast personal information without implementing security protections to limit both the ID's ability to broadcast information and what information might be broadcast?

      2) Should the government prohibit the use of "contactless integrated circuit" technology (RFID) in widely-used government documents, at least until the current safety measures have been implemented?

The first version of Senate Bill 682 would have prohibited any school, including universities, from issuing students cards that use a contactless integrated circuit or other device that broadcasts personal information or enables personal information to be read remotely. It also prohibited public libraries from issuing RFID library cards. The ban would have been in place for three years.

The most recent amendment of the bill, on July 7, deleted all references to the University of California, California State universities, and community colleges. And today's San Francisco Daily Journal reports that the new UC Merced campus library will issue library cards with RFID technology to allow self-checkout of books.

Opponents of RFID technology are worried that anyone with a reader can activate the personal information on a card with RFID, lessening personal privacy and increasing the opportunities for identity theft. Proponents are sure that technology can fix the problems that technology creates. Students at UC Merced will be the guinea pigs.

Comments (4) | TrackBack (1)

For New Jersey library folks

Here are the presentations I gave - I'll keep them here until April 30th...and I will follow up here on this blog with a response to the statues question soon.

Trustee liability

Meeting rooms

Privacy - with Patriot update

p.s. Alice Hoffman read her grandmother's advice which was wonderful - she later said it was in a published anthology. I thought she said the anthology title was FAMILY. Could someone give me the citation? THANKS.

Comments (2) | TrackBack (0)

New RFID bill in California would prohibit RFID tags that give personal information on library cards (among other cards)

Senator Joe Simitian introduced the Identity Information Protection Act of 2005.

SB 682, introduced 2/22/2005 by Senator Simitian: The act would prohibit identity documents (including library cards) created, mandated, or issued by various public entities from containing a contactless integrated circuit or other device that can broadcast personal information or enable personal information to be scanned remotely.
From Sabrina Pacifici's ever-useful beSpacific

"Identity" means any name, number, or data transmission that may be used alone or in conjunction with any other information, to identify a specific individual.

"Personal information" includes any of the following: an individual's name, address, telephone number, date of birth, race, religion, ethnicity, nationality, photograph, fingerprint or other biometric image of the individual, social security number, or any other unique personal identifier or number....

Minow take: Reading this text, it appears that RFID used on public library cards, even those that have only a bar code rather than a name and address, would be prohibited. The bill makes intentional disclosure a misdemeanor.

To read the bill..

Continue reading "New RFID bill in California would prohibit RFID tags that give personal information on library cards (among other cards)" »

Comments (12) | TrackBack (1)

Bless you Lori Ayre - RFID privacy concerns explained for nontechies

UPDATE Aug. 23: Now available online at http://galecia.com/included/docs/position_rfid_permission.pdf

Thank you Lori - finally an RFID tech paper that is readable by the lay person. Lori shows us that being the first library out of the gate on this is probably not where you want to be.

She writes that the current standards are designed for container-level tagging (think pallets of goods delivered to Walmart), not for the item level tagging that libraries need.

This leaves early adopter libraries open to privacy issues like tracking and hotlisting. Tracking means people can track the movement of a book (or the person carrying it). Hotlisting means someone can figure out the RFID tag of, say a book on anthrax, and then track the borrowers of those books.

Position Paper: RFID and Libraries by Lori Bowen Ayre, The Galecia Group, August 19, 2004. Write to Lori to see if she can send you a copy: lbayre (at) galecia.com

------------
Here's a draft for part of a mini trustee tip that I just submitted to the CALTAC newsletter:

Continue reading "Bless you Lori Ayre - RFID privacy concerns explained for nontechies" »

Comments (2) | TrackBack (1)

RFIDs and libraries

There is an interesting article in the Chronicle of Higher Education on the privacy implications of the use of RFIDS in libraries. There are a couple of points made that are not immediately obvious. For example, the article notes that standardization of RFIDs may lead to a greater privacy threat (normally we think of standardization as being good). And librarians at the University of Conn. are quoted as noting that the use of RFIDs in self-service machines can actually lead to greater privacy because a staff member does not look at what you are reading.

This seems to be in the "free" portion of the Chronicle, so non-Chronicle subscribers may be able to access it.