RFID PRIVACY : A TECHNICAL PRIMER FOR THE NON-TECHNICAL READER

RFID (Radio-Frequency IDentification) is a wireless identification technology poised to sweep over the commercial world. A basic RFID device, often known as an “RFID tag,” consists of a tiny, inexpensive chip that transmits a uniquely identifying number over a short distance to a reading device, and thereby permits rapid, automated tracking of objects. In this article, we provide an overview of the privacy issues that RFID gives rise to. While technically slanted, our discussion aims primarily to educate the non-specialist. We focus here on basic RFID tags of the type poised to supplant optical barcodes over the coming years, initially in industrial settings, and ultimately in consumer environments. We describe the challenges involved in simultanteously protecting the privacy of users and supporting the many beneficial functions of RFID. In particular, we suggest that straightforward approaches like “killing” and encryption will likely prove inadequate. We advance instead the notion of a “privacy bit,” effectively an on/off data-privacy switch that supports several technical approaches to RFID privacy enforcement.