EPIC questions to RFID Industry
Summary of Manufacturers and Retailers' AnswersGeneral Summary
EPIC recently surveyed developers and manufacturers of RFID technology, as well as retailers who have begun to employ RFID in the supply chain and in the retail setting. EPIC asked about their use of RFID tags in the retail environment and requested details about how they were enabling customers to disable tags (a process known as "tag killing") or remove tags from retail merchandise.
It is clear from the responses so far that there is no standard for tag killing in the industry today. Many applications do not include the option at all and, when it is included, the actual mechanism for disabling the tag varies widely. Some retailers and manufacturers note proudly that no personal information is stored on the tag. This is largely irrelevant considering the ease with a tag's unique identifier could be associated with personal data at the database level.
Further, it is clear that several applications are being developed which read RFID tags on an individual's person without their explicit knowledge and consent. Government and employer applications, for example, may silently read tags without notifying the individual carrying them.
Manufacturers and retailers, such as Alien Technology and Wal-Mart, tell us that consumers rarely take home products with RFID tags since they are predominantly used in the supply chain on cases and shipping pallets. They further add that when consumers do take home products with RFID, they are clearly labeled and only embedded in packaging which can be easily removed. However, Wal-Mart stated that "Consumers may wish to keep RFID tags on packaging to facilitate returns and warranty servicing." This suggests that, in the future, customers may have difficulty benefitting from refund and warranty services if they do not hold on to live tags.Industry responses as of 6/23/2004: Royal Philips Electronics, Wal-Mart, Alien Technology, SAP, Vanguard I.D.
Royal Philips Electronics
Corporate Privacy Officer
This statement cannot be considered Philips's official position.
Key points: Smart-card RFID generally does not support killing, but smart label RFID chips do. There are several instances of applications where an individual might not be aware of when tag reading occurs. Philips Privacy Code does not apply to RFID tags used by Philips' customers, but applies to Philips' internal data processing only.
Tag killing option is only used in certain chip families, which are mainly used in retail and logistics. Smart-card RFID chips, used in ID-cards, loyalty cards, tickets, do not have a kill option but use strong encryption techniques and have range limitation features. Mr. Terstegge can neither confirm nor deny whether Philips produce chips with "deep sleep" mode. Near Field Communications (NFC) protocol is secure and has very limited (10 cm/3.9 inch or less) read range. NFC is currently used in highly secure RFID cards. Philips envisions future entertainment applications using NFC enabling easy, intuitive and - if necessary - secure data transfers between devices over short ranges.
Philips supports the International Conference of Data Protection & Privacy Commissioner's Resolution on Radio-Frequency Identification. "If data stored on RFID-chips are used to identify consumers, i.e. by linking the data with a CRM-database, the consumer must be informed and provided with the possibility to object, which in many countries is a legal obligation. Philips offers a variety of security and privacy protection features, but it is the customer's responsibility to actually implement and use them."
Philips acknowledges several ranges of applications where tag reading may occur without individual knowledge or confirmation such as workplace applications in the public and private sectors. Philips also suggests applications where opening a door triggers a tag reading event without individual notification.
Paul Drzaic, Ph.D.
Vice President, Advanced Development
Key points: No RFID tags will be embedded in consumer products (other than packaging) for years. If packaging has RFID it is clearly labeled.
"For the next few years, nearly all RFID implementations in retail settings are aimed at tagging cases and pallets of goods, not individual items. The items that do pass into consumers hands will be on the outside of packaging, and will be clearly marked as EPC tags consistent with EPCglobal policy. Consumers will not be exposed to RFID tags on large numbers of individual retail items for some time, which allows for the development of industry best-practices that will be acceptable to all."
Roland A. Edwards
Manager Product Public Relations
Key points: Representative says its tags killing feature at Metro stores physically disables tag, but this is contradicted by CASPIAN. Personal information is not stored on chip but is likely associated in store databases.
SAP representative says item-level tag killing feature that it provides to Metro "is performed in such a way that even the chip manufacturer would have no chance to reactivate the chip." Further, they "physically destroy" the chip. (Note: This contradicts a CASPIAN report that the tag "killing" only overwrites the bar code information with zero's and not the tags individual ID.)
Personal information is not stored on chip. However, the SAP statement suggests RFID data is associated with personal information at the database level: "If personal information is needed to perform a certain business process, it will require special authorization levels to perform this action."
Key points: One tag "killing" solution involves data alteration, not physical destruction.
One form of tag disabling they do is to write a disabling code over the chip which masks its unique identifier.
Wal-Mart Stores, Inc.
Key points: No tags reading is done on sales floor. No consumer-level tags are used without clear labeling, on packaging only and easily removable. RFID will not be used to collect additional data about consumers.
Virtually all RFID tags are on case and pallet level. Only three products in Dallas pilot store, two printers and a scanner, have RFID on packaging that a consumer might take home (in this case, shipping cases and end user packaging are one and the same.) Any RFID-enabled packaging that a consumer might take home is and will be clearly labeled (on the shelf and on the product) and easily removable by the consumer. No RFID labels are embedded in the products themselves. Consumers may wish to keep RFID tags on packaging to facilitate returns and warranty servicing.
"… we do not have any readers on our sales floors. We have also publicly stated that we will not use RFID to collect any additional data about consumers."
EPIC RFID Page | EPIC Privacy Page | EPIC Home Page
Last Updated: June 25, 2004
Page URL: http://www.epic.org/privacy/rfid/survey.html