According to statistics from the U.S. Department of Justice, in 2005, more than six million Americans were the victims of identity theft in some form (Baum, 2007: p. 1), and the problem of identity theft has been pushed into the spotlight of mainstream media in recent years. Articles in the New York Times regarding identity theft during the week ending April 12th alone include: a story about a tax preparer facing a potential fifteen years in prison for first degree identity theft (Eligon, 2008); an Associated Press article outlining Hillary Clinton's anti-crime plan, which hits on the growing problem of identity theft (AP (a), 2008); a story about the Anthony Pellicano wiretapping trial, in which several counts of identity theft were dropped (AP (b), 2008); an article that details a recent U.S. Treasury report stating that between 2002 and 2007, more than 20,000 tax payers have been the victims of identity theft for the purposes of illegally obtaining refunds from the IRS (Browning, 2008); and a brief write-up about a Popular Mechanics article in which concerns about computer chips possibly allowing identity thieves to access bank and other private information from individuals, corporations, and governments, if the chips have a “subtle error” built into them (Brown, 2008).

The concerns about identity theft have sparked an entire industry of identity protection services (Lankford, 2008: p. 74), almost a million of which can be found in a quick Google search for “identity theft protection.” In short, not only is identity theft a fast (illegal) way to make money, but so is the business of preventing it from happening.

One of the new, technological ways being put into use to combat identity theft is the Radio Frequency Identification chip, or RFID chip (Gluckman, 2008). This controversial technology has several variations, but the end result is usually the same: absolutely identifying and/or tracking some thing or person (Jones, 2004: p. 21). These devices are already in use on several products we purchase every day (Roberti, 2007) and can be printed directly onto packaging (Cross, 2008: p. 9) and even directly onto currency (Russo, 2006). These uses of the technology have caused many to metaphorically raise eyebrows, study, and academically write about privacy concerns from such uses (van den Hoven & Vermaas, 2007: p. 284), but it is the other suggested uses that have been the cause of much controversy: the use of RFID technology to identify – and potentially track – people (David, 2007: p. 17). This includes recent legislation by the United States government to require states to include RFID technology in driver's licenses (Ramasastry, 2005). (This was to be required by May 2008; some states have received extensions and others have rejected the plan altogether (McCullagh, 2007), but the White House has pushed back the deadline for meeting the requirements of the Real ID Act until 2009, “acknowledging widespread opposition to the measure” (Corsi, 2008)). The United States already requires that the chips be incorporated into passports (Dubin, 2007; Anslow, 2007: p. 16), and there is even some discussion of inserting the chips – the size of a grain of rice – under the skin of the lower arm (Swedberg, 2008b).

While this technology is packaged in the guise of security, protection, and safety (van den Hoven, 2007: p.50), many have questioned the motivation behind the push to use this technology, and cite privacy concerns (Reilly, 2008) – concerns that might be alleviated if the acceptance and implementation were voluntary rather than legislated (Anderson & Labay, 2006: pp. 269-270). If the personal information of every American citizen were housed in one database, the trouble and expense caused by a security breach would be of epic proportions, and a situation such as this is not as unfathomable as some might think: the U.S. government's recent track record with the security of personal information is not exactly reassuring. Consider the admission by the IRS that more than 2,300 of their computers have gone missing (AP (c), 2002) or the recent hacking of the Department of Transportation computer network (Finkle, 2007) or the theft of a Department of Veteran's Affairs laptop, which the government failed to mention for nineteen days after the incident occurred (EPIC, 2006) and the Department of Veteran's Affairs failed to notify the VA Secretary about for 13 days, even though they knew about it within hours of the theft (Lee, 2006). Consider also that the bulk of RFID technology is based on technology currently in use in pay fobs for gas stations, and, as ABC News' 20/20 program revealed, the transmissions are not particularly secure (YouTube, 2006). The technology is also currently in use in certain types of credit cards that allow a user to wave their card over a machine at a store to pay for purchases; in some transactions, without ever inputting a PIN number or signing the receipt (Mastercard, 2008).

The question then becomes, what are the social ramifications of the use of RFID technology? How will this technology impact our privacy, our economic structure, and our governmental interactions? Is it less about security and convenience and more about an Orwellian future of “Big Brother” watching our every move? I intend to explore the pros and cons of RFID technology, its current and possible uses, and what impact the implementation of such technology could potentially have on society.

History and Operation of RFID

Some might be surprised to learn that the technology used to develop Radio Frequency Identification chips was first patented in 1973 (Aderson, 2007), but its roots go back to World War II radar for fighter planes. The limitations of radar, which prevented ground forces from identifying incoming aircraft as friend or foe, led to further development of the system used by Allied forces by the system's inventor, Sir Robert Alexander Watson-Watt, to allow for the identification of planes as Allied or Axis crafts. Without delving into the technical aspects of the actual units installed in the planes or into the cryptography involved, the system worked by a transmitter in the planes activating as the plane neared a transponder on the ground. Once activated, the transmitter would send a signal to the transponder. The signal contained encrypted information that identified the plane (RFID Journal, n.d.). A few years later, a device much closer to what we might recognize as RFID technology was developed: it is believed that, in 1946, Russian musicologist and electrical engineer Leon Theremin developed a “listening device” for the KGB based on technology that would, eventually, lead to the modern RFID chip (O'Connor, 2006). (Theremin is better known for inventing the aetherphone (also known as the Theremin), which was the instrument used to make the surrealistic musical sounds in The Beach Boys' hit, “Good Vibrations.”)

Most of today's RFID chips work in very much the same fashion as Watson-Watt's invention. The vast majority of RFID chips are what is known as “passive” chips, meaning that they do not contain a power source of their own and only activate when in proximity to a “reader.” The information is then passed on to a database where the data is processed so that it can do whatever it was intended to do; in most cases, identifying a particular item (Aderson, 2007). The difference between “passive” and “active” RFID tags essentially comes down to how it is powered, but that distinction does impact the way each of the RFID tags function (Harmon, 2002). The differences – while outside the purview of this paper to go into in-depth – do not change the end result of the use of the tags: both kinds of RFID tags are still meant to identify the thing to which it is attached.

Current RFID Uses

Radio Frequency Identification chips (or “tags”) have been in use for decades (Landt, 2001) for a variety of purposes. Perhaps the most widely known usage is to track shipments of goods en route to their destination from departure to arrival and at all stops in between (Freeman, 2007: p. 61). Other uses include prevention of shoplifting (especially in regards to high-end items) (Woyke, 2006), paying bridge and highway tolls without stopping (Tollroads, 2006), tracking luggage during airline travel (Rosencrance, 2003), and tracking inventory in retail outlets so that the store can “better collaborate with suppliers to monitor the flow of inventory and respond to problems or spikes in demand” (Songini, 2007: p. 14).

RFID has also been in use since the mid-1990s to aid in the recovery of lost pets and to track livestock (PC Magazine, 2007: p. 112). “One of [RFID's] most heartwarming applications is the large-scale adoption of microchipping – implanting RFID tags under the skin of pets” (Machrone, 2004: p. 75).

Suggested Ideas for RFID Implementation

Newer, suggested applications of RFID technology include uses in the medical field: implanting tiny RFID chips into the skin of the wrists of the elderly, especially Alzheimer's patients, who may get confused easily, go missing, forget to take medication (or take medication repeatedly) or wander away from familiar surroundings (Chappell, 2005). VeriChip, likely the most publicly identifiable company in the RFID business, has even begun trial testing on Alzheimer's patients in Florida (Miller, 2007) and announced in April 2008 that the company is launching a “consumer campaign on behalf of its implanted ID chips under the name HealthLink” (Blankenhorn, 2008). Other medical uses include keeping track of newborns in maternity wards to prevent, or at least limit, the occurrences of so-called “baby switching” (Quan & Welsh, 2006); tracking prescription medication inside hospital pharmacies and retail pharmacies to prevent counterfeit drugs (Burnell, 2008); to regulate which drugs are removed from pharmacy shelves; and to identify which hospital machinery needs cleaning or servicing between patients, among many other hospital and medical applications (Swedberg, 2008a).

The Benefits of RFID Technology Implementation

There is no doubt that the uses for RFID listed above have obvious benefits: loss prevention, tracking shipments, locating lost pets, and all the medical uses certainly are benefits of the technology. Another benefit from a proposed use of RFID technology is food monitoring, which would allow growers, distributors, and even the FDA the ability to monitor the freshness and quality of food “during transport, storage, and vending” (Abad et al, 2007: p. 2). Improving the quality of our food supply is just another way in which this new technology has been put to use, and this use shows how RFID has clear benefits. Another benefit is in the application of RFID technology to track sex offenders and other parolees by combining RFID technology with GPS technology and wireless capabilities (Mobile Enterprise, 2007). These sorts of uses were what RFID technology was originally conceived to do: make distribution of goods cheaper by preventing loss and damage during shipping, increase efficiency in areas such as the health care field or in a supply chain where the products or equipment might be handled by many employees or go through several processes, to take care of our pets, and to keep track of people in extreme circumstances, such as parolees or – on the other end of the spectrum – those we care about.

The Problems With RFID Technology's Uses

Radio Frequency Identification technology is a kind of technology that is subject to what is known as “technological creep,” which is defined as “technologies developed for one purpose [that] can very easily become subverted for another” (Anslow, 2007: p. 16). Anslow gives an example of “technology creep,” saying:

Last August [2006] , a local council trialled a scheme using RFID chips to track the amount of waste being placed in household bins – a precursor to the ‘pay-as-you-throw' tariff. The press releases sent round were from […] environmental organisations [sic] , anxious for journalists to laud their new approach to encouraging recycling. The headlines […] showed where public interest really lay. ‘Bin Brother's Watching you!' screamed the Daily Star, warning of the ‘councils able to “spy” on households and identify those where the amount of rubbish is larger than normal'. Rent-a-quotes trotted out comparisons to the Stasi and KGB; […] The episode was a perfect example of technology creep – RFID, a system originally devised for the Russian secret service in 1940s [sic] and which had entered easily into the security sector, ended up being used to trespass on the hallowed ground of the household. […] Which would you rather have: a real fiscal incentive towards recycling and waste reduction, or the freedom to throw out your trash without Biffa Waste Services quietly uploading your data on your dirty habits?

It is privacy concerns such as this that have put RFID technology and its many, varied uses under the proverbial microscope. Though it is clear that there are benefits to retailers and those on the supply chain of goods in using RFID technology to track shipments, most privacy advocates (such as CASPIAN – the Consumers Against Supermarket Privacy Invasion And Numbering) warn against manufacturers, distributors, suppliers, and retailers engaging in “item-level tagging” (CASPIAN, 2003), which Jeroen van den Hoven describes as:

[…] tagged items ranging from clothing, watches, mobile phones, and chip cards to identification documents, bank notes, and jewelry – all of which will constantly give off information. Persons will show up in databases as moving clouds of tagged objects, entangled in an “Internet of things.” […] RFID foreshadows what nanotechnology has in store for our privacy: the possibility of invisible surveillance (van den Hoven, 2007: p. 50).

Connecting Item-Level RFID Tagging & The Loss of Privacy

How can RFID be so pervasive? RFID chips can now be made so small that they can be virtually undetectable and hidden in the fabric of clothing (Current Events, 2008: p. 7), inside product caps and behind bottle labeling (RFID Product News, n.d.), beneath the battery in a cell phone (Hamblen, 2007), and, as mentioned earlier, they can now be printed directly onto the packaging of items (Cross, 2008: p. 9). And even though we generally throw the packaging away, RFID chips can now be seamlessly embedded into the item itself with molded plastics by the use of specially designed injection molders (Naitove, 2007: p. 33). And even if we do throw the packaging away, what is to say that we won't eventually be charged for throwing away packaging that could be recycled, as in Anslow's example, above?

One argument is that it won't happen because the local garbage collector, landfill, or recycling center can't know who bought what item. But what if they could? What if such a database existed that linked personal information with purchasing habits? That's the danger to the privacy of consumers in regard to item-level RFID tagging. Katherine Albrecht, writing for CASPIAN, explains that RFID tags can be hidden on or in the items consumers purchase without consumers' knowledge, and the radio waves needed to activate the passive RFID chips can penetrate through most materials that people wear or carry with them. Each item is given an Electronic Product Code (EPC) that provides the potential for every manufactured product on Earth to have a unique, digital identification code. The temptation, then, to link the EPC codes of RFID-tagged products to the credit card numbers or account information of the purchaser becomes a real threat to consumers' privacy. An enormous database could then be created containing the RFID tag data and the purchaser's personal information. Because the readers for RFID chips can be hidden or disguised as almost anything (behind a supermarket shelf ledge, for example), the RFID tags could be read at a distance, without the consumer knowing it was there or that the information had just been read. These readers could be inserted into doorway thresholds in the same manner as automatic door openers at retail stores, or contained within the shoplifting prevention scanners at store entrances and exits. They can even be seamlessly integrated into the carpeting. Previously-purchased items that contain RFID tags can be re-scanned if a consumer wears or carries the item when going on another shopping trip, letting the store know exactly where each and every item the consumer has on him or her was purchased, what he or she paid for the item, and, perhaps, even where he or she has been previously (CASPIAN, 2003).

The protestations are heard, but it appears that several corporations and the U.S. government are marching on with plans to implement RFID technology. “Major players like Wal-Mart, the Metro Group, or the U.S. Department of Defense have set ambitious roadmaps for tagging products with RFID chips” (Rothensee & Spiekermann, 2008: p. 75). In fact, mega-retailer Wal-Mart was caught in exactly the sort of thing RFID-skeptical consumers fear.

For four months in 2003, Wal-Mart equipped shelves in their Broken Arrow, Oklahoma, store with a RFID technology capable of tracking the Max Factor Lipfinity lipstick containers. In its Cincinnati headquarters, Procter & Gamble researchers detected when consumers removed lipsticks from the shelves. This action triggered a video monitor, which allowed researchers to watch consumers as they handled the lipstick (Freeman, 2007: pp. 62-63).

In another case, “the United Kingdom store, Tesco, ran an experiment in which a photo camera was activated each time a consumer took a packet of Gillette razors off the shelf. The photos were then added to a consumer database” (van den Hoven, 2007: p. 50). According to a 2000 survey report, “62% [of Direct Marketing Association member companies] gather personal information without telling customers [and] […] 74% use customers' personal data without asking permission” (Milne, 2000: pp. 1-6). “In South Korea, an entire city is being built to make use of RFID technology. Chip readers will monitor all products and services in New Songdo City. Homes will have medical stations that monitor people's blood pressure. Readers will keep track of kids so parents know when they're at school. Builders are considering using RFID to track trash and recycling” (Current Events, 2008: p. 7).

The method of RFID implementation is evolving, as well. “Kovio […] says it has developed a kind of silicon ink that can be sprayed on flexible surfaces using commercial printing systems” (Clark, 2007: p. B6). The Federal Bureau of Investigation has gotten into the business, too.

NOX – a new Intelligent Perimeter Defense system deployed by the FBI that uses covert Radio-Frequency Identification (RFID) technology to track people and assets without their knowledge […] One of the more covert technologies they employ is ID-Dust, serialized dust particles that can be interrogated like a RFID tag. The NOX team can coat a person or object with it to track movement. ID-Dust can show if an item was handled or it can even be sprinkled on the floor. People unknowingly pick up the ID-Dust on their shoes as they travel through a dusted area. The software combines the video surveillance and RFID information to create an association between the ID-Dust and a person. The ID-Dust allows the person's movement to be tracked around a facility without the person ever knowing he or she is being tracked. […] plus a complete history of exactly where each person traveled and when (Sirico, 2008).

Another company, Somark, has recently developed RFID tattoo, an invisible, chip-less, biometric method of marking livestock using specialized, non-toxic ink. These tattoos do not have to be in the proximity of a reader to be processed; in fact, they do not even need to be in the reader's line of sight (Somark, n.d.). Somark has a secondary market in mind, as well: “Somark are in the process of raising money to exploit the technology, and point out that what works for animals can, of course, also work for people; identifying Military Personnel as one of their secondary markets, after cattle and other livestock” (Ray, 2007).

RFID & Human Implantation

The “Panopticon, a never-built prison designed by Jeremy Bentham in order to impose total surveillance on every waking and sleeping moment of a prisoner's life” (Gitlin, 2002: p. 46) seems like an apt descriptor for what is happening in the realm of RFID technology. Could RFID technology be Bentham's Panopticon finally realized?

Jeroen van den Hoven and Pieter E. Vermaas say, “in a way.” “[RFID chips] will not exclusively revolve around the idea of centralization of surveillance and concentration of power, as the metaphor of the Panopticon suggests, but will be about constant observation at decentralized levels” (van den Hoven & Vermaas, 2007: p. 283). The easiest way to do that, of course, is to skip the possibility of a damaged RFID chip in clothing or on purchased items and put the RFID chip on a person somewhere that it cannot be removed: “Critics fear that someday people may be forced to be implanted with chips for identification purposes” (Current Events, 2008: p. 7).

With the recent legislation of the Real ID Act – which would put RFID technology in every driver's license – even certain departments in the U.S. government are beginning to get concerned about the lengths to which RFID technology can allow us to go against personal privacy.

Within DHS [Department of Homeland Security] , there is controversy over whether RFID technology should be applied to ID cards. On Dec. 6, 2006, the Data Privacy & Integrity Committee advised DHS against the use of RFID for human identity verification. Concerns over invasion of privacy and whether RFID information could be kept secure were primary considerations in the committee's recommendation that DHS proceed cautiously before implementing the program (Corsi, 2008).

It should be noted that RFID is not GPS, but RFID tags can already interact with GPS via adaptors, such as IBM's RFID Device Development Kit, which allows the remote scanning, collection, and processing of data contained on RFID chips using a device as benign as a PDA (Chen & Wu, 2006). (It was also IBM that used RFID technology in name tags to track its conference attendees (Thibodeau, 2007: p. 7)) Information such as this is openly available on IBM's web site for anyone with the proper knowledge and drive to utilize, to then collect personal information on his or her iPhone or Blackberry device while lounging with a latte in an outdoor café on a busy street. The irony is that, skimming personal information in this fashion – using RFID and GPS technology – could create identity theft on a level unlike anything our society has witnessed, when the technology began as a way to make society safer and more protected from identity theft.

Today, […] it's like a city street, and you're going at 20 or 30 miles an hour. Now you can hit someone, but the damage is only so much. […] With RFID, it becomes a freeway. You increase the velocity of goods, you're relying on this system, and if the system gets hacked, it will be a while before you even know about it (Claburn, 2004).

The Real Rub of RFID

RFID technology can absolutely be misused, but the benefits outweigh the problems, right?

While the U.S. military mandates that Department of Defense animals are to be RFID tagged (Shoomaker, Morrow, Navas, & Taylor, 2006: p. 8), more than a decade's worth of scientific research shows that laboratory mice and rats developed subcutaneous sarcomas (malignant, cancerous tumors) “most of them encasing the implants” (Lewan, 2007). While “[…] Under SPP [Security and Prosperity Partnership] […] “trusted travelers of North America” will be issued bio-metric border crossing passes, similar to electronic measures being issued trucks and other commercial vehicles under the “trusted trader of North America” initiative” (Corsi, 2008), American citizens are being subjected to the exploitive “Real ID Act of 2005 […] passed as Division B of the Emergency Supplemental Appropriations Act for Defense, the Global War on Terror, and Tsunami Relief, 2005” (Corsi, 2008). While, at security conferences, “researchers demonstrated that passports equipped with radio frequency identification (RFID) tags can be cloned with a laptop equipped with a $200 RFID reader and a […] smart card writer” (McCullagh & Evers, 2006), passport owners who worry about getting their information stolen from the RFID chips inside them have experiences like this:

At the window at the Consulate General of Japan, I did ask, “I can insert a piece of metal foil in my passport or put my passport in a metalized envelope so that my information cannot be skimmed, right?” The Japanese bureaucrat looked at me curiously: “If you haven't done anything wrong, why worry? Such an act can only raise suspicions” (Yoshida, 2008).

The contradiction between what is actually happening and what is being done/what we're being told is absolutely staggering. We are told, “RF tags provide far greater security than alternatives […]. There have been no reported incidences of RFID being hacked in real life” (Aderson, 2007) but the ease with which RFID chips can be hacked is becoming more and more apparent every day. “The Johns Hopkins researchers said that the RFID system […] was designed to thwart car thieves and provide fast convenient payments via safeguarded wireless transactions. […] however, […] the TI tags – already in use around the world – were susceptible to attacks using mathematics and low-cost processors” (Lyman, 2005), which sounds an awful lot like the “real world” to me.

The new [credit] cards […] use RFID […] technology [to allow] scanners to use radio signals at varying distances to read information stored on a computer chip. According to a study by researchers at the University of Massachusetts and at security companies RSA and Innealta, many of these cards will transmit your name, the credit card's number, and its expiration date (but not the three-digit security code) unencrypted to anyone nearby with an RFID scanner (Larkin, 2007: p. 26).

The fact that we are constantly and repeatedly told that current RFID security can't be hacked and that it is safe flies in the face of reports of hackers actually getting into RFID systems to prove that the technology is not secure. And yet, we're asked to allow schools to place RFID chips on (and sometimes, in) our children (David, 2007: p. 17); we're asked to willingly accept RFID technology in credit and debit cards that links a radio transmission sent from beneath the skin of our hands to our bank accounts (PC Magazine, 2004: p. 21); we're asked to willingly relinquish our personal information and medical histories to companies who are just now asking “What type of security would be necessary to validate queries?” (Ferguson, 2007: 28).

Conclusion

The social ramifications of widespread acceptance of RFID technology could be considerable, if action is not taken now, before the technology is fully ingrained in our culture, to ensure the security of our private lives, our personal information, and our identities. It is plainly obvious that there is as much – if not more – money to be made snooping into the purchasing habits of the buying public as there is safeguarding the same information. If the government does not step in and regulate corporate usage of RFID technology now , the future could be quite Orwellian, indeed… except, instead of Big Brother watching us, it could be Big Business.

REFERENCES