RFID security scares ignore facts

February 2004 Asset Management, EAS, RFID

In the wake of Wal-Mart’s recent announcement that it would require radio frequency identification (RFID) tags on cases/pallets of products to facilitate tracking – and may require tags on individual products eventually – scare stories concerning possible use of these tags to violate individual privacy have been surfacing.

Such stories ignore not only common sense and practicality, but also the basic physics that govern the potential of these tags. Both the public and the retailers considering tag use need to understand these basic facts before they can enter meaningful debate on the use of the technology.

Situation analysis

The RFID debate has entered the public forum in recent months, driven on one side by an often overoptimistic view of the technology by potential retail and wholesale users, and on the other by even wilder misapprehensions about the use of this technology to gather intrusive levels of personal information from individuals.

"RFID tags recommended for product tracking cannot be used to track individuals through their lives via some sort of satellite-tracking mechanism due to limited read ranges," says META Group analyst Jack Gold, addressing a common urban legend. "The range of these tags is only a few [metres] at most, and they do not contain any personally identifiable information."

In fact, though several different RFID technologies exist, the passive tags being considered for Wal-Mart's supply chain have a very low data capacity and short read ranges. The Electronic Product Code (EPC) standard supported by Wal-Mart limits data initially to 96 bits, little more than what is found on bar code labels. Moreover, the often cited (but elusive) price point for these tags ensures that range and data capacity will remain low. The tags are not equipped to identify the buyer, so even if someone did track items, there would be no way to link those items to the purchaser via RFID.

Furthermore, tracking what individuals are reading or doing via RFID is the hard - and expensive - approach to gathering personal data. A much easier way would be to hack credit card databases that do contain personally identifiable information. Stores already capture who bought what at the point of sale (POS) when credit cards are used. Yet, consumers think nothing of using their credit cards to buy all kinds of things - including memberships to online X-rated sites. Moreover, the ubiquitous mobile phone is a far more realistic way to track people now, yet few privacy pundits - many of whom carry cellphones - are hyping the evils of big brother tracking who people call and where they are at all times.

Even retailers that legitimately gather personal buying information with consumer permission via loyalty cards that provide product discounts when scanned at the POS terminal still have the challenge of separating the wheat from the chaff to make effective use of the large amounts of data they gather. Some, like Publix, have determined that it is not worth the effort and expense.

"It takes trillions of pieces of data to put together a picture of buying patterns for a store on an individual-consumer basis," says META Group analyst Gene Alvarez. "The real value is for the individual stores to make effective use of it."

Cost versus value

The vision of tracking individuals via RFID tags (perhaps through articles of clothing with embedded tags) also has a practical aspect. Such tracking would require the creation of a huge network of readers that would have to be installed, coordinated and maintained - at the cost of thousands per reader. What value would any organisation receive from that information to justify such an expense? Even a chain with only 500 stores could face significant investment challenges for tracking products - never mind the consumer movement.

In addition, those debating the security aspects of RFID have to ask a basic question: who would possibly care whether a certain person wearing a certain brand sweater went to a particular bar on a Wednesday night?

Retailers need to deal with similar issues when planning RFID applications.

Enterprise wide initiative?

"Right now, Wal-Mart suppliers are under a lot of pressure to deliver, and in those companies we see that the techies are running the show," says META Group analyst Bruce Hudson. "By viewing RFID as a technology project rather than an enterprise-wide initiative, companies are putting their brands at risk. Particularly for item-level tagging, these projects need to be run by the line of business, with legal, PR and marketing input from the beginning. The mistrust surrounding RFID is similar to that around the 'cookie' at the beginning of e-business. A lot of fuss about nothing."

RFID systems are costly. A single tag - bought in bulk - may cost only a quarter, but the readers, the infrastructure to capture the data they gather, the analytical software to make sense of that data, etc, are all still costly. For instance, the cost of installing smart shelves for a single product at all the outlets of a major retailer could cost millions, and so far is unlikely to be economically justifiable given the potential weak return on investment. Thus, it may be more practical to continue to monitor most shelves manually.

Making good processes better

RFID is not a substitute for good store planning. Many retailers need to develop better business processes for store planning first.

"While it has a place in warehouse management, RFID technology is too limited and costly to be used to perform realtime tracking of tens of thousands of pallets of material in a large warehouse," says META Group analyst Dwight Klappich. "It does not work, given the read distances, other environmental considerations such as metal racks, and the three-dimensional nature of a warehouse. The question remains why a company would want to pursue RFID for this when there are far more realistic solutions (ie, warehouse management systems) that accomplish the real object of accurate inventory locating at far less cost and complexity."

"RFID cannot make a bad process good," adds Hudson. "It can only make a good process better."

RFID is also not an answer to the lack of UPC code standardisation. For instance, if Procter & Gamble uses a different set of codes to identify its products for North America and Europe, applying RFID will not fix the problem. Retailers will still have bad data in their databases, leading to incorrect invoice and stocking errors, which is why retailers - while pushing RFID - are also pushing UPC code standardisation and data synchronisation efforts.

RFID also has its own standards problems. Numerous versions of the concept using different technologies and pieces of the spectrum are in production, so a tag that one company uses may not be compatible with the readers of another company. The EPC standard embraced by Wal-Mart, for example, is currently incompatible with ISO standards used in Europe.

User action

RFID technology has already proven itself to be practical in applications ranging from automatic toll collection and the Mobil Speedpass to tracking individual steers on a feed lot. Consumers with privacy concerns should base those on the reality of RFID capabilities rather than on groundless statements by professional doomsayers.

Similarly, enterprises considering using RFID should begin by educating themselves concerning the real capabilities and issues of the technology and not misapply the technology to problems it cannot cost-effectively or technically remedy. When considering any plan beyond a purely technical trial, the planners should clearly identify realistic return on investment early in the planning cycle, considering the variable tag costs as well as the infrastructure and application development costs.

Source: META Group analysts: Dwight Klappich, Bruce Hudson, Gene Alvarez, Tim McLaughlin, Chris Kozup, John Brand and Jack Gold contributed to this article.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

SAP and Uber Freight join forces
September 2019 , Transport (Industry), Asset Management, EAS, RFID
SAP and Uber Freight announced a partnership to modernise the freight industry through intelligent process automation and better access to a network of connected and reliable drivers.

Read more...
Securing people, vehicles and cargo
September 2019 , Transport (Industry), Asset Management, EAS, RFID
The transport industry is under siege, not only with fuel price and legislation increases, but also with widespread unrest, looting and violence against drivers.

Read more...
Clear visibility into supply chain complexity
September 2019 , Transport (Industry), Asset Management, EAS, RFID
The Internet of Things is refining the capabilities of the supply chain to reduce theft, increase visibility and transform legacy complexity.

Read more...
Autonomous attendance
September 2019 , Products, Asset Management, EAS, RFID
The SACO RF attendance solution was developed with the focus on driving down costs without compromising functionality and ease of use.

Read more...
TAPA EMEA appoints Thorsten Neumann as president and CEO
July 2019, TAPA (Transported Asset Protection Association) , News, Asset Management, EAS, RFID
The Transported Asset Protection Association (TAPA) has appointed Thorsten Neumann as its first full-time president & CEO.

Read more...
Active cargo tracking units growth
June 2019 , Asset Management, EAS, RFID, Logistics (Industry)
The number of active tracking devices deployed for cargo loading units including trailers, intermodal containers, rail freight wagons, air cargo containers, cargo boxes and pallets reached 6.1 million world-wide in 2018.

Read more...
Local manufacturing from Hissco International
May 2019, Hissco , Editor's Choice, Asset Management, EAS, RFID, News
Hissco International recently announced it has set up a local manufacturing partnership that will supply X-ray equipment to partners around the world.

Read more...
More than locking the door
April 2019, Technews Publishing, Salto Systems Africa, ZKTeco , Entertainment and Hospitality (Industry), Access Control & Identity Management, Asset Management, EAS, RFID
Electronic locks offer hotels far more than simply a more convenient way to manage doors, they can be integrated into a host of other systems and services.

Read more...
Biodegradable security seals for SA
April 2019, TruSeal , Editor's Choice, Asset Management, EAS, RFID, News, Security Services & Risk Management, Commercial (Industry)
The new TruSeal product extension is produced from a special biodegradable material sourced from Malaysia.

Read more...
Enabling smarter cash handling solutions
March 2019, Technews Publishing, Cash Connect , Editor's Choice, Asset Management, EAS, RFID
Modern retail cash management has evolved so far from the old ‘dumb’ safe that it has become an essential enabler of today’s business.

Read more...