Article Continued...

Radio Frequency Identification, or RFID, is surveillance technology at its finest -- cheap, invisible, infallible, ubiquitous -- and privacy advocates abhor it. Silently, without even a bar code beep, RFID reads and records people's behaviour and inventories their possessions.[...]

Ms. Albrecht, founder of Consumers Against Supermarket Privacy Invasion and Numbering, has briefed Canada's federal Privacy Commissioner. She has been invited back to brief Ontario Privacy Commissioner Ann Cavoukian, too, as more and more RFID comes to Canada. Wal-Mart Canada would like to see all its merchandise tagged at supply point by 2007. And Canadian retailer Nygard tags garments in Toronto. RFID pill bottles are made in Ottawa.

We even have our own fledgling Canadian RFID Centre. David Wilkes of the Canadian Council of Grocery Distributors says Agriculture and Agrifood Canada, whose logo appears on the RFID Centre's website, contributed $485,000 for the centre's operations. The money was channelled through Mr. Wilkes's group for "evaluation of the feasibility, benefits and impacts" of RFID in Canada's food industry, Agriculture Canada's Chantale Courcy says, although she was unable to provide further details.

Elaine Smith of Food & Consumer Products Canada has said of the centre, "It's important . . . to address any consumer and privacy concerns." But the centre is really about shaping "consumer perception," she says in an interview. "As the future unfolds, consumers need to understand that there are no privacy concerns."

Meanwhile, the centre's press material says monitoring people, as well as products, is a chief use of RFID, in Canada and elsewhere.

In the United States, IBM may be sewing up this side of the business. It holds a patent to build RFID peepholes into the walls and ceilings of public places, washrooms included. These will surreptitiously identify passersby and look into purses, pockets and briefcases.[...]

The system is for government and law enforcement, and from his laboratory in Taiwan, IBM engineer Junwei Chen offers a seminar about it called RFID for People Tracking: You can run but you can't hide. "People tracking," Mr. Chen says, "is one of the most popular scenarios for RFID. GPS tracking is inferior. RFID can track anyone, especially indoors."

IBM has taken heat, but never distanced itself from its patent. Business is good worldwide, with many countries using RFID-based smart cards and national identity cards. An American national ID card is on order, as are RFID passports with visitor-tagging at the borders.

Barry Steinhardt of the American Civil Liberties Association says, "It's going to result in everyone, from the 7-Eleven store to the bank and airlines, demanding to see the ID card [and] scan it in. It's going to be not just a national ID card but a national database."

Ms. Cavoukian, Ontario's privacy commissioner, has said, "Clearly, it's not anyone's intent to spy on consumers. The vast majority of RFID technology is used [for] supply-chain management."

Nonetheless, while crate-tagging is done for inventory control and security, when you get to labelling individual products, Ms. Cavoukian admits, "You have a potential linkage with credit-card information."

In fact, at item-level tagging you have actual linkage, since details of your purchase are archived along with your credit-card information and other particulars of your private life. Your details are even matched with those on file for your family and associates.

Might companies sell their data, link their databases to broaden their surveillance? "Of course not," RFID Journal's Mr. Roberti says. "The lifeblood of any business is customer data."

But businesses sell data routinely, and Mr. Roberti himself has written about data-sharing between Wal-Mart, Target and a host of manufacturers. Retail RFID knows who you are, what you pick up from which shelf or rack -- and what you put back. "One day," Mr. Roberti says, "it might be very valuable to know that 100 customers picked up product A, put it back, and bought product B."

Valuable to whom? Pat King of the Pharmacy Association of Nova Scotia says drug companies track data to ensure compliance. Since half of patients with long-term conditions go off their drugs within six months, "non-compliance costs the drug companies big time." While Mr. King says "we sure don't tattoo [patients'] bums with bar codes," he thinks there is a trend toward increasing invasion of patient privacy. RFID readers are not yet in Canadian dispensaries, but no one's sure whether Canadian drugs are tagged.

Similarly, though RFID could improve customer service and savings, track corpses in disasters, keep prisoners "in sight" and safeguard children, it also spy-chips American library books and European Central Bank notes.

Even Levi-Strauss, the Woodstock-era fashion icon, is caught in the devil's bargain: It's putting chips in its jeans.

Mr. Roberti likes to compare RFID to the Internet. "It's used to track people's behaviour and on-line interests. Would consumers be better off if we banned the technology? Of course not. Rules for how RFID can and can't be used will be established as the technology matures. Companies will abide by these rules and customers will benefit tremendously."

In the U.S., patients are RFID-equipped on admission to hospital. Soon the tagging of patients, health records and prescriptions may seem like everyone at the party is having a look inside your medicine cabinet -- and not just those you have authorized. Johns Hopkins University engineers say RFID is hackable; health and credit particulars can be plucked from the air. Tags will soon be read from long distances, making systems leakier.

But consumer profiles built "legitimately" might hurt you more than hackers ever could. In 2003, a New England grocery chain developed "Smart Mouth" software to analyze the habits of each of its shoppers, converting their records into dietary profiles. To recoup expenses, the grocer said it planned to share its data with a selection of health maintenance organizations wanting to know which of their clients "had had too many steaks" and brought their ill health on themselves: no more coverage for them.

In a study last year of six private companies, the Rand Corporation found that data from employee RFID access cards was, in every case, systematically passed from corporate security to human-resources and medical departments. Only in one instance was an employee informed.

"Key players in the industry have some very bad plans," Ms. Albrecht says. "Corporations have been caught red-handed describing ways to use RFID to spy on the rest of us."

---