Several years ago, General Motors set out to create a company-wide telephone directory. Of course, in the 21st century you don't create a printed phone directory for a company as large as GM; you create an online directory. Two years and numerous legal hurdles later, GM had an online phone directory. This tale is amazing, given that GM wasn't trying to do anything particularly difficult, like aggregate identity pools or implement single sign-on company wide. They were simply creating a phone directory; something companies have been doing for a hundred years.
GM's hang-up was not the technology, but rather the legal challenges presented by differing privacy laws and regulations in each of the many countries where GM has employees. European privacy laws are much stricter than those in the United States. Privacy turned a seemingly simple project into a two-year ordeal.
More and more corporations and government agencies are appointing Chief Privacy Officers, high-level officials whose job is to ensure that identity data is protected. The reason is simple: privacy is a big deal. People believe that their identity data should be private. They don't necessarily believe that everyone else's data should be private, but they want to protect their own identities.
RFID stands for "radio frequency identification device." RFID tags are small integrated circuits that broadcast an identifying code whenever they're hit with radio frequency radiation. The circuit uses the radiation to charge a small capacitor that gives the tag just enough energy to broadcast the identifying code. RFID tags have been used to automate the collection of tolls or access to parking garages.
One of the really interesting uses of RFID tags is to identify things. This has generated significant interest in the retail industry. Imagine if the barcodes on the groceries you buy could talk. Rather than having to scan the items one at a time, the RFID reader could ask all the items in the grocery cart to identify themselves and total up the purchase all at once. An RFID reader in a refrigerator could keep track of what's in the fridge and build your grocery list for you. Smart shirts could tell your dryer how high to set the temperature.
Against this backdrop of a consumer Utopia is an Orwellian nightmare of massive intrusions into individual privacy. Who else gets the data from your grocery purchase? When you wear your Gap shirt into Eddie Bauer, do they scan it to know what kinds of clothing to offer you? In general, who else can scan the tags in the things you own?
This debate has created lots of heat over the last few years. Gillette planned a pilot with RFID-enabled shelf displays that would automatically send restocking alerts to the company when a display ran low. They were forced to abandon the pilot because of concerns by privacy advocates. Wal-Mart has led a push for RFID in retail, but so far has limited the roll-out to pallet-level packaging in the supply chain. Part of this is pragmatic: RFID tags are not yet cheap enough to put on everything.
The debate over RFID and privacy highlights a crucial aspect of privacy. People are scared of the theoretical threats to their privacy—especially in technologies they don't understand. At the theoretical stage, privacy advocates are very effective at using this ignorance as a backdrop for painting draconian pictures.
Get Digital Identity now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.