To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://management.silicon.com/itdirector/0,39024673,39126003,00.htm

RFID: Why you may need tinfoil trousers
And other niceties of data privacy for business...

By Jo Best

Published: Thursday 18 November 2004

Microsoft has told people worried about the tracking capabilities of RFID chips to wrap themselves in tin foil.

Speaking yesterday at Microsoft's IT Forum in Copenhagen, Steve Riley, security programme manager at Microsoft, said consumers will have to be proactive if they want to 'kill' the RFID tracking tags when they leave a store - and he joked about the possible ways to do it.

With the tracking technology making it theoretically possible to discover information about people's buying habits remotely - albeit currently at a short distance - some civil libertarians and consumer groups have called for a moratorium on RFID until privacy issues are worked out.

"Most retailers won't put in a deactivate [for RFID tags]," Riley said, "so it's up to you to block it."

For those favouring direct action, there are a few ways to foil the tags, Riley said: "Microwave it for five seconds - but that's not really appropriate for everything that might contain RFID."

Another possible solution is blocking signals from the RFID transmitter by covering the tagged product in aluminium foil. Joking about a somewhat unconventional workaround RFID tags, Riley said: "If I'm stealing something, I'm going to put aluminium foil in my pant leg. I'm going to wrap it around these razors I'm stealing."

While privacy implications are proving one of the barricades for retailers trying to get RFID into shops and into product packaging, some consumers might do well to keep an eye on their pockets as well as their data.

Using contactless, RFID-enabled credit cards - where payments are made by holding the card near a reader - has been found to increase sales by 30 per cent.

However, for businesses, the main worry should be customers' data and keeping it secure.

"Think about what you collect... Think about a chief privacy officer," Riley said. "It makes sense in a large company. If you’re a small company, have someone who has that function. Please don't locate them in the sales and marketing."

"Have a privacy policy - you've got to be able to measure it," he said. "You don't know if it's effective or not if you can't measure it. If you can't measure it, it's just noise."