WARNING! This website is no longer actively maintained. It is an archive of 2 years work by Doug Belshaw who now blogs at dougbelshaw.com...
I noticed in my RSS reader this morning that Paul Stamatiou - someone who you must read if you’re interested in tech stuff - had blogged about a paper he has written on RFID tags. This struck a chord with me as earlier this month, over at edte.ch, I blogged about a trial using them in uniforms in a school near to me (Doncaster, England). I am concerned about the privacy and ‘Big Brother’ implications for such devices in our society. 
‘Stammy’ (as he is universally known) makes some great points - in fact his paper got an ‘A’ at Georgia Tech where, as a 21 year-old, he is studying. In what follows, I’m just going to quote Stammy’s paper and join up the dots with my own thoughts…
Radio Frequency Identification (RFID) is a maturing wireless technology with widespread uses, many of which individuals interact with on a daily basis, whether they are aware of it or not. RFID tags can make businesses more efficient through rapid inventory management, provide consumers with a faster method of checking out at their local convenience store, ensure that people are properly administered the medicine they need, and more (Bhuptani, 2005, p. 5).
Wikipedia has, perhaps, a more succinct definition:
An RFID tag is an object that can be applied to or incorporated into a product, animal, or person for the purpose of identification using radiowaves. Some tags can be read from several meters away and beyond the line of sight of the reader.
Stammy goes on to talk about more of the applications of RFID:
Low-cost RFID tags have penetrated the marketplace due to their sheer benefits over traditional barcodes, which hold several limitations. RFID tags fortify the primary draw of bar codes – the ability for ordinary items to be machine-readable at a trivial cost. Where as bar codes store an infinitesimal amount of data, ranging from 8 numeric characters to 2000 ASCII characters, RFID tags may hold up to 128 kilobytes (Hunt, 2006, p. 21). However, it is the wireless capabilities of RFID tags that make their uses obvious over bar codes. Many tags may be read at once and tags need not be within line-of-sight. Their technical implementation also ensures tags are difficult to replicate (Hunt, 2006, p. 22). Even though RFID tags compete with bar codes, tags are far from being limited to similar uses. The wireless ability of RFID tags has opened the door to previously impossible applications.
Some of these ‘previously impossible applications’, however, are worrying:
The canonical doomsday scenario for RFID tags does not deal with cracking encrypted RFID tags used for payment so much as creating a global consumer database from tags in consumer purchases. RFID tags were intended, like most technology, to offer the end user a cheaper, more efficient, and convenient product in the long run. But with RFID tags, how much convenience is too much? Perhaps when it can be used to track people with any degree of accuracy. This is where item-level tagging should be used with caution. Item-level tagging is the term for the embedding RFID tags in individual products as opposed to pallets of bulk products in a warehouse. Item-level tagging is not yet prevalent but at the current pace it is expected between 2010 and 2020 (Bhuptani, 2005, p. 182).
The problem isn’t necessarily with individual RFID tags, but when the combined data from them is aggregated:
MIT Professor Jerry Saltzer once stated that privacy is a database correlation issue. Suppose several separate entities have their own databases of information from someone. Entity A might have their name and address, Entity B their name, SSN [Social Security Number] and list of recent purchases, Entity C their name, date of birth, mother’s maiden name and so on. All it takes is a malicious person with access to these databases (that may just mean access to the Internet in some cases) to cross-reference a shared term such as that person’s name and they will have a great deal of information about that person. This might sound Orwellian, but it is a real concern that should be heeded.
So, what can be done? Well, consumers could remove the tags themselves. However, some RFID tags can be smaller than a grain of salt! Another way that Stammy mentions is to apply the ‘Faraday cage’ principle and to shield the area with tin foil or wire mesh. This is not a fooproof method, unfortunately. Perhaps we need some type of standard?
Before RFID proliferation reaches the tipping point, consumers should know their RFID rights and corporations should follow them. Privacy expert Simson Garfinkel proposed the RFID Bill of Rights to serve this purpose. They include the rights to: know whether products contain RFID tags, have tags removed or disabled once tagged items have been purchased, use RFID- enabled services without tags, access the data stored on an RFID tag and know when, where, and why tags are being read (Garfinkel, 2002, p. 35). Similar to how a pack of M&M’s states they were manufactured in a plant that processes peanuts, future items containing RFID tags should make it easy for the ordinary consumer to know whether the item is tagged.
Overall, a great paper from Stammy and well worth his ‘A’. I recommend you go and read the ten-and-a-half pages for yourself and follow up some of the links in the bibliography.
Finally, then, what are we going to do as educators about this? It’s a similar problem to school libraries having the fingerprints of every pupil in the school on file. It wouldn’t be difficult for a government to build an instant fingerprint database (’in the interests of national security’) without explicit consent. I see no practical reason why we should be tracking children using RFID at all.
What are your thoughts? 
Popularity: 13% [?]
To get into most of the buildings in my school district I have to use my ID tag, which has (you guessed it) an RFID tag in it. My tag allows me into only the buildings in the district where I officially work. If I were to go to another building for some reason, I would have to ring the doorbell to get in. Although it is possible to get into a building without using an ID tag (follow someone else in, for example) I can see that it would be possible to have a scenario where if you had your tag with you it would get read anyway.
All the 11-18 year-old kids have ID cards too. I honestly don’t know if their cards have RFID tags in them. I’m pretty sure their cards won’t open any doors for them like the staff IDs.
At this point the cards are being used in no different a way than the ’swipe’ cards we had at another school I used to work at. The RFID cards clearly offer different possibilities than the swipe cards. I have to wonder what the original rationale was behind the decision to purchase what must clearly be a more expensive system? (I believe our IDs cost around US$20 each!) I wasn’t there, so I don’t know, and I woud guess only a select few in the district were in on the discussion.