Concern over misuse of RFID chips

An innocuous-looking RFID chip, which could be misused for data-mining and personal profiling

Unless legislation is put into place, we could end up walking around in clothes embedded with tiny chips full of personal data that can be read by anyone with the right equipment.

Brussels-based European Union consumer group BEUC has warned that unless Radio Frequency Identification (RFID) chip technology is controlled by European-wide legislation, we could quite literally end up wearing our personal shopping, travel and even bank details on our backs.

RFIDs are small chips able to contain unique data which can be communicated with reading devices through radio signals. In practical terms, RFIDs have traditionally been used to keep track of airborne luggage or shop stock.

Oyster system

More recently, they have been employed with London Transport’s ‘Oyster’ card, allowing users to quite literally ‘touch in’ and ‘touch out’ of Tube stations and buses.

However, some retailers are now looking at new ways of using them and exploiting their capabilities. And this is where things could take a vaguely sinister turn if left unchecked.

A report in yesterday’s IHT highlights how a chain of fashion stores in Germany is pioneering a scheme using clothes tagged with RFID chips. The scheme enables a set of personalised, matching accessories to be displayed on a screen inside the changing room whenever a customer takes in any RFID-tagged clothes to try on.

In this case, RFID technology is being used to drive additional sales, which despite the potential to be annoying isn’t in itself particularly alarming. The real problem, highlighted by the BEUC, is how and when such RFID chips will be switched off once the customer has made their choice, paid up and left the store.

Frightening data-mining possibilities

At present, the retail industry in the EU is pushing for a voluntary ‘opt-out’ scheme, whereby the customer is tasked with requesting that the chips be deactivated. The BEUC, however, is arguing for an ‘opt-in’ approach that will compel stores to deactivate the chips unless the customer specifically requests them to be left active.

In the example of the German clothes retailer cited above, the RFID chips are big enough to be visible by the customer and removed. But in the future they could be sewn into seams where the customer wouldn’t notice them, remain active, and be possible to read with a suitable reading device.

And now for the scary bit. Since RFIDs can be linked with a credit card number at the point-of-sale, or with other personal data such as location and buying habits, the possibility of economic profiling by retail organisations or of personal data mining by criminals is very real.

Bladerunner-esque paranoia?

As Emilie Berrau, a legal officer for the BEUC, explained to TechRadar, unless the development of RFID technology is subject to EU law early on, future repercussions could be massive. “At the moment RFID technology is not widely developed, but in five to ten years it could be widespread,” she said.

“As each chip functions as a unique identifier, can be linked with personal data and is able to be read by anyone with a suitable reading device, we firmly believe that there is potential for misuse and they should be deactivated at the point of sale.”

In addition to lobbying for an opt-in approach to the use of RFID technology in the retail sector, the BEUC is also calling for the introduction of measures that will guarantee against the storage of personal data on such chips in the first place.