The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Search this blog

Recent Posts

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

David Fraser's Facebook profile

Privacy Calendar

Archives

Links

Subscribe with Bloglines

RSS Atom Feed

RSS FEED for this site

Subscribe to this Blog as a Yahoo! Group/Mailing List
Powered by groups.yahoo.com

Subscribe with Bloglines
Add to Technorati Favorites!

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Saturday, October 02, 2004

Article: Product ID tags raise privacy concerns 

Delaware Online has an article referring to a recent conference on RFID technology an includes a brief discussion of the privacy issues raised by the use of the chips:

www.delawareonline.com : Product ID tags raise privacy concerns:

"The potential for tracking more than just products has prompted the formation of groups such as Consumers Against Supermarket Privacy Invasion and Numbering.

RFID devices can be read from 20 to 30 feet away and the antennas, first made from copper, can now be printed with conductive ink, making it difficult for consumer to know if products they buy contain RFID transmitters, the group argues. The group has proposed legislation that would require the complete disclosure of products containing RFID devices.

While some have concerns about the tags being used to track more than just products, Ed Coyle, head of the Department of Defense's Logistics Automatic Information Technology office, said at the confer- ence that the key to security, or privacy concerns, is limiting the amount of information on the tags, which also makes the system speedier. "

I am not sure I agree with this last sentiment. The privacy impact of the technology has very little to do with the amount of information embedded in the chip. What matters is the database that the unique identifier is connected with. Afterall, your social insurance number is only nine digits long but has the potential to be a universal tracking code. The VIN on your car is longer, but is connected with your driver's license, which is connected to you.

The following scenario demonstrates the potential of these simple codes: If you buy a pair of shoes with RFID embedded in them at your local mega store, ostensibly for inventory tracking purposes, it will have a unique serial number. At the point of purchase, that unique number can be attached to your visa card number or your debit card in the back office database. The database can connect that to your address, etc. If the RFID in the shoes is linked to your personal unique identifier, anybody who scans the code from the shoes can connect it with you. And it can be scanned from twenty feet away. If your local mega storage puts scanners at the entrances, it will know, for example, if you visited the store again wearing those shoes. It can follow you around the store and know more about your behaviour in the store than you'd probably like. This micro tracking has the potential to be taken to the macro level if scanners, linked to databases, become pervasive.

More information on the privacy impact of RFID is available from Consumers Against Supermarket Privacy Invasion and Numbering at http://www.spychips.com/ (bonus points if you can figure out what side of the issue they espouse).

Labels: ,

Links to this post:

Create a Link

This page is powered by Blogger. Isn't yours? Creative Commons License
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License. lawyer blogs