April 30, 2007

EAS/RFID: Don't do it!

This is the text of a letter that went out to 15,000 newsletter subscribers on April 30, 2007.

If you've read Spychips, you know that our worst consumer privacy nightmare is for those little anti-theft tags (known in the industry as "EAS" tags) to someday be combined with individually trackable RFID chips and slipped into consumer products. (See Spychips Chp 4: "The Spy in Your Shoe" for details.)

Well, those tags are now here.

An article in Friday's RFID Journal (posted below), reveals that Checkpoint Systems has actually developed a product tag that combines anti-theft and RFID tracking capabilities. The tags will debut this week at the RFID Journal Live! Conference in Orlando, Florida. What's more, Sensormatic, Checkpoint's only serious competitor, is running a whole conference session to describe the benefits of using this combined tracking technology.

This is beyond a doubt the #1 most important -- and dangerous -- development in the consumer privacy arena today. It means consumers may soon be buying, wearing, and carrying products tagged with RFID at the item level, because Checkpoint and Sensormatic specialize in hiding anti-theft tags deep inside of products, then distributing those products to nearly a million retail locations worldwide.

Now they want to do the same thing with RFID spychips. If they are not stopped, Checkpoint and Sensormatic will soon be hiding these dual-use tracking devices in your belongings, where they will be able to silently and secretly transmit information about you to marketers, criminals, and Big Brother.

This will be a consumer privacy nightmare -- and no one will even know it's happening. That's because industry lobbyists have prevented RFID labeling legislation from passing anywhere in the nation. There is no requirement that retailers or manufacturers tell us when they're hiding RFID tags in our clothes, shoes, books, or anything else.

Our only protection against this threat is the strength of our voices -- and the power of our protests.

Below is a list of relevant companies attending the RFID Journal Live conference in Orlando this week. They will all be hearing from Sensormatic and Checkpoint what a good idea it would be to start hiding RFID tags in the individual items you buy. Please look over the list, and if you see a company you buy from, tell them politely but firmly that if you catch them using RFID at the item level you will not only boycott their company, but you will tell everyone you know to boycott them, too.

Companies attending the RFID Journal Live! Conference:

Academy Sports & Outdoors, Albertsons, The ALDO Group, Anheuser-Busch, Best Buy, Blockbuster, Blommer Chocolate, Brass Eagle, CDW Corp., Dreyer's Grand Ice Cream, Electrolux, Energizer Battery, Fuji Photo Film USA, The Gap, General Mills, Gillette Company, Hampton Products, Hasbro, Hershey Foods, Hewlett Packard (HP), Hunter Fan, Hy-Vee, Inc., Jockey International, Johnson & Johnson, Johnsonville Sausage, Kellogg Co., Kimberly-Clark, Limited Brands, L'Oreal USA, Loblaws, Louisville Bedding, Lowe's Companies, Luxottica Retail, Maidenform Worldwide , Mars, Marubeni America, Masterfoods USA, McIlhenny Co., Meyer Corp., Nestle USA, Newell Rubbermaid, OfficeMax, Pacific Cycle, Payless Shoe Source, Pharmavite, Procter & Gamble, S. C. Johnson, SAKS Inc., Sara Lee Foods, Schick, Scott Paper Limited, Sears, Sears Canada, Sherwin-Williams, Storekraft, Stride Rite Corp., Tanimura & Antle, Target Corp., The Valvoline Co., Unilever, Wal-Mart, Walgreens, Wm Wrigley Jr Co, Wegmans

[To learn more about the conference, and to see a video on it, see: http://www.rfidjournalevents.com/live/ ]

Write to as many of these companies as you can, and cc: us on your emails. Let them know how strongly you oppose RFID spychips. When you're done writing an email, call their customer service lines for good measure. Send a fax, write snail mail, send a singing telegram. But whatever you do, don't take this lying down. We're counting on you to put a stop to this.

And because they just don't seem to get it, here's a special message for our friends in retail and consumer product manufacturing who may think now is a good time to start spychipping products.

I strongly suggest you reconsider.

Item-level RFID tagging of consumer products is simply unacceptable. It was not acceptable in 2003 when we launched boycotts against Benetton and GIllette for running trials, nor when we exposed the Auto-ID Center's confidential (and very incriminating) PR plans. It was not acceptable when we sued the nation's largest conference center for interfering with our right to protest the launch of the EPC network. It was not acceptable in 2004 when we outed Metro's spychip-laced loyalty card and sparked outrage across Germany. It was not acceptable in 2005 when we launched a boycott against Tesco, Britain's largest retail chain, live on BBC television.

Item-level tagging was not acceptable when we outed the entire industry (including IBM's "person tracking unit" ) in our award-winning book, Spychips, which hit the top ten Amazon nonfiction bestseller list and galvanized readers worldwide. It was not acceptable when we disclosed a tagging trial by Levi Strauss and generated an avalanche of angry letters. It was not acceptable when we demonstrated outside of Wal-Mart stores in two states. Nor was it acceptable when we shamed American Eagle Outfitters and American Express into publicly backing away from their privacy-invading RFID customer tracking plans.

We've done over 2,000 television, print, and radio interviews in virtually every media outlet in the world, and in every one we've clearly said the same thing: Item-level RFID tagging is not acceptable.

It's hard to be any clearer, but in the event there is anyone in the industry who still doesn't get it, here is a promise. If any company purchases dual EAS/RFID technology from Checkpoint Systems or Sensormatic and places even one EAS/RFID tag on a single consumer item, I will personally wage a worldwide campaign to expose and oppose you. Hidden or not, we will find you out and hold you up to public scrutiny.

We trust you will do the right thing.

Meanwhile, may God bless and guide you all, and hold us all in His wisdom, compassion and love.

In freedom,
Katherine Albrecht, Ed.D

============================================================
Dr. Katherine Albrecht
Founder and Director, CASPIAN Consumer Privacy
kma@spychips.com

Co-author (with Liz McIntyre) of "SPYCHIPS: How Major Corporations and Government
Plan to Track Your Every Move with RFID"

http://www.spychips.com // http://www.nocards.org
Bio online at: http://www.spychips.com/media/katherine-albrecht.html
============================================================


Checkpoint Combines EAS Tags With RFID
The labels contain both a Checkpoint 8.2 MHz RF antitheft inlay and an EPC Gen 2 UHF RFID tag.
By Mary Catherine O'Connor, RFID Journal, April 27, 2007
http://www.rfidjournal.com/article/articleview/3280/

April 27, 2007—Checkpoint Systems unveiled today the Evolve product family of labels, which marries RFID technology with Checkpoint's electronic article surveillance (EAS) technology. Checkpoint developed the dual-purpose labels to offer its retail customers a means of leveraging RFID tools for in-store inventory visibility while continuing to use the EAS tags as a theft deterrent—without having to apply two separate tags to their products.

The Evolve labels contain a Checkpoint 8.2 MHz radio frequency (RF) EAS inlay, which does not contain a microprocessor or carry a unique ID. The inlay is designed to trigger an alarm if passed through an EAS reader stationed around store exits unless first deactivated at the point of purchase. The labels also contain an 850-950 MHz EPC Gen 2 RFID inlay, to which an EPC can be encoded to identify and track individual products.

The initial Evolve tag design, the Evolve 410, involves the placement of an EAS antenna around the RFID inlay, containing an Impinj Monza chip on an adhesive paper substrate. The label dimensions are slightly less than 2 inches square, enabling it to be attached to most hangtags for apparel and footwear products.

"Before joining Checkpoint, I spent 20 years in the retail industry, and whenever there's a big technology change, such as RFID, retailers face so much [transition]. There's training staff, converting software, new data to manage," says Checkpoint's CEO, George Off. "Anything that can offer [retailers] flexibility [in adopting new technology] and enable them to pace their investments really helps during these transitions. That's what we're trying to do with Evolve."

Off says Checkpoint envisions working with retailers to incorporate Evolve tags as part of CheckNet, the company's global logistics and data communications platform. Retailers and their contract manufacturers can use the system to order product tags—including Checkpoint's EAS tags—that are applied to house-brand products at the point of manufacture. This, in many cases, is done overseas.

Using the Evolve labels as part of the CheckNet platform, retailers and manufacturers alike would be able to leverage the RFID tag applied to products and track their movement through the supply chain—from the factory down to the store level. "Retailers," says Off, "want both EAS security and inventory tracking."

Presently, Checkpoint is still in the early stages of discussions regarding incorporating Evolve product labels into the CheckNet platform, Off says. To deploy such a system, Checkpoint would need to develop a means by which the EPC encoded to the labels would be generated, managed and shared with supply-chain partners. The required RFID hardware infrastructure would also need to be put in place at manufacturing and retail warehouses and facilities. To leverage the RFID tags for inventory tracking inside retail stores, he adds, interrogators would be needed in the back rooms, and possibly on store shelves and at point-of-sale terminals as well.

=========================================

Conference Session RFID Journal Live! 2007
Item Level Tagging for Retail – Why Combining RFID and EAS Makes Sense
Wednesday, May 2, 11:30 am

ADT, primarily through its Sensormatic brand of EAS and CCTV products, has decades of experience working with retailers to protect their merchandise. Whether it’s a beep at the door or an image recorded to a DVR, “visibility” created by physical layer deployments is at the heart of ADT’s retail solutions. Item level RFID promises to offer new levels of visibility related to both in-store and supply chain processes. And while this new form of process visibility involves many integrated layers, many of the physical layer challenges faced by retailers in creating item level RFID tagging models have already been addressed. This presentation will discuss the challenges retailers face in adopting item level RFID tagging and offer lessons learned from years of experience in providing similar EAS solutions.
Speaker:
Randy Dunn, Director, RFID Sales, ADT Security Services
Takeaways:
. Lessons learned from combining EAS and RFID
. Understanding the obstacles for adopting item-level RFID tagging in the retail sector

Source: http://www.rfidjournalevents.com/live/level_expertise_executive_strategy.php


=========================================
ABOUT CASPIAN

CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) is a grass-roots consumer group fighting retail surveillance schemes since 1999 and irresponsible RFID use since 2002. With thousands of members in all 50 U.S. states and over 30 countries worldwide, CASPIAN seeks to educate consumers about marketing strategies that invade their privacy and encourage privacy-conscious shopping habits across the retail spectrum.

To join or support CASPIAN or to sign up for our mailing list, please
see:
http://www.spychips.com/get_involved.html

==========================================

Posted by Katherine Albrecht at 5:10 AM | Comments (0)

October 27, 2006

Spychipped Credit Card Q & A

rfid-card-151.JPG

The recent NY Times article that reveals the security flaws of RFID-enabled credit cards has consumers wondering if the cards in their own wallets are putting them at risk. We've been getting lots of questions and thought it might be helpful to share some thoughts here about what steps cardholders can take to protect themselves and their identities.

Q. Am I really at any risk if I carry an RFID-enabled credit card?

A. Security researchers have demonstrated that someone can siphon your name, credit card number and other information from these cards right through your purse, backback, or wallet--without your knowledge or consent. If you tote the "spychipped" cards, you could be opening yourself up to identity theft and surreptitious tracking of your movements and behavior. This "someone" could be the credit card issuer or a retail store--it could also be a stalker or thief.

Q. Does my credit card contain an RFID tag? How can I tell?

A. Call your credit card company and ask if your card contains an RFID tag. RFID tags are so small and thin that they can be hidden within the plastic. An RFID tag communicates by silent, invisible radio waves. If you don't ask, you might never know that your card can beam back information like your credit card number, name etc. The exception is the American Express Blue card. You can see the RFID tag through the clear plastic.

Q. Don't credit card companies tell you when they send RFID-enabled credit cards and alert consumers to the information security issues?

A. Millions of RFID-enabled credit cards have been issued with innocent-sounding names like "Blink" and "EasyPay." Most consumers don't understand this is a way the card companies have been trying to get the public to accept the cards without needing to explain the serious privacy concerns. After all, the RFID industry's own studies have shown that 75% of consumers object to RFID on privacy grounds once they understand how it works and how companies plan to use it.

Q. What credit card brands contain RFID tags that have security issues?

A. I spoke with one of the researchers quoted in the NY Times article. He wouldn't reveal the names of the issuers of cards tested in the sample, but he said the team found problems across all brands, including Visa, MasterCard, and American Express.

Q. What should I do if my credit card contains an RFID tag?

A. We believe credit card companies should recall RFID-enabled credit cards that leak information about consumers. However, we haven't heard of any company taking this responsible action. It's going to be up to you to demand a replacement card that is spychip-free.

Most credit card issuers will send you a new card without an RFID tag at no charge. However, we've heard that American Express customer service representatives are telling consumers who call with concerns not to worry because they can disable the RFID functionality from headquaters.

The RFID-enabled American Express Blue card has dual functionality and contains two distinct credit card numbers. One number resides on the mag stripe. The other number resides on the embedded RFID tag. AMEX customer service representatives are likely disabling the card number that resides on the RFID tag in the company database. This should help prevent unauthorized purchases via numbers read by radio waves. HOWEVER, this is only a partial solution.

The tag within the card could still be read by authorized and unauthorized persons and be used to track you and your behavior. We are recommending that consumers demand a spychip-free version or take their business elsewhere. Do you really want someone to scan information about you through your purse, backpack or wallet without your knowledge or consent?

Note: Do not mail or throw away the RFID-enabled credit card before destroying the RFID tag. Tags can be read right through envelopes and trash. You can destroy the tag by shredding the card or by cutting or crushing the chip.

Q. Can I disable the RFID tag in my microwave?

A. Don't do it. While putting an RFID tag in the microwave can disable a tag, doing so can also start a fire and damage the microwave. (We recount our microwave disabling trials in our book "Spychips.")

If you have any other questions, send them to me, and I'll try to share an answer:

Liz@spychips.com.

- Liz McIntyre

Posted by liz at 5:54 PM | Comments (5)

October 5, 2006

Schwarzenegger's Support of RFID Tracking Technology No Shock

Arnold.jpg

Governor Schwarzenegger's veto of a bill aimed at protecting California citizens from surreptitious RFID tracking should come as no shock if you understand his penchant for paternalistic power.

In a 1990 U.S. News interview he was quoted as saying "My relationship to power and authority is that I'm all for it. People need somebody to watch over them. Ninety-five percent of the people in the world need to be told what to do and how to behave."

Senate Bill 768, known as the Identity Information Protection Act of 2006, was passed by state legislators last month. It was drafted to prohibit abusive tracking of people through RFID tags and give Californians control over personal information stored on RFID-laced identity documents.

Among other things, the bill would have provided "... that a person or entity that intentionally remotely reads or attempts to remotely read a person’s identification document using radio waves without his or her knowledge and prior consent...shall be punished by imprisonment in a county jail for up to one year, a fine of not more than $5,000, or both that fine and imprisonment." (See http://info.sen.ca.gov/pub/bill/sen/sb_0751-0800/sb_768_bill_20060901_enrolled.pdf)

Schwarzenegger was apparently aware that his failure to sign the bill could open the door to more Big Brother surveillance on California soil. He issued a statement explaining that he vetoed the bill because it could conflict with new government standards for identity documents like those to be issued for driver's licenses under the Real ID Act. (See http://gov.ca.gov/pdf/press/sb_768_veto.pdf)

The Real ID Act, passed in the spring of 2005, gives the Department of Homeland Security the right to set new federal driver's license standards. Privacy advocates and civil libertarians are not only concerned that these new standards will create a de facto national ID, but that this national ID will contain remotely readable RFID tags.

Homeland Security is already testing RFID tags in visitor documents, and it is on record as shopping for a very powerful form of the technology that could allow law enforcement to read documents secured in purses, wallets and even in cars speeding by at 55 miles per hour.

It wouldn't surprise me if the governor has already read our book "Spychips" and understands how RFID technology could be used to track, monitor, and control citizens. He's just the sort of character who would find added value in RFID deep organ implants for humans and IBM's RFID-based "PERSON TRACKING UNIT" that can follow people in places like shopping malls, libraries, theaters, museums, elevators and even restrooms. Why, with that kind of power, he could most certainly keep track of the 95 percent of his constituents that he seems to believe need close supervision and instructions on proper behavior.

For more on this story, see Martin Bosworth's article Schwarzenegger Terminates Spychip Bill at www.consumeraffairs.com/news04/2006/10/ca_spychips.html
and
Arnie Terminates RFID Bill at www.theregister.co.uk/2006/10/05/california_rfid_bill_terminated/

-- Liz McIntyre

Posted by liz at 3:01 PM | Comments (1)

September 22, 2006

RFID Risky; Could Expose Company Secrets, says Forrester

reader reading tags.jpg
Consumers aren't the only ones who need to be concerned about the privacy and security downsides of RFID technology. A new report by Forrester Research is warning companies that "RFID is not mature enough yet to protect your company secrets," notes Evan Schuman, Retail Technology Editor for eWeek.com.

Forrester's report cites risks that include surreptitious modification of RFID data on tags and attackers monkeying around with data transmissions.

Read more at Schuman's StorefrontBackTalk:

http://www.storefrontbacktalk.com/securityfraud/forrester-report-rfid-not-as-secure-as-vendors-say

- Liz McIntyre

Posted by liz at 10:02 AM | Comments (0)

April 28, 2006

Tell Levi Strauss What You Think about RFID

levis-dockers_rfid.GIF
Graphic by Todd Fox

Many of you who have read our press release about the Levi Strauss item-level tagging initiative are emailing to request contact information for Levi Strauss. Here it is:

Main Number: (415)501-6000
This number goes to the main switchboard. The operator can switch you to Consumer Relations. Remember. If you call the toll-free Consumer Relations number on the Levi Strauss website, your phone number can be obtained.

Email: info@levi.com
This email address goes to a general email box. Consumer Relations would like you to use a special online form, but that doesn't give you a record of your comment. Please share a copy with us. You can email me at Liz@spychips.com.

Snail mail:
Levi Strauss
Consumer Relations
1155 Battery Street
San Francisco, CA 94111

We are hopeful that Levi Strauss will stop its item-level RFID tagging initiatives and honor the moratorium called for by over 40 of the world's leading privacy and civil liberties organizations. (See: http://www.spychips.com/jointrfid_position_paper.html)

RFID technology can easily be abused, and we believe it is essential that all the societal issues be explored before it is deployed. We hope Levi Strauss will be the company to step forward and begin the needed dialogue.

The current Levi Strauss RFID test reportedly involves RFID hang tags that can be clipped from the garments at checkout. But as anyone who has read "Spychips" knows, the RFID industry has discussed affixing tags on and within products and tracking consumers through them--a practice that could usher in an Orwellian surveillance society. On the clothing front, companies have talked about embedding RFID tags in the seams of garments and in flexible clothing labels. There has even been talk of using threads woven into fabric as antennas.

That's why it is crucial to counter *any* attempts at tagging individual consumer items now. Once the RFID infrastructure is in place, the nature of tagging--and the tracking done via the tags--can change overnight.

- Liz McIntyre

Posted by liz at 2:53 PM | Comments (101)

March 20, 2006

RFID Chipped chompers

tooth.jpg

Chipped chompers could take a bite out of privacy if Belgian scientists convince the public to open wide and say "ahhhh" to spychips. Dr. Patrick Thevissen and his team from the Catholic University of Leuven think embedded RFID tags in teeth would be an ideal way to uniquely identify people, according to an article in The Register today. After all, they note, teeth are the most enduring of human remains, and certain RFID tags can withstand temperature changes in excess of 800 degreees Farenheit.

The university's interest in identifying humans with RFID should come as no surprise. Members and associated members of one of the university's consortiums, Leuven Security Excellence Consortium, include Philips, HP, Sun Microsystems, and IBM, among others.

- Liz McIntyre

Posted by liz at 9:20 AM | Comments (0)

March 15, 2006

RFID Vulnerable to Viruses!

sneezing RFID tag1.jpg

Melanie Rieback, a Ph.D. student at the Vrije Universiteit in Amsterdam, delivered a wake-up call to RFID proponents March 15 at the Fourth Annual IEEE Conference on Pervasive Computing and Communications in Pisa, Italy. She gave a live demonstration of how hackers could deploy rogue RFID tags programmed with a virus to wreak havoc on associated databases--possibly even facilitate a terrorist attack.

Read all about it in our latest press release by clicking here.

- Liz McIntyre

Here are more relevant links:

The researchers' website
http://www.rfidvirus.org/

Their paper
http://www.rfidvirus.org/papers/percom.06.pdf

Their press release in english
http://www.rfidvirus.org/papers/press_release.pdf

Here's the link to the BBC article...
Mikko Hypponen, chief research officer at anti-virus firm F-Secure, said: "RFIDs with embedded computers are suspectible to basically all the same threats any other computers are. Unfortunately."
http://news.bbc.co.uk/1/hi/technology/4810576.stm

(Thanks to Trevor for compiling these links.)

Posted by liz at 12:03 AM | Comments (3)

March 13, 2006

Checkpoint Showcases a Spychipped Shoe

02-28-06_1842.jpg
Photo by Todd Fox

CASPIAN volunteer Todd Fox snapped this photo at the recent RFID World 2006 trade show held in Dallas, Texas. The advertisement depicts a boot with a hidden Checkpoint Systems Performa RFID tag molded into the rubber sole. RFID tagging of any consumer item poses a threat to your privacy, but that threat gets up close and personal in the things we wear--especially shoes.

Why are shoes such an issue? Simple. Ask yourself when was the last time you lent your shoes to someone else. The answer is likely "never." So if someone can scan your shoe to glean its unique RFID tag number that's linked to you, that person could have a pretty good idea of who is standing in it.

Imagine now that someone tracks you through your spychipped shoe via RFID readers hidden under floor tiles in your workplace or in public venues like shopping malls. Philips Electronics has clearly been thinking about this possibility. In a sworn U.S. patent application, a Philips' inventor observes that "the placement of [the RFID tag] in [the] shoe may be particularly advantageous where the [RFID] interrogator is located in a floor." (See page 52 of Spychips.)

Checkpoint's spychipped shoe display comes as no surprise to those of us who have been keeping a close eye on the publicly traded company. Back in the Fall of 2004, Katherine and I documented Checkpoint's scandalous display of prototype flexible clothing labels laced with hidden RFID devices. These labels looked very much like the ones that are sewn into the collar of clothes that might be hanging in your closet, bearing brand names like Calvin Klein, Champion, and Carter's.

- Liz McIntyre

Posted by liz at 5:58 PM | Comments (0)

January 10, 2006

EAS or RFID? New labels prompt questions

Old Navy label and tag.jpg

Consumers are finding new cloth labels in Old Navy and Gap clothing like the one in the picture above, and writing to us with the question, "Does this contain an RFID tag?"

It's a legitimate concern. Katherine and I found prototype Checkpoint brand RFID clothing labels on display at an industry trade show back in the fall of 2004, and it's clear retailers and manufacturers are very interested in tagging higher-priced items, like clothes. So I called Gap, Inc., parent company of Old Navy to find out.

Initially, the customer relations representative politely declined to discuss the label technology, saying, "The information is proprietary. I do apologize. I don't have much more to offer."

I explained who I was, told her that I thought the labels were simply EAS tags, and added that official confirmation from the company would probably be in its best interest since consumers had written to us with concerns. I also mentioned that I was planning to blog about the labels within the hour.

(Note: EAS stands for "electronic article surveillance. " EAS tags are anti-theft devices that can resemble RFID tags, but do not have computer chips with unique identification numbers and the associated privacy problems.)

She wrote down my phone number and promised to get back to me within the standard three business days, but graciously returned my call within five minutes. Here's her official comment about the label:

"It is only to prevent loss. It is not used for tracking purposes....It does not contain RFID technology at this time." (emphasis added)

(Note: At some point those labels could contain RFID tags, so we need to be vigilant.)

Any time we consumers have a question about the function of a device on or in a consumer item, we should pursue a definitive answer from the manufacturer or retailer. It not only puts the company on notice that consumers are watching, it also provides us with with information we need to make informed decisions in the marketplace.

Liz McIntyre

Posted by liz at 1:00 PM | Comments (5)

More on Viagra tagging

Pfizer 's website has a Q&A page to answer pharmacists' questions about the new RFID Viagra tagging project. It indicates that some Viagra patients may receive drugs with a remote-readable RFID tag attached:

Q: Will consumers receive Viagra with an RFID tag?

A: It's possible but not very likely. Most Viagra is dispensed by pharmacists in quantities smaller than those ackaged by Pfizer. If a consumer receives Viagra in the original Pfizer packaging and is uncomfortable with the RFID tagged bottle, they can always request the product be dispensed in an amber vial. The Pfizer application of RFID on Viagra does NOT allow the tracking of patient information.

Though taking home tagged Viagra may not be likely, why would you want to send anyone home with a remotely-readable impotence drug? Though Pfizer suggests that people could ask to have their pills placed in a special vial, the average American won't know to ask the pharmacist to do this, given that less than 10% of the American public knows what RFID is.

But here's the real question: Why is Pfizer shifting the burden of privacy protection onto its customers? Wouldn't it be smarter for Pfizer to simply instruct pharmacists to remove the RFID tag before dispensing the product to them? This would eliminate the consumer privacy problem of item-level tagging altogether, and assuage the fears of consumer privacy groups (like ours). We have already stated that we have no problem with RFID being used to authenticate drugs in the supply chain, before being dispensed to consumers. (See Section V of our Position Paper.)

If Pfizer is asking pharmacists to go to all the trouble of subjecting each Viagra package to a cumbersome authentication procedure, why doesn't it ask them to take the simple, additional step of removing the tag to ensure patient privacy, as well? The "amber vial" should be automatic.

Finally, that part about not containing any patient information is a red herring. I don't need to peruse your medical chart or even know your name to put two and two together if I scan your bag and get a tell-tale Pfizer radio signature back.

Pfizer's Q&A is online here: http://www.pfizer.com/pfizer/subsites/counterfeit_importation/mn_pharmacist_viagra_rfid_faq.jsp

Posted by Katherine Albrecht at 10:30 AM | Comments (1)

January 8, 2006

Remotely-detectable Viagra

viagra-label.jpg
Image source: Pfizer website

Just what every Viagra user needs -- a way for others to tell with the wave of a reader if they are (a) impotent or (b) planning a big evening. Amazingly, Pfizer is now individually spychipping every package of Viagra with an RFID tag. I doubt Viagra users have any clue their drugs are spychipped and can be identified right through their briefcase, pocket, or duffle bag.

Of course, this is a CLEAR violation of the Position Statement on the Use of RFID in Consumer Products which calls for a moratorium on such item-level tagging.

Tsk, Tsk, Pfizer. You'll soon be taken to task for this one.

Posted by Katherine Albrecht at 8:57 AM | Comments (0)

December 19, 2005

Boston research firm is promoting item-level tagging

A story just in from RFID Update reports that AMR Research of Boston is promoting item-level tagging of goods sold in retail stores.

Of course, privacy experts have condemned item-level tagging as a privacy menace since 2003. Item-level tagging of consumer goods is a clear violation of the Position Statement on the Use of RFID on Consumer Goods that CASPIAN co-authored with the Privacy Rights Clearinghouse. That statement was endorsed by over 40 of the world's leading privacy and civil liberties experts, including the Electronic Frontier Foundation, EPIC, the ACLU, Privacy International, and others.

Does AMR have any idea what sort of backlash retailers will experience from consumers if they pursue item-level tagging? No out-of-stock reduction could possibly be worth the pounding stores will get from consumers when they discover RFID tags affixed to their clothing and cosmetics.

Here's the rest of the story from RFID Update:

50% OOS Reduction from Item-Level Tagging

AMR Research of Boston, Massachusetts, has released a report that suggests item-level RFID tagging can yield significant benefits today if managed correctly. When targeted only at certain consumer goods categories, item-level tagging can yield a whopping 50% improvement in stock availability. Furthermore, there can be a 15% to 20% savings win on the labor costs attributed to restocking and replenishment.

AMR cites three categories ripe for item-level tagging: DVD and video games, high-end fashion, and commonly stolen or counterfeited goods like pharmaceuticals and cosmetics. In most of these instances, the benefit of tagging individual items derives from their high profitability. Employing RFID as a means of decreasing out-of-stocks on these lucrative items drives higher sales and meaningful benefit. DVDs, which produce a statistically very high return per sales-floor square foot, are a prime example. As the report says, "... 60% to 70% of the lifetime sales of a new DVD will be seen in the first week of its release. Investing in systems that ensure that stock is always available during these high-traffic times is mission critical."

Despite the benefits, an item-level RFID deployment must be made with deliberate care, says AMR. There are a number of necessary steps retailers must take to achieve the desired results. In the first place, there needs to be RFID readers in the retail store and in the backroom to capture key shelf-level events (such as an empty shelf) and then be able to process them (by querying the backroom for existence of the product with which to restock the shelf). There must also be labor process reengineering such that when actionable events like empty shelves occur, employees are alerted and address the situation efficiently and effectively. Also necessary is a wider corporate infrastructure that is able to process, leverage, and provide visibility onto the new RFID data. Lastly, the retailer should recognize the shift in approach that item-level tagging represents and proactively manage the change from the existing processes to the new ones. This "change management" will require engaging and educating everyone from store-level laborers to merchandising managers. It is a step that should not be underestimated. After all, when implementing a targeted item-level tagging solution at the store level, "the process map is as important as the technology architecture."

===========

About RFID Update - Launched in early 2004 to provide timely analysis of RFID industry news, RFID Update publishes editorial briefings every weekday for the growing ranks of top level executives involved in the deployment of RFID projects. Each issue distills the impact of global RFID developments by providing an analytical summary of news and matters pertinent to successful RFID implementations. Free for RFID executives and professionals.

RFID Update Editor: Will Smith, editor@rfidupdate.com
Press releases and public relations inquiries should be directed to Will.

To advertise in RFID Update, email advertising@rfidupdate.com to request a media kit.

RFID Questions? Ask at RFID Talk: www.RFIDtalk.com.

Recommend RFID Update to your colleagues. Tell them to subscribe free at: www.RFIDupdate.com

RFID Update
The RFID Industry Daily
http://www.rfidupdate.com

Posted by Katherine Albrecht at 9:12 PM | Comments (2)