British retailer Marks & Spencer recently announced plans to expand its item-level tagging trial to include clothing items at 53 stores across Great Britain. Such item-level tagging violates our call for a moratorium as spelled out in the position paper endorsed by CASPIAN and over 40 of the world's leading privacy and civil liberties organizations in November 2003. A similar violation prompted us to recently issue a boycott call against Tesco. See: http://www.BoycottTesco.com.
If implemented as planned, Marks & Spencer's trial would be the largest retail-driven item-level tagging project anywhere on the globe.
Marks & Spencer has contacted us about the trial, assuring us that it has made every effort to accommodate privacy concerns. The company has told us they will issue a document in the near future clarifying to consumers exactly how they are addressing important privacy issues raised by the planned trial. As M&S has a track record of responsibly engaging consumer groups on other issues, we're very interested to see their statement.
In the meantime, CASPIAN is withholding further response to the trial until we've had an opportunity to read the document and comment on it.
We'll keep you posted.
Source:
RFID Insights, 2/21/05
[Back]
Tesco and Unilever have been named as the two worst offenders in a new ethical ranking of Britain's biggest companies. A survey by Ethical Consumer Information Systems rated 100 companies on traditional ethics issues and on the criticism each got from citizens' groups. The supermarket and household product giants (each of which has participated in secret RFID trials) both scored only two out of a possible fifteen points. That's really scraping the bottom of the barrel.
We suspect that Tesco's ranking was not helped by its disregard for the RFID privacy recommendations of worldwide experts. The resulting boycott can't be helping the company's ratings, either.
Source:
The Guardian, 1/29/05
[Back]
News continues to swirl around ChoicePoint's massive security breach, in which the company sold complete dossiers on 145,000 people to identity thieves. Now a California woman has sued the company for fraud and negligence. The suit seeks class-action status:
"The suit seeks to represent anyone whose personal records were maintained by ChoicePoint from October 2004 through the completion of the suit, regardless of whether or not that data was actually released to anyone."
Hmm, that's virtually every consumer in the U.S. -- what a wakeup call for the database peddlers! In one of the best responses to date, we love EPIC's call for ChoicePoint to turn over profits from the fraudulent sales to the victims. (See their letter, linked below.)
Sources:
ZDNet, 2/23/05
EPIC's
Letter to ChoicePoint, 2/18/05
[Back]
The data peddlers just couldn't stop hemorrhaging in February. Shortly after ChoicePoint was nailed for selling data to criminals, Bank of America 'fessed up to having "misplaced" backup tapes containing credit card information on 1.2 million government employee accounts. Keep it up guys, your days are numbered.
Source:
c|net news, 2/25/05
[Back]
Imposing a much-hated "loyalty" card on customers is not the road to financial success, as Winn-Dixie's recent bankruptcy shows. Do you doubt that? Check the timing on the introduction of the company's card program and see how nicely it correlates with the start of its woes. You can do the same thing with Albertsons and several others.
When shoppers' regular market takes to surveilling them with a card, where do many card-hating shoppers turn for solace? Card-free Wal-Mart, of course. Sigh ...
While we have little pity for Winn-Dixie, a recent public statement about its troubles reveals W-D execs as even more clueless than we thought. In the second paragraph, they reassure us that although they're going bankrupt, "the Company's Customer Reward Card is being honored as usual."
Far from honoring the card, many believe it should be held in contempt. One former Winn-Dixie shopper -- a man after our own hearts -- got it right in a letter to the Florida Sun-Sentinel. He writes:
"Winn-Dixie worked at this bankruptcy. They and they alone are responsible for their mess. It started with the 'card.' This was the stupidest idea ever."
We agree wholeheartedly. While the card program wasn't Winn-Dixie's only mistake, the timing suggests it was a major contributor to the chain's downfall. But will the industry figure this out before it's too late?
Sure, we realize that not everyone hates "loyalty" cards. Some shoppers may even say they like them. But there are enough of us boycotting card programs -- and the stores that implement them -- to push a teetering company over the brink.
The anti-card contingent is smart, educated, and vocal -- and we put our money where our values are. In today's competitive environment, can stores really afford to lose our business?
No amount of card-driven "customer insight" could possibly compensate for the enormous ill-will and loss of business these programs generate.
Pity the poor supermarkets. Apparently Winn-Dixie's bankruptcy has got others shaking in their aisles. While much of the blame is being put on cost-conscious shoppers, some are also blaming independents and "specialty stores" for squeezing the big grocery chains. What's more likely is that all, big and small alike, are dying off in the shadow of Wal-Mart.
Notably absent from the analysis of grocery woes is any mention of customer service, the strong suit of many specialty stores and independents. We wish they'd also examine the impact of "loyalty" card programs on customer satisfaction levels. In the competitive arena, privacy-invading programs are too costly, both in terms of money and goodwill, to hang onto. We keep waiting for someone to get a clue that privacy could be the secret to competing with Wal-Mart.
A Missouri QuikTrip store manager with twelve years' experience with the chain has been fired for refusing to switch to the company's fingerprint system for tracking employees. While QuikTrip and other biometric advocates bizarrely claim their new program will actually enhance employees' privacy, Donny Attaway didn't see it that way. He saw it as an invasion of privacy and decided to quit rather than give in.
He said:
"Today, it's a fingerprint.' ... 'Some companies put GPS (Global Positioning System) in your vehicle. Tomorrow, it's in your cell phone. Down the road, it could be a microchip they want to implant in your hand."
Perhaps QuikTrip won't miss one lone worker. But if all employees who oppose fingerprinting, GPS tracking, and RFID-card tracking followed Attaway's example, the resulting talent drain might cause companies to reconsider such one-sided workplace surveillance mandates.
Source:
Kansas City Star, 2/24/05
[Back]
Two new RFID-based playthings have hit the market with a bit of a thud. First, there's a Japanese doll called Naoru-kun who gets "sick" and requires spychipped items, including medicine and candy, as part of her "treatment."
Then there's the soccer ball with a "microchip" that will be tested at this year's under-17 world soccer championship. Oddly, the term "RFID" is missing from the story, prompting Katherine to wonder if the acronym is being avoided by companies concerned about public opposition. (When in doubt, leave it out?)
Sources:
Engadget, 2/17/05
Yahoo
News, 2/26/05
[Back]
The European Union is taking a closer look at RFID technology and privacy concerns from manufacturing to deployment. While EU regulations already mandate certain consumer protections, the working group determined that others are needed. It has created a Working Document that addresses its concerns, and is seeking public comment through March 31.
Source:
Information Week, 2/6/05
EU
Working Document 105 (PDF file)
Email comments to:
markt-privacy-consultations@cec.eu.int
[Back]
While the European Union works to counter RFID privacy threats, the U.S. State Department continues to play ostrich about the issue, ignoring public concerns over spychipped passports. The agency has announced that it will not encrypt the data contained in RFID-enabled passport slated to be issued starting this year. This move puts travelers at risk for data theft, and could potentially jeopardize their physical security as well. (Do you really want people remotely reading your name and nationality?) Security expert Bruce Schneier says:
"The only reason I can think of [for putting remotely-readable RFID chips in passports] is the government wants surreptitious access. I'm running out of other explanations. I'd love to hear one."
So would we. Meanwhile, get a passport now or renew the one you have before the chips start appearing.
The government is accepting public comment on this issue through April 4. Go get 'em!
Sources:
Wired News, 2/24/05
Federal
Register
Email address for comments:
PassportRules@state.gov
[Back]
[Note: The following excellent piece was researched and written by CASPIAN member Julia Newman.]
Filling out and submitting warranty or product registration cards is NOT necessary for a valid warranty. In fact, warranty rights are in no way affected or diminished by refusing to disclose personal information, except in the case of some LIMITED warranties. The Magnusson-Moss Act governing warranty law in the U.S. specifically states that if a company wants to impose any obligations on customers "other than notifying you that they need service" those terms must be stated in the warranty.
Granted, warranty cards can be used to notify customers about product recalls and safety issues, but most cards go directly to data aggregating firms instead of to the manufacturer and are not used to confirm the warranty.
And beware electronic registration forms included with computers, software, etc. Once those forms are completed, they can be transmitted in "background mode" with no further action on your part. Connect to the web and your information --along with another bit of your privacy -- is whisked away. Don't be a gullible participant for the industry "who can't wait to sell their lists for a nickel a name."
Pay cash whenever possible, keep receipts in a safe place (especially for big ticket items), read the fine print, and NEVER submit warranty cards.
Sources:
FTC on Magnuson-Moss
Privacy
Rights Clearinghouse Newsletter, 4/04/02
Warranty
Week, 7/14/03
[Back]
Fujitsu has developed the U-Scan Shopper, a wireless computer that mounts onto a shopping cart and offers a "true 1:1 marketing and customer loyalty tool." The device helps shoppers find items in the store while beaming advertisements and offers at them based on their position or their loyalty card information.
Though the whole "smart cart" idea leaves us cold, we recognize that some card-free shoppers might want to test out such a device -- and now they can. Fujitsu's is the first computerized cart we're aware of that allows a shopper to use it anonymously, rather than requiring a loyalty card swipe first.
Before you get too excited, you should know that most of these cart systems enable retailers to pinpoint your physical location and track your movements as you walk around the store. Even if you start off anonymous at the beginning of your shopping trip, if you ID yourself at checkout with a credit card or ATM card, you'll allow the store to assess your movements retroactively.
One final note: stores with money to burn on this sort of thing usually have marketing and technology departments that are working overtime -- while charging you higher prices to pay for them. They're also likely to be surveilling you in other ways that are even more invasive and less visible than a tracking cart.
Source:
PhysOrg, 2/22/05
[Back]
Since our last newsletter, Katherine commented on RFID for the BBC's World Service radio program where she was heard by millions of listeners across the globe; she appeared on several television programs, including a segment for Fox, one for Canada's CTV network, and a re-run of her July 2004 appearance on Tech TV's Unscrewed; and her photo and comments appeared in an Information Age piece on Tesco's RFID initiative. In addition, Katherine was interviewed by or mentioned by several food, retail and tech industry publications.
CASPIAN also
got a few mentions from the bad guys:
AIM
Global tells RFID companies to talk to CASPIAN before screwing up. And
here's an instant classic, entitled Champion
the RFID cause; it tells RFID guys to "engage with privacy groups"
such as CASPIAN.
Finally, we
had ringside seats to the rollicking RFID debate in Information Week.
In one corner, indefatigable RFID
apologist Bob Evans slams RFID opponents and concludes with a swipe at
Katherine. In the other corner, commentator
Patricia Keefe calls for an end to the secrecy surrounding RFID trials
and applications.
Guess which of them soundly won the associated
reader
poll?
(Hint: It wasn't Bob Evans.)
[Back]
The following is just a small sample of the huge volume of mail we receive each week. Comments are edited for brevity, spelling, and grammar.
"I have 32 years of programming/analyst experience. I can say with certainty that some programmers include back doors to access databases. So how secure is our personal information?"
- Anonymous
"The plan to tag children to keep up with them is outrageous! Can you say 'MARK OF THE BEAST?' Do you want to set the precedent for all others to follow in your footsteps? To tag children as if they are animals?"
- Kendra, TX
"Thanks for giving the community a place to take back our privacy rights when everyone else wants to take them away."
- Anonymous
"In the old sense of Americans living in a sea of liberties, you are a brave American. I admire your stand against privacy intrusion of any kind. Your respect of individual dignity is supported by your fight against privacy invasion of shopping cards, RFID's, and rest of that trash. Above all, your site and its objective simply make good sense to anyone who views it."
- Brian, Washington
To Gillette:
"My wife, not knowing of your intrusion of privacy, bought [a Gillette product] this Christmas. You can follow it to the landfill."
- William Wyttenbach, M.D.
To Tesco:
"You won't be spending our money on RFID spychips... We'll shop somewhere else!"
- Mary, UK
EU citizens can read the Working Document on RFID we covered in the news section, then provide comments on it. Deadline for public comment is March 31, 2005.
EU
Working Document 105 (PDF file)
Email comments to:
markt-privacy-consultations@cec.eu.int
Americans are encouraged to read the Proposed Rule for RFID chips in passports and provide feedback on this dangerous plan. Deadline for public comment is April 4, 2005.
Federal
Register
Email address for comments: PassportRules@state.gov
[Back]