Privacy-value-control harmonization for RFID adoption in retail

Abstract

Privacy concerns have, at least in part, impeded the adoption of radio frequency identification (RFID) in retail. The adoption of other automatic identification (auto-ID) applications shows that consumers often are willing to trade their privacy or their control of personal information against some value afforded by the application. In this paper, the interplay between privacy, value, and control is examined through a literature survey of four auto-ID applications: mobile phone, electronic toll collection, e-passports, and loyalty programs. The consumer value proposition for the use of RFID in retail is investigated through an online survey exploring end-user perceptions. The results of the survey are: 1) the customer value proposition has not been communicated well to customers; 2) privacy concerns are higher than other previously adopted applications despite similar privacy issues; and 3) harmonization of privacy, value, and control is likely to be achieved only after adoption, when customers will be educated through experience with the application.

Introduction

Over the past decade, organizations have aggressively pursued the use of radio frequency identifi- cation (RFID) as a means to better identify, control, and track stock throughout the supply chain. The linking of RFID, an automatic identification (autoID) and data collection technology, to consumer goods has resulted in widespread concern surrounding privacy issues. The mainstream media have been quick to expose these privacy concerns, with most articles focusing purely on the potential of the technology to track consumers without their knowledge or consent. Prior to 2004, this resulted in many major retail organizations around the world temporarily halting their RFID initiatives because of consumer backlash and many more organizations hesitant to proceed further.1 Since that time, a number of U.S.- and European-based large retailers have either adopted RFID or conducted trials.2 Whereas privacy may not be the single biggest issue stifling the deployment of RFID, it has acted to delay uptake in the retail industry.3 This paper explores whether an appropriate harmonization between consumer privacy, value, and perceived control can be established for the use of RFID in retail.

There are three vital considerations in achieving this aim: (1) how consumer awareness influences perceptions, and consequently the development of such a harmony; (2) the balance evident in other, similar, auto-ID technologies and services that have already been adopted successfully; and (3) how an appropriate harmonization between value, privacy, and control can be achieved. In fulfilling the aims of the study, the consumer value proposition for the use of RFID in retail will be explored. Consumer perceptions of RFID and associated privacy issues will also be investigated. Finally, the extent to which education and awareness affect perceptions of value, privacy, and control will be measured.

RFID is best characterized as an auto-ID technology that uses radio waves to identify objects. In the context of this study, the specific RFID technology of interest is passive tags, which are tiny transponders that can be embedded or attached to an object requiring identification. These transponders, as small as a grain of rice, do not have a power source of their own; rather, they use the energy from an incoming radio frequency signal to transmit stored data to the reader. The most important characteristic of RFID technology in relation to the tagging of consumer goods is that it does not require line-ofsight positioning, which is a requirement of bar code systems. For EPC Gen 2 UHF (electronic product code generation 2 ultra high frequency) passive tags, the read range is 3.5 meters and the write range is 2 meters, depending on the RFID system setup and the environmental conditions. It is also possible to achieve reads of up to 8 meters away using these tags. The ability for RFID tags to be read covertly is the main concern among privacy advocates.

The rest of this paper is organized as follows. In the next section, definitions of privacy, value, and control are provided in addition to a survey of related RFID works. Then, the methodology used in the current study is briefly described. In the following section, four widely adopted auto-ID applications are presented using a literature survey to explore the actual privacy, value, and control dynamics that have led to consumer acceptance of these auto-ID technologies. In the next section, the results of an online survey investigating consumer perceptions of RFID in retail are presented and a comparison is made between the qualitative and quantitative findings. In the following section, the principal outcomes of the study are discussed. A brief summary of the material presented concludes the paper.

Previous Works

The classic definition of privacy is provided by Westin, as the ‘‘claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.’’4 This study is primarily focused on information privacy, which is described by Clarke as ‘‘the interest an individual has in controlling, or at least significantly influencing, the handling of data about themselves.’’5 Of primary concern in regard to RFID usage in retail is the collection of personal information that pertains to consumer shopping preferences, actions, and behavior. It is the collection, use, and disclosure of this information, particularly when it may be incorrect or unverified, to identify, track, and monitor individuals without their awareness or express approval, that is commonly recognized as one of the most prominent threats. It is important to understand that Clarke’s definition, along with other definitions of privacy from Altman,6 Schoeman,7 and Margulis,8 all emphasize that privacy is not separate from control; rather, it is ‘‘deeply intertwined with it.’’9

Value in this study will be viewed in terms of the benefits RFID technology affords consumers. It is how an individual prizes a certain outcome against all others.10 The value proposition to consumers for RFID usage in retail is generally phrased in terms of convenience. It is an equation of all the positive factors that interest the individual. It can include cost savings, time reductions, efficiency, personalization, safety, and security, as well as convenience and other tangible and intangible benefits. Therefore, in creating a harmony of privacy, value, and control, it is a harmonization between consumer willingness to lose some degree of privacy versus the strength of the retailer’s value proposition for using the technology.11 The value proposition can essentially be seen as a combination of benefits versus risks that consumers will evaluate in their decisions and perceptions.

Inness12 is clear that in characterizing the function of privacy in terms of control or restricted access there are ramifications for the normative value we accord privacy. For the purpose of this study, control becomes a relevant dimension of RFID acceptance, because it is only through a perceived level of control over their personal information that consumers will feel their privacy is being respected.13 The level of control that is provided either through the technology or by the service provider, whether that be perceived or real, is seen as an important element that, when combined with the value proposition, can affect consumer acceptance.

The consumer acceptance of RFID has been investigated in a number of studies. Some have proposed solutions that protect and enhance privacy and afford consumers a level of control.14–16 These solutions are typically technology-based, legislative, or regulatory in nature. Despite the different privacy solutions, a number of studies critically highlight that consumer perceptions and fear of RFID technology, brought about by a lack of understanding, remain.17,18 Thus, regardless of which privacyenhancing technologies are used, the concerns from the consumer’s perspective are the same.9,19 It is apparent from such studies that the real issue becomes one of fear or other underlying motives, that, when combined with perceptions of privacy and control, motivate a consumer’s acceptance of RFID technology. One quantitative study found that consumers felt a lack of perceived control over the technology as well as a great power distance,20 and another study found that cultural dimensions affected the way in which consumers viewed the privacy threat.21

The privacy debate has developed due to the identification and tracking capabilities inherent in the RFID technology. The argument is that if the tags were to remain active after the consumer has left the store, the technology could provide retailers and manufacturers the ability to track an individual’s movement and behavior in a clandestine manner.22 This is introduced by Roussos,23 who explains the ability of the technology to silently retrieve and record unique identifiers as an important contributing factor toward consumer uneasiness. Garfinkel et al.15 discuss seven key privacy threats that arise from the capabilities of RFID: (1) action threat; (2) association threat; (3) location threat; (4) preference threat; (5) constellation threat; (6) transaction threat; and (7) breadcrumb threat (i.e., leaving a trail of actions). Such threats have given rise to much concern by privacy advocates. In 2005, Eckfeldt24 explained that many major companies around the world had already scrapped RFID plans following consumer backlash. If it were not for the ‘‘haunting cries of privacy running afoul,’’ many more companies would have tested and launched RFID initiatives.1 This can also be seen clearly in the results of a Cap Gemini Ernst & Young consumer perception study of RFID that highlighted privacy concerns as ‘‘the most significant issue among consumers in all countries.’’25

The value proposition for RFID use in retail is an important topic that underscores consumer acceptance of RFID. What is apparent in surveying the literature is that while the benefits of RFID have been clearly defined and expressed for retailers, they have not been so clearly communicated to consumers. Eckfeldt24 makes an important assertion in discussing the value of RFID to consumers: ‘‘... the difference between successful and shunned RFID applications turns on delivery of clear, tangible value to the average consumer.’’ Furthermore he stresses that in assessing consumer benefit, organizations must consider consumers’ interests above their own; otherwise, they will produce a solution that fails to provide a positive balance between risk and reward in the eyes of the consumer. He further highlights that a tangible consumer benefit is pivotal to all these solutions. McGinity1 stresses the key value to consumers: better prices and product selection brought on by better efficiency at the back end, including reduced waste, reduced shrinkage, and improved supply chain processes. However, because the systems have not been widely implemented, assessing or promoting such benefits would appear to be speculative at best.

Balancing the economic interests of business against the privacy interests of consumers is another cornerstone in the privacy debate. Culnan and Bies11 introduce the centrist perspective, whereby corporate access to information should be balanced against the legitimate rights consumers have toward protection of their privacy. In addressing this balance, the notion of second exchange is introduced, whereby consumers make a non-monetary exchange of their personal information in return for improved service, personalization, and benefits.11 Importantly, they highlight that, for both organizations and consumers to realize the benefits, consumers must be willing to disclose their personal information and thus surrender some degree of their privacy. It is proposed, therefore, that people may be willing to accept a loss of privacy as long as there is an acceptable level of risk accompanying the benefits.

This idea of balancing interests is touched on by many authors. Eckfeldt,24 for example, emphasizes the idea of risk again in stating that successful RFID applications over-compensate for any privacy fears. He furthers the idea of risk in proposing that consumers will accept the risks if the application is worth the benefits. Langheinrich’s26 discussion on privacy claims that privacy practices and goals must be balanced with the convenience or inconvenience associated with them. In balancing the interests of consumers against organizations, the important issue that seems to dominate is the balancing of convenience and other terms of value for the consumer against the privacy incursion that is inevitable in providing such applications. It must be underscored that an underlying assumption made in this study by the authors is that privacy incursions, especially in the form of breaches in information privacy, are inevitable in the adoption of any emerging mass-market technology, and even more so if that technology happens to be wireless or mobile.

Methodology

Figure 1 Conceptual framework for the auto-ID application cases

This study used a combination of qualitative and quantitative approaches; a literature survey of four auto-ID applications, and a quantitative analysis of the data collected from an online survey. The literature survey covers the mobile phone, electronic toll collection (ETC), e-passports, and loyalty programs. The online survey analyzed the consumer value proposition for the use of RFID in retail and privacy threats relative to education and awareness. The conceptual framework for the auto-ID application cases is illustrated in Figure 1.

The conceptual framework covers the main dimensions studied in the literature search and their relationships. Harmonization can be derived from the value offering of the RFID technology, some of which is inherent to the technology itself (e.g., contactless operation), and some offered by the provider of the service using the technology (e.g., fast checkout at a supermarket). The privacy threats that the technology exposes, and the degree of control individuals have over their personal information, are also considered.

Harmonization is also affected by how widely the technology is to be used; that is, whether it is for large, high-priced items only, or for mass-market products. It has been seen that the more people use a technology (i.e., the higher the penetration rate), the less individuals question the privacy risks. The balance is also affected by the environment in which the technology is to be adopted, whether that be mandated (as in the case of e-passports), or voluntary. Finally, harmonization is also affected by societal perceptions; for example, the idea of microchips attached to common objects immediately conjures notions of Big Brother, and thus a negative perception of the technology.

Data collection for the case applications used multiple sources, including documents such as books, media reports (e.g., Factiva27), journal articles, white papers, corporate information, and marketing materials. The documents were sourced from libraries (offline), databases (e.g., IEEE Xplore28), online journals (e.g., the Journal of Theoretical and Applied Electronic Commerce Research), and media organizations (e.g., the British Broadcasting Corporation), as well as corporate, governmental, and institutional Web sites. The data collection was an iterative process, starting with a broad search strategy involving the key topics under investigation, with more targeted searches conducted thereafter.

Data collection for the online survey was administered at www.rfidsurvey.org for a period of 75 days, from July 10, 2007, through September 23, 2007. The online survey was openly accessible to all Internet users. In addition, targeted recruitment was undertaken in the form of electronic and physical mailings. The data collected in the online survey was based on 28 questions structured into four separate sections. The first section asked for general demographic information as well as information about the participants’ awareness and education. The second section queried participant perceptions of the consumer value proposition for the use of RFID in retail, asking participants to rank both awareness and importance against a list of suggested RFID benefits. The third section focused on assessing value and privacy in regard to a number of other technologies such as mobile phones, smart cards, loyalty programs, e-passports, GPS car navigation, and electronic toll collection. Four of these technologies are featured in the case study analyses. The final section of the survey asked questions about perceptions of privacy threats due to the use of RFID. Presented with a list of threats, participants were asked to rank awareness and concern of such threats. During the survey, respondents were given several opportunities to reply by way of open comments.

Qualitative content analysis was used to discover similarities between the four auto-ID application cases under investigation. Toward this end, the cases were structured in the same manner, around the themes of privacy, value, and control. The analysis focused on the significance of the technology given its penetration and usage rates, despite the presence of privacy threats, and the outcome is presented in narrative form. The text-mining tool Leximancer29 was used to analyze the documents collected, including the open comments provided by survey respondents. Leximancer assisted in uncovering the main concepts contained within the text and showed how these were interrelated.

The purpose of the statistical survey analysis was to uncover the perceptions held by participants toward RFID in retail, its potential threats, and its potential value given a number of typical usage scenarios. Perceptions of threat and value were also analyzed with regard to a number of other auto-ID technologies. Inferences were drawn on the population being studied by finding correlations using rating scales to reflect the real-world nature of the research. Given the use of the Likert approach, readers should note that the researchers were not working with quantities that provided precise measurements but working with rating scales (correlations of which provide general indications only). Using JMP* Statistical Discovery Software from SAS Institute, Inc., a common score for RFID value and threat, as well as value-and-threat scores for other auto-ID technologies, was determined by aggregating the rankings given by participants to relevant questions. The participants’ awareness of RFID and its potential use was also found in this way, using linear regression analysis.

The significance probability of the test (represented as a p-value) is a measure of how likely or unlikely it is to experience the observed data if the null hypothesis is true. The p-value is the area under the null distribution curve that is in bigger disagreement with the null hypothesis than the observed test statistic. When the p-value is less than 0.05, the result of the test is said to be statistically significant. When the p-value is less than 0.01, the result of the test is said to be highly statistically significant. The relationships between variables that were particularly significant in the data studied are illustrated using bivariate plots.

Auto-ID Applications

This section will present auto-ID application cases that explore the adoption and acceptance of a number of technologies and services within the context of privacy, value, and control.30

Mobile phone

The value proposition of the mobile phone extends from the convenience offered by its inherent mobility. In a study conducted by Hakkila and Chatfield31 regarding perceptions of mobile phone privacy, it was shown that greater than 82 percent of respondents considered their mobile phone a ‘‘private device.’’ The mobile phone presents a number of unique privacy threats, yet such privacy threats are seldom discussed or thought of by end users.32 Many citizens in the U.S., for example, are completely unaware that government authorities can track their movements by monitoring the signals that are emitted from the handset.33 The mobile phone also presents other privacy concerns in regard to the interception of signals by unauthorized persons.34 Theoretically, users can exercise control over other parties tracking their location by simply turning off their phones. However, in doing so, they prevent access to the features of the phone that provide the value in the first place.

Electronic toll collection

The key value proposition that electronic toll collection (ETC) systems offer is convenience and time saving. Such a system eliminates the burden to have cash available to make toll payments and provides individuals and corporations the convenience of an account that can provide better tracking of toll expenditure with more convenient payment options.35 Caldwell36 highlights two privacy concerns with regard to ETC. The first is the illegitimate use of drivers’ personal information related to payments, movement, and driving habits, which could become accessible if electronic records are compromised through a ‘‘cyber break-in.’’ This has been demonstrated on numerous occasions, such as the incident in which programmers were able to view ETC account details for subscribers in several countries, including one of the largest ETC systems in the United States.37 The second concern is the legitimate use of ETC account information by government authorities or private vendors that can use the information to monitor driving patterns and behavior of thousands of motorists. The concern also applies to other potential uses, such as traffic surveillance being used to detect speeding violations or stolen vehicles.38 Court cases in the U.S. have already demonstrated the potential for toll-tracking information to be used to verify an individual’s whereabouts and movements. The states of Delaware, Illinois, Indiana, Maryland, Massachusetts, New York, and Virginia have all released E-ZPass toll records in response to court orders for civil matters such as divorce. The states of Maine, New Hampshire, New Jersey, and Pennsylvania only release electronic toll records for criminal cases.39

e-passports

The greatest value of the e-passport, as stressed by most issuing authorities, is the enhanced security it is purported to provide through the digital storage of passport information.40 Certainly, given the current level of importance placed on national security, governments have been keen to introduce this technology as a means of providing more stringent monitoring of individuals entering and exiting the country.

The privacy concerns surrounding e-passports are primarily related to the ability to access passport information without contact, a capability afforded by the use of RFID to store the data contents of the passport. Juels, Molnar, and Wagner41 identify six key areas of concern: (1) clandestine scanning; (2) clandestine tracking; (3) skimming and cloning; (4) eavesdropping; (5) biometric data leakage; and (6) cryptographic weaknesses. The main issue of the e-passport is that the International Civil Aviation Authority (ICAO) does not require authentication or encryption for communications between the reader system and the e-passport. In locations where passports are frequently open, this could allow for eavesdropping. Theoretically, the unique identifier (ID) stored on the microchip could identify individuals and be used for tracking. Passports could even be cloned, because the digital signatures cannot tie the data to a particular passport. Once a reader has the key, there is no mechanism for revoking access, thus giving the reader the ability to scan the passport in perpetuity. Globally, it is reported that more than 50 million e-passports have been issued, which suggests that despite privacy concerns, the technology has undoubtedly been deployed successfully.42 Some states have mandated that the contactless microchip be shielded by a metal jacket to prevent the chip from being read when the passport is closed.43 If the shield is not provided, a sheet of aluminum foil will equally prevent unauthorized access of personal data on the e-passport.44

The media have been quick to highlight potential failures with the technology, such as the demonstration by a hacker who successfully cloned a U.S. e-passport and then dumped the contents onto an ordinary contactless smart card.45 A further threat was exposed when programmers demonstrated how an explosive device connected to an RFID reader could be triggered when a U.S. citizen carrying an e-passport came within reach of the reader.45 Given the mandatory nature of passports, there is very little individuals can do to avoid using them when traveling abroad. There is also little an individual can do to control how government authorities access and use the information on the passport when they are entering a foreign country.

Loyalty programs

In the case of loyalty programs, the value proposition is critical for encouraging consumer use and for developing the brand loyalty that the programs aim to achieve. A number of factors that determine such value in a loyalty program are described by Yi and Jeon.46 They include: (1) the cash value of rewards; (2) the choice of rewards; (3) the aspirational value of rewards; (4) the likelihood of achieving the rewards; and (5) how easy the loyalty scheme is to use.

The major privacy threat that extends from the use of loyalty programs is the ability to tie purchases of specific products to individual consumers and monitor their purchasing behavior over time. A study conducted by Graeff and Harmon47 found that in regard to loyalty programs, consumer perceptions were typically positive and most consumers did not associate such schemes with the collection and use of personal information. Loyalty programs are the ultimate demonstration of the trade-off consumers make of their privacy in order to gain something of value: benefits, rewards, convenience, or savings.48

A key element of consumer loyalty programs is their opt-in nature. Consumers are also given control over their personal information by government regulations, which in most countries grant consumers the right to know exactly what information retailers are collecting and how it is being used.

Discussion

It would appear, given the widespread use of the four auto-ID applications, that privacy has not been a barrier to their adoption and consequent acceptance by society. While the privacy concerns still exist and indeed, many individuals remain concerned about their privacy in relation to such technologies and services, on the whole it would seem that consumers have accepted each application because either the value proposition or level of control present balances against the privacy issues (mobile phones, ETC, and loyalty programs), or participation (usage) is mandatory and the appropriate safeguards to privacy are in place (e.g., e-passports).

Using Garfinkel et al.’s paradigm,15 action can be inferred by monitoring the mobile phone location, or monitoring tag usage at tollways, or monitoring passport usage, or inferred by the use of loyalty cards or the redemption of rewards. Association is prevalent in being able to identify an end user through the international mobile equipment identity (IMEI) in a mobile phone, through the tag ID or account number for tollways, through the e-passport ID number, and through the membership number on loyalty schemes. In terms of location, a mobile phone can be found through triangulation or using the Global Positioning System (GPS) chipset in the handset. The location of tags in tollways is also collected at each ETC entry and exit gantry. The location of an e-passport is established each time it is read by authorities or a reader device. For loyalty programs, the location can be established each time the card is used.

In the case of preferences, a mobile service provider has a list of features into which the user has opted. There are no preferences for ETC or e-passports. Loyalty programs allow for detailed consumer preferences to be analyzed by monitoring purchases and behavior. Information transactions are recorded by all the auto-ID applications studied. However, the loyalty card program is the only case investigated where transactions carry a value related to a monetary measure or rewards-based points scale. With respect to privacy, the breadcrumb attribute is the most invasive in terms of privacy threats. In the case of a mobile phone, a trail of actions can be inferred by the handset location or subscriber usage patterns. For ETC, a trail of actions can be generated by logging the location of the vehicle at entry and exit readers with timestamps. For the e-passport, each time it is read, the location is recorded. And for loyalty programs, a trail is automatically created of individual purchases at the point of sale. Different auto-ID applications have varying capacity to record location information, from the mobile phone that can be tracked 24-7, to the RFID in ETC that can be read several times per day on average, to the e-passport that is read at border checkpoints.

In the case of the mobile phone, the ubiquity in value terms would explain the lack of concerns consumers have toward their privacy in regard to its usage. For ETC, individuals have embraced the convenience aspects and it would seem that the ease of use of the technology (simply install the tag and forget about it) has again resulted in a general lack of concern about privacy issues. Loyalty programs are also clearly driven by their value to consumers. Of the four case studies discussed, the e-passport is the only one in which usage is almost completely mandatory for those wishing to travel internationally and also where individuals have very little control over how it is used by authorities. A summary of the key elements of value, privacy, and control for each of these technologies is provided in Table 1. For the greater part, the auto-ID technology in question provides value to the consumer by providing increased convenience. Consumers trade this value with the possibility of mobile telephone intercepts by lawful and unlawful parties, the potential to clone a tag, and the provision of personal biometric details. It is consumers’ perceived level of control of their personal information that can influence the value gained by opting in or out of a service. A key outcome that arises from the case studies presented is the varying relationship between three elements (privacy, value, and control). It is clear that in order to gain acceptance, privacy issues must be offset by value and control.

Table 1. Key elements of value, privacy, and control

In the case of mobile phones, it is evident that a somewhat low level of control is acceptable, given the relatively low vulnerability of individual privacy and the medium level of value the technology provides. With ETC, the vulnerability of user privacy is considered to be in the medium range, yet as users can exercise some degree of control over their privacy by removing the tag or opting to use alternative routes or payment methods, control is also depicted as being in the medium range. This medium range in regard to privacy and control is offset by a high level of value evident in the convenience the technology affords. With regard to e-passports, the government provides very little control. Furthermore, the value offered to the individual is, in real terms, also very low. Finally, with loyalty programs, a high vulnerability of individual privacy that arises from the vast amount of personal information collected is offset by a high level of control offered by providers by allowing consumers to freely opt out of such programs. The privacy risk is also further offset by the high level of value that such schemes must offer to encourage consumers to participate.

In the case of mobile phones, ETC, and loyalty programs, it is apparent that acceptance had to be earned through a favorable balance that was offered to consumers. In the case of e-passports, where the balance is unfavorable, acceptance was not generally required, as the technology was made mandatory by government authorities and the ICAO.

 

Analysis of Online Survey Data

The threats listed in the survey are potential threats of RFID (i.e., perceived threats) that have been drawn out from the literature as the major causes for consumer concern over the use of RFID in retail. Awareness refers to the aggregated score of each survey participant’s responses to a number of questions that dealt with perceptions of RFID and other auto-ID technologies. Specifically, the awareness score was calculated by the sum of responses in which participants ranked, using a Likert49 scale of 1 to 5, their knowledge on a list of 12 RFID related topics.

Sample respondents

Figure 2 Relationship between age and consumer awareness of RFID in retail

There were 142 survey responses in the pilot study. The majority (61.1 percent) of surveys were completed by Australians. The U.S. had the second largest number of responses (27.4 percent), with other responses recorded from countries such as Canada, Germany, Spain, and the United Arab Emirates.

Figure 2 aims to demonstrate the role that age plays in determining the level of awareness toward RFID. In analyzing the relationship between age and awareness, there is a highly significant relationship (p ¼ 0.0008) between a respondent’s age and his or her associated level of awareness. The data shows that awareness decreases with age, which is to be expected given that younger respondents are more likely to have been exposed to the technology, or have a heightened awareness of the possibilities and issues such technology represents.

 Figure 3 Relationship between consumer awareness and value proposition for RFID in retail

Figure 3 Relationship between consumer awareness and value proposition for RFID in retail

Figure 3 shows the relationship between awareness and the consumer value proposition for RFID as being statistically significant (p ¼ 0.0337). It is seen that as awareness increases, the participants’ rankings of RFID value decreases. This relationship suggests that those individuals who are highly aware of the technology are less likely to embrace the value of technology, as they are at the same time balancing the value against their perception of the privacy threats of the technology. Individuals who are less aware of the technology are more easily swayed by the value the technology provides.

Surprisingly, it would seem that awareness plays little role in an individual’s ability to perceive the privacy threats that the technology could introduce if it were to be implemented. This suggests perhaps that participants, regardless of their awareness of RFID, are able to appreciate the privacy issues based on their previous life experiences, particularly with other technologies presenting similar issues.

Figure 4 Consumer concern over privacy: RFID in retail versus other auto-ID applications

The results also indicate that there is some statistical significance in the relationship between RFID value and privacy threat. The higher an individual ranks the potential value of RFID, the lower they rank the potential privacy threat. It would suggest that elements of consumer value proposition for RFID, such as convenience, may override any potential privacy threats. Thus, presenting a clear value for RFID could be seen as important in countering any potential losses in privacy.

A key element of the survey was the ranking participants provided on both value and privacy concerns in regard to a number of other related technologies that have enjoyed widespread adoption (Figure 4). There was a highly significant relationship (p ¼ 0.0028) found between the perceived privacy threat of these other technologies and RFID usage in retail. In essence, respondents who were concerned about their privacy in relation to the other technologies were just as likely to be concerned about their privacy if RFID were to be adopted in retail.

Analysis of open comments

Analysis of the comments revealed a great range of attitudes, ranging from individuals who were strongly focused on potential privacy issues, to individuals who saw the technology as something quite positive and thus balanced this against the potential privacy issues. There were also many individuals who proposed safeguards that would need to be in place to make the technology acceptable.

In regard to privacy, there were a number of respondents who voiced their concerns. Comments such as, ‘‘I should have my right to privacy,’’ ‘‘... it invades on our personal freedoms,’’ ‘‘It’s too obtrusive,’’ and ‘‘... this technology is a violation of people’s right to privacy’’ clearly express strong feelings toward the potential of RFID to erode privacy of the individual. Many individuals also stressed that while they could see the value, or see the positives, they were not convinced that potential privacy issues would be managed effectively. This is well represented in the comment, ‘‘the benefits ascribed to RFID technology for the retail trade are commendable, but I have zero confidence that they will be achieved, and, instead, consumers will be subjected to more advertising, intrusion, and loss of privacy than ever.’’

Contrarily, there were a number of respondents who clearly valued the technology despite any potential privacy issues. This is illustrated by the comments, ‘‘... only someone trying to hide something or [run] from something would think this system is not a positive thing,’’ ‘‘... the benefits for consumers ... far outweigh the privacy issues that are envisaged,’’ and ‘‘... the privacy issues would sort themselves out in time.’’

A few respondents critically pointed out that indeed, this study assumed RFID technology would replace the bar code at some point. They also stated that the technologies were more complementary to each other, and that the value of placing RFID tags on every item is not justified by the present cost in doing so.

It would seem that the majority of users approach the technology with the idea that control would best balance the value against the privacy issues. The clear majority of comments expressed that the design of RFID systems should incorporate privacy protection from the outset. A common theme is seen in the comment, ‘‘if proper privacy and security architectures were implemented and enforced, the deployment of RFID systems need not be so problematic ... ’’ And again from another respondent, ‘‘if privacy concerns were taken into account and proper privacy-enhancing technologies were implemented and used, we could have the benefits without the drawbacks ... ’’

Regulation and legislation were also pointed out by a number of respondents as important means of providing individuals with control over their privacy. Some consumers noted they would be happy with using the technology provided that ‘‘the technology was adequately regulated... .’’

On the whole, it is apparent that most users are more concerned about the misuse of their information than the actual collection of it. While privacy could be protected by a range of controls, the potential for the technology (as with any technology) to be misused and abused by ‘‘the low integrity sector of society’’ represents the greatest fear.

 Figure 5 Overall respondent feelings toward RFID in retail

Figure 5 Overall respondent feelings toward RFID in retail

Together with the open comments, survey participants were also asked to provide a general ranking of RFID technology as it would be used in retail. Surprisingly, given the comments made and also the fact that the mean ranking in regard to privacy threats and RFID was 77 percent, the majority of individuals were neutral to very positive toward the technology (Figure 5). It would seem that most individuals can appreciate the technology, and although the privacy issues exist, they feel that the issues can be overcome, offset, or controlled in some manner.

A number of important outcomes are evident from the statistical analysis presented in this paper. These are summarized below:

  • As awareness of RFID and its associated issues increases, the relative importance of a consumer value proposition for RFID decreases.
  • Awareness of RFID and associated issues does not affect the perception of threat due to RFID.
  • The perceived privacy threat, and value, of RFID in retail is relative to an individual’s feelings toward other technologies and services with issues similar to RFID.

The most important observation in analyzing the results from the survey is the seemingly contradictory responses provided by the respondents. It was not uncommon to find participants who identified RFID as privacy-threatening, yet also stated that they were members of a loyalty program, or that they were mobile phone users.

Survey Results

In comparing the statistical results for the auto-ID application cases, it is evident that concern surrounding the privacy threat due to RFID in retail is considerably greater than the concern participants express for other applications. Where users have little to no concern regarding privacy and technologies, as is the case with the mobile phone and ETC applications and services such as loyalty programs, concern about RFID privacy threats is higher than should be expected. The key outcome that this exposes is the lack of harmonization in the current privacy, value, and control offering that RFID in retail presents.

In the application cases discussed, it was emphasized that appropriate harmonization between value and control could offset privacy issues. This is reflected in the relatively low level of concern participants in this survey placed on such technologies and services. Thus, the high rankings of privacy threats due to RFID in retail demonstrate that more education would be required to convince consumers of the value offered and the control they could exert over RFID usage. It is, however, important to understand that these rankings were given for auto-ID applications that are already widely adopted, whereby individuals have had time to understand and experience them in the context of their own lives. The privacy threat rankings individuals gave RFID, in many cases, show the lack of awareness of RFID. If consumers were actually to experience RFID usage in retail and place it in context with their own activities, it could be seen that rankings of the privacy threats may be significantly different, and perhaps more in line with the other auto-ID applications highlighted.

Therefore, it could be concluded, based on all the key results presented in this paper, that creating a favorable harmony of privacy, value, and control is perhaps an unrealistic notion when the technology has yet to be deployed. When there is such a divergent level of awareness among the greater population, striking a balance that is acceptable to all is an improbable task. It is therefore suggested that acceptance of RFID in retail may ultimately come over time, after adoption, as users become intimately experienced with its usage, or observe other user experiences. Consequently, privacy, value, and control are adjustable measures based on the feedback and behaviors of society in a given context and specific point in time. In that sense, harmonization will eventually occur with RFID in retail, just as it was shown with the auto-ID application cases presented.

The principal outcomes of this study can be summarized as follows:

  • The value proposition for RFID has not been well communicated to consumers.
  • Concerns surrounding RFID in retail were disproportionately higher than other previously adopted auto-ID applications despite similar privacy issues.
  • A harmonization between privacy, value, and control is unrealistic prior to adoption and can only be achieved once consumers can be educated through experience with the technology.

The preliminary findings of this study suggest that the harmonization between privacy, value, and control is largely dependent on individuals and their background (e.g., age), the type of technology being deployed (i.e., level of perceived invasiveness), and the type of provider (i.e., government or commercial entity). The results indicate that the perceived value and privacy threats posed by RFID in retail are commensurate with an individual’s pre-existing feelings toward other, similar, technologies. As was shown, privacy-related issues per se have not been a barrier to widespread adoption of auto-ID applications. On this point, the level of consumer awareness of RFID in retail does not seem to affect perceptions of privacy threats. It does, however, affect perceptions of value. Thus, a favorable harmonization whereby privacy is offset by value and control has been shown to encourage consumer acceptance.

The auto-ID application cases highlighted the importance of a harmonization between privacy, value, and control in influencing consumer acceptance and adoption. The online survey demonstrated the effect awareness has on perceptions and the disproportionately high rankings given for RFID privacy concerns.

The most significant outcome drawn from the combined analysis of the cases and the online survey is that achieving a harmony of privacy, value, and control for RFID adoption in retail is unrealistic at this point in time. With such differing levels of awareness and education, differing expectations, and differing perceptions, achieving a harmony that is favorable to all consumers now would be an improbable task. It is also evident in reviewing the literature that there have already been significant attempts to address privacy issues and provide individuals with a degree of control, yet the privacy concern still remains. This furthers the notion that it is unlikely that privacy concerns can be resolved prior to the technology’s adoption and use by consumers.

Figure 6 Harmonizing value, privacy, and control through the adoption process

RFID in retail can certainly achieve a favorable harmonization, one that offsets privacy risks with significant value and consumer control. It is more realistic, however, for this harmony to be achieved after adoption, when consumers can be educated through their experiences, and whereby society will consequently shape the balance as the impact of the technology becomes more evident. Figure 6 illustrates that to achieve harmonization there must first be a strong value proposition driving adoption in the first place.

Conclusion

In a society where it seems we are increasingly surrounded by technologies, governments, and institutions monitoring every move we make and collecting vast amounts of personal information, privacy has grown to become an ardently debated topic. Each individual living within a civil society has a right to privacy, yet in the wake of technologies that afford us great value, there will always be some loss of privacy. This study has not sought to dismiss privacy concerns, or argue to protect privacy, but rather to address it in the realistic context it plays in an environment of technological innovation driven by society itself. Ultimately, acceptance of a technology with privacy issues will always be a balancing act, a harmonization of privacy, value, and control.

Cited References and Notes

1. M. McGinity, ‘‘RFID: Is This Game of Tag Fair Play?’’ Communications of the ACM 47, 15–18 (2004).

2. J. Whitaker, S. Mithas, and M. S. Krishnan, ‘‘A Field Study of RFID Deployment and Return Expectations,’’ Production and Operations Management 16, No. 5, 599–612 (2007).

3. K. Michael and L. McCathie, ‘‘The Pros and Cons of RFID in Supply Chain Management,’’ Proceedings of the 2005 International Conference on Mobile Business (ICMB 2005), July 11–13, 2005, Sydney, IEEE Computer Society (2005) pp. 623–629.

4. A. F. Westin, Privacy and Freedom, The Bodley Head Ltd. (1970).

5. R. Clarke, ‘‘Information Technology and Dataveillance,’’ Communications of the ACM 31, No. 5, 498–512 (1998).

6. I. Altman, The Environment and Social Behavior: Privacy, Personal Space, Territory, Crowding, Brooks/Cole Publishing, Monterey, CA (1975).

7. F. D. Schoeman, Philosophical Dimensions of Privacy: An Anthology, Cambridge University Press, Cambridge, UK (1984).

8. S. T. Margulis, Contemporary Perspectives on Privacy: Social, Psychological, Political, Blackwell Publishing, London (2003).

9. S. Spiekermann, ‘‘Perceived Control: Scales for Privacy in Ubiquitous Computing Environments,’’ Proceedings of the 10th International Conference on User Modeling, Edinburgh, Scotland (2005).

10. B. D. Renegar and K. Michael, ‘‘The RFID Value Proposition,’’ Proceedings of the Sixth CollECTeR Iberoamerica: Collaborative Electronic Communications and eCommerce Technology Research, June 25–27, 2008, Madrid (2008) pp. 1–10.

11. M. J. Culnan and R. J. Bies, ‘‘Consumer Privacy: Balancing Economic and Justice Considerations,’’ Journal of Social Issues 59, No. 2, 323–342 (2003).

12. J. C. Inness, Privacy, Intimacy and Isolation, Oxford University Press, New York (1996).

13. J. R. Averill, ‘‘Personal Control over Aversive Stimuli and its Relationship to Stress,’’ Psychological Bulletin 80, No. 4, 286–303 (1973).

14. R. Bansal, ‘‘Now You See It and Now You Don’t [RFID Technology],’’ IEEE Microwave Magazine 5, No. 4, 32–34 (2004).

15. S. L. Garfinkel, A. Juels, and R. Pappu, ‘‘RFID Privacy: An Overview of Problems and Proposed Solutions,’’ IEEE Security & Privacy 3, No. 3, 34–43 (2005).

16. L. Hyangjin and K. Jeeyeon, ‘‘Privacy Threats and Issues in Mobile RFID,’’ Proceedings of the First International Conference on Availability, Reliability and Security (ARES 2006), April 20–22 2006, Vienna, IEEE Computer Society (2006), pp. 510–514.

17. G. Roussos and T. Moussouri, ‘‘Consumer Perceptions of Privacy, Security and Trust in Ubiquitous Commerce,’’ Personal and Ubiquitous Computing 8, No. 6, 416–429 (2004).

18. O. Gunther and S. Spiekermann, ‘‘RFID and the Perception of Control: The Consumer’s View,’’ Communications of the ACM 48, No. 9, 73–76 (2005).

19. S. Spiekermann, User Control in Ubiquitous Computing: Design Alternatives and User Acceptance, Shaker Verlag, Aachen, Germany (2008).

20. G. Ng-Kruelle, P. A. Swatman, D. S. Rebne, and J. F. Hampe, ‘‘The Price of Convenience: Privacy and Mobile Commerce,’’ Quarterly Journal of Electronic Commerce 3, No. 3, 273–385 (2002).

21. G. Ng-Kruelle, P. A. Swatman, J. F. Hampe, and D. S. Rebne, ‘‘Biometrics and e-Identity (e-passport) in the European Union: End-user Perspectives on the Adoption of a Controversial Innovation,’’ Journal of Theoretical and Applied Electronic Commerce Research 1, No. 2, 12–35 (2006).

22. B. J. Alfonsi, ‘‘Privacy Debate Centers on Radio Frequency Identification,’’ IEEE Security & Privacy 2, No. 2, 12 (2004).

23. G. Roussos, ‘‘Enabling RFID in Retail,’’ Computer 39, No. 3, 25–30 (2006).

24. B. Eckfeldt, ‘‘What Does RFID Do for the Consumer?’’ Communications of the ACM 48, No. 9, 77–79 (2005).

25. C. Perakslis and R. Wolk, ‘‘Social Acceptance of RFID as a Biometric Security Method,’’ IEEE Technology and Society Magazine 25, No. 3, 34–42 (2006).

26. M. Langheinrich, ‘‘Privacy by Design: Principles of Privacy-Aware Ubiquitous Systems,’’ Proceedings of the 3rd International Conference on Ubiquitous Computing, (Ubicomp 2001), Atlanta, September 30–October 2, 2001, Lecture Notes in Computer Science 2201, Springer (2001), pp. 273–291.

27. Factiva, Dow Jones & Co., http://www.factiva.com/.

28. IEEE Xplore, IEEE, http://ieeexplore.ieee.org/Xplore/ guesthome.jsp.

29. Leximancer (2008), http://www.leximancer.com/.

30. B. D. Renegar, K. Michael, and M. G. Michael, ‘‘Privacy, Value and Control Issues in Four Mobile Business Applications,’’ Proceedings of the Seventh International Conference on Mobile Business, July 7–8, 2008, Barcelona (2008), pp. 30–40.

31. J. Hakkila and C. Chatfield, ‘‘ ‘It’s Like If You Opened Someone Else’s Letter’: User Perceived Privacy and Social Practices with SMS Communication,’’ Proceedings of the 7th International Conference on Human Computer Interaction with Mobile Devices & Services, September 19–22, 2005, Salzburg, Austria, ACM, New York (2005), pp. 219–222.

32. N. Swartz, ‘‘Mobile Phone Tracking Scrutinized,’’ Information Management Journal 40, No. 16 (2006), http:// www.entrepreneur.com/tradejournals/article/ 184698661.html.

33. W. A. Herbert, ‘‘No Direction Home: Will the Law Keep Pace with Human Tracking Technology to Protect Individual Privacy and Stop Geoslavery?’’ I/S: a Journal of Law and Policy for the Information Society 2, No. 2, 409–473 (2007).

34. R. Whitaker, The End of Privacy: How Total Surveillance Is Becoming a Reality, The New Press, New York (1999).

35. P. Hills and P. Blythe, ‘‘Paying Your Way [Road Tolls],’’ The IEE Review 35, No. 10, 377–381 (1989).

36. C. Caldwell, ‘‘A Pass on Privacy?’’ The New York Times, July 17, 2005, http://www.nytimes.com/2005/07/17/ magazine/17WWLN.html?ex¼1279339200&en¼ c1f10d3de06adea6&ei¼5088.

37. A. McCluskey, ‘‘Position Paper: Business Ethics,’’ BT Financial Group 3, 1–5 (2004).

38. IBI Group, ‘‘Background Paper #8: Toll Technology Considerations, Opportunities, and Risks,’’ Washington State Comprehensive Tolling Study: Final Report 2, 1–33 (2006).

39. V. D. Hunt, A. Puglia, and M. Puglia, ‘‘RFID Technology in Homeland Security, Law Enforcement, and Corrections,’’ in V. D. Hunt, RFID: A Guide to Radio Frequency Identification, Technology Research Corp., New York (2007), pp. 67–82.

40. M. Meingast, J. King, and D. K. Mulligan, ‘‘Embedded RFID and Everyday Things: A Case Study of the Security and Privacy Risks of the U.S. e-Passport,’’ IEEE International Conference on RFID, March 26–28, Grapevine, Texas (2007), pp. 7–14.

41. A. Juels, D. Molnar, and D. Wagner, ‘‘Security and Privacy Issues in e-Passports,’’ First International Conference on Security and Privacy for Emerging Areas in Communication Networks, Athens, Greece (2005), pp. 74–88.

42. C. Edwards, ‘‘Borderlands of Confusion [Biometric Passports],’’ The IEE Review 51, No. 11, 34–37 (2005).

43. ‘‘Machine Readable Travel Documents (MRTDs): History, Interoperability, and Implementation,’’ working paper, International Civil Aviation Organization, Montreal (March 23, 2007), http://www.icao.int/icao/en/atb/ sgm/mrtd/TAG_MRTD17/TagMrtd17_WP016.pdf.

44. M. Sirotich, ‘‘ePassport Security Under the Microscope,’’ The Second Workshop on the Social Implications of National Security: From Dataveillance to Uberveillance and the Realpolitik of the Transparent Society 2, K. Michael and M. G. Michael, Eds., University of Wollongong, Wollongong, Australia (2007), pp. 257–280.

45. K. Zetter, ‘‘Hackers Clone E-Passports,’’ Wired News, August 3, 2006, http://www.wired.com/science/ discoveries/news/2006/08/71521?currentPage¼1.

46. Y. Yi and H. Jeon, ‘‘Effects of Loyalty Programs on Value Perception, Program Loyalty, and Brand Loyalty,’’ Journal of the Academy of Marketing Science 31, No. 3, 229–240 (2003).

47. T. R. Graeff and S. Harmon, ‘‘Collecting and Using Personal Data: Consumers’ Awareness and Concerns,’’ Journal of Consumer Marketing 19, No. 4/5, 302–318 (2002).

48. D. H. Nguyen, A. Kobsa, and G. R. Hayes, ‘‘An Empirical Investigation of Concerns of Everyday Tracking and Recording Technologies,’’ Proceedings of the 10th International Conference on Ubiquitous Computing 344, Seoul, Korea, ACM, New York (2008), pp. 182–191.

49. Attitude measurement used in surveys in which, in response to questions, respondents select from a set of typically five values, such as from complete agreement to complete disagreement, with no opinion in the middle.

Benjamin D. Renegar IBM Global Business Services, IBM Centre, 601 Pacific Highway, St. Leonards, NSW, Australia 2065 (brenegar@au1.ibm.com). Ben Renegar is a recent graduate from the University of Wollongong, having completed a Bachelor of Information and Communication Technology degree at the end of 2007 with the award of first-class honors. For this degree program, he completed a thesis on RFID adoption in the retail industry with a focus on the harmonization of value, privacy, and control. He was also awarded the PriceWaterhouseCoopers award for the highest grade in this program. He was employed by IBM as a Graduate Consultant in the Application Innovation Service Delivery organization in 2008.

Katina Michael University of Wollongong, NSW, Australia 2500 (katina@uow.edu.au). Dr. Michael is a Senior Lecturer in the School of Information Systems and Technology in the Faculty of Informatics at the University of Wollongong. She received a Bachelor of Information Technology degree from the University of Technology, Sydney (UTS) in 1996 and a Ph.D. degree in information technology and communications from the University of Wollongong in 2003. Before joining the University of Wollongong in 2002 to teach and conduct research in e-Business, she worked as a senior network and business planner at Nortel Networks. In 2000, Katina received the Nortel top talent award for work completed on 3G mobile networks in Asia. She is a senior member of the IEEE and a Board Member of the Australian Privacy Foundation.