Innovative Auto-ID and LBS - Chapter Three Historical Background

This chapter takes the reader through a historical tour of identification techniques from ancient times to the present. The histories shed light on how the purpose of citizen identification (ID) has changed as it has been impacted by complementary and supplementary innovations. The chapter provides a thorough exploration of government-to-citizen (G2C) ID systems, so as to better understand the possible uses or potential misuses of current and future mandatory ID schemes. It also presents some of the evolutionary changes that have taken place in the nature and scope of citizen ID, and their subsequent potential implications on society. Historically governments have requested the registering of their population for census collection and more recently the need to know what social benefits accrue to each household. Nowadays, however, citizen ID numbers are even used to open bank accounts and to subscribe to mobile services, among many other things. In addition, auto-ID techniques are not only pervasive but are increasingly becoming invasive.

 

Read More

Innovative Auto-ID and LBS - Chapter Two Innovation Studies

This chapter will explore literature in the field of innovation in order to establish a conceptual framework for the auto-ID trajectory research. The primary aim of this review is to provide a critical response to the literature on technological innovation. The review will also serve to: (i) identify and understand widely accepted definitions, concepts and terms, born from past innovation research as a guide for further research; (ii) review theories, theoretical frameworks and methods adopted by other researchers doing similar innovation studies (especially in the area of information technology) in order to choose an appropriate approach for this study; (iii) understand what aspects of complex high technologies (high-tech) have already been explored by researchers and what aspects have been neglected and to discover any similarities or differences in existing findings.

Read More

Innovative Auto-ID and LBS - Chapter One Introduction

This study is concerned with the automatic identification (auto-ID) industry which first came to prominence in the early 1970s. Auto-ID belongs to that larger sector known as information technology (IT). As opposed to manual identification, auto-ID is the act of identifying a living or nonliving thing without direct human intervention. Of course, the process of auto-ID data capture and collection requires some degree of human intervention, but the very act of authenticating or verifying an entity can now be done automatically. An entity can possess a unique code indicating personal identification or a group code indicating conformity to a common set of characteristics. Some of the most prominent examples of auto-ID techniques that will be explored in this book include bar code, magnetic-stripe, integrated circuit (IC), biometric and radio-frequency identification (RFID). The devices in which these techniques are packaged include a variety of form factors such as labels and tags, card technologies, human feature recognition, and implants. 

Read More

Location-Based Services for Emergency Management: A Multi-stakeholder Perspective

Abstract

emlbs.jpg

This paper investigates the deployment of location-based services for nationwide emergency management by focusing on the perspectives of two stakeholders, government and end-users, in the cellular mobile phone value chain. The data collected for the study came from a single in-depth interview and open comments in a preliminary end-user survey. The themes presented have been categorised using a qualitative analysis. The findings indicate that although governments and end-users believe that location-based services have the potential to aid people in emergencies, there are several major disagreements over the proposed deployment. This paper is an attempt to help determine the underlying motivations and impediments that would influence the decisions of both stakeholders and also towards providing a better understanding of the anticipated role of each party in such a deployment.

SECTION I. Introduction

Location-based services (LBS) are a set of applications and technologies that take into account the geographic position of a given cellular mobile device and provide the device user with value added information based on the derived location data [1]. The conventional use of LBS in emergencies is to find the almost pinpoint geographical location of a cellular handset after a distress phone call or a short message service (SMS). The services have been recently exploited, to some extent, in several countries to complement the existing traditional emergency channels (e.g. sirens, radio, television, landline telephones, and internet) as a means to communicate and disseminate time-critical safety information to all active cellular handsets about unfolding events, even post the aftermath, if the handsets are in the vicinity of a pre-defined threat zone(s) [2]. LBS applications have shown the potential to be a valuable addition in emergency management (EM), particularly, when they are utilised under an all-hazards approach by the interested government agencies.

This paper investigates the perspectives of two pivotal stakeholders in the LBS value chain, namely the prospective user and the government, about the use of the services for the purposes of EM and public warning. The investigation is expected to provide an understanding about the perceived benefits, impediments and concerns of utilising the services into relatively new contexts, and also to shed some light on the expected role of both key players in any feasible future solution. Accordingly, this paper is among the first to examine the potential dynamics between LBS stakeholders, specifically, in the realm of emergencies.

SECTION II. Methodology

This research was conducted using two methods of data collection. The first method was to use a traditional paper survey. Six hundred surveys were randomly distributed by hand to mailboxes in the city of Wollongong, New South Wales, Australia, in November, 2008. Although, this traditional approach is costly, time-consuming and demands a lot of physical effort, it was favoured as it is more resilient to social desirability effects [3] where respondents may reply in a way they think it is more socially appropriate [4]. Beside a basic introduction of location-based services and emergency management, the survey provided the participants with four vignettes; each depicting a hypothetical scenario about the possible uses of LBS applications for managing potential hazardous situations. The scenarios cover specific related topics to emergencies such as an impending natural event, a situation where a person is particularly in need of help, and a national security issue. Two of the vignettes were designed to present location-based services in a favourable light, and the other two vignettes were designed to draw out the potential pitfalls. Through the use of vignettes, participants were encouraged to project their true perceptions about LBS while, at the same time, involved with creating a meaning related to the potential use of the services in extreme events. This was highly important to establish among participants before starting to obtain informed responses from them, especially, when the utilisation of location-based services in the realm of emergency management is still in its nascent stages worldwide.

The survey which predominantly yielded quantitative results also included one open-ended question in order to solicit written responses from the participants. Despite the fact that only 14 respondents wrote hand-written comments, it should be noted that the primary goal of the open-ended question technique was to understand the solution as perceived by the respondents and not to aggregate their responses for any quantitative representation. Therefore, the number of written responses was sufficient to fulfil the requirements of the content analysis.

The second method was to use a semi-structural interview. The interview was conducted with an official from a leading government emergency services department in Australia. The interview was conducted in November, 2008. The main objectives of performing the interview were to:

  • Explore the government's perspective regarding the various LBS technologies being considered for emergency management.
  • Define the potential role of the government in any nationwide feasible LBS-dependent solution.
  • Gain an understanding of the potential impediments, if any, to the government's decision for adopting location-based services solutions.
  • Investigate the government's understanding and position on matters pertaining to information control and privacy concerns, in relation to nationwide deployments of location-based services in emergency management.

The initial focus was to get an understanding of the similarities and differences in opinions, attitudes and sentiments of individual survey participants. Once that was done, a constructed list of extracted unique keywords was generated and then used to combine the points of view thematically. The same list was also used in the discovery of comparable themes within the interview data. This helped to ensure that the discovered themes from both methods are grounded in specific contexts related to the research being conducted [5].

The themes are presented in two sections by stakeholder type: i) the prospective user, and ii) the government. A discussion is then made based on a cross-theme analysis of the two stakeholders.

SECTION III. The Prospective User

The individuals' willingness to accept LBS technologies and applications could, essentially, determine the likelihood for success in the introduction of LBS solutions for emergency management. This research discerned the need to directly elicit peoples' opinions about the consequences of such an introduction in order to have a preliminary understanding and feel for the concerns and issues prospective users might have before the actual deployment of emergency management solutions using location-based services. The following extracted themes have been categorised based on a qualitative analysis of respondents open comments.

A. The role of the government as perceived by the prospective user

The government is perceived to have a multidisciplinary role that includes provisioning, funding, maintaining, and regulating services related to civil society. Technologies like location-based services have the potential to serve the public, and their adoption and development should be highly advocated among strategic decision-making circles. With respect to LBS offerings, strict legislation should also be introduced by the government to explicitly define the legal liability, for example, in the case of a service failure, or information disclosure accidentally or deliberately.

B. Privacy concerns

In the context of LBS, privacy in the government context mainly relates to the personal locational information of individual citizens and the degree of control in which a government can exercise over that information. Such information is regarded highly sensitive, so much so, that when collected over a period of time inferences about a person could be generally made [6]. Accordingly, privacy concerns may originate when individuals become uncomfortable with the collection of their location information, the idea of its perennial availability to other parties, or the belief that they have incomplete control over that collection.

The traditional commercial uses of LBS have long raised concerns about the privacy of the users' location information [7]. The same issues arise within the context of emergencies. Survey respondents expressed genuine concerns about the possibility of being tracked constantly even during an emergency. This specific note is quite interesting to mention as it raises again the argument of whether or not individuals are willing to relinquish their privacy for the sake of continuous safety and personal security [8]. Another concern expressed was that location information could be used for other purposes besides a given emergency context. Such unauthorised secondary use of the collected information has been discerned in the literature as one of the main privacy concerns that also include excessive location data collection, errors in storage and improper access of the collected data [9]. The last concern conveyed by respondents was that information could be gradually spread or shared with third parties, who are not pertinent to the government's emergency organisations, without explicit consent from the LBS user.

C. The Price of the Services

Some respondents perceived the price of location-based services to be expensive, especially in the context of emergency management. One respondent was adamant that they would not be willing to pay in exchange for using location-based services in an emergency, believing it was a public right. This may suggest that the usage context may have little to do with impacting an individual's decision to use location-based services. Nonetheless, a more rational explanation is that respondents may have a lack of awareness and appreciation of the associated benefits.

In general, the comments suggested that the fees should be borne by the government through the allocation of taxes gathered from the working population, to cover the costs of providing and maintaining vital civic services.

D. Assurance of control mechanisims

One emphasis in the respondents' comments was the need to assure the prospective user's control over who would collect the information, how the location information would be collected, who would have access to that information, where the information would be stored and for how long, and what information would be kept after the occurrence of an emergency incident. For example, it is envisaged that such data would be extremely vital in coronial inquests post natural or human-made disasters. In the state of New South Wales, in Australia, for instance, coroners are exempt from privacy laws and can legitimately gain access to medical records, financial transaction data and even telecommunications records. As a result, a need to create safeguards to protect users' right to control their personal location information was profound among respondents.

Zweig and Webster [10] argued that individuals would accept a new technology, if they perceived to have more control over their personal information. Therefore, an important issue concerns the potential use of location-based services in emergencies, is how the users perceive the most dependable safeguard that is capable of protecting their location information, thus alleviating any concerns they might have to begin with.

Xu and Teo [11] have defined several control mechanisms in order to alleviate similar concerns. One mechanism is the technology self-based assurance of control, which refers to the ability of the LBS user to exercise a direct control over his/her location information via the technical features of the LBS device. For example, a user can determine when to opt-in or to opt-out from a service or can define the preferred accuracy level to which the solution provider is able to track his/her handset. This has been expressed in one of the respondent's suggestions of having some technical features in the handheld device itself in order to be able to “switch on/switch off” the location-based service anytime.

Another assurance of control is a mechanism that is institution-based via legislation. In this case, relevant government laws and regulations exist within the legal system to ensure the proper access and use of the personal locational information [11]. Forces in power (i.e. in this context, government agencies tasked with emergency response) could exercise proxy control over the location information on behalf of the user in the case of an emergency. However, the control should be safeguarded by the assurance that unauthorised behaviours will be deterred through the legal system in use. One respondent actually advocated the idea of introducing explicit relevant legislation, before presenting the services to the public, as it would provide powerful and foolproof safeguards for protecting users' control over their private information.

E. The usefulness of the services

The frequency of emergencies and natural and human-made disasters, and the highly unanticipated nature of such extreme events present opportunities for initiatives based on LBS solutions as a promising and a valuable addition to the existing utilised approaches for managing all identifiable hazards and their possible aftermaths. However, for any initiative proposed usefulness is a principle reference point for judging its suitability to people. If people do not perceive any usefulness behind LBS for emergencies, then it is most likely that they would not consider the use of the services. The comments from the respondents overwhelmingly perceived LBS to be highly useful in emergency situations. One suggestion is that the technology should be utilised for emergency purposes only as their usefulness in such situations far outweigh any privacy concerns they might raise. However, most of the respondents perceived a potential for LBS to be utilised as an important medium to assist communities in emergencies beside their obvious practical possibilities for commercial application as well.

SECTION IV. The Government

Former worldwide experiences have clearly revealed the indispensable role of the government in emergencies since only governments usually have the capabilities to fund and control the financial, human and technical resources needed to managing such situations. As a result, it could be argued that the realisation of a consistent LBS solution for emergency management would be highly conditional upon perceiving the government as the main stakeholder and as a proponent of the services. The following extracted themes represent a “framework of meanings” elicited from the interviewee. The interviewee is an official from a leading emergency services government department in Australia.

A. The role of the prospective user as perceived by the government

Being the focus of the LBS solution, an expected role of the prospective citizen user will not only to be as a mere recipient of the warning message sent by the government but also as the initial point of safety information to others as well. The recipients would have the responsibility to act and convey the warning message to the people who are effectively within their care at the time of the event (e.g. the elderly, the children, the disabled, and the sick). Another example could be a manager of a shopping centre where there is a potential for a large gathering of people in one place, and that place of interest is within the defined emergency area.

B. Where does LBS fit among the existing emergency management solutions?

The European Telecommunications Standards Institute (ETSI) has defined two types of location-based emergency service applications [12]. The first is initiated by the individual in the form of a distress mobile phone call or SMS. In these cases, the telecommunications carriers are obliged to provide information regarding the location of the originated call or message within accuracies between 50 to 150 metres. This service is known as wireless E911 in the United States and E112 in the European Union. The second type of LBS applications are initiated by the solution provider in which alerts, notifications, or early public warnings are disseminated (pushed) to all active handsets, which are within a predefined threat area(s) at the time of the unfolding event.

From a governmental perspective, both approaches (i.e. the emergency phone call/SMS and the LBS warning system) are only two ends of the same spectrum. As a result, LBS solutions for public warning are perceived as an additional extension of the existing emergency and warning systems. Accordingly, the same organisations and agencies handling the conventional inbound emergency phone calls should be assigned the responsibility of handling the LBS emergency public warning system.

C. The perceived benefits of LBS for EM

Location-based services have the potential to act as the primary source of safety information. They can also be utilised to point people in the direction of other safety information channels. The messages delivered through the LBS solution could be the initial warning the public receive if they are within the area that is likely to be affected at that time. Once the message is received, people could then turn into other forms of media, such as television or the radio, for more information.

Through providing people with early safety information, the LBS solution may have the potential to save lives by allowing the individuals to make more informed decisions; thus putting them into a safer position. It should be noted here however that even with such powerful applications, it is government policy during emergencies such as bushfires that still override the capabilities of the new technologies. A technology may be fully functional however, the stance taken by government on what to communicate during a disaster may not be effective or even plausible.

Despite the possibilities, the fact that the cellular handsets are the most prevalent among individuals makes the LBS solutions highly valuable in emergencies. Moreover, contrary to other forms of media, LBS do not require the individual to be anchored to a device in order to receive the information. A warning message could reach all the active handsets within the threat zone, allowing people to understand that something is unfolding around them.

D. The cost of the LBS solution

As every individual has the right to be advised by the government in the case of an unsafe situation, the funding of any possible LBS solution would basically lie on the shoulders of federal and state governments. Due to the specific nature of the solution, it could not be financed through any kind of advertising or sponsoring. The cost will, essentially, depend on the final form of the solution. However, a possible impediment for the government's decision to adopt LBS for emergencies could be the cost-per-message delivered. As every message being delivered theoretically represents a commensurate revenue expectation for telecommunications carriers, long-term partnership arrangement and agreements between carriers and the government, early involvement of the carriers as a major stakeholder could partially answer the cost burden of the solution. Nevertheless, the solution will primarily rely on the practices of the telecommunications carriers and their willingness to extensively share their resources in emergencies with the government. The buy-in of carriers, especially incumbents cannot be overstated, although traditionally carriers have complied with government mandates that have been concerned with the greater good of society.

E. Privacy concerns

Due to the fact that any achievable location-based emergency warning system is meant to be only used for public safety, the privacy associated with it should not be a major issue. LBS public warning solutions are perceived as one end of a spectrum that includes the traditional emergency response services number on the other end. The same organisations will be handling the information from both systems. The sole purpose will be to identify the handset number within the emergency area at the time of the event. The number is perhaps the only mechanism by which a notification could reach the handset if the user is in an imminently dangerous situation.

Any proposed solution could neither be an opt-in nor an opt-out system. If individuals opt-out and did not receive the warning message, and then the unfortunate event occurred where they lost their lives, it would not be well received by the public. The message is provided as a means of maintaining the safety of all individuals that are within the likely affected area. Accordingly, prior consent from the prospective user will not be a prerequisite for initiating the service directly to him/her.

SECTION V. Discussion

An examination of the themes presented reveals an agreement between both stakeholders on the potential benefits of location-based services for emergency management. There is also a consensus that the solution should be funded by the government and regulated, operated and maintained by related government emergency organisations. However, a comparative analysis of the extracted themes shows several disagreements between the two stakeholder types. For example, although there was recognition of the indispensable expected role of the private sector, the prospective users expressed concerns that the telecommunications carriers may view the utilisation of the services in the domain of emergencies as a chance to raise revenue rather than being for the public interest, resulting in unsolicited commercial-based services. Other differences such as the need to address the privacy concerns and some of the design features of the recommended system have also appeared. The analysis is presented in Table 1.

TABLE 1: A COMPARATIVE ANALYSIS OF THE PERSPECTIVES OF THE STAKEHOLDERS

Technologies such as LBS have the potential to serve the public. Therefore, the adoption and the development of such technologies should be highly advocated in the higher decision-making political circles. Initiatives to involve the private sector early in the proposition of location-based services in emergency situations need to be instituted. For example, consider the Warning, Alerts, and Response Network (WARN) Act in the United States, which encourages telecommunications carriers to participate in government warning systems used to target a broad variety of media including cellular mobile phones. The act, specifically, obligates the carriers who do not wish to participate to clearly indicate it to their potential users at the point of sale [13]. In addition, strict legislation should also be put in place to explicitly define the legal liability, for example, in the case of a service failure, or information disclosure accidentally or deliberately.

As the deployment of the proposed solution could be hindered by the misconceptions people might have about the misuse of the technologies, some of the earlier differences could be partially solved by underpinning the possible deployment with a substantial educational campaign about location-based services, their limitations and their potential benefits.

SECTION VI. Conclusion

The paper investigated the perspectives of two pivotal stakeholders in the cellular mobile phone location-based services, namely the government and the prospective user, concerning emergency management solutions. The findings indicate that despite the general agreement of the massive potential of location-based solutions in emergency management, both key players have differed considerably on some of the issues raised such as the design of system and the need to address privacy concerns. A general consensus among the stakeholders is that location-based services is an important tool for disseminating relevant customised warning and safety information to people during and after emergency crises. Utilising LBS technologies could have the potential to allow people to make more informed decisions, leading them potentially into a position of safety, which will ultimately create a more resilient society towards the onslaught of extreme and unexpected events.

References

1. A. Küpper, "Location-based Services: Fundamentals and Operation", John Wiley & Sons Ltd: Chichester, West Sussex, 2005.

2. A. Aloudat, K. Michael, and Y. Jun, "Location-Based Services in Emergency Management- from Government to Citizens: Global Case Studies", in Recent Advances in Security Technology, P. Mendis, J. Lai, E. Dawson, and H. Abbass (Eds), Australian Homeland Security Research Centre: Melbourne. p. 190-201, 2007.

3. W.G. Zikmund and B.J. Babin, "Business research methods". 9th ed, Thomson/South-Western: Mason, Ohio, 2007.

4. T.D. Cook and D.T. Campbell, "Quasi-experimentation : design & analysis issues for field settings", Rand McNally College Pub. Co.: Chicago, 1979.

5. M.Q. Patton, "Qualitative Research & Evaluation Methods". 3 ed, Sage Publications: Thousand Oaks, California, 2002.

6. R. Clarke and M. Wigan, "You are where you have been", in Australia and the New Technologies: Evidence Based Policy in Public Administration, K. Michael and M.G. Michael (Eds), University of Wollongong: Canberra. p. 100-114, 2008.

7. M. Gadzheva, "Privacy concerns pertaining to location-based services". Int. J. Intercultural Information Management, 2007. 1(1): p. 49-57.

8. L. Perusco and K. Michael 2007, "Control, trust, privacy, and security: evaluating location-based services", Technology and Society Magazine, IEEE, pp. 4-16.

9. H.J. Smith, S.J. Milberg, and S.J. Burke, "Information Privacy: Measuring Individuals' Concerns About Organizational Practices". MIS Quarterly, 1996. 20(2): p. 167-196.

10. D. Zweig and J. Webster, "Where is the line between benign and invasive? An examination of psychological barriers to the acceptance of awareness monitoring systems". Journal of Organizational Behavior, 2002. 23(5): p. 605-633.

11. H. Xu and H.-H. Teo. "Alleviating Consumer's Privacy Concerns in Location-Based Services: A Psychological Control Perspective". in the Twenty-Fifth Annual International Conference on Information Systems (ICIS). Washington, D. C. 2004.

12. European Telecommunications Standards Institute. "Analysis of the short message service and cell broadcast service for emergency messaging applications". 2006; Available from: http://pda.etsi.org/pda/home.asp?wki- id=jhPgAkxRGQ2455A550@55.

13. S. Mollman. "Cell broadcasts could help avert catastrophe". 2009; Available from: http://edition.cnn.com/2009/TECH/02/05/db.cellbroadcast/ index.html?iref=intlOnlyonCNN.

ACKNOWLEDGMENT

This research was supported under Australian Research Council's Discovery Projects funding scheme (project DP0881191). The views expressed herein are those of the authors and are not necessarily those of the Australian Research Council.

Keywords

Disaster management, Government, Telephone sets, Conference management, Technology management, Australia, Mobile handsets, Impedance, Management information systems, Privacy, radio direction-finding, cellular radio, emergency services, qualitative analysis, location-based services, emergency management, multistakeholder perspective, cellular mobile phone value chain, cellular mobile phone, location-based services, emergency management, public warning, all-hazards approach

Citation: Anas Aloudat, Katina Michael, Roba Abbas, 2009, "Location-Based Services for Emergency Management: A Multi-stakeholder Perspective", Eighth International Conference on Mobile Business, ICMB 2009, 27-28 June 2009, Dalian, China, 10.1109/ICMB.2009.32

Legal Ramifications of Microchipping People in the United States of America

Abstract

The ability to microchip people for unique positive identification, and for tracking and monitoring applications is becoming increasingly scrutinized by the legal profession, civil libertarians, politicians in positions of power, human rights advocates, and last but not least, citizens across jurisdictions. The United States is among the few nations internationally, that have moved to enact state-level legislation, regarding the microchipping of people in a variety of contexts. This paper provides an overview of nine state laws/bills in the United States of America that have either enacted anti-chipping legislation or have recently proposed bills regarding the enforced chipping of persons. The aim of the paper is to highlight excerpts of legislation, to identify relevant stakeholders the legislation is directed toward and to briefly describe how it may affect their chipping practices. As a final outcome, the paper seeks to broadly compare state legislation, identifying differences in penalties and fines, and to show the complexity of this kind of approach to protecting the rights of citizens against unscrupulous uses of advanced information technologies.

Section 1.

Introduction

The capability to implant people with microchips has its roots in the field of medicine as far back as the innovation of pacemakers in the late 1950s [1][2]. Embedded chip-on-a-card technology, that could identify the cardholder, commonly known as smart cards or integrated circuit cards, was patented and prototyped for the first time in France by Roland Moreno in 1974 [3]. But it was not until 1998, that official reports of the first demonstrated microchip implantation in a human for identification and tracking purposes was achieved by Professor Kevin Warwick of the University of Reading in the Cyborg 1.0 experiment [4]. While United States patents date back to the 1970s, regarding apparatus allowing subcutaneous implants, such as guns for dispensing “pellets” comprising a case with a hollow needle attached to it [5], it was not until later that patents pertaining to medical devices stipulated a unique identification mechanism allowing for the collection of individual patient diagnostic data.

In 1987, beyond unique ID, a location tracking device was patented by a plastic surgeon Dr Daniel Man [6], residing in Florida in the United States. The abstract description of the patent reads: “[a] new apparatus for location and monitoring of humans has been developed. The device employs a unique programmable signal generator and detection system to locate and monitor the movement of individuals. It additionally utilizes a physiological monitoring system to signal a warning for the necessity for immediate help. The device is small enough to be implanted in young children as well as adults. The power supply and signal generator are designed to function at a low duty cycle for prolonged periods before recharging” [7].

Section 2.

Advancements in Implantable Technology and the Law

The challenges brought about by implantable technology, outside the biomedical arena, were for the greater part ignored until the mid-1990s. Few could debate against the obvious benefits brought about by the advancement of medical-related technologies to patients suffering from curable diseases or illnesses, and the lifestyle enhancements they promised and delivered, especially in the area of prosthesis. Even today, few could argue that implants for genuine therapeutic purposes pose any real danger to society at large if applied correctly; in fact they act to prolong life and aid sufferers to go about living as normal life as possible.

We can point to medical breakthroughs, such as those by Alfred Mann, that are likely to help hundreds of thousands of people in the future, to better cope with the treatments of diabetes, cancer, autoimmune and inflammatory diseases via automated drug delivery technologies [8]. Implantable technologies have already helped the deaf hear, and are likely to help the blind see, and to correct functional neural deficits using electrostimulation techniques and much more. The promise of nanotechnology, has brought with it the prospect of implantable treatments for Parkinson's Disease, epilepsy, Tourette's syndrome (which is now beyond the experimental stage), and even obsessive compulsive disorder (OCD).

Responsible, well-tested, and regulated applications of nanotechnology within the biomedical domain can only have positive impacts on the individual who is a recipient of an implant [9]. But in today's commercial context, even biomedical technologies can serve dual purposes, opening up a number of critical moral questions [10] regarding who is actually in control [11] and at what cost [12]. For as Mark N. Gasson writes regarding information and communication technology (ICT) implantable devices, “[a] number of wider moral, ethical and legal issues stem from enhancement applications and it is difficult to foresee the social consequences, the fundamental changes on our very conception of self and the impact on our identity of adoption long term. As a result, it is necessary to acknowledge the possibilities and is timely to have debate to address the wider implications these possibilities may bring” [13].

It is the “legal issues” pertaining to ICT implants which have been addressed only by a few researchers and their respective groups. As there are now several commercial organizations marketing a variety of applications using ICT implants for IDentification and location tracking purposes, some states in the USA have acted as ‘first movers’ to quell citizen concerns over the potential for enforced chipping, and to safeguard the individual's human rights. Of course, this is all set against a backdrop at a national level concerned about national security, and consecutive governments that have introduced widespread radio-frequency identification (RFID) and tracking and monitoring capabilities in passports, driver's licenses, toll-ways etc.

Section 3.

Seminal Works

Of the scant research that has been written addressing legal dilemmas of ICT implants, two can be considered landmark and representative of the literature. Elaine M. Ramesh, from the Franklin Pierce Law School wrote in anticipation of human microchip implants and offered initial insights on the legal implications even before Warwick's Cyborg 1.0 experiment [14]. Almost a decade later, a second paper by William A. Herbert, member of the New York State Public Employment Relations Board, wrote a paper addressing the legal issues related to advanced technologies like Global Positioning Systems (GPS), biometrics, and RFID implants [15]. To date, this article serves to be the most complete on the topic at large.

Ramesh uses a qualitative approach and discusses the rights that may be infringed by humancentric microchip implants in the areas of common law, constitutional rights, the Fourth Amendment, the Fifth Amendment and property rights. The scenarios and results with cases relating to the above laws provided by Ramesh were limited to the point that commercial diffusion of RFID implants only occurred in 2003, with pre-registration beginning in 2002 [16]. Ramesh explains that the human body is not generally accepted as “property” which is her rationale behind the gap in the legal system. If property ownership of one's body could be confirmed, (that is we can claim ownership of one's body and do what we will with it) then property law would apply as protection giving an individual the right to refuse of implantation of the microchip without any consequences as the individuals body is his or her ‘owned property’ (Ramesh, 1997). However this same legislation would bring with it a mine-field of other problems to do with ownership and the rights associated with “selling” one's body or individual body parts.

After the events of September 11, 2001 and the enactment of the USA PATRIOT Act, Herbert [15] analyzed current State and Federal laws within the context of employer practices across the United States. Herbert describes the laws and relevant cases in his paper, along with potential solutions. Herbert justifies his research by addressing the concern over American Labor Laws granting employers greater powers over most employee privacy expectations. Herbert's findings indicate that, “[t]he scope and nature of current legal principles regarding individual privacy are not sufficient to respond to the rapid development and use of human tracking technology” [15]. It is this very disproportionate “power” relationship that could be further propagated and exploited by ICT implants, that Michael and Michael have termed “uberveillance” [17].

Since Herbert's seminal paper, a number of states have enacted what has come to be known in the popular sense as anti-chipping legislation. The rest of this paper is dedicated to providing excerpts of laws and bills for nine U.S. states related to ICT implants for humans [18]. Seven state laws/bills were collected during the main study period in 2007, with two additional laws/bills found in 2009. It must be underscored that this list of states should not be considered an exhaustive list of legislation.

For the states investigated during the main study period in 2007, a legislative excerpt is presented, stakeholders pertaining to the law are identified, and a brief description of how chipping practices in that state may be affected is provided. For the two additional acts/bills found in 2009, only an excerpt is presented with no further analysis. As a final outcome, the paper seeks to broadly compare seven state acts/bills, identifying differences in penalties and fines, and to show the complexity of this kind of approach to protecting the rights of citizens against unscrupulous uses of advanced information technologies. The main contribution of this paper is bringing the state laws together to make identifying similarities and differences easier, and to allow for future research opportunities between United States federal and state legislative comparisons towards harmonization and conflict.

Section 4.

State of California

4.1 SB 362, Identification Devices: Subcutaneous Implanting

SECTION 1. Section 52.7 is added to the Civil Code, to read:

Except as provided in subdivision  person shall not require, coerce, or compel any other individual to undergo the subcutaneous implanting of an identification device.
(1) Any person who violates subdivision  may be assessed an initial civil penalty of no more than ten thousand dollars (1,000) for each day the violation continues until the deficiency is corrected.
This section shall not in any way modify existing statutory or case law regarding the rights of parents or guardians, the rights of children or minors, or the rights of dependent adult.

4.2 Definition

The language used to define the implant; “subcutaneous implanting of an identification device” (2007 California SB 362) provides longevity for the legislation as it can be used for any device that can be implanted and used for identification rather than specifically stating a microchip, RFID tag, or commercial product name [19].

4.3 Who it affects?

“Except as provided in subdivision (g), a person shall not require” (2007 California SB 362) prevents an individual to force the implantation of the device on another, however it does allow the Government of California and the Government of the United States to use the technology as they see fit.

4.4 Exceptions

Section G as stated in the above extract of bill 362 refers to the “existing statutory or case law regarding the rights of parents or guardians” (2007 California SB 362). Because of this clause, a parent and/or a legal guardian may sign the written consent form for any child under the age of 15 under California Family Law to receive an implant.

‘A minor may only consent to the minor's medical care or dental care if all of the following conditions are satisfied: (1) The minor is 15 years of age or older. (2) The minor is living separate and apart from the minor's parents or guardian, whether with or without the consent of a parent or guardian and regardless of the duration of the separate residence. (3) The minor is managing the minor's own financial affairs, regardless of the source of the minor's income.” (California Family Code §6922(a)) If these clauses are not satisfied then the parent or guardian has the right over the child and the right to implant the child.

A minor may sign his/her own consent for the use of a implantable microchip if used for the sole purpose of aiding in the treatment of a psychological disability under California Family Code §6924.

“A minor who is 12 years of age or older may consent to mental health treatment … if both of the following requirements are satisfied: (1) The minor, in the opinion of the attending professional person, is mature enough to participate intelligently in the outpatient services or residential shelter services. (2) The minor  would present a danger of serious physical or mental harm to self or to others without the mental health treatment or counseling or residential shelter services, or  is the alleged victim of incest or child abuse” (California Family Code §6924).

Section 5.

State of Colorado

5.1 HB 07–1082, a Bill for an Act Concerning a Prohibition On Requiring an Individual To Be Implanted with a Microchip

A person may not require an individual to be implanted with a microchip.
A violation of this section is a Class 3 Misdemeanor punishable as provided in section 18–1.3–501. Each day in which a person violates this section shall constitute a separate offence.

5.2 Definition

The term “microchip” is used to describe the device however no formal definition is provided therefore any device containing a microchip or device of similar or advanced capabilities is included within the definition of a ‘microchip’ and therefore must adhere to this Bill.

The crime of forcing the implantation of a microchip is defined as a “Class 3 Misdemeanor” (2007 Colorado HB 1082) which according to Colorado Revised Statutes results in a minimum sentence of 750 fine per offence [20].

5.3 Who it affects?

“A person may not require an individual” (2007 Colorado HB 1082) prevents all individuals within the state of Colorado, however does not protect against United States federal legislation.

5.4 Exceptions

The bill does not outline any clause by where the legislation is void and therefore no loop holes exist. However this then allows the judicial branch to make decisions with each individual based on their specific circumstances, and they have the power to put previous legislation, statute or constitution above HB 1082 deeming it null and void for the case in question. The judicial branch is defined as the branch of the courts whereby the court determines the application of which law is applicable for each specific case and enforces it and determines the sentence/punishment based upon the law written by the legislative branch [21]. The same exception is applied to the majority of the states presented below.

Section 6.

State of Florida

6.1 SB 2220, an Act Relating To Implanted Microchips; Prohibiting the Implanting Of a Microchip or Similar Monitoring Device

It is a felony of the third degree, punishable as provided in . 775.082, . 775.083, or . 775.084, Florida Statutes, to knowingly implant, for tracking or identification purposes a microchip or similar monitoring device into a person without providing full disclosure to that person regarding the use of the device and obtaining the person's informed written consent.

6.2 Definition

The implantable microchip in Florida SB 2220 is defined as “a microchip or similar monitoring device” (2007 Florida SB 2220) which therefore validates the legislation (if enacted) for any technology used for the purpose of monitoring, tracking, tracing and identification.

The crime of forcing the implantation of a microchip is defined as a “felony of the third degree” (2007 Florida SB 2220) which according to Florida Criminal Code §775.082 (penalties) and §775.083 (fines) “For a felony of the third degree, by a term of imprisonment not exceeding 5 years” (Florida Criminal Code §775.082) and a fine of “$5,000, when the conviction is of a felony of the third degree” (Florida Criminal Code §775.083).

6.3 Who it affects?

“Into a person without providing full disclosure to that person regarding the use of the device and obtaining the person's informed written consent” (2007 Florida SB 2220) prevents all individuals within the state of Florida, however does not protect against United States federal legislation. The use of the device must also be outlined to the individual and recognition of the individuals understanding of the implants use must be received prior to the implantation and operation of the device.

Section 7.

State of North Dakota

7.1 SB 2415, an Act Relating To Implanted Microchips in Individuals; and To Provide a Penalty

SECTION 1. A new section to chapter 12.1–15 of the North Dakota Century Code is created and enacted as follows: Implanting microchips prohibited. A person may not require that an individual have inserted into that individual's body a microchip containing a radio frequency identification device. A violation of this section is a class A misdemeanor.

7.2 Definition

The implantable microchip in North Dakota SB 2415 is defined as a “microchip containing a radio frequency identification device” (2007 North Dakota SB 2415). This legislation is therefore limited by its definition and allows the use of devices by which their main technology to achieve its purpose is not radio frequency. Therefore utilization of innovations such as microwaves and barcodes may be argued as immune to the legislation.

The crime of forcing the implantation of a microchip is defined as a “class A misdemeanor” (2007 North Dakota SB 2415). Which according to North Dakota Century Code §12.1–32 “Class A misdemeanor: up to one year in prison, $2000 fine or both” (North Dakota Century Code §12.1–32).

7.3 Who it affects?

“A person may not require that an individual have inserted into that individual's body” (2007 North Dakota SB 2415). Therefore any individual does not have to agree to the implantation of a microchip regardless of status.

Section 8.

State of Ohio

8.1 SB 349 a Bill To Prohibit an Employer From Requiring an Employee Of the Employer To the Employee's Body a Radio Frequency Identification Tag

Sec. 4113.81. No employer shall require an employee of the employer to have inserted into the employee's body a radio frequency identification tag. Any employer who violates this section shall be subject to a fine of not more than one hundred fifty dollars per violation.
As used in this section:
“Radio frequency identification tags” mean a silicon chip containing an antenna that stores data and transmits that data to a wireless receiver.
“Employer” means the state, any political subdivision of the state, or any person employing one or more individuals in the state.

8.2 Definition

The implantable microchip is defined as a “radio frequency identification tag” (2006 Ohio SB 349) in the main text which may seem open to the use of other technologies, however definition (A) states; “Radio frequency identification tags mean a silicon chip containing an antenna that stores data and transmits that data to a wireless receiver” (2006 Ohio SB 349). Therefore the legislation is in relation to any technology that achieves its purpose by the above method.

The preamble of this bill is a proposal for amendment of Ohio Code 4113. Ohio Code 4113 is the Miscellaneous Labor Provisions Code which provides legislation from dismissal laws, to wages to whistle blowing (Ohio Code §4113). This is a clear indication that there was no intention to have the bill / legislation protect every individual of the state, rather to protect an employee from an employer.

8.3 Who it affects?

Ohio's proposed legislation is very unique in the subject affected by it. “No employer shall require an employee” (2006 Ohio SB 349). Unlike the other states, Ohio only proposes the legislation against employer's therefore protecting an employee over an unfair dismissal due to refusing implantation.

8.4 Exceptions

The 2006 Ohio SB 349 leaves itself open for attack. By only referencing an employee to employer relationship the legislation does not prevent state government, hospitals, doctors, parents or any other individual to be microchipped unless the individuals lawyer can prove a violation of §2903.13 of the Ohio Code (assault) whereby “No person shall knowingly cause or attempt to cause physical harm to another or to another's unborn” (Ohio Code §2903.13) whereby the coercion and physical act of microchipping could be classed as assault.

The punishment outlined in 2006 Ohio SB 349 does not reference any Ohio Code section or specify it in a misdemeanour or felony class, instead an exact figure of 150 in addition to the original price of purchasing and using a commercial implant product. If an organisation wants to utilise the technology for convenience and security $150 per employee (or per violation) may be considered an investment rather than a crime,

Section 9.

State of Oklahoma

9.1 HB 2092, SB 47 an Act Prohibiting the Forced Implantation Of a Microchip

No person shall require an individual to undergo the implanting of a microchip.
Any person convicted of violating the provisions of this section shall be subject to a fine of not more than Ten Thousand Dollars ($10,000.00). Each day of continued violation shall constitute a separate offense.

9.2 Definition

The term “microchip” is used to describe the implantable microchip, however no formal definition is provided therefore any device containing a microchip or device of similar or advanced capabilities is included within the definition of a ‘microchip’ and must adhere to this bill.

9.3. Who it affects?

“No person shall require an individual” (2007 Oklahoma HB 2092) prevents all individuals within the state of Oklahoma however does not protect against United States federal legislation.

Section 10.

State of Wisconsin

10.1 2005 Wisconsin Act 482 Prohibiting the Required Implanting Of Microchip in an Individual and Providing a Penalty

The people of the state of Wisconsin, represented in senate and assembly, do enact as follows: SECTION 1. 146.25 of the statutes is created to read: 146.25 Required implanting of microchip prohibited.
No person may require an individual to undergo the implanting of a microchip.
Any person who violates sub. (1)may be required to forfeit not more than $10,000. Each day of continued violation constitutes a separate offense.

10.2 Definition

The term microchip is used however no definition is provided therefore any device containing a microchip or device of similar or advanced capabilities is included within the definition of a ‘microchip.’

10.3 Who it affects?

“No person may require an individual to undergo the implanting of a microchip” (2005 Wisconsin Act 482) prevents all individuals within the state of Wisconsin however does not protect against United States federal legislation.

Section 11.

State of Georgia

11.1 HB 38, Microchip Consent Act

SECTION 2… 1) ‘Implantation’ includes any means intended to introduce a microchip internally, beneath the skin, or applied to the skin of a person.(2) ‘Microchip’ means any microdevice, sensor, transmitter, mechanism, electronically readable marking, or nanotechnology that is passively or actively capable of transmitting or receiving information. This definition shall not include pacemakers.(3) ‘Person’ means any individual, irrespective of age, legal status, or legal capacity.(4) ‘Require’ includes physical violence, threat, intimidation, retaliation, the conditioning of any private or public benefit or care on consent to implantation, including employment, promotion, or other benefit, or by any means that causes a. person to acquiesce to implantation when he or she otherwise would not.  No person shall be required to be implanted with a microchip. This Code section shall be subject to a two-year statute of limitations beginning from the date of discovery that a microchip has been implanted.  Any person required to have a microchip implanted in violation of this Code section shall be entitled to pursue criminal charges in addition to filing a civil action for damages. Each day that a microchip remains implanted shall be subject to damages of not less than $10,000.00 per day and each day shall be considered a separate violation of this Code section.  The voluntary implantation of any microchip or similar device may only be performed by a physician and shall be regulated under the authority of the Composite State Board of Medical Examiners.”

Section 12.

State of Missouri

285.035.1. No employer shall require an employee to have personal identification microchip technology implanted into an employee for any reason.

For purposes of this section, “personal identification microchip technology” means a subcutaneous or surgically implanted microchip technology device or product that contains or is designed to contain a unique identification number and personal information that can be non-invasively retrieved or transmitted with an external scanning device. Any employer who violates this section is guilty of a class A misdemeanor.

Section 13.

Cross-case comparison

From the seven (7) states studied in 2007, it is clear that there are subtle yet possibly detrimental differences between the legislation enacted (e.g. in the case of North Dakota and Wisconsin) and the legislation pending enactment.

13.1 Stakeholder & Other Definitions

Citizen: Refers to any other citizen within the state of the (enacted / pending) legislation other than the subject (oneself).

Employer: Refers to the manager, management, owner, franchiser or CEO of an organization by where the subject is currently employed on any basis (full time, casual, part time, or probation).

Government: Refers to the state government and anyone employed by the state government including law enforcement personnel.

Hospitals (Doctors): Refers to any healthcare practitioner including, general practitioners and psychologists, psychiatrists, social workers and nurses of the subject who may be deemed suffering a mental illness.

Parents:Refers to the parents and guardians of a minor as defined by the state and the carer / guardian / solicitor of a subject deemed mentally ill or elderly.

Yourself: Refers to the subject, an individual wishing to approve the implantation of a microchip into their body.

Fine: Refers to a monetary fine payable for the offence of coercing an individual to be chipped. If a period of time (day(s), month(s), year(s)) is including in this field then jail time for that period indicated is part of the maximum sentence for the crime.

Consecutive Day: Refers to the punishment (jail time / momentary fine) applicable for each day in which the crime occurs.

13.2 Fines and Punishment

The following section provides a breakdown of the key elements within the Acts and Bills for each state and shows what is permitted by law and what is disallowed with regards to ICT implants states of the U.S.A. Section 13.2 should be read together with Table 1.

Table 1. U.S. State Anti-Chipping Laws/Bills Comparison Chart as of October 2007

Table 1. U.S. State Anti-Chipping Laws/Bills Comparison Chart as of October 2007

The yellow colored sections of the table represent a fine or punishment which can be seen as too light in comparison to the other states. In California for each day the offence occurs after the initial offence a 10,000) is charged. According to the United States Census Bureau, a citizen of California on average earns 6.666% more than an average American and 17.7% more than the average citizen of North Dakota [22] and yet the proposed fine in California is only 10% of the fine quoted in North Dakota's enacted legislation (2007 North Dakota SB 2415).

Ohio put in place a maximum penalty of 150 is not too much of an added expense to the $200 outlay per microchip [23]. This fine is not comparable to any of the other states and may oppose a risk rather than a benefit if it becomes enacted and employers act on the proposed $350.00 ‘investment.’

The peach colored section of Table 1 outlines the three states (Colorado, Florida and North Dakota) proposing jail time part of the maximum sentence if an individual is in breach of the legislation. These jail times come about by the classification of the offence as a felony or a misdemeanor and of a particular class. These classifications are then cross referenced to the State Code in order to determine the maximum sentence. Even though these states vary with punishment and do not have a monetary fine comparable with Oklahoma and Wisconsin, the fact they reference a classification under a criminal code protects the legislation for many generations. The fine attached to a classification may be changed if the legislative or judicial assembly makes a proposal and these changes often occur in a change in inflation or the Consumer Price Index (CPI), making the fine comparable in years to come. States that propose a fixed fine do not allow for inflation or CPI and may become a more relaxed punishment during the development of society over subsequent decades.

The green colored sections of Table 1 outline who is allowed to enforce the implantation of a microchip upon an individual without direct punishment in reference to the enacted or proposed bill of that state. In the case of Ohio only an employer who is a citizen of Ohio is prevented from chipping an employee of an Ohio state registered firm (2006 Ohio SB 349). California is the only state out of the seven that included clauses by which an exemption from punishment could be applied. Section (g) of 2007 California SB 362 allows the parents and guardians of minors to enforce the implantation of a device under certain circumstances outlined in §6922 and §6924 of the California Family Code. This clause does not mean that this does not apply to the other six states. The judiciary has the power to veto the legislation if they feel other legislation such as a Family Act is more relevant to the case or superior to the microchipping legislation and the defendant's lawyer has the ability to utilize these acts or codes to refute the microchipping legislation.

Section 14. 

Conclusion

As the development and deployment of the implantable microchip continues to gather momentum across markets and jurisdictions, the greater the propensity for case law to emerge related to the specific ICT implantable technology. The problem with state laws, as demonstrated in the U.S.A is that legislation is not uniform, at least at the state level, and even more anomalous is a comparison between state and federal legislation, which will be the focus of a forthcoming study.

References

1. C. M. Banbury, Surviving Technological Innovation in the Pacemaker Industry 1959-1990. New York: Garland Publishing, 1997.

2. J. H. Schulman, "Human Implantable Technologies," in Career Development in Bioengineering and Biotechnology, G. Madhavan, Ed., 2009, pp. 167-172.

3. R. A. Lindley, Smart Card Innovation. Australia: Saim, 1997.

4. K. Warwick, I, Cyborg. UK: Century, 2002.

5. J. B. Wyatt, P. D. George, and K. Van Dyck, "Implant Gun, Pfizer Inc.," in Appl. No.: 05/046,159 United States Patent, 15 June 1970.

6. D. Man, "Dr. Man Plastic Surgery," 2009.

7. D. Man, "Implantable homing device," in United States Patent: 4,706,689. Boca Raton, Florida: USPTO, 8 January 1987.

8. A. Mann, "Where Technology and Life Unite," Alfred Mann Foundation, 2009.

9. M. Treder, "Radical Prosthetic Implants," Institute for Ethics and Emerging Technologies, 2009.

10. K. Michael and M. G. Michael, "Microchipping People: The Rise of the Electrophorus," Quadrant, vol. 414, pp. 22-33, 2005.

11. K. Michael, M. Michael, and R. Ip, "Microchip Implants for Humans as Unique Identifiers: a Case Study on VeriChip," presented at 3TU: Ethics, Identity and Technology, The Hague, The Netherlands, 2007.

12. M. G. Michael and K. Michael, "Uberveillance: Microchipping People and the Assault on Privacy," Quadrant, vol. LIII, pp. 85-89, 2009.

13. M. N. Gasson, "ICT Implants: the Invasive Future of Identity," in IFIP International Federation for Information Processing: The Future of Identity in the Information Society;, vol. 262, S. Fischer-Hübner, P. Duquenoy, A. Zuccato, and L. Martucci, Eds. Boston: Springer: Springer, 2008, pp. 287-295.

14. E. M. Ramesh, "Time Enough? Consequences of Human Microchip Implantation," Franklin Pierce Law Centre, vol. 8, 1997.

15. W. A. Herbert, "No Direction Home: Will The Law Keep Pace With Human Tracking Technology to Protect Individual Privacy and Stop Geoslavery?," I/S - A Journal of Law and Policy for the Information Society, vol. 2, pp. 409-472, 2006.

16. ADSX, "Get Chipped™: VeriChip™ preregistration program," in Applied Digital Solutions, 2002.

17. K. Michael and M. G. Michael, Innovative Auto-ID and Location-Based Services: from Bar Codes to Chip Implants. Hershey: Information Science Reference, 2009.

18. W. Kluwer, "States regulate use of microchips as tracking device," CCH® Internet Research NetWork, 2009.

19. C. E. Lyon, "California Bans Mandatory Implanting of Identification Devices," Morrison & Foerster, November 2007.

20. F. L. College, "Colorado Revised Statutes, Fort Lewis College," 2007.

21. US Library of Congress, "Federal Judiciary Branch," 21 July 2007.

22. US Census Bureau, "Current Population Survey (CPS): Annual Social and Economic Supplement," 2007.

23. T. Chin, "Tiny Implant Puts Portable Medical," in American Medical News, April 24 2006.

IEEE Keywords: Law, Legal factors, Implants, Legislation, Monitoring, Humans, Medical diagnostic imaging, Signal generators, Diseases, Pharmaceutical technology

INSPEC: public administration, legislation, rights protection, legal ramification, microchipping people, United States of America, state legislation,state law, state bill, antichipping legislation

Citation: Angelo Friggieri, Katina Michael and M.G. Michael, 2009, The legal ramifications of microchipping people in the United States of America- A state legislative comparison, ISTAS09, IEEE International Symposium on Technology and Society, ISTAS '09. 18-20 May, Tempe, Arizona, DOI: 10.1109/ISTAS.2009.5155900.

Privacy-value-control harmonization for RFID adoption in retail

Abstract

Privacy concerns have, at least in part, impeded the adoption of radio frequency identification (RFID) in retail. The adoption of other automatic identification (auto-ID) applications shows that consumers often are willing to trade their privacy or their control of personal information against some value afforded by the application. In this paper, the interplay between privacy, value, and control is examined through a literature survey of four auto-ID applications: mobile phone, electronic toll collection, e-passports, and loyalty programs. The consumer value proposition for the use of RFID in retail is investigated through an online survey exploring end-user perceptions. The results of the survey are: 1) the customer value proposition has not been communicated well to customers; 2) privacy concerns are higher than other previously adopted applications despite similar privacy issues; and 3) harmonization of privacy, value, and control is likely to be achieved only after adoption, when customers will be educated through experience with the application.

Introduction

Over the past decade, organizations have aggressively pursued the use of radio frequency identifi- cation (RFID) as a means to better identify, control, and track stock throughout the supply chain. The linking of RFID, an automatic identification (autoID) and data collection technology, to consumer goods has resulted in widespread concern surrounding privacy issues. The mainstream media have been quick to expose these privacy concerns, with most articles focusing purely on the potential of the technology to track consumers without their knowledge or consent. Prior to 2004, this resulted in many major retail organizations around the world temporarily halting their RFID initiatives because of consumer backlash and many more organizations hesitant to proceed further.1 Since that time, a number of U.S.- and European-based large retailers have either adopted RFID or conducted trials.2 Whereas privacy may not be the single biggest issue stifling the deployment of RFID, it has acted to delay uptake in the retail industry.3 This paper explores whether an appropriate harmonization between consumer privacy, value, and perceived control can be established for the use of RFID in retail.

There are three vital considerations in achieving this aim: (1) how consumer awareness influences perceptions, and consequently the development of such a harmony; (2) the balance evident in other, similar, auto-ID technologies and services that have already been adopted successfully; and (3) how an appropriate harmonization between value, privacy, and control can be achieved. In fulfilling the aims of the study, the consumer value proposition for the use of RFID in retail will be explored. Consumer perceptions of RFID and associated privacy issues will also be investigated. Finally, the extent to which education and awareness affect perceptions of value, privacy, and control will be measured.

RFID is best characterized as an auto-ID technology that uses radio waves to identify objects. In the context of this study, the specific RFID technology of interest is passive tags, which are tiny transponders that can be embedded or attached to an object requiring identification. These transponders, as small as a grain of rice, do not have a power source of their own; rather, they use the energy from an incoming radio frequency signal to transmit stored data to the reader. The most important characteristic of RFID technology in relation to the tagging of consumer goods is that it does not require line-ofsight positioning, which is a requirement of bar code systems. For EPC Gen 2 UHF (electronic product code generation 2 ultra high frequency) passive tags, the read range is 3.5 meters and the write range is 2 meters, depending on the RFID system setup and the environmental conditions. It is also possible to achieve reads of up to 8 meters away using these tags. The ability for RFID tags to be read covertly is the main concern among privacy advocates.

The rest of this paper is organized as follows. In the next section, definitions of privacy, value, and control are provided in addition to a survey of related RFID works. Then, the methodology used in the current study is briefly described. In the following section, four widely adopted auto-ID applications are presented using a literature survey to explore the actual privacy, value, and control dynamics that have led to consumer acceptance of these auto-ID technologies. In the next section, the results of an online survey investigating consumer perceptions of RFID in retail are presented and a comparison is made between the qualitative and quantitative findings. In the following section, the principal outcomes of the study are discussed. A brief summary of the material presented concludes the paper.

Previous Works

The classic definition of privacy is provided by Westin, as the ‘‘claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.’’4 This study is primarily focused on information privacy, which is described by Clarke as ‘‘the interest an individual has in controlling, or at least significantly influencing, the handling of data about themselves.’’5 Of primary concern in regard to RFID usage in retail is the collection of personal information that pertains to consumer shopping preferences, actions, and behavior. It is the collection, use, and disclosure of this information, particularly when it may be incorrect or unverified, to identify, track, and monitor individuals without their awareness or express approval, that is commonly recognized as one of the most prominent threats. It is important to understand that Clarke’s definition, along with other definitions of privacy from Altman,6 Schoeman,7 and Margulis,8 all emphasize that privacy is not separate from control; rather, it is ‘‘deeply intertwined with it.’’9

Value in this study will be viewed in terms of the benefits RFID technology affords consumers. It is how an individual prizes a certain outcome against all others.10 The value proposition to consumers for RFID usage in retail is generally phrased in terms of convenience. It is an equation of all the positive factors that interest the individual. It can include cost savings, time reductions, efficiency, personalization, safety, and security, as well as convenience and other tangible and intangible benefits. Therefore, in creating a harmony of privacy, value, and control, it is a harmonization between consumer willingness to lose some degree of privacy versus the strength of the retailer’s value proposition for using the technology.11 The value proposition can essentially be seen as a combination of benefits versus risks that consumers will evaluate in their decisions and perceptions.

Inness12 is clear that in characterizing the function of privacy in terms of control or restricted access there are ramifications for the normative value we accord privacy. For the purpose of this study, control becomes a relevant dimension of RFID acceptance, because it is only through a perceived level of control over their personal information that consumers will feel their privacy is being respected.13 The level of control that is provided either through the technology or by the service provider, whether that be perceived or real, is seen as an important element that, when combined with the value proposition, can affect consumer acceptance.

The consumer acceptance of RFID has been investigated in a number of studies. Some have proposed solutions that protect and enhance privacy and afford consumers a level of control.14–16 These solutions are typically technology-based, legislative, or regulatory in nature. Despite the different privacy solutions, a number of studies critically highlight that consumer perceptions and fear of RFID technology, brought about by a lack of understanding, remain.17,18 Thus, regardless of which privacyenhancing technologies are used, the concerns from the consumer’s perspective are the same.9,19 It is apparent from such studies that the real issue becomes one of fear or other underlying motives, that, when combined with perceptions of privacy and control, motivate a consumer’s acceptance of RFID technology. One quantitative study found that consumers felt a lack of perceived control over the technology as well as a great power distance,20 and another study found that cultural dimensions affected the way in which consumers viewed the privacy threat.21

The privacy debate has developed due to the identification and tracking capabilities inherent in the RFID technology. The argument is that if the tags were to remain active after the consumer has left the store, the technology could provide retailers and manufacturers the ability to track an individual’s movement and behavior in a clandestine manner.22 This is introduced by Roussos,23 who explains the ability of the technology to silently retrieve and record unique identifiers as an important contributing factor toward consumer uneasiness. Garfinkel et al.15 discuss seven key privacy threats that arise from the capabilities of RFID: (1) action threat; (2) association threat; (3) location threat; (4) preference threat; (5) constellation threat; (6) transaction threat; and (7) breadcrumb threat (i.e., leaving a trail of actions). Such threats have given rise to much concern by privacy advocates. In 2005, Eckfeldt24 explained that many major companies around the world had already scrapped RFID plans following consumer backlash. If it were not for the ‘‘haunting cries of privacy running afoul,’’ many more companies would have tested and launched RFID initiatives.1 This can also be seen clearly in the results of a Cap Gemini Ernst & Young consumer perception study of RFID that highlighted privacy concerns as ‘‘the most significant issue among consumers in all countries.’’25

The value proposition for RFID use in retail is an important topic that underscores consumer acceptance of RFID. What is apparent in surveying the literature is that while the benefits of RFID have been clearly defined and expressed for retailers, they have not been so clearly communicated to consumers. Eckfeldt24 makes an important assertion in discussing the value of RFID to consumers: ‘‘... the difference between successful and shunned RFID applications turns on delivery of clear, tangible value to the average consumer.’’ Furthermore he stresses that in assessing consumer benefit, organizations must consider consumers’ interests above their own; otherwise, they will produce a solution that fails to provide a positive balance between risk and reward in the eyes of the consumer. He further highlights that a tangible consumer benefit is pivotal to all these solutions. McGinity1 stresses the key value to consumers: better prices and product selection brought on by better efficiency at the back end, including reduced waste, reduced shrinkage, and improved supply chain processes. However, because the systems have not been widely implemented, assessing or promoting such benefits would appear to be speculative at best.

Balancing the economic interests of business against the privacy interests of consumers is another cornerstone in the privacy debate. Culnan and Bies11 introduce the centrist perspective, whereby corporate access to information should be balanced against the legitimate rights consumers have toward protection of their privacy. In addressing this balance, the notion of second exchange is introduced, whereby consumers make a non-monetary exchange of their personal information in return for improved service, personalization, and benefits.11 Importantly, they highlight that, for both organizations and consumers to realize the benefits, consumers must be willing to disclose their personal information and thus surrender some degree of their privacy. It is proposed, therefore, that people may be willing to accept a loss of privacy as long as there is an acceptable level of risk accompanying the benefits.

This idea of balancing interests is touched on by many authors. Eckfeldt,24 for example, emphasizes the idea of risk again in stating that successful RFID applications over-compensate for any privacy fears. He furthers the idea of risk in proposing that consumers will accept the risks if the application is worth the benefits. Langheinrich’s26 discussion on privacy claims that privacy practices and goals must be balanced with the convenience or inconvenience associated with them. In balancing the interests of consumers against organizations, the important issue that seems to dominate is the balancing of convenience and other terms of value for the consumer against the privacy incursion that is inevitable in providing such applications. It must be underscored that an underlying assumption made in this study by the authors is that privacy incursions, especially in the form of breaches in information privacy, are inevitable in the adoption of any emerging mass-market technology, and even more so if that technology happens to be wireless or mobile.

Methodology

Figure 1 Conceptual framework for the auto-ID application cases

This study used a combination of qualitative and quantitative approaches; a literature survey of four auto-ID applications, and a quantitative analysis of the data collected from an online survey. The literature survey covers the mobile phone, electronic toll collection (ETC), e-passports, and loyalty programs. The online survey analyzed the consumer value proposition for the use of RFID in retail and privacy threats relative to education and awareness. The conceptual framework for the auto-ID application cases is illustrated in Figure 1.

The conceptual framework covers the main dimensions studied in the literature search and their relationships. Harmonization can be derived from the value offering of the RFID technology, some of which is inherent to the technology itself (e.g., contactless operation), and some offered by the provider of the service using the technology (e.g., fast checkout at a supermarket). The privacy threats that the technology exposes, and the degree of control individuals have over their personal information, are also considered.

Harmonization is also affected by how widely the technology is to be used; that is, whether it is for large, high-priced items only, or for mass-market products. It has been seen that the more people use a technology (i.e., the higher the penetration rate), the less individuals question the privacy risks. The balance is also affected by the environment in which the technology is to be adopted, whether that be mandated (as in the case of e-passports), or voluntary. Finally, harmonization is also affected by societal perceptions; for example, the idea of microchips attached to common objects immediately conjures notions of Big Brother, and thus a negative perception of the technology.

Data collection for the case applications used multiple sources, including documents such as books, media reports (e.g., Factiva27), journal articles, white papers, corporate information, and marketing materials. The documents were sourced from libraries (offline), databases (e.g., IEEE Xplore28), online journals (e.g., the Journal of Theoretical and Applied Electronic Commerce Research), and media organizations (e.g., the British Broadcasting Corporation), as well as corporate, governmental, and institutional Web sites. The data collection was an iterative process, starting with a broad search strategy involving the key topics under investigation, with more targeted searches conducted thereafter.

Data collection for the online survey was administered at www.rfidsurvey.org for a period of 75 days, from July 10, 2007, through September 23, 2007. The online survey was openly accessible to all Internet users. In addition, targeted recruitment was undertaken in the form of electronic and physical mailings. The data collected in the online survey was based on 28 questions structured into four separate sections. The first section asked for general demographic information as well as information about the participants’ awareness and education. The second section queried participant perceptions of the consumer value proposition for the use of RFID in retail, asking participants to rank both awareness and importance against a list of suggested RFID benefits. The third section focused on assessing value and privacy in regard to a number of other technologies such as mobile phones, smart cards, loyalty programs, e-passports, GPS car navigation, and electronic toll collection. Four of these technologies are featured in the case study analyses. The final section of the survey asked questions about perceptions of privacy threats due to the use of RFID. Presented with a list of threats, participants were asked to rank awareness and concern of such threats. During the survey, respondents were given several opportunities to reply by way of open comments.

Qualitative content analysis was used to discover similarities between the four auto-ID application cases under investigation. Toward this end, the cases were structured in the same manner, around the themes of privacy, value, and control. The analysis focused on the significance of the technology given its penetration and usage rates, despite the presence of privacy threats, and the outcome is presented in narrative form. The text-mining tool Leximancer29 was used to analyze the documents collected, including the open comments provided by survey respondents. Leximancer assisted in uncovering the main concepts contained within the text and showed how these were interrelated.

The purpose of the statistical survey analysis was to uncover the perceptions held by participants toward RFID in retail, its potential threats, and its potential value given a number of typical usage scenarios. Perceptions of threat and value were also analyzed with regard to a number of other auto-ID technologies. Inferences were drawn on the population being studied by finding correlations using rating scales to reflect the real-world nature of the research. Given the use of the Likert approach, readers should note that the researchers were not working with quantities that provided precise measurements but working with rating scales (correlations of which provide general indications only). Using JMP* Statistical Discovery Software from SAS Institute, Inc., a common score for RFID value and threat, as well as value-and-threat scores for other auto-ID technologies, was determined by aggregating the rankings given by participants to relevant questions. The participants’ awareness of RFID and its potential use was also found in this way, using linear regression analysis.

The significance probability of the test (represented as a p-value) is a measure of how likely or unlikely it is to experience the observed data if the null hypothesis is true. The p-value is the area under the null distribution curve that is in bigger disagreement with the null hypothesis than the observed test statistic. When the p-value is less than 0.05, the result of the test is said to be statistically significant. When the p-value is less than 0.01, the result of the test is said to be highly statistically significant. The relationships between variables that were particularly significant in the data studied are illustrated using bivariate plots.

Auto-ID Applications

This section will present auto-ID application cases that explore the adoption and acceptance of a number of technologies and services within the context of privacy, value, and control.30

Mobile phone

The value proposition of the mobile phone extends from the convenience offered by its inherent mobility. In a study conducted by Hakkila and Chatfield31 regarding perceptions of mobile phone privacy, it was shown that greater than 82 percent of respondents considered their mobile phone a ‘‘private device.’’ The mobile phone presents a number of unique privacy threats, yet such privacy threats are seldom discussed or thought of by end users.32 Many citizens in the U.S., for example, are completely unaware that government authorities can track their movements by monitoring the signals that are emitted from the handset.33 The mobile phone also presents other privacy concerns in regard to the interception of signals by unauthorized persons.34 Theoretically, users can exercise control over other parties tracking their location by simply turning off their phones. However, in doing so, they prevent access to the features of the phone that provide the value in the first place.

Electronic toll collection

The key value proposition that electronic toll collection (ETC) systems offer is convenience and time saving. Such a system eliminates the burden to have cash available to make toll payments and provides individuals and corporations the convenience of an account that can provide better tracking of toll expenditure with more convenient payment options.35 Caldwell36 highlights two privacy concerns with regard to ETC. The first is the illegitimate use of drivers’ personal information related to payments, movement, and driving habits, which could become accessible if electronic records are compromised through a ‘‘cyber break-in.’’ This has been demonstrated on numerous occasions, such as the incident in which programmers were able to view ETC account details for subscribers in several countries, including one of the largest ETC systems in the United States.37 The second concern is the legitimate use of ETC account information by government authorities or private vendors that can use the information to monitor driving patterns and behavior of thousands of motorists. The concern also applies to other potential uses, such as traffic surveillance being used to detect speeding violations or stolen vehicles.38 Court cases in the U.S. have already demonstrated the potential for toll-tracking information to be used to verify an individual’s whereabouts and movements. The states of Delaware, Illinois, Indiana, Maryland, Massachusetts, New York, and Virginia have all released E-ZPass toll records in response to court orders for civil matters such as divorce. The states of Maine, New Hampshire, New Jersey, and Pennsylvania only release electronic toll records for criminal cases.39

e-passports

The greatest value of the e-passport, as stressed by most issuing authorities, is the enhanced security it is purported to provide through the digital storage of passport information.40 Certainly, given the current level of importance placed on national security, governments have been keen to introduce this technology as a means of providing more stringent monitoring of individuals entering and exiting the country.

The privacy concerns surrounding e-passports are primarily related to the ability to access passport information without contact, a capability afforded by the use of RFID to store the data contents of the passport. Juels, Molnar, and Wagner41 identify six key areas of concern: (1) clandestine scanning; (2) clandestine tracking; (3) skimming and cloning; (4) eavesdropping; (5) biometric data leakage; and (6) cryptographic weaknesses. The main issue of the e-passport is that the International Civil Aviation Authority (ICAO) does not require authentication or encryption for communications between the reader system and the e-passport. In locations where passports are frequently open, this could allow for eavesdropping. Theoretically, the unique identifier (ID) stored on the microchip could identify individuals and be used for tracking. Passports could even be cloned, because the digital signatures cannot tie the data to a particular passport. Once a reader has the key, there is no mechanism for revoking access, thus giving the reader the ability to scan the passport in perpetuity. Globally, it is reported that more than 50 million e-passports have been issued, which suggests that despite privacy concerns, the technology has undoubtedly been deployed successfully.42 Some states have mandated that the contactless microchip be shielded by a metal jacket to prevent the chip from being read when the passport is closed.43 If the shield is not provided, a sheet of aluminum foil will equally prevent unauthorized access of personal data on the e-passport.44

The media have been quick to highlight potential failures with the technology, such as the demonstration by a hacker who successfully cloned a U.S. e-passport and then dumped the contents onto an ordinary contactless smart card.45 A further threat was exposed when programmers demonstrated how an explosive device connected to an RFID reader could be triggered when a U.S. citizen carrying an e-passport came within reach of the reader.45 Given the mandatory nature of passports, there is very little individuals can do to avoid using them when traveling abroad. There is also little an individual can do to control how government authorities access and use the information on the passport when they are entering a foreign country.

Loyalty programs

In the case of loyalty programs, the value proposition is critical for encouraging consumer use and for developing the brand loyalty that the programs aim to achieve. A number of factors that determine such value in a loyalty program are described by Yi and Jeon.46 They include: (1) the cash value of rewards; (2) the choice of rewards; (3) the aspirational value of rewards; (4) the likelihood of achieving the rewards; and (5) how easy the loyalty scheme is to use.

The major privacy threat that extends from the use of loyalty programs is the ability to tie purchases of specific products to individual consumers and monitor their purchasing behavior over time. A study conducted by Graeff and Harmon47 found that in regard to loyalty programs, consumer perceptions were typically positive and most consumers did not associate such schemes with the collection and use of personal information. Loyalty programs are the ultimate demonstration of the trade-off consumers make of their privacy in order to gain something of value: benefits, rewards, convenience, or savings.48

A key element of consumer loyalty programs is their opt-in nature. Consumers are also given control over their personal information by government regulations, which in most countries grant consumers the right to know exactly what information retailers are collecting and how it is being used.

Discussion

It would appear, given the widespread use of the four auto-ID applications, that privacy has not been a barrier to their adoption and consequent acceptance by society. While the privacy concerns still exist and indeed, many individuals remain concerned about their privacy in relation to such technologies and services, on the whole it would seem that consumers have accepted each application because either the value proposition or level of control present balances against the privacy issues (mobile phones, ETC, and loyalty programs), or participation (usage) is mandatory and the appropriate safeguards to privacy are in place (e.g., e-passports).

Using Garfinkel et al.’s paradigm,15 action can be inferred by monitoring the mobile phone location, or monitoring tag usage at tollways, or monitoring passport usage, or inferred by the use of loyalty cards or the redemption of rewards. Association is prevalent in being able to identify an end user through the international mobile equipment identity (IMEI) in a mobile phone, through the tag ID or account number for tollways, through the e-passport ID number, and through the membership number on loyalty schemes. In terms of location, a mobile phone can be found through triangulation or using the Global Positioning System (GPS) chipset in the handset. The location of tags in tollways is also collected at each ETC entry and exit gantry. The location of an e-passport is established each time it is read by authorities or a reader device. For loyalty programs, the location can be established each time the card is used.

In the case of preferences, a mobile service provider has a list of features into which the user has opted. There are no preferences for ETC or e-passports. Loyalty programs allow for detailed consumer preferences to be analyzed by monitoring purchases and behavior. Information transactions are recorded by all the auto-ID applications studied. However, the loyalty card program is the only case investigated where transactions carry a value related to a monetary measure or rewards-based points scale. With respect to privacy, the breadcrumb attribute is the most invasive in terms of privacy threats. In the case of a mobile phone, a trail of actions can be inferred by the handset location or subscriber usage patterns. For ETC, a trail of actions can be generated by logging the location of the vehicle at entry and exit readers with timestamps. For the e-passport, each time it is read, the location is recorded. And for loyalty programs, a trail is automatically created of individual purchases at the point of sale. Different auto-ID applications have varying capacity to record location information, from the mobile phone that can be tracked 24-7, to the RFID in ETC that can be read several times per day on average, to the e-passport that is read at border checkpoints.

In the case of the mobile phone, the ubiquity in value terms would explain the lack of concerns consumers have toward their privacy in regard to its usage. For ETC, individuals have embraced the convenience aspects and it would seem that the ease of use of the technology (simply install the tag and forget about it) has again resulted in a general lack of concern about privacy issues. Loyalty programs are also clearly driven by their value to consumers. Of the four case studies discussed, the e-passport is the only one in which usage is almost completely mandatory for those wishing to travel internationally and also where individuals have very little control over how it is used by authorities. A summary of the key elements of value, privacy, and control for each of these technologies is provided in Table 1. For the greater part, the auto-ID technology in question provides value to the consumer by providing increased convenience. Consumers trade this value with the possibility of mobile telephone intercepts by lawful and unlawful parties, the potential to clone a tag, and the provision of personal biometric details. It is consumers’ perceived level of control of their personal information that can influence the value gained by opting in or out of a service. A key outcome that arises from the case studies presented is the varying relationship between three elements (privacy, value, and control). It is clear that in order to gain acceptance, privacy issues must be offset by value and control.

Table 1. Key elements of value, privacy, and control

In the case of mobile phones, it is evident that a somewhat low level of control is acceptable, given the relatively low vulnerability of individual privacy and the medium level of value the technology provides. With ETC, the vulnerability of user privacy is considered to be in the medium range, yet as users can exercise some degree of control over their privacy by removing the tag or opting to use alternative routes or payment methods, control is also depicted as being in the medium range. This medium range in regard to privacy and control is offset by a high level of value evident in the convenience the technology affords. With regard to e-passports, the government provides very little control. Furthermore, the value offered to the individual is, in real terms, also very low. Finally, with loyalty programs, a high vulnerability of individual privacy that arises from the vast amount of personal information collected is offset by a high level of control offered by providers by allowing consumers to freely opt out of such programs. The privacy risk is also further offset by the high level of value that such schemes must offer to encourage consumers to participate.

In the case of mobile phones, ETC, and loyalty programs, it is apparent that acceptance had to be earned through a favorable balance that was offered to consumers. In the case of e-passports, where the balance is unfavorable, acceptance was not generally required, as the technology was made mandatory by government authorities and the ICAO.

 

Analysis of Online Survey Data

The threats listed in the survey are potential threats of RFID (i.e., perceived threats) that have been drawn out from the literature as the major causes for consumer concern over the use of RFID in retail. Awareness refers to the aggregated score of each survey participant’s responses to a number of questions that dealt with perceptions of RFID and other auto-ID technologies. Specifically, the awareness score was calculated by the sum of responses in which participants ranked, using a Likert49 scale of 1 to 5, their knowledge on a list of 12 RFID related topics.

Sample respondents

Figure 2 Relationship between age and consumer awareness of RFID in retail

There were 142 survey responses in the pilot study. The majority (61.1 percent) of surveys were completed by Australians. The U.S. had the second largest number of responses (27.4 percent), with other responses recorded from countries such as Canada, Germany, Spain, and the United Arab Emirates.

Figure 2 aims to demonstrate the role that age plays in determining the level of awareness toward RFID. In analyzing the relationship between age and awareness, there is a highly significant relationship (p ¼ 0.0008) between a respondent’s age and his or her associated level of awareness. The data shows that awareness decreases with age, which is to be expected given that younger respondents are more likely to have been exposed to the technology, or have a heightened awareness of the possibilities and issues such technology represents.

Figure 3 Relationship between consumer awareness and value proposition for RFID in retail

Figure 3 Relationship between consumer awareness and value proposition for RFID in retail

Figure 3 shows the relationship between awareness and the consumer value proposition for RFID as being statistically significant (p ¼ 0.0337). It is seen that as awareness increases, the participants’ rankings of RFID value decreases. This relationship suggests that those individuals who are highly aware of the technology are less likely to embrace the value of technology, as they are at the same time balancing the value against their perception of the privacy threats of the technology. Individuals who are less aware of the technology are more easily swayed by the value the technology provides.

Surprisingly, it would seem that awareness plays little role in an individual’s ability to perceive the privacy threats that the technology could introduce if it were to be implemented. This suggests perhaps that participants, regardless of their awareness of RFID, are able to appreciate the privacy issues based on their previous life experiences, particularly with other technologies presenting similar issues.

Figure 4 Consumer concern over privacy: RFID in retail versus other auto-ID applications

The results also indicate that there is some statistical significance in the relationship between RFID value and privacy threat. The higher an individual ranks the potential value of RFID, the lower they rank the potential privacy threat. It would suggest that elements of consumer value proposition for RFID, such as convenience, may override any potential privacy threats. Thus, presenting a clear value for RFID could be seen as important in countering any potential losses in privacy.

A key element of the survey was the ranking participants provided on both value and privacy concerns in regard to a number of other related technologies that have enjoyed widespread adoption (Figure 4). There was a highly significant relationship (p ¼ 0.0028) found between the perceived privacy threat of these other technologies and RFID usage in retail. In essence, respondents who were concerned about their privacy in relation to the other technologies were just as likely to be concerned about their privacy if RFID were to be adopted in retail.

Analysis of open comments

Analysis of the comments revealed a great range of attitudes, ranging from individuals who were strongly focused on potential privacy issues, to individuals who saw the technology as something quite positive and thus balanced this against the potential privacy issues. There were also many individuals who proposed safeguards that would need to be in place to make the technology acceptable.

In regard to privacy, there were a number of respondents who voiced their concerns. Comments such as, ‘‘I should have my right to privacy,’’ ‘‘... it invades on our personal freedoms,’’ ‘‘It’s too obtrusive,’’ and ‘‘... this technology is a violation of people’s right to privacy’’ clearly express strong feelings toward the potential of RFID to erode privacy of the individual. Many individuals also stressed that while they could see the value, or see the positives, they were not convinced that potential privacy issues would be managed effectively. This is well represented in the comment, ‘‘the benefits ascribed to RFID technology for the retail trade are commendable, but I have zero confidence that they will be achieved, and, instead, consumers will be subjected to more advertising, intrusion, and loss of privacy than ever.’’

Contrarily, there were a number of respondents who clearly valued the technology despite any potential privacy issues. This is illustrated by the comments, ‘‘... only someone trying to hide something or [run] from something would think this system is not a positive thing,’’ ‘‘... the benefits for consumers ... far outweigh the privacy issues that are envisaged,’’ and ‘‘... the privacy issues would sort themselves out in time.’’

A few respondents critically pointed out that indeed, this study assumed RFID technology would replace the bar code at some point. They also stated that the technologies were more complementary to each other, and that the value of placing RFID tags on every item is not justified by the present cost in doing so.

It would seem that the majority of users approach the technology with the idea that control would best balance the value against the privacy issues. The clear majority of comments expressed that the design of RFID systems should incorporate privacy protection from the outset. A common theme is seen in the comment, ‘‘if proper privacy and security architectures were implemented and enforced, the deployment of RFID systems need not be so problematic ... ’’ And again from another respondent, ‘‘if privacy concerns were taken into account and proper privacy-enhancing technologies were implemented and used, we could have the benefits without the drawbacks ... ’’

Regulation and legislation were also pointed out by a number of respondents as important means of providing individuals with control over their privacy. Some consumers noted they would be happy with using the technology provided that ‘‘the technology was adequately regulated... .’’

On the whole, it is apparent that most users are more concerned about the misuse of their information than the actual collection of it. While privacy could be protected by a range of controls, the potential for the technology (as with any technology) to be misused and abused by ‘‘the low integrity sector of society’’ represents the greatest fear.

Figure 5 Overall respondent feelings toward RFID in retail

Figure 5 Overall respondent feelings toward RFID in retail

Together with the open comments, survey participants were also asked to provide a general ranking of RFID technology as it would be used in retail. Surprisingly, given the comments made and also the fact that the mean ranking in regard to privacy threats and RFID was 77 percent, the majority of individuals were neutral to very positive toward the technology (Figure 5). It would seem that most individuals can appreciate the technology, and although the privacy issues exist, they feel that the issues can be overcome, offset, or controlled in some manner.

A number of important outcomes are evident from the statistical analysis presented in this paper. These are summarized below:

  • As awareness of RFID and its associated issues increases, the relative importance of a consumer value proposition for RFID decreases.
  • Awareness of RFID and associated issues does not affect the perception of threat due to RFID.
  • The perceived privacy threat, and value, of RFID in retail is relative to an individual’s feelings toward other technologies and services with issues similar to RFID.

The most important observation in analyzing the results from the survey is the seemingly contradictory responses provided by the respondents. It was not uncommon to find participants who identified RFID as privacy-threatening, yet also stated that they were members of a loyalty program, or that they were mobile phone users.

Survey Results

In comparing the statistical results for the auto-ID application cases, it is evident that concern surrounding the privacy threat due to RFID in retail is considerably greater than the concern participants express for other applications. Where users have little to no concern regarding privacy and technologies, as is the case with the mobile phone and ETC applications and services such as loyalty programs, concern about RFID privacy threats is higher than should be expected. The key outcome that this exposes is the lack of harmonization in the current privacy, value, and control offering that RFID in retail presents.

In the application cases discussed, it was emphasized that appropriate harmonization between value and control could offset privacy issues. This is reflected in the relatively low level of concern participants in this survey placed on such technologies and services. Thus, the high rankings of privacy threats due to RFID in retail demonstrate that more education would be required to convince consumers of the value offered and the control they could exert over RFID usage. It is, however, important to understand that these rankings were given for auto-ID applications that are already widely adopted, whereby individuals have had time to understand and experience them in the context of their own lives. The privacy threat rankings individuals gave RFID, in many cases, show the lack of awareness of RFID. If consumers were actually to experience RFID usage in retail and place it in context with their own activities, it could be seen that rankings of the privacy threats may be significantly different, and perhaps more in line with the other auto-ID applications highlighted.

Therefore, it could be concluded, based on all the key results presented in this paper, that creating a favorable harmony of privacy, value, and control is perhaps an unrealistic notion when the technology has yet to be deployed. When there is such a divergent level of awareness among the greater population, striking a balance that is acceptable to all is an improbable task. It is therefore suggested that acceptance of RFID in retail may ultimately come over time, after adoption, as users become intimately experienced with its usage, or observe other user experiences. Consequently, privacy, value, and control are adjustable measures based on the feedback and behaviors of society in a given context and specific point in time. In that sense, harmonization will eventually occur with RFID in retail, just as it was shown with the auto-ID application cases presented.

The principal outcomes of this study can be summarized as follows:

  • The value proposition for RFID has not been well communicated to consumers.
  • Concerns surrounding RFID in retail were disproportionately higher than other previously adopted auto-ID applications despite similar privacy issues.
  • A harmonization between privacy, value, and control is unrealistic prior to adoption and can only be achieved once consumers can be educated through experience with the technology.

The preliminary findings of this study suggest that the harmonization between privacy, value, and control is largely dependent on individuals and their background (e.g., age), the type of technology being deployed (i.e., level of perceived invasiveness), and the type of provider (i.e., government or commercial entity). The results indicate that the perceived value and privacy threats posed by RFID in retail are commensurate with an individual’s pre-existing feelings toward other, similar, technologies. As was shown, privacy-related issues per se have not been a barrier to widespread adoption of auto-ID applications. On this point, the level of consumer awareness of RFID in retail does not seem to affect perceptions of privacy threats. It does, however, affect perceptions of value. Thus, a favorable harmonization whereby privacy is offset by value and control has been shown to encourage consumer acceptance.

The auto-ID application cases highlighted the importance of a harmonization between privacy, value, and control in influencing consumer acceptance and adoption. The online survey demonstrated the effect awareness has on perceptions and the disproportionately high rankings given for RFID privacy concerns.

The most significant outcome drawn from the combined analysis of the cases and the online survey is that achieving a harmony of privacy, value, and control for RFID adoption in retail is unrealistic at this point in time. With such differing levels of awareness and education, differing expectations, and differing perceptions, achieving a harmony that is favorable to all consumers now would be an improbable task. It is also evident in reviewing the literature that there have already been significant attempts to address privacy issues and provide individuals with a degree of control, yet the privacy concern still remains. This furthers the notion that it is unlikely that privacy concerns can be resolved prior to the technology’s adoption and use by consumers.

Figure 6 Harmonizing value, privacy, and control through the adoption process

RFID in retail can certainly achieve a favorable harmonization, one that offsets privacy risks with significant value and consumer control. It is more realistic, however, for this harmony to be achieved after adoption, when consumers can be educated through their experiences, and whereby society will consequently shape the balance as the impact of the technology becomes more evident. Figure 6 illustrates that to achieve harmonization there must first be a strong value proposition driving adoption in the first place.

Conclusion

In a society where it seems we are increasingly surrounded by technologies, governments, and institutions monitoring every move we make and collecting vast amounts of personal information, privacy has grown to become an ardently debated topic. Each individual living within a civil society has a right to privacy, yet in the wake of technologies that afford us great value, there will always be some loss of privacy. This study has not sought to dismiss privacy concerns, or argue to protect privacy, but rather to address it in the realistic context it plays in an environment of technological innovation driven by society itself. Ultimately, acceptance of a technology with privacy issues will always be a balancing act, a harmonization of privacy, value, and control.

Cited References and Notes

1. M. McGinity, ‘‘RFID: Is This Game of Tag Fair Play?’’ Communications of the ACM 47, 15–18 (2004).

2. J. Whitaker, S. Mithas, and M. S. Krishnan, ‘‘A Field Study of RFID Deployment and Return Expectations,’’ Production and Operations Management 16, No. 5, 599–612 (2007).

3. K. Michael and L. McCathie, ‘‘The Pros and Cons of RFID in Supply Chain Management,’’ Proceedings of the 2005 International Conference on Mobile Business (ICMB 2005), July 11–13, 2005, Sydney, IEEE Computer Society (2005) pp. 623–629.

4. A. F. Westin, Privacy and Freedom, The Bodley Head Ltd. (1970).

5. R. Clarke, ‘‘Information Technology and Dataveillance,’’ Communications of the ACM 31, No. 5, 498–512 (1998).

6. I. Altman, The Environment and Social Behavior: Privacy, Personal Space, Territory, Crowding, Brooks/Cole Publishing, Monterey, CA (1975).

7. F. D. Schoeman, Philosophical Dimensions of Privacy: An Anthology, Cambridge University Press, Cambridge, UK (1984).

8. S. T. Margulis, Contemporary Perspectives on Privacy: Social, Psychological, Political, Blackwell Publishing, London (2003).

9. S. Spiekermann, ‘‘Perceived Control: Scales for Privacy in Ubiquitous Computing Environments,’’ Proceedings of the 10th International Conference on User Modeling, Edinburgh, Scotland (2005).

10. B. D. Renegar and K. Michael, ‘‘The RFID Value Proposition,’’ Proceedings of the Sixth CollECTeR Iberoamerica: Collaborative Electronic Communications and eCommerce Technology Research, June 25–27, 2008, Madrid (2008) pp. 1–10.

11. M. J. Culnan and R. J. Bies, ‘‘Consumer Privacy: Balancing Economic and Justice Considerations,’’ Journal of Social Issues 59, No. 2, 323–342 (2003).

12. J. C. Inness, Privacy, Intimacy and Isolation, Oxford University Press, New York (1996).

13. J. R. Averill, ‘‘Personal Control over Aversive Stimuli and its Relationship to Stress,’’ Psychological Bulletin 80, No. 4, 286–303 (1973).

14. R. Bansal, ‘‘Now You See It and Now You Don’t [RFID Technology],’’ IEEE Microwave Magazine 5, No. 4, 32–34 (2004).

15. S. L. Garfinkel, A. Juels, and R. Pappu, ‘‘RFID Privacy: An Overview of Problems and Proposed Solutions,’’ IEEE Security & Privacy 3, No. 3, 34–43 (2005).

16. L. Hyangjin and K. Jeeyeon, ‘‘Privacy Threats and Issues in Mobile RFID,’’ Proceedings of the First International Conference on Availability, Reliability and Security (ARES 2006), April 20–22 2006, Vienna, IEEE Computer Society (2006), pp. 510–514.

17. G. Roussos and T. Moussouri, ‘‘Consumer Perceptions of Privacy, Security and Trust in Ubiquitous Commerce,’’ Personal and Ubiquitous Computing 8, No. 6, 416–429 (2004).

18. O. Gunther and S. Spiekermann, ‘‘RFID and the Perception of Control: The Consumer’s View,’’ Communications of the ACM 48, No. 9, 73–76 (2005).

19. S. Spiekermann, User Control in Ubiquitous Computing: Design Alternatives and User Acceptance, Shaker Verlag, Aachen, Germany (2008).

20. G. Ng-Kruelle, P. A. Swatman, D. S. Rebne, and J. F. Hampe, ‘‘The Price of Convenience: Privacy and Mobile Commerce,’’ Quarterly Journal of Electronic Commerce 3, No. 3, 273–385 (2002).

21. G. Ng-Kruelle, P. A. Swatman, J. F. Hampe, and D. S. Rebne, ‘‘Biometrics and e-Identity (e-passport) in the European Union: End-user Perspectives on the Adoption of a Controversial Innovation,’’ Journal of Theoretical and Applied Electronic Commerce Research 1, No. 2, 12–35 (2006).

22. B. J. Alfonsi, ‘‘Privacy Debate Centers on Radio Frequency Identification,’’ IEEE Security & Privacy 2, No. 2, 12 (2004).

23. G. Roussos, ‘‘Enabling RFID in Retail,’’ Computer 39, No. 3, 25–30 (2006).

24. B. Eckfeldt, ‘‘What Does RFID Do for the Consumer?’’ Communications of the ACM 48, No. 9, 77–79 (2005).

25. C. Perakslis and R. Wolk, ‘‘Social Acceptance of RFID as a Biometric Security Method,’’ IEEE Technology and Society Magazine 25, No. 3, 34–42 (2006).

26. M. Langheinrich, ‘‘Privacy by Design: Principles of Privacy-Aware Ubiquitous Systems,’’ Proceedings of the 3rd International Conference on Ubiquitous Computing, (Ubicomp 2001), Atlanta, September 30–October 2, 2001, Lecture Notes in Computer Science 2201, Springer (2001), pp. 273–291.

27. Factiva, Dow Jones & Co., http://www.factiva.com/.

28. IEEE Xplore, IEEE, http://ieeexplore.ieee.org/Xplore/ guesthome.jsp.

29. Leximancer (2008), http://www.leximancer.com/.

30. B. D. Renegar, K. Michael, and M. G. Michael, ‘‘Privacy, Value and Control Issues in Four Mobile Business Applications,’’ Proceedings of the Seventh International Conference on Mobile Business, July 7–8, 2008, Barcelona (2008), pp. 30–40.

31. J. Hakkila and C. Chatfield, ‘‘ ‘It’s Like If You Opened Someone Else’s Letter’: User Perceived Privacy and Social Practices with SMS Communication,’’ Proceedings of the 7th International Conference on Human Computer Interaction with Mobile Devices & Services, September 19–22, 2005, Salzburg, Austria, ACM, New York (2005), pp. 219–222.

32. N. Swartz, ‘‘Mobile Phone Tracking Scrutinized,’’ Information Management Journal 40, No. 16 (2006), http:// www.entrepreneur.com/tradejournals/article/ 184698661.html.

33. W. A. Herbert, ‘‘No Direction Home: Will the Law Keep Pace with Human Tracking Technology to Protect Individual Privacy and Stop Geoslavery?’’ I/S: a Journal of Law and Policy for the Information Society 2, No. 2, 409–473 (2007).

34. R. Whitaker, The End of Privacy: How Total Surveillance Is Becoming a Reality, The New Press, New York (1999).

35. P. Hills and P. Blythe, ‘‘Paying Your Way [Road Tolls],’’ The IEE Review 35, No. 10, 377–381 (1989).

36. C. Caldwell, ‘‘A Pass on Privacy?’’ The New York Times, July 17, 2005, http://www.nytimes.com/2005/07/17/ magazine/17WWLN.html?ex¼1279339200&en¼ c1f10d3de06adea6&ei¼5088.

37. A. McCluskey, ‘‘Position Paper: Business Ethics,’’ BT Financial Group 3, 1–5 (2004).

38. IBI Group, ‘‘Background Paper #8: Toll Technology Considerations, Opportunities, and Risks,’’ Washington State Comprehensive Tolling Study: Final Report 2, 1–33 (2006).

39. V. D. Hunt, A. Puglia, and M. Puglia, ‘‘RFID Technology in Homeland Security, Law Enforcement, and Corrections,’’ in V. D. Hunt, RFID: A Guide to Radio Frequency Identification, Technology Research Corp., New York (2007), pp. 67–82.

40. M. Meingast, J. King, and D. K. Mulligan, ‘‘Embedded RFID and Everyday Things: A Case Study of the Security and Privacy Risks of the U.S. e-Passport,’’ IEEE International Conference on RFID, March 26–28, Grapevine, Texas (2007), pp. 7–14.

41. A. Juels, D. Molnar, and D. Wagner, ‘‘Security and Privacy Issues in e-Passports,’’ First International Conference on Security and Privacy for Emerging Areas in Communication Networks, Athens, Greece (2005), pp. 74–88.

42. C. Edwards, ‘‘Borderlands of Confusion [Biometric Passports],’’ The IEE Review 51, No. 11, 34–37 (2005).

43. ‘‘Machine Readable Travel Documents (MRTDs): History, Interoperability, and Implementation,’’ working paper, International Civil Aviation Organization, Montreal (March 23, 2007), http://www.icao.int/icao/en/atb/ sgm/mrtd/TAG_MRTD17/TagMrtd17_WP016.pdf.

44. M. Sirotich, ‘‘ePassport Security Under the Microscope,’’ The Second Workshop on the Social Implications of National Security: From Dataveillance to Uberveillance and the Realpolitik of the Transparent Society 2, K. Michael and M. G. Michael, Eds., University of Wollongong, Wollongong, Australia (2007), pp. 257–280.

45. K. Zetter, ‘‘Hackers Clone E-Passports,’’ Wired News, August 3, 2006, http://www.wired.com/science/ discoveries/news/2006/08/71521?currentPage¼1.

46. Y. Yi and H. Jeon, ‘‘Effects of Loyalty Programs on Value Perception, Program Loyalty, and Brand Loyalty,’’ Journal of the Academy of Marketing Science 31, No. 3, 229–240 (2003).

47. T. R. Graeff and S. Harmon, ‘‘Collecting and Using Personal Data: Consumers’ Awareness and Concerns,’’ Journal of Consumer Marketing 19, No. 4/5, 302–318 (2002).

48. D. H. Nguyen, A. Kobsa, and G. R. Hayes, ‘‘An Empirical Investigation of Concerns of Everyday Tracking and Recording Technologies,’’ Proceedings of the 10th International Conference on Ubiquitous Computing 344, Seoul, Korea, ACM, New York (2008), pp. 182–191.

49. Attitude measurement used in surveys in which, in response to questions, respondents select from a set of typically five values, such as from complete agreement to complete disagreement, with no opinion in the middle.

Benjamin D. Renegar IBM Global Business Services, IBM Centre, 601 Pacific Highway, St. Leonards, NSW, Australia 2065 (brenegar@au1.ibm.com). Ben Renegar is a recent graduate from the University of Wollongong, having completed a Bachelor of Information and Communication Technology degree at the end of 2007 with the award of first-class honors. For this degree program, he completed a thesis on RFID adoption in the retail industry with a focus on the harmonization of value, privacy, and control. He was also awarded the PriceWaterhouseCoopers award for the highest grade in this program. He was employed by IBM as a Graduate Consultant in the Application Innovation Service Delivery organization in 2008.

Katina Michael University of Wollongong, NSW, Australia 2500 (katina@uow.edu.au). Dr. Michael is a Senior Lecturer in the School of Information Systems and Technology in the Faculty of Informatics at the University of Wollongong. She received a Bachelor of Information Technology degree from the University of Technology, Sydney (UTS) in 1996 and a Ph.D. degree in information technology and communications from the University of Wollongong in 2003. Before joining the University of Wollongong in 2002 to teach and conduct research in e-Business, she worked as a senior network and business planner at Nortel Networks. In 2000, Katina received the Nortel top talent award for work completed on 3G mobile networks in Asia. She is a senior member of the IEEE and a Board Member of the Australian Privacy Foundation.