Sociology of the docile body


Discipline and Punish: The Birth of the Prison (Penguin Social Sciences): Michel Foucault, Alan Sheridan: 8601404245756: Books

Embedded radio-frequency identification, sensor technologies, biomedical devices and a new breed of nanotechnologies are now being commercialized within a variety of contexts and use cases. As these technologies gather momentum in the marketplace, consumers will need to navigate the changing cybernetic landscape. The trichotomy facing consumers are: (1) to adopt RFID implants as a means of self-expression or to resolve a technological challenge; (2) to adopt RFID implants for diagnostic or prosthetic purposes to aid in restorative health; as well as considerations (3) for enforced adoption stemming from institutional or organizational top-down control that has no direct benefit to the end-user. This paper uses the penal metaphor to explore the potential negative impact of enforced microchipping. The paper concludes with a discussion on the importance of protecting human rights and freedoms and the right to opt-out of sub-dermal devices.

Section I. Introduction

Radiofrequency identification (RFID) implant technology, sensor technology, biomedical devices, and nanotechnology continue to find increasing application in a variety of vertical markets. Significant factors leading to continued innovation include: convergence in devices, miniaturisation, storage capacity, and materials. The most common implantable devices are used in the medical domain, for example, heart pacemakers and implantable cardioverter defibrillators (ICDs). In non-medical applications, implantable devices are used for identification, [close-range] location and condition monitoring, care and convenience use cases [1].

RFID implants can be passive or active, and predominantly have a function to broadcast a unique ID when triggered by a reader within a specific read range. Sensors onboard an RFID device can, for instance, provide additional data such as an individual's temperature reading, pulse rate and heart rate. Biomedical devices usually have a specific function, like the provision of an artificial knee or hip, and can contain RFID and other specific sensors. An example cited in Ratner & Ratner that demonstrates the potential for nanotechnology to bring together RFID, sensors, and the biomedical realms is to inject nanobots into a soldier's bloodstream. “The sensors would circulate through the bloodstream and could be monitored at a place where blood vessels are closest to the surface, such as the eye… While quite invasive, so-called in vivo sensors could also have other uses in continually monitoring the health of a soldier” [2], p. 42f.

The next step in the miniaturization path for RFID microchips is nanotechnology, which allows for working at the nanoscale, that is the molecular level [3] p. 90. Humancentric implants are discussed [4], pp. 198-214, in the context of nanotechnology ethical and social implications. Regardless of the breakthroughs to come in these humancentric embedded surveillance devices (ESDs), we will soon be moving the discussion beyond, merely how the technologies are aiding humanity, regardless of whether such technologies are mobilized to aid human health or impair it. The fundamental concerns will rest within human willingness to adopt the technology, and not in what the technology claims to eradicate in and of itself. In order to later contextualize the issues surrounding human rights of refusal, this paper will now present a material view of implantable technologies in their nascent stage. A clear distinction will be made between nanotechnologies that can be used as a mechanism of control versus, for example, bio-medical technologies that are freely chosen and designed for the sole purpose of improving human health with no benefit extending beyond the aid of the individual.

Section II. Previous Work

Although cybernetic technologies have boundless potential to surface under an array of interchangeable names, for the purpose of this paper, RFID implants will be investigated given the degree of global attention they have experienced [5]–[6][7][8]. In Western civilization, RFID is being used for tracking merchandise and similar devices are used in our family pets to locate them should they roam astray [9]. Now the RFID is being considered for 24-7 human location monitoring. In order to offer a pragmatic perspective, which does not deviate from one source of research to the other, Hervé Aubert's 2011 article entitled, “RFID technology for human implant devices” [10] is utilized as the primary source of data given its seminal contribution to the field.

A. Experimental Stages of Cybernetic Innovations

Aubert investigates one type of RFID known as the VeriChip™; which is a device presently engineered to provide a data-bank of important records on the individual [5], in particular on the application of a personal health record for high-risk patients (PHR) [11], [12]. In addition, this implantable RFID that is known for its remote identification of persons or animals is being considered for the purpose of protective human surveillance [13]. RFID devices are not only being considered for identifying and locating humans, but for its potential to “remotely control human biological functions” [10], [14], p. 676. According to Aubert, this nano-technology is not conducive as a ‘spychip’ with current-day technologies, as it cannot successfully be connected to a Global Positioning System (which offers real-time tracking), as the GPS would require an implant that far surpasses the size capacity of what could be realistically embedded in the human body, and would therefore defeat the notion of a submicron global surveillance system for monitoring human activity. However, there is nothing to say that off-body data receivers, powered by wireless supplies, cannot be stationed short-range to monitor passive responders, such as subdermal RFID's [15]–[16][17]. Currently the anticipated range is dependent on the inductive coupling measured in MHz [5].

Aubert concludes his findings by arguing that RFID are not suitable for real-time tracking of humans as its capability to transmit the location of the body is too limited in range, permitting receivers to only read passive implanted devices within a free space range of 10 cm or less. This limitation makes communication with GPS satellites in an attempt to locate bodies impossible. Once again, this is not to refute the claim that interrogators, stationed territorially, can transmit its data to a centralized global positioning system inversely. Regardless, researchers are arguing nanotechnologies “[w]ill not exclusively revolve around the idea of centralization of surveillance and concentration of power, […but its greatest potential for negative impact will be centred around] constant observation at decentralized levels” [18], p. 283. In addition, depending on the context, monitoring does not have to be continuous but discrete to provide particular types of evidence. It may well be enough to read an RFID at a given access node point (either on entry or exit), or to know that a given unique ID is inside a building, or even headed in a given direction [19]. Two or more points of reading also can provide intricate details about distance, speed, and time, as equipment readers have their own GPS and IP location [20], [21]. It will be simple enough to tether an implant to a mobile phone or any other device with an onboard GPS chipset. Nokia, for instance, had an RFID reader in one of its units 2004 handsets [22].

Although such technologies are far from perfected, at least to the degree of synoptic centralization, with the exception of concerns surrounding information privacy, subdermal implants that are being designed for surveillance of humans is being identified as a central ethical challenge [23]. In particular, this is an ethical challenge because subdermal chips may be either injected or external tags worn on the body such as a PayBand [24] or FitBit. This in itself is not what is creating the most obvious challenge but rather that such devices have the potential to be implemented with or without the individual's consent and, therefore, provoking discussion around the need to legislate to keep pace with technological advances [25]. Although the chip is being suggested for use in a number of ways, bioethicists suggest that prior to these new applications of nanotechnologies becoming a present day reality, “[w]e need to examine carefully the very real dangers that RFID implants could pose to our privacy and our freedom” [5], p. 27. Despite this concern, skin-embedded devices are being employed in a multiplicity of ways, more recently by the biohacking communities who are increasingly commercialising their ideas and prototypes [26].

Aubert lists various possible health benefits of embedded RFID chips, such as the following: “[t]o transmit measurements of chemical or biological data inside the body”, as well as “[m]onitor biological activity” while modifying physiological functions and offer various therapeutic means, such as patient monitoring, such as for glucose concentrations of patients with diabetes [10], p. 676. Another possible health benefit is the potential for monitoring brain activity through “[t]ransponders embedded within the skull”, [10], p. 681. Increasingly implants are being used in techniques such as deep brain stimulation (DBS) and vagus nerve stimulation (VNS) to treat a variety of illnesses [27]. As outlined in Aubert's 2011 article, these transponders communicate with implanted probes, enabling the transmittal of localized microstimulation to be administered in response to neuron signals sent.

At this point, it becomes necessary to distinguish that which is engineered to monitor human organs and is freely adopted as a mechanism to improve one's health to that which is in effect through a top-down implementation, in which the individual is given no choice pertaining to adoption. These two scenarios have been demonstrated in a TEDx talk delivered by Katina Michael in 2012 within the “convenience/care” versus “control” contexts [28].

B. Human Versus Machine

Docile Bodies | Vestoj A Chain Gang in South Carolina, c. 1929 - 1931. Doris Umann.

There is a needful distinction between human and machine. Deciphering between biomedical technology designed for example, to improve human health, or as a means of self-expression (all of which are freely chosen by the individual), versus those designed for a benefit external to the individual and has the ability to be used as a mechanism of control over the citizen. For example, a heart monitor, created to sustain a human, is designed only with the intention to benefit the patient in a life sustaining way; such a device has no apparatus external from this cause that could be used to invoke power over the individual and therefore it is designed with no additional mandate other than improving or maintaining the individual's health [29]. Generally, the decision for adopting such a biomedical implant device is determined by the patient and in most developed nations using a process of consent. Because such a device currently has no mechanism for top-down control, stakeholders (i.e., hospitals, medical device purchasers, inbound logistics managers or buyers) do not have a hidden agenda for adoption. This type of bio-medical device currently possesses no ability to monitor any type of human activity that could contribute to an imbalance of power for the consumer over the user (in this instance the patient).

More recently, one of the largest suppliers of biomedical devices, Medtronics, has begun to blur the line between devices for care and devices for control. Apart from the hard line that most manufacturers of implants hold on who owns the data emanating from the device [30], companies specialising in biomedical devices are now beginning to engage with other secondary uses of their implants [31]. Just like wearable devices, such as the FitBit, are now being used for evidentiary purposes, it will not be long before biomedical devices originally introduced for prosthetic or diagnostic purposes will be used to set individualised health insurance premiums, and more. As noted by [29], even in care-related implant applications, there is an underlying dimension of control that may propel function creep or scope creep. These are the types of issues that bring science and the arts together. George Grant wrote [32], p. 17:

The thinker who has most deeply pondered our technological destiny has stated that the new copenetrated arts and sciences are now proceeding to the apogee of their determining power around the science of cybernetics; […] the mobilization of the objective arts and sciences at their apogee comes more and more to be unified around the planning and control of human activity.

Section III. Research Approach

Hence, while it is important to understand the trichotomy of skin-embedded technologies-deciphering between technology adoption which can be seen as a post-modern indicator of the autonomous self-exercising human rights [33], to that of acceptable bio-Western technologies with its sole function to improve one's existing health conditions (that is also freely chosen of the individual), versus technology which have potential to be used as mechanisms of organizational control-implanted through imposed order [34]. When disambiguating the way in which technology can be used, it is most essential to understand that this differentiation requires no thorough understanding of the purpose of the biotechnology or its utility as the plumb line rests alone, not on the trichotomy of the technology's utility but within the individual's moral freedom and human rights to accept or refuse. Therefore, the plumb line remains, not concerning the device's distinct utility, but rather with freedom of choice.

Currently, the question is being posed as to whether legislation will keep pace, which suggests that either a higher articulation of our former constitution is required or that new legislation be erected that will explicitly defend the rights of the individual to choose for oneself [35].

The ways in which sub-dermal technology may aid correctional facilities' endeavors will be more thoroughly expounded on in the next section. A historical look at a specific top-down and bottom-up institution will be examined, not as a raw set of material facts but, in order to create an inference between the way in which the incremental process of correctional ideologies are the prevailing influence of today and are promoting the individual's outward gaze to self-censorship [36]. Some researchers are arguing it is highly improbable that laws will be erected to enforce subdermal devices, with the exception of use in criminals [37]. Therefore, this next section is being devoted to an investigation of the penal system.

Section IV. The Penal Metaphor

Because the prisoner is being noted as the central focus as a possible industry enroot to legalizing the implementation of sub-dermal RFID's, it becomes imperative to investigate the penal system from an ideological perspective in order to assess its susceptibility [38], pp. 157-249; [39], p. 35. This paper will conclude that there needs to be a distinction between spatial autonomy and moral autonomy as moral freedom is of the higher good and rights to obtain unto this good supersedes loses that could be incurred as a result of the state invoking disciplinary measures [32].

Generation after generation civilization oscillates over freedom of choice, blurring the distinction between freely adopting governing rules of belief, following an individualized interrogation of the ethical underpinnings, versus conforming to systematic ruling government without understanding its fundamental doctrine. Often such systems strive to maintain order through imposing indoctrinations, in which its people accept the ideologies of the dominant class through a constant infiltration of information not conducive to independent thinking of the autonomous self; it is argued that when this knowledge becomes singular it is a form of soft-despotism [40]. Through various mechanisms of social control, such as through a prevailing slant being propagated through the media, it has led an onslaught of persons embodied in space to a place where the individual is losing ability to see the distinction and whereby choose for oneself. The specific slant contained within the dominant message is directing Western society to a place imbued with an external message with its constancy softly-coercing the viewer or listener in one specific direction [32].

A. A Look at the System as an Apparatus of Control

As the high-tech industry evolves, the media continues to endorse such change and those adopting a consumerist mentality continue to commoditize their own body as a source of consumer capitalism [41] through the latest technological upgrade. It will only stand to logic that human adaptation to body modifying devices will become more and more acceptable as a means to live within society, function in commerce and progress in self-actualization [42]. The authors of this paper argue that when any such movement coerces the people in one specific direction it is a form of soft-despotism whether invoked intentionally or otherwise [40].

It is within this investigation of the governing forces over the masses that the focus is taken away from the history of the penal institution in itself to the state's reliance on cumulative rationale. Theorists argue that it is this over reliance on human rationale that is propelling history in one specific direction and thus becomes the force that is evoking a certain type of social order and governance [43].

In order to elucidate Ann Light's notion of how biotechnology can turn us from outside within, she first turns our attention to the penal system [36]. Theorists argue that the open persecution of punishment found within the penal process has radically shifted to become less detectable and more hidden [44]. This is a far cry from the open persecution experienced by, let us say, Joan of Arc [45], as now, largely due to humanitarianism, the public spectacle of the executioner who leads the persecuted to the stake appears an equivalent act of savagery to the public who witnessos, as is the crime itself [44]. Hence the mechanism becomes more hidden and in this sense is argued to be less pervasive [44]. But is it?

Theorists view the apparatus of the persecutor as moving from control over the body to a much more sophisticated apparatus, which slackens the hold on the tangible physical body in exchange for a far more intricate part of the self. This shifts the focus from the external body to the human mind, which is considered as the seat of the soul and the final battleground [46]. Theorists go on to state that these more sophisticated systems of control will only be confirmed to actually exist as history unfolds [36].

The panoptic, for example is a model that can be deemed as a control mechanism which is less pervasive as it moves away from physical punishment to psychological punishment [44]. Specifically the sanctioned individual who believes the monitoring of one's behavior to be constant, whereby shifting the focus of what is believed to be periodic surveillance to a continual presence. The constancy found in this form of surveillance is argued to imprint permanence on the human cognition [36]. It is what M.G. Michael has termed uberveillance—a type of big brother on the inside looking out [47]. In order that the reader may have a clearer understanding of the Panopticon, below is a description of Bentham's institution:

“The hollow interior of the circular Panopticon has an incongruous resemblance to a dovecote with all the doves behind bars. The prisoners' cells are in the circumference, but are open at all times to inspection from the observation tower in the center of the building. The theory of the Panopticon relies on the fiction that each prisoner, alone in his cell, believes that he is under constant observation: yet it is patently impossible that the contractor and his small staff within the central tower could watch 3, 000 prisoners at once. So that the prisoners may not know whom he is watching, or whether he is present at all, the contractor must at all times be invisible; and Bentham thought much about deceptive lighting systems to preserve the illusion of the contractor's permanent presence, a “dark spot” at the center of the Panopticon. Observation of a single prisoner for several hours, followed by punishment for any misdemeanors, would convince all the rest of this constant vigilance. Although the contraptions such as Venetian blinds, pinholes and speaking tubes which delighted Bentham have lost some technological credibility, the general principle is readily applicable to modern methods of surveillance” [48], pp.4-5.

Upon reviewing the detailed description of the institution designed by Bentham, it is easy to see how the panoptic system supports the shift from the body to the mind, which then turns the imprisoned body's gaze inward [36]. Out of fear of punishnent, the embodied experience is to begin to self-monitor.

Although some argue Bentham's Panopticon never came to fruition, Michael Ignatieff views it as a “[s]ymbolic caricature of the characteristic features of disciplinary thinking [of] his age” [48], p. 5. Crowther argues:

[According to] Bentham, the Panopticon was not an enclosed relationship between the prisoner and the state, removed from the outside world, but a prison constantly open to public scrutiny. The contractor in his watchtower could be joined at any minute not only by magistrates, but by the prisoners' relatives, the curious, or the concerned, “The great open committee of the tribunal of the world.

This invokes two types of control of the incarcerated; according to sociology theorists, a top down approach to surveillance is referred to organizational surveillance, whereas a bottom-up approach in which the common citizen becomes the watch-guard is referred to as inverse [49]. Bentham became aware of the possible negative impact that constant surveillance of the state and the public could produce on the prisoners' sensibilities, and therefore suggested that the prisoner wear a disguise. The mask would conceal the individual's identity while each unique disguise, would represent the crime that was committed. Hence, Bentham did make a frail attempt to resolve the way in which the apparatus' constancy could impair one's well-being [48].

The Panopticon illustrated here is merely representational, as the physical apparatus of control is being reflected upon as a means of the reader relating to the modem-day ideological shift within organizational control that is designed to turn the gaze of the end-user, the prisoner, and such, to self-monitoring. Western civilization that once employed an external gaze that had previously sought a voice in politics, for instance, is being turned from outside within. According to Ann Light [36], digital technology is promoting this shift.

Section V. Discussion

A. The Impact of Bio-Tech Constancy on the Human Psyche

Whether this surveillance transpires every moment of every day [50], or just in the sanctioned individual's mind is of little importance as it is the unknown or fear of what is “ever-lurking” that has the greatest potential to negatively impact the human psyche. When the interrogator is no longer human but the receptor is a machine there is something even more demoralizing that transpires as the removing of human contact can be likened to placing the prisoner in a type of mechanical quarantine [36], [51].

Embedded surveillance devices (although currently only engineered to accommodate short-range, such as within a correctional facility), can be considered as the all-seeing pervasive eye, the interrogator. However, the individual being tracked may lack knowledge about what is on the other side; which is the receptor. This can create a greater monster than real-life as it adds insurmountable pressure due to the unknown and the inability to understand the boundaries and limitations of the surveillance technology. This becomes that much more of an infringement when the device is placed under the individual's skin. Illustratively speaking, rather than seeing it as it is, such as, a mark of servitude, a passive information bank, a personal identifier, or a location monitor, the inductive coupling device has potential to be mistakenly deemed as the predator. In support of this notion, modern-day scholars are referring to the reader as the interrogator.

As earlier stated, in this instance, the external public gaze of the community and the state will shift from the external all-seeing eye, to that which is internalized—regardless of whether the device is passive or active. Over and above Foucault's notion of self-policing, this process could be further accentuated due to the person's inability to comprehend the full purpose or limitations of the surveillance ID system in which they are under. This internalization has potential to create a feeling of “the beast within” rather than the threat being from without. The writers of this paper argue that this form of internalization of the gaze within the body will heighten the negative impact on one's psyche—ultimately negatively impacting one's state of consciousness [52].

In this sense Bentham's panoptic vision was never really defeated but now merely considered at a higher level of sophistication or barbarianism—depending on which way it is looked upon. Rather than institutions embracing practices designed to rehabilitate the prisoner, and bring the individual to an eventual state of freedom, bio-tech adoption could impair in the recovery process—its constancy heightening psychological fears—making it near impossible to ever be disabled within the mind of the end-user. Hence, as Bentham's notion of a free-enterprise is accepted on a much more hidden level, and the self turns to policing one's own actions, this utter enclosure can be argued to lead the human body to a state of utter docility. This is a subject of debate for psychologists, bioethicists and social scientists alike, and in support of the phenomenologist must also include the insider's perspective as well.

Section VI. Conclusion

Imprisonment is transpiring on many levels, and can be argued as being the system that has led Western civilization incrementally to the place it is today, where moral relativism is ruling the people, causing the moral voice of conviction designed for political and public engagement, to be displaced for a turning inward to oneself as a forms of self-expression [34]. This may be seen as the result of top-down governing institutes esteeming systematic rationale over the individuals' voice—inadvertently marginalizing the embodied-self over other forces such as the economy. As the ruling system continues to over extend its control, it ever-so-gently coerces society in one direction only, massaging the spirit of Epicureanism which endorses human passion to have it full reign over one's own body, as the final self-embodied means of conveying a message. Whereas the governing institutions can easily rule over a docile society. In this sense bio-tech with its constancy may be seen as just one more apparatus designed to control the mind—although hidden, it most certainly is invasive. With current considerations for adoption it brings Orwell's claim to the forefront when he wrote in 1984: “Nothing was your own except the few cubic centimetres inside your skull” [53], p. 27.


1. K. Michael, A. Masters, "Applications of human transponder implants in mobile commerce", Proceedings of the 8th World Multiconference on Systemics Cybernetics and Informatics, pp. 505-512, 2004.

2. D. Ratner, M. A. Ratner, Nanotechnology and Homeland Security, New Jersey:Prentice Hall, 2005.

3. M. H. Fulekar, Nanotechnology: Importance and Applications, New York:I K International Publishing House, 2010.

4. F. Allhoff et al., What is Nanotechnology and Why Does it Matter? From Science to Ethics, West Sussex: Wiley Blackwell, 2010.

5. K. R. Foster, J. Jaeger, "RFID inside - The murky ethics of implanted chips", IEEE Spectrum, vol. 44, pp. 24-29, 2007.

6. A. Masters, K. Michael, "Lend me your arms: The use and implications of humancentric RFID", Electronic Commerce Research and Applications, vol. 6, pp. 29-39, 2007.

7. K. Michael, M. G. Michael, "The diffusion of RFID implants for access control and epayments: a case study on Baja Beach Club in Barcelona", IEEE Symposium on Technology and Society, pp. 242-252, 2010.

8. K. Michael, M. G. Michael, J. Pitt, "Implementing ‘Namebars’ Using Microchip Implants: The Black Box Beneath the Skin" in This Pervasive Day: The Potential and Perils of Pervasive Computing, London:Imperial College London Press, pp. 163-206, 2010.

9. W. A. Herbert, "No Direction Home: Will the Law Keep Pace With Human Tracking Technology to Protect Individual Privacy and Stop Geoslavery", Law and Policy for the Information Society, vol. 2, pp. 436, 2006.

10. H. Aubert, "RFID technology for human implant devices", Comptes Rendus Physique, vol. 12, pp. 675-683, 2011.

11. K. Michael et al., "Microchip implants for humans as unique identifiers: a case study on VeriChip", Conference on Ethics Technology and Identity (ETI), pp. 81-84, 2008.

12. K. Michael, "The technological trajectory of the automatic identification industry: the application of the systems of innovation (SI) framework for the characterisation and prediction of the auto-ID industry", 2003.

13. A. Masters, K. Michael, "Lend me your arms: The use and implications of humancentric RFID", Electronic Commerce Research and Applications, vol. 6, pp. 29-39, 2007.

14. M. Michaud-Shields, "Personal Augmentation – The Ethics and Operational Considerations of Personal Augmentation in Military Operations", Canadian Military Journal, vol. 15, 2014.

15. "JOVIX", GPS vs. RFID, May 2016, [online] Available:

16. M. Roberti, Has RFID Been Integrated With GPS?, September 2016, [online] Available:

17. R. Ip et al., "Location and Interactive services not only at your fingertips but under your skin", IEEE International Symposium on Technology and Society, pp. 1-7, 2009.

18. J. van den Hoven, P. E. Vermaas, "Nano-Technology and Privacy: On Continuous Surveillance Outside the Panopticon", Journal of Medicine & Philosophy, vol. 32, pp. 283-297, 2007.

19. K. Michael, T. Y. Chew, Locat'em: Towards Hierarchical Positioning Systems, 2005, [online] Available:

20. K. Michael et al., "The emerging ethics of humancentric GPS tracking and monitoring", International Conference on Mobile Business, pp. 34-44, 2006.

21. K. Michael et al., "Location-Based Intelligence - Modeling Behavior in Humans using GPS", Proceedings of the International Symposium on Technology and Society, pp. 1-8, 2006.

22. B. Violino, Nokia Unveils RFID Phone Reader, March 2004, [online] Available:

23. K. Michael, M. G. Michael, "The social cultural religious and ethical implications of automatic identification", Proceedings of the Seventh InternationalConference in Electronic Commerce Research, pp. 433450, 2004.

24. D. Buckey, DirectCash Payments Inc. Announces Launch of DC TAG, August 2015, [online] Available:

25. A. Friggieri et al., "The legal ramifications of microchipping people in the United States of America-A state legislative comparison", International Symposium on Technology and Society, pp. 1-8, 2009.

26. L. McIntyre et al., "RFID: Helpful New Technology or Threat to Privacy and Civil Liberties?", IEEE Potentials, vol. 34, pp. 13-18, 2015.

27. K. Michael, "Mental Health Implantables and Side Effects", IEEE Technology and Society Magazine, vol. 34, pp. 5-7, 2015.

28. K. Michael, TEDxUWollongong: Microchipping People, May 2012, [online] Available:

29. A. Masters, K. Michael, "Humancentric applications of RFID implants: the usability contexts of control convenience and care", The Second IEEE International Workshop on Mobile Commerce and Services, pp. 32-41, 2005.

30. N. Olson, Joseph Carvalko, A Review of The TechnoHuman Shell, December 2013, [online] Available:

31. E. Strickland, Medtronic Wants to Implant Sensors in Everyone, June 2014, [online] Available:

32. G. Grant, Technology & Justice, Ontario:House of Anansi Press Ltd, 1986.

33. S. R. Bradley-Munn, K. Michael, "Whose Body Is It? The Body as Physical Capital in a Techno-Society", IEEE Consumer Electronics Magazine, vol. 5, 2016.

34. S. R. Bradley-Munn et al., "The Social Phenomenon of BodyModifying in a World of Technological Change: Past Present Future" in IEEE Norbert Wiener, Melbourne:, 2016.

35. Y. Poullet, "Data protection legislation: What is at stake for our society and democracy?", Computer Law and Security Review, vol. 25, pp. 211-226, 2009.

36. A. Light, "The Panopticon reaches within: how digital technology turns us inside out", Identity in the Information Society, vol. 3, pp. 583-598, 2010.

37. K. Johnson et al., "Consumer Awareness in Australia on the Prospect of Humancentric RFID Implants for Personalized Applications", The Sixth International Conference on Mobile Business, 2007.

38. D. Klitou, Privacy-Invading Technologies and Privacy by Design: Safeguarding Privacy Liberty and Security in the 21st Century, London:Springer, 2014.

39. M. N. Gasson et al., Human ICT Implants: Technical Legal and Ethical, The Hague: Springer, 2012.

40. P. A. Rahe, Soft Despotism Democracy's Drift: What Tocqueville Teaches Today, New Haven:Yale University Press, 2009.

41. C. Klesse, C. Malacrida, J. Low, "Part XIV: Consumer Bodies ‘Modern Primitivism’: Non-mainstream Body Modification and Racialized Representation" in Sociology of the Body: A reader, Don Mills, Ontario: Oxford University Press, 2008.

42. A. H. Maslow, "A Theory of Human Motivation", Psychological Review, vol. 50, pp. 370-396, 1943.

43. P. Rahe et al., Soft Despotism Democracy's Drift: What Tocqueville Teaches Today (The Heritage Foundation: First Principles Series Report #28 on Political Though), September 2009, [online] Available:

44. M. Foucault, Discipline & Punish: The Birth of the Prison, New York: Vintage Books, 1977.

45. A. Williamson, Biography of Joan of Arc (Jeanne d'Arc), April 1999, [online] Available:

46. F. Frangipane, The Three Battlegrounds: An In-Depth View of the Three Arenas of Spiritual Warfare: The Mind the Church and the Heavenly Places, Cedar Rapids: Arrow Publications, Inc., 1989.

47. K. Michael, M. G. Michael, From Dataveillance to Überveillance and the Realpolitik of the Transparent Society (The Social Implications of National Security, Wollongong:, 2007.

48. A. Crowther, "Penal Peepshow: Bentham's Prison that Never Was", Times Literary Supplement, vol. 23, pp. 4-5, February 1996.

49. T. Timan, N. Oudshoorn, "Mobile cameras as new technologies of surveillance? How citizens experience the use of mobile cameras in public nightscapes", Surveillance Society Journal, vol. 10, pp. 167-181, 2012.

50. B. Welsh, "The Entire History of You" in Black Mirror, UK:, 2011.

51. C. Malacrida, J. Low, Sociology of the Body: A Reader, Don Mills, Ontario:Oxford University Press, 2008.

52. K. Michael, J. Pitt et al., "Be Vigilant: There are Limits to Veillance" in The ComputerAfter Me, London:, pp. 189-204, 2014.

53. G. Orwell, London: Signet Classic, 1984.

Keywords: Radio-frequency identification, Implants, Biomedical monitoring, Global Positioning System, Surveillance, Context, social sciences, cybernetics, prosthetics, radiofrequency identification, docile body sociology, penal metaphor, institutional top-down control, organizational top-down control, restorative health, diagnostic purpose, prosthetic purpose, RFID implants, cybernetic landscape, nanotechnology, biomedical device, sensor technology, human rights, freedom of choice, opt-out, penal control, constancy

Citation: S.B. Munn, Katina Michael, M.G. Michael, "Sociology of the docile body", 2016 IEEE International Symposium on Technology and Society (ISTAS16), 20-22 Oct. 2016, Kerala, India, DOI: 10.1109/ISTAS.2016.7764047

Toward a State of Überveillance


Überveillance is an emerging concept, and neither its application nor its power have yet fully arrived [38]. For some time, Roger Clarke's [12, p. 498] 1988 dataveillance concept has been prevalent: the “systematic use of personal data systems in the investigation or monitoring of the actions of one or more persons.”

Almost twenty years on, technology has developed so much and the national security context has altered so greatly [52], that there is a pressing need to formulate a new term to convey both the present reality, and the Realpolitik (policy primarily based on power) of our times. However, if it had not been for dataveillance, überveillance could not be. It must be emphasized that dataveillance will always exist - it will provide the scorecard for the engine being used to fulfill überveillance.

Dataveillance to Überveillance

Überveillance takes that which was static or discrete in the dataveillance world, and makes it constant and embedded. Consider überveillance not only automatic and having to do with identification, but also about real-time location tracking and condition monitoring. That is, überveillance connotes the ability to automatically locate and identify - in essence the ability to perform automatic location identification (ALI). Überveillance has to do with the fundamental who (ID), where (location), and when (time) questions in an attempt to derive why (motivation), what (result), and even how (method/plan/thought). Überveillance can be a predictive mechanism for a person's expected behavior, traits, likes, or dislikes; or it can be based on historical fact; or it can be something in between. The inherent problem with überveillance is that facts do not always add up to truth (i.e., as in the case of an exclusive disjunction T + T = F), and predictions based on überveillance are not always correct.

Überveillance is more than closed circuit television feeds, or cross-agency databases linked to national identity cards, or biometrics and ePassports used for international travel. Überveillance is the sum total of all these types of surveillance and the deliberate integration of an individual's personal data for the continuous tracking and monitoring of identity and location in real time. In its ultimate form, überveillance has to do with more than automatic identification technologies that we carry with us. It has to do with under-the-skin technology that is embedded in the body, such as microchip implants; it is that which cuts into the flesh - a charagma (mark) [61]. Think of it as Big Brother on the inside looking out. This charagma is virtually meaningless without the hybrid network architecture that supports its functionality: making the person a walking online node i.e., beyond luggable netbooks, smart phones, and contactless cards. We are referring here to the lowest common denominator, the smallest unit of tracking - presently a tiny chip inside the body of a human being, which could one day work similarly to the black box.

Implants cannot be left behind, cannot be lost, and supposedly cannot be tampered with; they are always on, can link to objects, and make the person seemingly otherworldly. This act of “chipification” is best illustrated by the ever-increasing uses of implant devices for medical prosthesis and for diagnostics [54]. Humancentric implants are giving rise to the Electrophorus [36, p. 313], the bearer of electric technology; an individual entity very different from the sci-fi notion of Cyborg as portrayed in such popular television series as the Six Million Dollar Man (1974–1978). In its current state, the Electrophorus relies on a device being triggered wirelessly when it enters an electromagnetic field; these properties now mean that systems can interact with people within a spatial dimension, unobtrusively [62]. And it is surely not simple coincidence that alongside überveillance we are witnessing the philosophical reawakening (throughout most of the fundamental streams running through our culture) of Nietzsche's Übermensch - the overcoming of the “all-too-human” [25].

Legal and Ethical Issues

In 2005 the European Group on Ethics (EGE) in Science and New Technologies, established by the European Commission (EC), submitted an Opinion on ICT implants in the human body [45]. The thirty-four page document outlines legal and ethical issues having to do with ICT implants, and is based on the European Union Treaty (Article 6) which has to do with the “fundamental rights” of the individual. Fundamental rights have to do with human dignity, the right to the integrity of the person, and the protection of personal data. From the legal perspective the following was ascertained [45, pp. 20–21]:

  • the existence of a recognised serious but uncertain risk, currently applying to the simplest types of ICT implants in the human body, requires application of the precautionary principle. In particular, one should distinguish between active and passive implants, reversible and irreversible implants, and between offline and online implants;
  • the purpose specification principle mandates at least a distinction between medical and non-medical applications. However, medical applications should also be evaluated stringently, partly to prevent them from being invoked as a means to legitimize other types of application;
  • the data minimization principle rules out the lawfulness of ICT implants that are only aimed at identifying patients, if they can be replaced by less invasive and equally secure tools;
  • the proportionality principle rules out the lawfulness of implants such as those that are used, for instance, exclusively to facilitate entrance to public premises;
  • the principle of integrity and inviolability of the body rules out that the data subject's consent is sufficient to allow all kinds of implant to be deployed; and
  • the dignity principle prohibits transformation of the body into an object that can be manipulated and controlled remotely - into a mere source of information.

ICT implants for non-medical purposes violate fundamental legal principles. ICT implants also have numerous ethical issues, including the requirement for: non-instrumentalization, privacy, non-discrimination, informed consent, equity, and the precautionary principle (see also [8], [27], [29]). It should be stated, however, that the EGE, while not recommending ICT implants for non-medical applications because they are fundamentally fraught with legal and ethical issues, did state the following [45, p. 32]:

ICT implants for surveillance in particular threaten human dignity. They could be used by state authorities, individuals and groups to increase their power over others. The implants could be used to locate people (and also to retrieve other kinds of information about them). This might be justified for security reasons (early release for prisoners) or for safety reasons (location of vulnerable children).

However, the EGE insists that such surveillance applications of ICT implants may only be permitted if the legislator considers that there is an urgent and justified necessity in a democratic society (Article 8 of the Human Rights Convention) and there are no less intrusive methods. Nevertheless the EGE does not favor such uses and considers that surveillance applications, under all circumstances, must be specified in legislation. Surveillance procedures in individual cases should be approved and monitored by an independent court.

The same general principles should apply to the use of ICT implants for military purposes. Although this Opinion was certainly useful, we have growing concerns about the development of the information society, the lack of public debate and awareness regarding this emerging technology, and the pressing need for regulation that has not occurred commensurate to developments in this domain.

Herein rests the problem of human rights and striking a “balance” between freedom, security, and justice. First, we contend that it is a fallacy to speak of a balance. In the microchip implant scenario, there will never be a balance, so long as someone else has the potential to control the implant device or the stored data about us that is linked to the device. Second, we are living in a period where chip implants for the purposes of segregation are being discussed seriously by health officials and politicians. We are speaking here of the identification of groups of people in the name of “health management” or “national security.” We will almost certainly witness new, and more fixed forms, of “electronic apartheid.”

Consider the very real case where the “Papua Legislative Council was deliberating a regulation that would see microchips implanted in people living with HIV/AIDS so authorities could monitor their actions” [50]. Similar discussions on “registration” were held regarding asylum seekers and illegal immigrants in the European Union [18]. RFID implants or the “tagging” of populations in Asia (e.g., Singapore) were also considered “the next step” in the containment and eradication of the Severe Acute Respiratory Syndrome (SARS) in 2003 [43]. Apart from disease outbreaks, RFID has also been discussed as a response and recovery device for emergency services personnel dispatched to terrorist disasters [6], and for the identification of victims of natural disasters, such as in the case of the Boxing Day Tsunami [10]. The question remains whether there is a truly legitimate use function of chip implants for the purposes of emergency management as opposed to other applications. Definition plays a critical role in this instance. A similar debate has ensued in the use of the Schengen Information System II in the European Union where differing states have recorded alerts on individuals based on their understanding of a security risk [17].

In June of 2006, legislative analyst Anthony Gad, reported in brief 06-13 for the Legislative Reference Bureau [16], that the:

2005 Wisconsin Act 482, passed by the legislature and signed by Governor Jim Doyle on May 30, 2006, prohibits the required implanting of microchips in humans. It is the first law of its kind in the nation reflecting a proactive attempt to prevent potential abuses of this emergent technology.

A number of states in the United States have passed similar laws [63], despite the fact that at the national level, the U.S. Food and Drug Administration [15] has allowed radio frequency identification implants for medical use in humans. The Wisconsin Act [59] states:

The people of the state of Wisconsin, represented in senate and assembly, do enact as follows: SECTION 1. 146.25 of the statutes is created to read: 146.25 Required implanting of microchip prohibited. (1) No person may require an individual to undergo the implanting of a microchip. (2) Any person who violates sub. (1) may be required to forfeit not more than $10,000. Each day of continued violation constitutes a separate offense.

North Dakota followed Wisconsin's example. Wisconsin Governor Hoeven signed a two sentence bill into state law on April 4, 2007. The bill was criticized by some who said that while it protected citizens from being “injected” with an implant, it did not prevent someone from making them swallow it [51]. And indeed, there are now a number of swallowable capsule technologies for a variety of purposes that have been patented in the U.S. and worldwide. As with a number of other states, California Governor Arnold Schwarzenegger signed bill SB 362 proposed by state Senator Joe Simitian barring “employers and others from forcing people to have a radio frequency identification (RFID) device implanted under their skin” [28], [60]. According to the Californian Office of Privacy Protection [9] this bill

… would prohibit a person from requiring any other individual to undergo the subcutaneous implanting of an identification device. It would allow an aggrieved party to bring an action against a violator for injunctive relief or for the assessment of civil penalties to be determined by the court.

The bill, which went into effect January 1, 2008, did not receive support from the technology industry on the contention that it was “unnecessary.”

Interestingly, however, it is in the United States that most chip implant applications have occurred, despite the calls for caution. The first human-implantable passive RFID microchip (the VeriChipTM) was approved for medical use in October of 2004 by the U.S. Food and Drug Administration. Nine hundred hospitals across the United States have registered the VeriChip's VeriMed system, and now the corporation's focus has moved to “patient enrollment” including people with diabetes, Alzheimer's, and dementia [14]. The VeriMedTM Patient Identification System is used for “rapidly and accurately identifying people who arrive in an emergency room and are unable to communicate” [56].

In February of 2006 [55], reported two of its employees had “glass encapsulated microchips with miniature antennas embedded in their forearms … merely a way of restricting access to vaults that held sensitive data and images for police departments, a layer of security beyond key cards and clearance codes.” Implants may soon be applied to the corrective services sector [44]. In 2002, 27 of 50 American states were using some form of satellite surveillance to monitor parolees. Similar schemes have been used in Sweden since 1994. In the majority of cases, parolees wear wireless wrist or ankle bracelets and carry small boxes containing the vital tracking and positioning technology. The positioning transmitter emits a constant signal that is monitored at a central location [33]. Despite continued claims by researchers that RFID is only used for identification purposes, Health Data Management disclosed that VeriChip (the primary commercial RFID implant patient ID provider) had enhanced its patient wander application by adding the ability to follow the “real-time location of patients, the ability to define containment areas for different classes of patients, and one-touch alerting. The system now also features the ability to track equipment in addition to patients” [19]. A number of these issues have moved the American Medical Association to produce an ethics code for RFID chip implants [4], [41], [47].

Outside the U.S., we find several applications for human-centric RFID. VeriChip's Scott Silverman stated in 2004 that 7000 chip implants had been given to distributors [57]. Today the number of VeriChip implantees worldwide is estimated to be at about 2000. So where did all these chips go? As far back as 2004, a nightclub in Barcelona, Spain [11] and Rotterdam, The Netherlands, known as the Baja Beach Club was offering “its VIP clients the opportunity to have a syringeinjected microchip implanted in their upper arms that not only [gave] them special access to VIP lounges, but also [acted] as a debit account from which they [could] pay for drinks” [39]. Microchips have also been implanted in a number of Mexican officials in the law enforcement sector [57]. “Mexico's top federal prosecutors and investigators began receiving chip implants in their arms … in order to get access to restricted areas inside the attorney general's headquarters.” In this instance, the implant acted as an access control security device despite the documented evidence that RFID is not a secure technology (see Gartner Research report [42]).

Despite the obvious issues related to security, there are a few unsolicited studies that forecast that VeriChip (now under the new corporate name Positive ID) will sell between 1 million and 1.4 million chips by 2020 [64, p. 21]. While these forecasts may seem over inflated to some researchers, one need only consider the very real possibility that some Americans may opt-in to adopting a Class II device that is implantable, life-supporting, or life-sustaining for more affordable and better quality health care (see section C of the Health Care bill titled: National Medical Device Registry [65, pp. 1001–1012]. There is also the real possibility that future pandemic outbreaks even more threatening than the H1N1 influenza, may require all citizens to become implanted for early detection depending on their travel patterns [66].

In the United Kingdom, The Guardian [58], reported that 11-year old Danielle Duval had an active chip (i.e., containing a rechargeable battery) implanted in her. Her mother believes that it is no different from tracking a stolen car, albeit for more important application. Mrs. Duvall is considering implanting her younger daughter age 7 as well but will wait until the child is a bit older, “so that she fully understands what's happening.” In Tokyo the Kyowa Corporation in 2004 manufactured a schoolbag with a GPS device fitted into it, to meet parental concerns about crime, and in 2005 Yokohama City children were involved in a four month RFID bracelet trial using the I-Safety system [53]. In 2007, Trutex, a company in Lancashire England, was seriously considering fitting the school uniforms they manufacture with RFID [31]. What might be next? Will concerned parents force microchip implants on minors?

Recently, decade-old experimental studies on microchip implants in rats have come to light tying the device to tumors [29]. The American Veterinary Medical Association [3] was so concerned that they released the following statement:

The American Veterinary Medical Association (AVMA) is very concerned about recent reports and studies that have linked microchip identification implants, commonly used in dogs and cats, to cancer in dogs and laboratory animals…. In addition, removal of the chip is a more invasive procedure and not without potential complications. It's clear that there is a need for more scientific research into this technology. [emphasis added]

We see here evidence pointing to the notion of “no return” - an admittance that removal of the chip is not easy, and not without complications.

The Norplant System was a levonorgestrel contraceptive insert that over 1 million women in the United States, and over 3.6 million women worldwide had been implanted with through 1996 [2]. The implants were inserted just under the skin of the upper arm in a surgical procedure under local anesthesia and could be removed in a similar fashion. As of 1997, there were 2700 Norplant suits pending in the state and federal courts across the United States alone. Most of the claims had to do with “pain or damage associated with insertion or removal of the implants … [p]laintiffs have contended that they were not adequately warned, however, concerning the degree or severity of these events” [2]. Thus, concerns for the potential for widespread health implications caused by humancentric implants have also been around for some time. In 2003, Covacio provided evidence why implants may impact humans adversely, categorizing these into thermal (i.e., whole/partial rise in body heating), stimulation (i.e., excitation of nerves and muscles), and other effects, most of which are currently unknown [13].

Role of Emerging Technologies

Wireless networks are now commonplace. What is not yet common are formal service level agreements to hand-off transactions between different types of networks. These architectures and protocols are being developed, and it is only a matter of time before existing technologies have the capability to track individuals between indoor and outdoor locations seamlessly, or a new technology is created to do what present-day networks cannot [26]. For instance, a wristwatch device with GPS capabilities to be worn under the skin translucently is one idea that was proposed in 1998. Hengartner and Steenkiste [23] forewarn that “[l]ocation is a sensitive piece of information” and that “releasing it to random entities might pose security and privacy risks.”

There is nowhere to hide in this digital society, and nothing remains private (in due course, perhaps, not even our thoughts). Nanotechnology, the engineering of functional systems at the molecular level, is also set to change the way we perceive surveillance - microscopic bugs (some 50 000 times smaller than the width of the human hair) will be more parasitic than even the most advanced silicon-based auto-ID technologies. In the future we may be wearing hundreds of microscopic implants, each relating to an exomuscle or an exoskeleton, and which have the power to interact with literally millions of objects in the “outside world.” The question is not whether state governments will invest in this technology: they are already making these investments [40]. There is a question whether the next generation will view this technology as super “cool” and convenient and opt-in without comprehending the consequences of their compliance.

The social implications of these über-intrusive technologies will obey few limits and no political borders. They will affect our day-to-day existence and our family and community relations. They will give rise to mental health problems, even more complex forms of paranoia and obsessive compulsive disorder. Many scholars now agree that with the support of modern neuroscience, “the intimate relation between bodily and psychic functions is basic to our personal identity” [45, p. 3]. Religious observances will be affected; for example, in the practice of confession and a particular understanding of absolution from “sin” - people might confess as much as they might want, but the records on the database, the slate, will not be wiped clean. The list of social implications is limited only by our imaginations. The peeping Tom that we carry on the inside will have manifest consequences for that which philosophers and theologians normally term self-consciousness.

Paradoxical Levels of Überveillance

In all of these factors rests the multiple paradoxical levels of überveillance. In the first instance, it will be one of the great blunders of the new political order to think that chip implants (or indeed nanodevices) will provide the last inch of detail required to know where a person is, what they are doing, and what they are thinking. Authentic ambient context will always be lacking, and this could further aggravate potential “puppeteers” of any comprehensive surveillance system. Marcus Wigan captures this critical facet of context when he speaks of “asymmetric information held by third parties.” Second, chip implants will not necessarily make a person smarter or more aware (unless someone can afford chip implants that have that effect), but on the contrary and under the “right” circumstances may make us increasingly unaware and mute. Third, chip implants are not the panacea they are made out to be - they can fail, they can be stolen, they are not tamper-proof, and they may cause harmful effects to the body. They are a foreign object and their primary function is to relate to the outside world not to the body itself (as in the case of pacemakers and cochlear implants). Fourth, chip implants at present do not give a person greater control over her space, but allow for others to control and to decrease the individual's autonomy and as a result decrease interpersonal trust at both societal and state levels. Trust is inexorably linked to both metaphysical and moral freedom. Therefore the naive position routinely heard in the public domain that if you have “nothing to hide, why worry?” misses the point entirely. Fifth, chip implants will create a presently unimaginable digital divide - we are not referring to computer access here, or Internet access, but access to another mode of existence. The “haves” (implantees) and the “have-nots” (non-implantees) will not be on speaking terms; perhaps this suggests a fresh interpretation to the biblical tower of Babel (Gen. 11:9).

In the scenario, where a universal ID is instituted, unless the implant is removed within its prescribed time, the body will adopt the foreign object and tie it to tissue. At this moment, there will be no exit strategy and no contingency plan; it will be a life sentence to upgrades, virus protection mechanisms, and inescapable intrusion. Imagine a working situation where your computer - the one that stores all your personal data - has been hit by a worm, and becomes increasingly inoperable and subject to overflow errors and connectivity problems. Now imagine the same thing happening with an embedded implant. There would be little choice other than to upgrade or to opt out of the networked world altogether.

A decisive step towards überveillance will be a unique and “non-refundable” identification number (ID). The universal drive to provide us all with cradle-to-grave unique lifetime identifiers (ULIs), which will replace our names, is gaining increasing momentum, especially after September 11. Philosophers have have argued that names are the signification of identity and origin; our names possess both sense and reference [24, p. 602f]. Two of the twentieth century's greatest political consciences (one who survived the Stalinist purges and the other the holocaust), Aleksandr Solzhenitsyn and Primo Levi, have warned us of the connection between murderous regimes and the numbering of individuals. It is far easier to extinguish an individual if you are rubbing out a number rather than a life history.

Aleksandr Solzhenitsyn recounts in The Gulag Archipelago (1918–56), (2007, p. 346f):

[Corrective Labor Camps] quite blatantly borrowed from the Nazis a practice which had proved valuable to them - the substitution of a number for the prisoner's name, his “I”, his human individuality, so that the difference between one man and another was a digit more or less in an otherwise identical row of figures … [i]f you remember all this, it may not surprise you to hear that making him wear numbers was the most hurtful and effective way of damaging a prisoner's self-respect.

Primo Levi writes similarly in his own well-known account of the human condition in The Drowned and the Saved (1989, p. 94f):

Altogether different is what must be said about the tattoo [the number], an altogether autochthonous Auschwitzian invention … [t]he operation was not very painful and lasted no more than a minute, but it was traumatic. Its symbolic meaning was clear to everyone: this is an indelible mark, you will never leave here; this is the mark with which slaves are branded and cattle sent to the slaughter, and this is what you have become. You no longer have a name; this is your new name.

And many centuries before both Solzhenitsyn and Levi were to become acknowledged as two of the greatest political consciences of our times, an exile on the isle of Patmos - during the reign of the Emperor Domitian - referred to the abuses of the emperor cult which was practiced in Asia Minor away from the more sophisticated population of Rome [37, pp. 176–196]. He was Saint John the Evangelist, commonly recognized as the author of the Book of Revelation (c. A.D. 95):

16 Also it causes all, both small and great, both rich and poor, both free and slave, to be marked on the right hand or the forehead, 17 so that no one can buy or sell unless he has the mark, that is, the name of the beast or the number of its name. 18 This calls for wisdom: let him who has understanding reckon the number of the beast, for it is a human number, its number is six hundred and sixty-six (Rev 13:16–18) [RSV, 1973].

The technological infrastructures—the software, the middleware, and the hardware for ULIs—are readily available to support a diverse range of humancentric applications, and increasingly those embedded technologies which will eventually support überveillance. Multi-national corporations, particularly those involved in telecommunications, banking, and health are investing millions (expecting literally billions in return) in identifiable technologies that have a tracking capability. At the same time the media, which in some cases may yield more sway with people than government institutions themselves, squanders its influence and is not intelligently challenging the automatic identification (auto-ID) trajectory. As if in chorus, blockbuster productions from Hollywood are playing up all forms of biometrics as not only hip and smart, but also as unavoidable mini-device fashion accessories for the upwardly mobile and attractive. Advertising plays a dominant role in this cultural tech-rap. Advertisers are well aware that the market is literally limitless and demographically accessible at all levels (and more tantalizingly from cradle-to-grave consumers). Our culture, which in previous generations was for the better part the vanguard against most things detrimental to our collective well-being, is dangerously close to bankrupt (it already is idol worshipping) and has progressively become fecund territory for whatever idiocy might take our fancy. Carl Bernstein [7] captured the atmosphere of recent times very well:

We are in the process of creating what deserves to be called the idiot culture. Not an idiot sub-culture, which every society has bubbling beneath the surface and which can provide harmless fun; but the culture itself. For the first time the weird and the stupid and the coarse are becoming our cultural norm, even our cultural ideal.

Despite the technological fixation with which most of the world is engaged, there is a perceptible mood of a collective disquiet that something is not as it should be. In the face of that, this self-deception of “wellness” is not only taking a stronger hold on us, but it is also being rationalized and deconstructed on many levels. We must break free of this dangerous daydream to make out the cracks that have already started to appear on the gold tinted rim of this seeming 21st century utopia. The machine, the new technicized “gulag archipelago” is ever pitiless and without conscience. It can crush bones, break spirits, and rip out hearts without pausing.

The authors of this article are not anti-government; nor are they conspiracy theorists (though we now know better than to rule out all conspiracy theories). Nor do they believe that these dark scenarios are inevitable. But we do believe that we are close to the point of no return. Others believe that point is much closer [1]. It remains for individuals to speak up and argue for, and to demand regulation, as has happened in several states in the United States where Acts have been established to avoid microchipping without an individual's consent, i.e., compulsory electronic tagging of citizens. Our politicians for a number of reasons will not legislate on this issue of their own accord, with some few exceptions. It would involve multifaceted industry and absorb too much of their time, and there is the fear they might be labelled anti-technology or worse still, failing to do all that they can to fight against “terror.” This is one of the components of the modern-day Realpolitik, which in its push for a transparent society is bulldozing ahead without any true sensibility for the richness, fullness, and sensitivity of the undergrowth. As an actively engaged community, as a body of concerned researchers with an ecumenical conscience and voice, we can make a difference by postponing or even avoiding some of the doomsday scenario outlined here.

Finally, the authors would like to underscore three main points. First, nowhere is it suggested in this paper that medical prosthetic or therapeutic devices are not welcome technological innovations. Second, the positions, projections, and beliefs expressed in this summary do not necessarily reflect the positions, projections, and beliefs of the individual contributors to this special section. And third the authors of the papers do embrace all that which is vital and dynamic with technology, but reject its rampant application and diffusion without studied consideration as to the potential effects and consequences.


1. Surveillance Society Clock 23:54 American Civil Liberties Union, Oct. 2007, [online] Available:, accessed.

2. Norplant system contraceptive inserts, Oct. 2007, [online] Available:

3. "Breaking news: Statement on microchipping", American Veterinary Medical Association, Oct. 2007, [online] Available: aa/microchip/breaking_news_070913_pf.asp.

4. B. Bacheldor, "AMA issues Ethics Code for RFID chip implants", RFID J., Oct. 2007, [online] Available: articleprint/3487/-1/1/.

5. E. Ball, K. Bond, Bess Marion v. Eddie Cafka and ECC Enterprises Inc., Oct. 2007, [online] Available: http://www.

6. "Implant chip to identify the dead", BBC News, Jan. 2006, [online] Available: 

7. C. Bernstein, The Guardian, June 1992.

8. P. Burton, K. Stockhausen, The Australian Medical Association's Submission to the Legal and Constitutional's Inquiry into the Privacy Act 1988, Oct. 2007, [online] Available: WEEN-69X6DV/\$file/Privacy_Submission_to_Senate_Committee. doc.

9. California privacy legislation, State of California:Office of Privacy Protection, July 2007, [online] Available:

10. "Thai wave disaster largest forensic challenge in years: Expert", Channel News Asia, Feb. 2005, [online] Available:

11. C. Chase, "VIP Verichip", Baja Beach House- Zona VIP, Oct. 2007, [online] Available: http://

12. R. A. Clarke, "Information technology and dataveillance", Commun. ACM, vol. 31, no. 5, pp. 498-512, 1988.

13. S. Covacio, "Technological problems associated with the subcutaneous microchips for human identification (SMHId)", InSITE-Where Parallels Intersect, pp. 843-853, June 2003.

14. "13 diabetics implanted with VeriMed RFID microchip at Boston diabetes EXPO", Medical News Today, Oct. 2007, [online] Available:

15. "Medical devices; General hospital and personal use devices; classification of implantable radiofrequency transponder system for patient identification and health information", U.S. Food and Drug Administration-Department of Health and Human Services, vol. 69, no. 237, Oct. 2007, [online] Available:

16. A. Gad, "Legislative Brief 06-13: Human Microchip Implantation", Legislative Briefs from the Legislative Reference Bureau, June 2006, [online] Available:

17. E. Guild, D. Bigo, "The Schengen Border System and Enlargement" in Police and Justice Co-operation and the New European Borders, European Monographs, pp. 121-138, 2002.

18. M. Hawthorne, "Refugees meeting hears proposal to register every human in the world", Sydney Morning Herald, July 2003, [online] Available:

19. "VeriChip enhances patient wander app", Health Data Management, Oct. 2007, [online] Available: HDMSearchResultsDetails.cfm?articleId=12361.

20. "VeriChip buys monitoring tech vendor", Health Data Management, July 2005, [online] Available: HDMSearchResultsDetails.cfm?articleId=12458.

21. "Chips keep tabs on babies moms", Health Data Management, Oct. 2005, [online] Available: cfm?articleId=15439.

22. "Baylor uses RFID to track newborns", Health Data Management, July 2007, [online] Available:

23. U. Hengartner, P. Steenkiste, "Access control to people location information", ACM Trans. Information Syst. Security, vol. 8, no. 4, pp. 424-456, 2005.

24. "Names" in Oxford Companion to Philosophy, U.K., Oxford:Oxford Univ. Press, pp. 602f, 1995.

25. "Nietzsche Friedrich" in Oxford Companion to Philosophy, U.K., Oxford:Oxford Univ. Press, pp. 619-623, 1995.

26. "RFID tags equipped with GPS", Navigadget, Oct. 2007, [online] Available:

27. "Me & my RFIDs", IEEE Spectrum, vol. 4, no. 3, pp. 14-25, Mar. 2007.

28. K. C. Jones, "California passes bill to ban forced RFID tagging", InformationWeek, Sept. 2007, [online] Available: shared/printableArticle.jhtml?articleID=201803861.

29. T. Lewan, "Microchips implanted in humans: High-tech helpers or Big Brother's surveillance tools?", The Associated Press, Oct. 2007, [online] Available:

30. T. Lewan, Chip implants linked to animal tumors, Associated Press/, Oct. 2007, [online] Available: html.

31. J. Meikle, "Pupils face tracking bugs in school blazers", The Guardian, Aug. 2007, [online] Available: story/0, 2152979,00.

32. K. Michael, Selected Works of Dr. Katina Michael, Australia, Wollongong:Univ. of Wollongong, Oct. 2007, [online] Available:

33. K. Michael, A. Masters, "Realised applications of positioning technologies in defense intelligence" in Applications of Information Systems to Homeland Security and Defense, IDG Press, pp. 164-192, 2006.

34. K. Michael, A. Masters, "The advancement of positioning technologies in defence intelligence" in Applications of Information Systems to Homeland Security and Defense, IDG Press, pp. 193-214, 2006.

35. K. Michael, M. G. Michael, "Towards chipification: The multifunctional body art of the net generation" in Cultural Attitudes Towards Technology and Communication, Estonia, Tartu:, pp. 622-641, 2006.

36. K. Michael, M. G. Michael, "Homo electricus and the continued speciation of humans" in The Encyclopedia of Information Ethics and Security, IGI Global, pp. 312-318, 2007.

37. M. G. Michael, Ch IX: Imperial cult in The Number of the Beast 666 (Revelation 13:16-18): Background Sources and Interpretation, Macquarie Univ., 1998.

38. M. G. Michael, "Überveillance: 24/7 × 365-People tracking and monitoring", Proc. 29 International Conference of Data Protection and Privacy Commissioners: Privacy Horizons Terra Incognita, 2007-Sept.-25-28, [online] Available:

39. S. Morton, "Barcelona clubbers get chipped", BBC News, Oct. 2007, [online] Available: 

40. D. Ratner, M. A. Ratner, Nanotechnology and Homeland Security: New Weapons for New Wars, U.S.Α., New Jersey:Prentice Hall, 2004.

41. J. H. Reichman, "RFID labeling in humans American Medical Association House of Delegates: Resolution: 6 (A-06)", Reference Committee on Amendments to Constitution and Bylaws, 2006, [online] Available: http://www.

42. M. Reynolds, "Despite the hype microchip implants won't deliver security", Gartner Research, Oct. 2007, [online] Available: DisplayDocument?doc_cd=121944.

43. "Singapore fights SARS with RFID", RFID J., Aug. 2005, [online] Available:

44. "I am not a number - Tracking Australian prisoners with wearable RFID tech", RFID Gazette, Oct. 2007, [online] Available: http://www.

45. S. Rodotà, R. Capurro, "Ethical aspects of ICT implants in the human body", Opinion of the European Group on Ethics in Science and New Technologies to the European Commission N° 20 Adopted on 16/03/2005, Oct. 2007, [online] Available: avis20_en.pdf.

46. "Papua Legislative Council deliberating microchip regulation for people with HIV/AIDS", Radio New Zealand International, Oct. 2007, [online] Available: php?op=read&id=33896.

47. R. M. Sade, "Radio frequency ID devices in humans Report of the Council on Ethical and Judicial Affairs: CEJA Report 5-A-07", Reference Committee on Amendments to Constitution and Bylaws, Oct. 2007, [online] Available: mm/369/ceja_5a07.pdf.

48. B. K. Schuerenberg, "Implantable RFID chip takes root in CIO: Beta tester praises new mobile device though some experts see obstacles to widespread adoption", Health Data Management, Feb. 2005, [online] Available: cfm?articleId=12232.

49. B. K. Schuerenberg, "Patients let RFID get under their skin", Health Data Management, Nov. 2005, [online] Available: http://healthdatamanagement. com/HDMSearchResultsDetails.cfm?articleId=12601.

50. N. D. Somba, "Papua considers 'chipping' people with HIV/ AIDS", The Jakarta Post, Oct. 2007, [online] Available: http://www.thejakartapost. com/yesterdaydetail.asp?fileid=20070724.G04.

51. M. L. Songini, "N.D. bans forced RFID chipping Governor wants a balance between technology privacy", ComputerWorld, Oct. 2007, [online] Available: =viewArticleBasic&taxonomyId=15&articleId=9016385&intsrc=h m_topic.

52. D. M. Snow, National Security For A New Era.: Globalization And Geopolitics, Addison-Wesley, 2005.

53. C. Swedberg, "RFID watches over school kids in Japan", RFID J., Oct. 2007, [online] Available: articleview/2050/1/1/.

54. C. Swedberg, "Alzheimer's care center to carry out VeriChip pilot", RFID J., Oct. 2007, [online] Available: articleview/3340/1/1/.

55. "Chips: High tech aids or tracking tools?", Fairfax Digital: The Age, Oct. 2007, [online] Available: html. 

56. "VeriChip Corporation adds more than 200 hospitals at the American College of Emergency Physicians (ACEP) Conference", VeriChip News Release, 2007-Oct.-11, [online] Available: news/1192106879.

57. W. Weissert, "Microchips implanted in Mexican officials", Associated Press, Oct. 2007, [online] Available:

58. J. Wilson, "Girl to get tracker implant to ease parents' fears", The Guardian, Oct. 2002, [online] Available:,3858,4493297,00. html.

59. Wisconsin Act 482, May 2006, [online] Available: http://www.legis.state.

60. J. Woolfolk, "Back off Boss: Forcible RFID implants outlawed in California", Mercury News, Oct. 2007, [online] Available: http://www.mercurynews. com/portlet/article/html/fragments/print_article.jsp?articleId=7162880.

61. Macquarie Dictionary, Sydney University, pp. 1094, 2009.

62. K. Michael, M. G. Michael, Innovative Automatic Identification and Location-Βased Services: From Bar Codes to Chip Implants, PA, Hershey:IGI Global, pp. 401, 2009

63. A. Griggieri, K. Michael, M. G. Michael, "The legal ramifications of microchipping people in the United States of America- A state legislative comparison", Ρroc. 2009 IEEE Int. Symp. Technology and Society, pp. 1-8, 2009.

64. A. Marburger, J. Coon, K. Fleck, T. Kremer, VeriChip™: Implantable RFID for The Health Industry, June 2005, [online] Available: http://www.

65. 111TH CONGRESS 1ST SESSION H. R. 11 A BILL: To provide affordable quality health care for all Americans and reduce the growth in health care spending and for other purposes, 2010-Apr.-1, [online] Available: http://waysandmeans.

66. Positive ID. 2010. Health-ID, May 2010, [online] Available: health-id.html.

IEEE Keywords: Implants, TV, Data systems, National security, Pressing, Engines, Condition monitoring, Circuits,Feeds, Databases

Citation: M.G. Michael, Katina Michael, Toward a State of Überveillance, IEEE Technology and Society Magazine ( Volume: 29, Issue: 2, Summer 2010 ), pp. 9 - 16, Date of Publication: 01 June 2010, DOI: 10.1109/MTS.2010.937024

RFID-Enabled Inventory Control Optimization


This study examines the impact of radio-frequency identification (RFID) technology on the inventory control practices of a small-to-medium retailer using a proof of concept (PoC) approach. The exploratory study was conducted using a single case study of a hardware retailer stocking 5000 product lines provided by 110 active suppliers. To analyze the present mode of operation, procedural documents, semi-structured interviews and a participant observation was conducted. The basis for the proof of concept was a future mode of operation using a quasi-experimental design. Results indicate that in a small-to-medium retail environment, RFID technology could act as a loss prevention mechanism, an enabler for locating misplaced stock, and make a significant contribution to the overall improvement of the delivery process.

Section I


Radio-frequency identification (RFID), which is defined as a wireless automatic identification and data capture (AIDC) technology [1], is increasingly considered by many scholars as the “missing link” in the supply chain management [2], [3]. For example, the technology could allow the identification of any tagged item in real-time in a given supply chain with minimum human intervention [4] [5] [6] [7]. When integrating into a firm's business processes [5], the RFID technology allows “any tagged entity to become a mobile, intelligent, communicating component of the organization's overall information infrastructure” (p. 88), thus improving supply chain information flow [8], [9] and supply chain efficiency [3]. A basic RFID system is composed of a tag containing a microprocessor, a reader and its antennas, and a computer equipped with a middleware program, in which business rules are configured to automate some decisions [10]. Despite the high potential of the technology as an enabler of the supply chain transformation, the current adoption rate is still fairly low mainly because many technological and business questions are still to be answered. In order to reduce this knowledge gap, this study draws on the current RFID agenda [5] to answer the following questions: What is the impact of RFID on loss prevention? What is the impact of RFID technology on the delivery process in a small-to-medium retailer store? How can RFID help to locate misplaced stock? How may the RFID reading rate be influenced by the physical characteristics of items? More precisely, the objective of this paper is to document the results of a proof of concept (PoC) that examines the impact of RFID on inventory control. The PoC consists of RFID simulations and re-engineered business processes that demonstrate whether the RFID technology can operate within the small-to-medium retail industry and illustrates the anticipated impact of RFID on business operations.

Section 2 presents related works. In section 3, the methodology used in this study, including all simulation of RFID enabled scenarios are presented. Finally, section 4 presents the discussion and conclusion.

Section II

Background and Context of the Study

The current study uses the proof of concept approach to assess the feasibility of RFID technology in a small-to-medium retail store. Most early studies on the feasibility of RFID technology have mostly been conducted using this approach or pilots projects (e.g. [11] [12] [13]). A proof of concept is used to illustrate whether a proposed system or application is likely to operate or function as expected [14]. Using, data from “Wal-Mart RFID-enabled stores” over a period of 29 weeks, the conclusion was reached that RFID-enabled stores were 63% more efficient in replenishing out-of-stocks than stores without RFID, thus leading to a reduction of out-of-stocks by 16% over that 29 week period [12]. In a more recent study, [15] examined data collected over a period of 23 weeks from eight test stores equipped with a new “RFID-based perpetual inventory adjustment tool” and a corresponding set of eight control stores (without RFID), and found that “RFID is making a difference. Understated perpetual inventory inaccuracy declined by about 13% in the test stores, relative to control stores, with no additional labour. Furthermore, manual adjustments declined in the test stores” (p. 55). Finally, the outcome of a study by [11], who used a PoC in a laboratory setting, was that process optimization can be achieved when the RFID technology is integrated in intra- and inter-organizational information systems applications. All these studies have been largely conducted in large firms, but very few of them are concerned with RFID adoption within small-to-medium firms.

Section III


The research study documented in this paper involves a case examining a single small-to-medium retailer. A case study method has been employed as it is ideal for investigating contemporary events and is able to take into account a wide variety of evidence [16]. For this study data have been gathered through the collection of procedural documents, semistructured interviews and a participant observation. This paper presents the data collected from the semistructured interviews conducted with employees of the organization, as well as revealing the business process flows (through flowcharts) of the organization in order to determine whether RFID is a feasible automated data capture technology for small-to-medium retailers. An observational study was also conducted over a period of two weeks in 2007. A daily diary was kept by the participant and this data was analyzed together with full-length transcripts. A single small-to-medium hardware retailer is focused on in this paper in order to analyze and present inventory control practices.

3.1. Research design

As the main objective of the overall study is to improve our understanding of RFID impacts in the context of a small-to-medium retailer, the research design is clearly an exploratory research initiative. A case study method has been conducted as it is ideal for investigating contemporary events and is able to take into account a wide variety of evidence [16].

3.2. Research sites

The organization examined in this study is located on the south coast of New South Wales, approximately 128 kilometers from the centre of Sydney. The company employs ten staff including casuals and is classified as a small-to-medium hardware retailer. The current proprietors have operated the business since 2003. The premises of the retailer measures approximately 2000 square meters, with about 550 square meters of this area making up the internal shop floor. The shop floor is composed of four sheds, each with independent access. There are two small internal offices, one designed to deal with customer purchasing and point-of-sale (POS) transactions while the other is used by managers and bookkeepers for ordering, accounting and other administrative practices. The external perimeter of the organization is surrounded by an eight foot high barbed wire fence.

The retailer currently possesses between 400,000 worth of inventory which is kept on the premises. The inventory held by the organization is estimated to consist of 5000 product lines, which are provided by 110 active suppliers. Products and other inventory are stored or displayed before purchase inside the store or outside within the confines of the premises. Items and stock within the store are positioned based on the type of product as well as the supplier. Most items kept inside the store are also shelved on racks that measure 2.1m in height. The shop floor is divided into five separate areas that include general hardware, timber, gardening, cement and building supplies. Products stored outside are generally unaffected by environmental and weather conditions such as landscaping supplies, cement blocks, treated pine sleepers and sheets of steel reinforcing. Stock is usually delivered to the store packaged at pallet, crate, carton or item level.

The retailer provides many services to its customers primarily through the selling of hardware and other building related supplies. The organization provides a delivery service to its customers if they purchase products that are too large to be transported or products that they wish to be delivered on a certain day. Products are delivered to customers in one of the three vehicles the organization owns. A flat top truck is used for steel deliveries, a tip truck is used for landscaping supplies and a utility vehicle is used for general deliveries. The organization also has a front-end loader that it uses to load landscaping supplies on vehicles. The organization offers accounts for customers that purchase products frequently.

The retailer currently has limited Information Technology (IT) infrastructure and does not utilize a server, as the current operations of the business do not require a large volume storage device. The organization utilizes two desktop computers in their administration office that are primarily used to manage customer accounts through the software package MYOB Premier Version 10. At the end of each month, the organization uses the MYOB software to generate invoices which are sent out to account holding customers, requesting that they pay for the items they have purchased. The organization has another desktop computer which is used by employees to search a program that acts as an index of paint colors provided by different paint suppliers. All computers within the organization are able to access the Internet.

3.3. Data collection

For this study data have been gathered through the collection of procedural documents, semi-structured interviews and a participant observation. This paper presents the data collected from the semi-structured interviews conducted with employees of the organization, as well as revealing the business process flows (through flowcharts) of the organization in order to determine whether RFID is a feasible automated data capture technology for small-to-medium retailers. An observational study was also conducted over a period of two weeks in 2007. A daily diary was kept by the participant and this data was analyzed together with full-length transcripts. A single small-to-medium hardware retailer is focused on in this paper in order to analyze and present inventory control practices.

3.3.1. Interviews-interviewees

Insights into the current inventory control practices at the small-to-medium retailer are based on semi-structured interviews carried out on four employees of the organization. The roles and duties of these employees are documented in Table 1.



As can be seen from Table 1, employees of the organization have minimal job specialization, which reinforces [17] observations of small businesses. The proprietor/manager and proprietor/part-time manager are responsible for the overall running of the business whereas the store manager is specifically responsible for shop maintenance and management. The delivery truck driver is primarily responsible for making outbound deliveries. The store manager and delivery truck driver are answerable to both of the proprietor/managers.

3.3.2. Interview questions and the inventory cycle

Inventory control as defined by [18] involves “coordinating the purchasing, manufacturing and distribution functions to meet marketing needs”. Coordinating these functions requires many discrete activities including ordering stock or materials and shelving or putting it in the correct position so that customers have access to it. In this section, the inventory control process has been broken down so that the inventory practices of the small-to-medium retailer can be explored in greater detail. Figure 1 illustrates the inventory cycle. It should be noted that the inventory flow cycle is focused on the flow of raw materials to their finished state, while this inventory control cycle has been developed based on a retailer that sells finished goods (p. 21) [19].

Figure 1. The Inventory Cycle

Figure 1. The Inventory Cycle


As can be seen in Figure 1, customer demand triggers the ordering or re-ordering of stock. Stock then arrives at the retailer, where it is checked and sorted before being shelved in the correct position. Stock is then purchased by a customer and delivered by the retailer if necessary.

The inventory cycle demonstrated in Figure 1 was considered when developing questions for the semistructured interviews. The majority of the questions asked related to the six different processes that were identified in the inventory control cycle. There were a total of twenty-eight questions included in the original semi-structured interview protocol but additional probing sub-questions were asked where the respondent was able to expand their response due to their knowledge of operations. The questions covered the background of the company case, the role of the employee in the organization, questions related to the current mode of operation to gauge the current inventory control practices and set-up, and more speculative questions regarding the transition of the organization from a manual-based system to barcode and/or RFID. For instance the proprietor was asked:

Can you describe the process that you use to check that orders have been delivered with the correct contents?

  1. Do you keep any sort of record of how much stock you carry, either in physical or electronic form?
  2. How would you describe the theft prevention measures in your workplace?
  3. What triggers your organization to reorder or order stock?
  4. Are there any issues affecting your adoption of automated data capture technology?
  5. Do you think that RFID could be used within your business to improve inventory control?

The interview transcripts were analyzed using a qualitative approach and the findings were presented using a modular narrative style based on the steps in the inventory control cycle. The following sections summarize the findings of the semi-structured interviews.

3.3.3. Participant observation

A participant observation requires the researcher to become a direct participant in the social process being studied by becoming a member of an organization. The participant observation was carried out over a two week period with the intention of recording observations relating to the inventory control practices used within the small-to-medium retailer. This study utilizes an overt participant observation as members of the organization were already aware of the researcher's presence due to interviews being carried out at an earlier date. The overt approach was perceived to have had minimal influence on the behavior of the organization's members as they were informed that the purpose of the study was to examine inventory control practices of the retailer, not their personal behaviors. During the participant observation annotations and issues were documented through the use of a diary. Field notes were recorded during each day, and were formalized at the end of the day.

3.3.4. Procedural documentation

The small-to- medium retailer's procedural documents were used to complement the semi-structured interviews and participant observation. Documentary secondary data, such as an organization's communications, notes, and other policy and procedural documents have been examined.



Official documents, like procedural documents can be treated as unproblematic statements of how things are or were (p. 104) [20]. The procedural documents have been used as evidence to support the determination of the inventory control practices of the small-to-medium retailer. The interviews conducted, participant observation and the collection of procedural documents were combined to develop the business process flows of the organization. A narrative presentation is used to bring together participant observational data and interviewee responses.

3.4. Simulation of RFID-enabled scenarios

Eight simulations have been developed which are aimed at examining different aspects of inventory control and known RFID issues that have been documented in the literature. However, within the scope of this paper, we'll only present and discuss four RFID-enabled scenarios (Table 2): (i) RFID-enabled loss prevention, (ii) RFID-enabled delivery portal, (iii) RFID tag environment simulation and (iv) RFID-enabled locating misplaced stock.

The results of the simulations are documented qualitatively, discussing read rates as well as any other technical issues experienced in the following section.

3.4.1. RFID enabled-loss prevention simulation-method

Exhibit 1. An RFID armed entry/exit

Exhibit 1. An RFID armed entry/exit

A fixed RFID reader with one and then two antennas will be placed above or around the entry/exit of the store with the aim of identifying any tagged item or product that passes through the entry/exit. Items that have been tagged with RFID labels will be moved past the reader in order to determine if the tag is interrogated and identified successfully. The tagged product will be concealed by the participant carrying it so the effect of this can be gauged. Multiple items will also be carried out by the participant to test if the reader identifies multiple tagged items.

In the initial part of this simulation a fixed reader was set up with one antenna which was positioned above the entry/exit, 2.1 metres off the ground.

The antenna was orientated at a 45 degree angle, sloping inwards towards the interior of the store. The participant walked towards the entry/exit with an RFID tagged item held 1.5 meters off the ground. Five different items of stock were used in this simulation, each being RFID tagged in a different configuration. Two of the items had tags wrapped around them so the tag was overlapping itself, one item had its tag wrapped around it but was not overlapping, another item was labelled with a tag that was folded in half and the final item had a tag applied to it in a general flat configuration. The tagged items were passed through the RFID monitored entry/exit individually in plain view of the reader, then concealed under the jumper of the participant and finally all items were passed through the entry/exit simultaneously in a plastic basket.

The results revealed that items which had RFID tags wrapped around them and were overlapping could not be detected by the reader when passed through the entry/exit. It was also found that concealing items had an effect on whether they would read or not with a single concealed product being identified compared to the three tagged items which were identified when they were passed through the entry/exit in plain sight. Table 3 summarises the results of the simulation = read successfully, = not able to be read).

Figure 2. Configuration of the loss prevention portal

Figure 2. Configuration of the loss prevention portal

Once this simulation was carried out another antenna was attached to the fixed reader and a small portal was created to see whether it was more accurate to identify tagged products from side-on than from above. Figure 2 illustrates the configuration of the portal.

The participant once again walked through the doorway with items held 1.5 metres from the ground. The items that had RFID tags wrapped around so they overlapped were still not able to be read in this variation of the simulation, but three tagged items that had been concealed were identified compared to the one item identified in the previous variation. The range of the antennas was also tested with items being passed through the portal held above (1.8 metres from the ground) and below them (30 centimetres from the ground). The three tagged items that were identified initially were also read when they were passed above and below the antennas at the entry/exit to the store.



The results of this simulation revealed that RFID experienced poor to average read rates when implemented for loss prevention. It is perceived that if RFID was applied in the small-to-medium retailer for loss prevention purposes, theft may be reduced but the reliability of the technology could not be guaranteed; unless orientation issues are resolved and read rates are improved.


3.4.2. RFID-enabled delivery portal simulation-method

This simulation involves RFID tagged items being placed on a pallet then onto a delivery vehicle at the loading dock of the hardware store. A portal will be created at the loading dock, equipped with two antennas originating from an RFID reader which will be used to identify the products and stock that are moving in and out of the premises.

Exhibit 2. Tagged RFID products on pallet (top); the flat top truck being reversed into the loading dock (middle); the utility vehicle in the RFID portal (bottom)

Exhibit 2. Tagged RFID products on pallet (top); the flat top truck being reversed into the loading dock (middle); the utility vehicle in the RFID portal (bottom)

To test the RFID delivery portal, a flat top truck is reversed into the loading bay of the organisation. Seven products that are commonly delivered to or by the organisation are RFID tagged, including a wooden pallet which the items are placed on. The truck is reversed in and out of the loading bay on five occasions and the read rates are recorded each time.

Three of the tagged items including a piece of treated pine, a roll of foam joint and the pallet are successfully interrogated on each of the five times the truck is reversed.

A tagged piece of treated pine is also identified on the first and the last time the vehicle is backed into the loading dock.

The other three items on the truck are unable to be identified at all, most likely due to the back tray of the truck, sitting higher than the antenna (all the RFID tagged products on the truck were situated above the antenna).

Another vehicle, a utility that is used by the organisation to deliver products is then employed in the simulation with the same products and pallet being placed in the vehicle's tray. The tray of this vehicle is at a more suitable height for the RFID antennas, as it sits 80 centimetres off the ground. Exhibit 2 demonstrates the RFID portal with the utility vehicle reversed into the loading dock.

The read rates experienced when products were placed on the utility were far superior to those experienced when the flat top truck was employed, with read rates ranging from 71% to 100% of all items and products tagged. Table 4 reveals the read rates of the tagged items and products on the utility vehicle (= read successfully, = not able to be read). This simulation illustrated that if an RFID portal was constructed appropriately by considering the conditions and vehicle used by the small-to-medium retailer it could effectively monitor stock being delivered to the business and stock being delivered to customers of the business.



3.4.3. RFID tag environment simulation-method

This simulation involves trying to identify RFID tagged products of various compositions using the mobile RFID reader. Items composed of wood, metal, plastic, stone and those containing liquids were tagged and attempted to be read. Items left outside and exposed to the elements were also tagged and attempted to be read, along with other items that are stored in dirty manufacturing type environments.

Ten products composed of varying materials were RFID tagged and attempted to be read by the mobile RFID reader. The compositions of the ten items tagged varied greatly with some of them being made or packaged from metal, plastic, cardboard, paper, wood and stone. Some of the items such as the container of nails and the bag of cement were also dusty and dirty. The mobile RFID reader was used to make six attempts to read data from all of the tagged products individually. Table 5 reveals the results of the six attempts for each product (= read successfully, = not able to be read).

Exhibit 3. An RFID tagged treated pine sleeper (top); An RFID tagged pipe (bottom)

Exhibit 3. An RFID tagged treated pine sleeper (top); An RFID tagged pipe (bottom)

As can be seen in Table 5 all items could be read by the mobile reader, but objects made of metal took around 5 or 6 attempts to be read successfully. It should also be noted that dirty and dusty products were interrogated successfully by the reader on every attempt.

In order to further test the effect the environment had on the readability of tags, four items that were regularly kept outside were RFID tagged. These items included a treated pine sleeper, a stone paver, a bale of sugar cane mulch wrapped in plastic and a 6 metre length galvanised pipe (Exhibit 3).



After being tagged with RFID labels these items were left outside for five nights. It rained quite heavily over the time the items were left outside and upon examining the products and RFID tags after the fifth night had elapsed, they were saturated.

This however did not have any effect on the readability of tags, with all items being successfully identified in all six of the scans except for the metal item (the 6 metre length of galvanised pipe) which was only interrogated successfully on the sixth attempt.

To compare the robustness of RFID tags and barcodes, a cardboard box with a barcode imprinted on it in ink was also left outside over the same period as the RFID tagged items. Like the RFID tags and products the cardboard box was saturated after the fifth night outside. The barcode on the box was able to be scanned successfully, but when the researcher applied some friction to the barcode it was damaged. Once the barcode was damaged it could not be identified by the barcode reader. Unlike the barcode the RFID tags were not affected or damaged by friction in this simulation.

This simulation revealed that the readability of RFID tags was not affected when applied to products of varying compositions, except for products composed of metal which resulted in these products only being identified in about one out of six attempts. It was also revealed that RFID tags were able to function after being stored outdoors and exposed to the elements over five nights. To further test the robustness of RFID tags it is recommended that they are exposed to the same environmental conditions for longer periods of time in a future study.

3.4.4. RFID-enabled- locating misplaced stock simulation-method

An RFID tagged product will be positioned so that it can be read by an antenna attached to a fixed RFID reader. Once data have been read from the tagged item it will then be moved around the shop to another location so it is within range of another antenna. The results of this simulation will focus on the ‘tag reads’ at each of the antennas. After one tagged item has been tested the read rates of multiple items will be observed.

A fixed RFID reader was set up with two antennas situated 10 metres apart. RFID tagged items were initially positioned in front of an antenna then put on a trolley and moved outside the range of the antenna and into the range of a second antenna to simulate stock being misplaced within the retailer. Exhibit 4 shows RFID tagged products that have been moved past an antenna on a trolley.

Exhibit 4. RFID tagged cartons of nails within the read range of an antenna

Exhibit 4. RFID tagged cartons of nails within the read range of an antenna

A plastic 5 kilogram carton of galvanised bullet head nails was RFID tagged and moved from the read range of the first antenna to within the read range of the second antenna which resulted in it being detected by both antennas. Once a single RFID tagged carton was tested more were introduced to further examine the accuracy of the antennas. Table 6 illustrates the results of this simulation. It should be noted that in the table, tags which were identified by both antennas (at the first antenna prior to being ‘misplaced’ and or the second antenna after being ‘misplaced’) were recorded as being read successfully (✓=read successfully,= not able to be read).



The results revealed read rates ranging from 67% to 100% for the five tests conducted in this simulation. When products were placed on the trolley and transported between antennas they were placed in a random configuration which meant that the RFID tags applied to them were not presented to the reader in the same arrangement for each of the tagged cartons of nails.

It was noted that tagged cartons that were not detected when moved between antennas, had tags orientated perpendicular to them or had tags that were applied to the opposite side of products. Figure 3 illustrates where RFID tags were applied on products that were not identified by the antennas.

Figure 3. The position of RFID tags that were not identified

Figure 3. The position of RFID tags that were not identified

Apart from the orientation issues that were encountered, this simulation illustrated that RFID could be used within the small-to-medium retailer to monitor the positioning of products within the store. If RFID was employed in the store and appropriate backend software was developed it is highly likely that misplaced items that had been tagged within the store could be registered on the system, and found thereafter.

Section IV

Discussion and Conclusion

The simulations revealed that items with overlapping RFID tags wrapped around them could not be detected by the reader when they passed through the entry/exit. It was also found that concealing items had an effect on whether they would read or not with a single concealed product being identified, as compared to the three tagged items which were identified when passing through the entry/exit in plain sight. Moreover, the results showed that RFID experienced poor to average read rates when implemented for loss prevention. It is perceived that if RFID was applied in the small-to-medium retailer for loss prevention purposes, theft may be reduced but the reliability of the technology could not be guaranteed, unless orientation issues were resolved and the read rates improved. Also, if an RFID portal were constructed appropriately, taking into account the conditions and the vehicle used by the small-to-medium retailer, it could effectively monitor the stock being delivered to the business and the one delivered to the customers of the business. In addition, the study revealed that the readability of RFID tags was not affected when applied to products of varying compositions, except for metal products - which were identified only once on six attempts. Moreover, the RFID tags were able to function after being stored outdoors and exposed to the elements over five nights. These results provide strong support to previous studies on RFID technology [11], [12] and highlight the fact that RFID technology is mostly product driven, and therefore, the best performance of the system heavily depends on the type of product, the context of implementation, the level of tagging, etc.

Consequently, a scenario building, validation and demonstration of RFID-enabled process optimization is highly recommended prior to any large RFID technology deployment [13]. To our knowledge, this study is among the first studies to illustrate that RFID technology could be used within a small-to-medium retailer in real-life settings to monitor the positioning of products within the store, to help small-to-medium retailer prevent in-store stock losses, enhance delivery process and improve the process of locating misplaced stock within the store. Nevertheless, these findings are consistent with results of prior research by [15] at Wal-Mart stores, which are mainly large stores. Despite these encouraging results, further tests on the robustness of RFID tags should be conducted when they are exposed to the same environmental conditions for longer periods of time. Moreover, given that the more recent RFID tags have a tag reading accuracy of almost 100%, their use is highly recommended [21]. The study was conducted in a single store of a small-to-medium retailer situated almost at the last node of the retail supply chain, and therefore was not able to capture the network effects of RFID technology.

Therefore, further works need to be done to assess the impact of RFID technology at the supply chain level in a real-life setting and to develop different models of cost sharing between stakeholders involved in RFID-enabled projects.


1. S. Fosso Wamba, L. A. Lefebvre, Y. Bendavid, and É. Lefebvre, "Exploring the impact of RFID technology and the EPC network on mobile B2B eCommerce: a case study in the retail industry," International Journal of Production Economics (112:2), 2008, 614-629.

2. R. Roman and J. Donald, "Impact of RFID technology on supply chain management systems," in 19th Annual Conference of the National Advisory Committee on Computing Qualifications (NACCQ 2006) Wellington, New Zealand, 2006.

3. C. Loebbecke, J. Palmer, and C. Huyskens, "RFID's potential in the fashion industry: a case analysis," in 19th Bled eConference, eValues Bled, Slovenia, 2006.

4. C. Poirier and D. McCollum, RFID Strategic Implementation and ROI: a Practical Roadmap to Success. Florida: J. ROSS Publishing, 2006.

5. J. Curtin, R. J. Kauffman, and F. J. Riggins, "Making the most out of RFID technology: a research agenda for the study of the adoption, usage and impact of RFID," Information Technology and Management (8:2), 2007, 87-110.

6. N. Huber and K. Michael, "Minimizing product shrinkage across the supply chain using radio frequency identification: A case study on a major Australian retailer," in IEEE Computer Society of the Seventh International Conference on Mobile Business Toronto, Canada, 2007.

7. B. D. Renegar and K. Michael, "The RFID value proposition," in CollECTeR Iberoamérica Madrid, Spain, 2008.

8. F. J. Riggins and K. T. Slaughter, "The role of collective mental models in IOS adoption: opening the black box of rationality in RFID deployment," in Proceedings of the 39th Hawaii International Conference on System Sciences Hawaii, 2006.

9. S. Fosso Wamba and H. Boeck, "Enhancing information flow in a retail supply chain using RFID and the EPC network: a proof-of-concept approach," Journal of Theoretical and Applied Electronic Commerce Research (3:1), 2008, 92-105.

10. Z. Asif and M. Mandviwalla, "Integrating the supply chain with RFID: a technical and business analysis," Communications of the Association for Information Systems (15), 2005, 393-427.

11. Y. Bendavid, S. Fosso Wamba, and L. A. Lefebvre, "Proof of concept of an RFID-enabled supply chain in a B2B e-commerce environment," in The Eighth International Conference on Electronic Commerce (ICEC) Fredericton, New Brunswick, Canada, 2006, 564-568.

12. B. C. Hardgrave, M. Waller, and R. Miller, " Does RFID reduce out of stocks? a preliminary analysis," 2005.

13. S. Fosso Wamba, E. Lefebvre, Y. Bendavid, and L. A. Lefebvre, From automatic identification and data capture (AIDC) to "smart business process": a proof of concept integrating RFID: CRC Press, Taylor & Francis Group, 2008.

14. W. E. Solutions, "Appendix A: Glossary," 1996.

15. B. C. Hardgrave, J. Aloysius, and S. Goyal, "Does RFID improve inventory accuracy? a preliminary analysis," International Journal of RF Technologies: Research and Applications (11:1), 2009, 44-56.

16. R. K. Yin, Case Study Research: Design and Methods. Newbury Park, CA: Sage, 1994.

17. J. Diamond and G. Pintel, Retailing. Upper Saddle River: Prentice Hall, 1996.

18. T. Wild, Best Practice in Inventory Management. New York: John Wiley & Sons, 1997.

19. R. Tersine, Principles of Inventory and Material Management. Upper Saddle River: Prentice Hall, 1998.

20. P. Knight, Small-Scale Research. London: Sage, 2002.

21. M. H. M. News, "UHF Gen 2 RFID delivers 100% read accuracy for item tagging," 2009.

IEEE Keywords: Australia, Business process re-engineering, Hardware, Humans, Inventory control, Radio frequency, Radiofrequency identification, Supply chain management, Supply chains, Testing

INSPEC: optimisation, radiofrequency identification, retail data processing, small-to-medium enterprises, stock control, RFID-enabled inventory control optimization, delivery process, hardware retailer, participant observation, procedural documents, proof of concept approach, quasi experimental design, radio-frequency identification technology, semi structured interviews, small-to-medium retailer

Citation: Dane Hamilton, Katina Michael, Samuel Wamba, 2010, "RFID-Enabled Inventory Control Optimization: A Proof of Concept in a Small-to-Medium Retailer", 2010 43rd Hawaii International Conference on System Sciences (HICSS), Date of Conference: 5-8 Jan. 2010, DOI: 10.1109/HICSS.2010.473

Innovative Auto-ID and LBS - Chapter Three Historical Background

This chapter takes the reader through a historical tour of identification techniques from ancient times to the present. The histories shed light on how the purpose of citizen identification (ID) has changed as it has been impacted by complementary and supplementary innovations. The chapter provides a thorough exploration of government-to-citizen (G2C) ID systems, so as to better understand the possible uses or potential misuses of current and future mandatory ID schemes. It also presents some of the evolutionary changes that have taken place in the nature and scope of citizen ID, and their subsequent potential implications on society. Historically governments have requested the registering of their population for census collection and more recently the need to know what social benefits accrue to each household. Nowadays, however, citizen ID numbers are even used to open bank accounts and to subscribe to mobile services, among many other things. In addition, auto-ID techniques are not only pervasive but are increasingly becoming invasive.


Read More

Location-Based Services for Emergency Management: A Multi-stakeholder Perspective



This paper investigates the deployment of location-based services for nationwide emergency management by focusing on the perspectives of two stakeholders, government and end-users, in the cellular mobile phone value chain. The data collected for the study came from a single in-depth interview and open comments in a preliminary end-user survey. The themes presented have been categorised using a qualitative analysis. The findings indicate that although governments and end-users believe that location-based services have the potential to aid people in emergencies, there are several major disagreements over the proposed deployment. This paper is an attempt to help determine the underlying motivations and impediments that would influence the decisions of both stakeholders and also towards providing a better understanding of the anticipated role of each party in such a deployment.

SECTION I. Introduction

Location-based services (LBS) are a set of applications and technologies that take into account the geographic position of a given cellular mobile device and provide the device user with value added information based on the derived location data [1]. The conventional use of LBS in emergencies is to find the almost pinpoint geographical location of a cellular handset after a distress phone call or a short message service (SMS). The services have been recently exploited, to some extent, in several countries to complement the existing traditional emergency channels (e.g. sirens, radio, television, landline telephones, and internet) as a means to communicate and disseminate time-critical safety information to all active cellular handsets about unfolding events, even post the aftermath, if the handsets are in the vicinity of a pre-defined threat zone(s) [2]. LBS applications have shown the potential to be a valuable addition in emergency management (EM), particularly, when they are utilised under an all-hazards approach by the interested government agencies.

This paper investigates the perspectives of two pivotal stakeholders in the LBS value chain, namely the prospective user and the government, about the use of the services for the purposes of EM and public warning. The investigation is expected to provide an understanding about the perceived benefits, impediments and concerns of utilising the services into relatively new contexts, and also to shed some light on the expected role of both key players in any feasible future solution. Accordingly, this paper is among the first to examine the potential dynamics between LBS stakeholders, specifically, in the realm of emergencies.

SECTION II. Methodology

This research was conducted using two methods of data collection. The first method was to use a traditional paper survey. Six hundred surveys were randomly distributed by hand to mailboxes in the city of Wollongong, New South Wales, Australia, in November, 2008. Although, this traditional approach is costly, time-consuming and demands a lot of physical effort, it was favoured as it is more resilient to social desirability effects [3] where respondents may reply in a way they think it is more socially appropriate [4]. Beside a basic introduction of location-based services and emergency management, the survey provided the participants with four vignettes; each depicting a hypothetical scenario about the possible uses of LBS applications for managing potential hazardous situations. The scenarios cover specific related topics to emergencies such as an impending natural event, a situation where a person is particularly in need of help, and a national security issue. Two of the vignettes were designed to present location-based services in a favourable light, and the other two vignettes were designed to draw out the potential pitfalls. Through the use of vignettes, participants were encouraged to project their true perceptions about LBS while, at the same time, involved with creating a meaning related to the potential use of the services in extreme events. This was highly important to establish among participants before starting to obtain informed responses from them, especially, when the utilisation of location-based services in the realm of emergency management is still in its nascent stages worldwide.

The survey which predominantly yielded quantitative results also included one open-ended question in order to solicit written responses from the participants. Despite the fact that only 14 respondents wrote hand-written comments, it should be noted that the primary goal of the open-ended question technique was to understand the solution as perceived by the respondents and not to aggregate their responses for any quantitative representation. Therefore, the number of written responses was sufficient to fulfil the requirements of the content analysis.

The second method was to use a semi-structural interview. The interview was conducted with an official from a leading government emergency services department in Australia. The interview was conducted in November, 2008. The main objectives of performing the interview were to:

  • Explore the government's perspective regarding the various LBS technologies being considered for emergency management.
  • Define the potential role of the government in any nationwide feasible LBS-dependent solution.
  • Gain an understanding of the potential impediments, if any, to the government's decision for adopting location-based services solutions.
  • Investigate the government's understanding and position on matters pertaining to information control and privacy concerns, in relation to nationwide deployments of location-based services in emergency management.

The initial focus was to get an understanding of the similarities and differences in opinions, attitudes and sentiments of individual survey participants. Once that was done, a constructed list of extracted unique keywords was generated and then used to combine the points of view thematically. The same list was also used in the discovery of comparable themes within the interview data. This helped to ensure that the discovered themes from both methods are grounded in specific contexts related to the research being conducted [5].

The themes are presented in two sections by stakeholder type: i) the prospective user, and ii) the government. A discussion is then made based on a cross-theme analysis of the two stakeholders.

SECTION III. The Prospective User

The individuals' willingness to accept LBS technologies and applications could, essentially, determine the likelihood for success in the introduction of LBS solutions for emergency management. This research discerned the need to directly elicit peoples' opinions about the consequences of such an introduction in order to have a preliminary understanding and feel for the concerns and issues prospective users might have before the actual deployment of emergency management solutions using location-based services. The following extracted themes have been categorised based on a qualitative analysis of respondents open comments.

A. The role of the government as perceived by the prospective user

The government is perceived to have a multidisciplinary role that includes provisioning, funding, maintaining, and regulating services related to civil society. Technologies like location-based services have the potential to serve the public, and their adoption and development should be highly advocated among strategic decision-making circles. With respect to LBS offerings, strict legislation should also be introduced by the government to explicitly define the legal liability, for example, in the case of a service failure, or information disclosure accidentally or deliberately.

B. Privacy concerns

In the context of LBS, privacy in the government context mainly relates to the personal locational information of individual citizens and the degree of control in which a government can exercise over that information. Such information is regarded highly sensitive, so much so, that when collected over a period of time inferences about a person could be generally made [6]. Accordingly, privacy concerns may originate when individuals become uncomfortable with the collection of their location information, the idea of its perennial availability to other parties, or the belief that they have incomplete control over that collection.

The traditional commercial uses of LBS have long raised concerns about the privacy of the users' location information [7]. The same issues arise within the context of emergencies. Survey respondents expressed genuine concerns about the possibility of being tracked constantly even during an emergency. This specific note is quite interesting to mention as it raises again the argument of whether or not individuals are willing to relinquish their privacy for the sake of continuous safety and personal security [8]. Another concern expressed was that location information could be used for other purposes besides a given emergency context. Such unauthorised secondary use of the collected information has been discerned in the literature as one of the main privacy concerns that also include excessive location data collection, errors in storage and improper access of the collected data [9]. The last concern conveyed by respondents was that information could be gradually spread or shared with third parties, who are not pertinent to the government's emergency organisations, without explicit consent from the LBS user.

C. The Price of the Services

Some respondents perceived the price of location-based services to be expensive, especially in the context of emergency management. One respondent was adamant that they would not be willing to pay in exchange for using location-based services in an emergency, believing it was a public right. This may suggest that the usage context may have little to do with impacting an individual's decision to use location-based services. Nonetheless, a more rational explanation is that respondents may have a lack of awareness and appreciation of the associated benefits.

In general, the comments suggested that the fees should be borne by the government through the allocation of taxes gathered from the working population, to cover the costs of providing and maintaining vital civic services.

D. Assurance of control mechanisims

One emphasis in the respondents' comments was the need to assure the prospective user's control over who would collect the information, how the location information would be collected, who would have access to that information, where the information would be stored and for how long, and what information would be kept after the occurrence of an emergency incident. For example, it is envisaged that such data would be extremely vital in coronial inquests post natural or human-made disasters. In the state of New South Wales, in Australia, for instance, coroners are exempt from privacy laws and can legitimately gain access to medical records, financial transaction data and even telecommunications records. As a result, a need to create safeguards to protect users' right to control their personal location information was profound among respondents.

Zweig and Webster [10] argued that individuals would accept a new technology, if they perceived to have more control over their personal information. Therefore, an important issue concerns the potential use of location-based services in emergencies, is how the users perceive the most dependable safeguard that is capable of protecting their location information, thus alleviating any concerns they might have to begin with.

Xu and Teo [11] have defined several control mechanisms in order to alleviate similar concerns. One mechanism is the technology self-based assurance of control, which refers to the ability of the LBS user to exercise a direct control over his/her location information via the technical features of the LBS device. For example, a user can determine when to opt-in or to opt-out from a service or can define the preferred accuracy level to which the solution provider is able to track his/her handset. This has been expressed in one of the respondent's suggestions of having some technical features in the handheld device itself in order to be able to “switch on/switch off” the location-based service anytime.

Another assurance of control is a mechanism that is institution-based via legislation. In this case, relevant government laws and regulations exist within the legal system to ensure the proper access and use of the personal locational information [11]. Forces in power (i.e. in this context, government agencies tasked with emergency response) could exercise proxy control over the location information on behalf of the user in the case of an emergency. However, the control should be safeguarded by the assurance that unauthorised behaviours will be deterred through the legal system in use. One respondent actually advocated the idea of introducing explicit relevant legislation, before presenting the services to the public, as it would provide powerful and foolproof safeguards for protecting users' control over their private information.

E. The usefulness of the services

The frequency of emergencies and natural and human-made disasters, and the highly unanticipated nature of such extreme events present opportunities for initiatives based on LBS solutions as a promising and a valuable addition to the existing utilised approaches for managing all identifiable hazards and their possible aftermaths. However, for any initiative proposed usefulness is a principle reference point for judging its suitability to people. If people do not perceive any usefulness behind LBS for emergencies, then it is most likely that they would not consider the use of the services. The comments from the respondents overwhelmingly perceived LBS to be highly useful in emergency situations. One suggestion is that the technology should be utilised for emergency purposes only as their usefulness in such situations far outweigh any privacy concerns they might raise. However, most of the respondents perceived a potential for LBS to be utilised as an important medium to assist communities in emergencies beside their obvious practical possibilities for commercial application as well.

SECTION IV. The Government

Former worldwide experiences have clearly revealed the indispensable role of the government in emergencies since only governments usually have the capabilities to fund and control the financial, human and technical resources needed to managing such situations. As a result, it could be argued that the realisation of a consistent LBS solution for emergency management would be highly conditional upon perceiving the government as the main stakeholder and as a proponent of the services. The following extracted themes represent a “framework of meanings” elicited from the interviewee. The interviewee is an official from a leading emergency services government department in Australia.

A. The role of the prospective user as perceived by the government

Being the focus of the LBS solution, an expected role of the prospective citizen user will not only to be as a mere recipient of the warning message sent by the government but also as the initial point of safety information to others as well. The recipients would have the responsibility to act and convey the warning message to the people who are effectively within their care at the time of the event (e.g. the elderly, the children, the disabled, and the sick). Another example could be a manager of a shopping centre where there is a potential for a large gathering of people in one place, and that place of interest is within the defined emergency area.

B. Where does LBS fit among the existing emergency management solutions?

The European Telecommunications Standards Institute (ETSI) has defined two types of location-based emergency service applications [12]. The first is initiated by the individual in the form of a distress mobile phone call or SMS. In these cases, the telecommunications carriers are obliged to provide information regarding the location of the originated call or message within accuracies between 50 to 150 metres. This service is known as wireless E911 in the United States and E112 in the European Union. The second type of LBS applications are initiated by the solution provider in which alerts, notifications, or early public warnings are disseminated (pushed) to all active handsets, which are within a predefined threat area(s) at the time of the unfolding event.

From a governmental perspective, both approaches (i.e. the emergency phone call/SMS and the LBS warning system) are only two ends of the same spectrum. As a result, LBS solutions for public warning are perceived as an additional extension of the existing emergency and warning systems. Accordingly, the same organisations and agencies handling the conventional inbound emergency phone calls should be assigned the responsibility of handling the LBS emergency public warning system.

C. The perceived benefits of LBS for EM

Location-based services have the potential to act as the primary source of safety information. They can also be utilised to point people in the direction of other safety information channels. The messages delivered through the LBS solution could be the initial warning the public receive if they are within the area that is likely to be affected at that time. Once the message is received, people could then turn into other forms of media, such as television or the radio, for more information.

Through providing people with early safety information, the LBS solution may have the potential to save lives by allowing the individuals to make more informed decisions; thus putting them into a safer position. It should be noted here however that even with such powerful applications, it is government policy during emergencies such as bushfires that still override the capabilities of the new technologies. A technology may be fully functional however, the stance taken by government on what to communicate during a disaster may not be effective or even plausible.

Despite the possibilities, the fact that the cellular handsets are the most prevalent among individuals makes the LBS solutions highly valuable in emergencies. Moreover, contrary to other forms of media, LBS do not require the individual to be anchored to a device in order to receive the information. A warning message could reach all the active handsets within the threat zone, allowing people to understand that something is unfolding around them.

D. The cost of the LBS solution

As every individual has the right to be advised by the government in the case of an unsafe situation, the funding of any possible LBS solution would basically lie on the shoulders of federal and state governments. Due to the specific nature of the solution, it could not be financed through any kind of advertising or sponsoring. The cost will, essentially, depend on the final form of the solution. However, a possible impediment for the government's decision to adopt LBS for emergencies could be the cost-per-message delivered. As every message being delivered theoretically represents a commensurate revenue expectation for telecommunications carriers, long-term partnership arrangement and agreements between carriers and the government, early involvement of the carriers as a major stakeholder could partially answer the cost burden of the solution. Nevertheless, the solution will primarily rely on the practices of the telecommunications carriers and their willingness to extensively share their resources in emergencies with the government. The buy-in of carriers, especially incumbents cannot be overstated, although traditionally carriers have complied with government mandates that have been concerned with the greater good of society.

E. Privacy concerns

Due to the fact that any achievable location-based emergency warning system is meant to be only used for public safety, the privacy associated with it should not be a major issue. LBS public warning solutions are perceived as one end of a spectrum that includes the traditional emergency response services number on the other end. The same organisations will be handling the information from both systems. The sole purpose will be to identify the handset number within the emergency area at the time of the event. The number is perhaps the only mechanism by which a notification could reach the handset if the user is in an imminently dangerous situation.

Any proposed solution could neither be an opt-in nor an opt-out system. If individuals opt-out and did not receive the warning message, and then the unfortunate event occurred where they lost their lives, it would not be well received by the public. The message is provided as a means of maintaining the safety of all individuals that are within the likely affected area. Accordingly, prior consent from the prospective user will not be a prerequisite for initiating the service directly to him/her.

SECTION V. Discussion

An examination of the themes presented reveals an agreement between both stakeholders on the potential benefits of location-based services for emergency management. There is also a consensus that the solution should be funded by the government and regulated, operated and maintained by related government emergency organisations. However, a comparative analysis of the extracted themes shows several disagreements between the two stakeholder types. For example, although there was recognition of the indispensable expected role of the private sector, the prospective users expressed concerns that the telecommunications carriers may view the utilisation of the services in the domain of emergencies as a chance to raise revenue rather than being for the public interest, resulting in unsolicited commercial-based services. Other differences such as the need to address the privacy concerns and some of the design features of the recommended system have also appeared. The analysis is presented in Table 1.


Technologies such as LBS have the potential to serve the public. Therefore, the adoption and the development of such technologies should be highly advocated in the higher decision-making political circles. Initiatives to involve the private sector early in the proposition of location-based services in emergency situations need to be instituted. For example, consider the Warning, Alerts, and Response Network (WARN) Act in the United States, which encourages telecommunications carriers to participate in government warning systems used to target a broad variety of media including cellular mobile phones. The act, specifically, obligates the carriers who do not wish to participate to clearly indicate it to their potential users at the point of sale [13]. In addition, strict legislation should also be put in place to explicitly define the legal liability, for example, in the case of a service failure, or information disclosure accidentally or deliberately.

As the deployment of the proposed solution could be hindered by the misconceptions people might have about the misuse of the technologies, some of the earlier differences could be partially solved by underpinning the possible deployment with a substantial educational campaign about location-based services, their limitations and their potential benefits.

SECTION VI. Conclusion

The paper investigated the perspectives of two pivotal stakeholders in the cellular mobile phone location-based services, namely the government and the prospective user, concerning emergency management solutions. The findings indicate that despite the general agreement of the massive potential of location-based solutions in emergency management, both key players have differed considerably on some of the issues raised such as the design of system and the need to address privacy concerns. A general consensus among the stakeholders is that location-based services is an important tool for disseminating relevant customised warning and safety information to people during and after emergency crises. Utilising LBS technologies could have the potential to allow people to make more informed decisions, leading them potentially into a position of safety, which will ultimately create a more resilient society towards the onslaught of extreme and unexpected events.


1. A. Küpper, "Location-based Services: Fundamentals and Operation", John Wiley & Sons Ltd: Chichester, West Sussex, 2005.

2. A. Aloudat, K. Michael, and Y. Jun, "Location-Based Services in Emergency Management- from Government to Citizens: Global Case Studies", in Recent Advances in Security Technology, P. Mendis, J. Lai, E. Dawson, and H. Abbass (Eds), Australian Homeland Security Research Centre: Melbourne. p. 190-201, 2007.

3. W.G. Zikmund and B.J. Babin, "Business research methods". 9th ed, Thomson/South-Western: Mason, Ohio, 2007.

4. T.D. Cook and D.T. Campbell, "Quasi-experimentation : design & analysis issues for field settings", Rand McNally College Pub. Co.: Chicago, 1979.

5. M.Q. Patton, "Qualitative Research & Evaluation Methods". 3 ed, Sage Publications: Thousand Oaks, California, 2002.

6. R. Clarke and M. Wigan, "You are where you have been", in Australia and the New Technologies: Evidence Based Policy in Public Administration, K. Michael and M.G. Michael (Eds), University of Wollongong: Canberra. p. 100-114, 2008.

7. M. Gadzheva, "Privacy concerns pertaining to location-based services". Int. J. Intercultural Information Management, 2007. 1(1): p. 49-57.

8. L. Perusco and K. Michael 2007, "Control, trust, privacy, and security: evaluating location-based services", Technology and Society Magazine, IEEE, pp. 4-16.

9. H.J. Smith, S.J. Milberg, and S.J. Burke, "Information Privacy: Measuring Individuals' Concerns About Organizational Practices". MIS Quarterly, 1996. 20(2): p. 167-196.

10. D. Zweig and J. Webster, "Where is the line between benign and invasive? An examination of psychological barriers to the acceptance of awareness monitoring systems". Journal of Organizational Behavior, 2002. 23(5): p. 605-633.

11. H. Xu and H.-H. Teo. "Alleviating Consumer's Privacy Concerns in Location-Based Services: A Psychological Control Perspective". in the Twenty-Fifth Annual International Conference on Information Systems (ICIS). Washington, D. C. 2004.

12. European Telecommunications Standards Institute. "Analysis of the short message service and cell broadcast service for emergency messaging applications". 2006; Available from: id=jhPgAkxRGQ2455A550@55.

13. S. Mollman. "Cell broadcasts could help avert catastrophe". 2009; Available from: index.html?iref=intlOnlyonCNN.


This research was supported under Australian Research Council's Discovery Projects funding scheme (project DP0881191). The views expressed herein are those of the authors and are not necessarily those of the Australian Research Council.


Disaster management, Government, Telephone sets, Conference management, Technology management, Australia, Mobile handsets, Impedance, Management information systems, Privacy, radio direction-finding, cellular radio, emergency services, qualitative analysis, location-based services, emergency management, multistakeholder perspective, cellular mobile phone value chain, cellular mobile phone, location-based services, emergency management, public warning, all-hazards approach

Citation: Anas Aloudat, Katina Michael, Roba Abbas, 2009, "Location-Based Services for Emergency Management: A Multi-stakeholder Perspective", Eighth International Conference on Mobile Business, ICMB 2009, 27-28 June 2009, Dalian, China, 10.1109/ICMB.2009.32

Privacy-value-control harmonization for RFID adoption in retail


Privacy concerns have, at least in part, impeded the adoption of radio frequency identification (RFID) in retail. The adoption of other automatic identification (auto-ID) applications shows that consumers often are willing to trade their privacy or their control of personal information against some value afforded by the application. In this paper, the interplay between privacy, value, and control is examined through a literature survey of four auto-ID applications: mobile phone, electronic toll collection, e-passports, and loyalty programs. The consumer value proposition for the use of RFID in retail is investigated through an online survey exploring end-user perceptions. The results of the survey are: 1) the customer value proposition has not been communicated well to customers; 2) privacy concerns are higher than other previously adopted applications despite similar privacy issues; and 3) harmonization of privacy, value, and control is likely to be achieved only after adoption, when customers will be educated through experience with the application.


Over the past decade, organizations have aggressively pursued the use of radio frequency identifi- cation (RFID) as a means to better identify, control, and track stock throughout the supply chain. The linking of RFID, an automatic identification (autoID) and data collection technology, to consumer goods has resulted in widespread concern surrounding privacy issues. The mainstream media have been quick to expose these privacy concerns, with most articles focusing purely on the potential of the technology to track consumers without their knowledge or consent. Prior to 2004, this resulted in many major retail organizations around the world temporarily halting their RFID initiatives because of consumer backlash and many more organizations hesitant to proceed further.1 Since that time, a number of U.S.- and European-based large retailers have either adopted RFID or conducted trials.2 Whereas privacy may not be the single biggest issue stifling the deployment of RFID, it has acted to delay uptake in the retail industry.3 This paper explores whether an appropriate harmonization between consumer privacy, value, and perceived control can be established for the use of RFID in retail.

There are three vital considerations in achieving this aim: (1) how consumer awareness influences perceptions, and consequently the development of such a harmony; (2) the balance evident in other, similar, auto-ID technologies and services that have already been adopted successfully; and (3) how an appropriate harmonization between value, privacy, and control can be achieved. In fulfilling the aims of the study, the consumer value proposition for the use of RFID in retail will be explored. Consumer perceptions of RFID and associated privacy issues will also be investigated. Finally, the extent to which education and awareness affect perceptions of value, privacy, and control will be measured.

RFID is best characterized as an auto-ID technology that uses radio waves to identify objects. In the context of this study, the specific RFID technology of interest is passive tags, which are tiny transponders that can be embedded or attached to an object requiring identification. These transponders, as small as a grain of rice, do not have a power source of their own; rather, they use the energy from an incoming radio frequency signal to transmit stored data to the reader. The most important characteristic of RFID technology in relation to the tagging of consumer goods is that it does not require line-ofsight positioning, which is a requirement of bar code systems. For EPC Gen 2 UHF (electronic product code generation 2 ultra high frequency) passive tags, the read range is 3.5 meters and the write range is 2 meters, depending on the RFID system setup and the environmental conditions. It is also possible to achieve reads of up to 8 meters away using these tags. The ability for RFID tags to be read covertly is the main concern among privacy advocates.

The rest of this paper is organized as follows. In the next section, definitions of privacy, value, and control are provided in addition to a survey of related RFID works. Then, the methodology used in the current study is briefly described. In the following section, four widely adopted auto-ID applications are presented using a literature survey to explore the actual privacy, value, and control dynamics that have led to consumer acceptance of these auto-ID technologies. In the next section, the results of an online survey investigating consumer perceptions of RFID in retail are presented and a comparison is made between the qualitative and quantitative findings. In the following section, the principal outcomes of the study are discussed. A brief summary of the material presented concludes the paper.

Previous Works

The classic definition of privacy is provided by Westin, as the ‘‘claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.’’4 This study is primarily focused on information privacy, which is described by Clarke as ‘‘the interest an individual has in controlling, or at least significantly influencing, the handling of data about themselves.’’5 Of primary concern in regard to RFID usage in retail is the collection of personal information that pertains to consumer shopping preferences, actions, and behavior. It is the collection, use, and disclosure of this information, particularly when it may be incorrect or unverified, to identify, track, and monitor individuals without their awareness or express approval, that is commonly recognized as one of the most prominent threats. It is important to understand that Clarke’s definition, along with other definitions of privacy from Altman,6 Schoeman,7 and Margulis,8 all emphasize that privacy is not separate from control; rather, it is ‘‘deeply intertwined with it.’’9

Value in this study will be viewed in terms of the benefits RFID technology affords consumers. It is how an individual prizes a certain outcome against all others.10 The value proposition to consumers for RFID usage in retail is generally phrased in terms of convenience. It is an equation of all the positive factors that interest the individual. It can include cost savings, time reductions, efficiency, personalization, safety, and security, as well as convenience and other tangible and intangible benefits. Therefore, in creating a harmony of privacy, value, and control, it is a harmonization between consumer willingness to lose some degree of privacy versus the strength of the retailer’s value proposition for using the technology.11 The value proposition can essentially be seen as a combination of benefits versus risks that consumers will evaluate in their decisions and perceptions.

Inness12 is clear that in characterizing the function of privacy in terms of control or restricted access there are ramifications for the normative value we accord privacy. For the purpose of this study, control becomes a relevant dimension of RFID acceptance, because it is only through a perceived level of control over their personal information that consumers will feel their privacy is being respected.13 The level of control that is provided either through the technology or by the service provider, whether that be perceived or real, is seen as an important element that, when combined with the value proposition, can affect consumer acceptance.

The consumer acceptance of RFID has been investigated in a number of studies. Some have proposed solutions that protect and enhance privacy and afford consumers a level of control.14–16 These solutions are typically technology-based, legislative, or regulatory in nature. Despite the different privacy solutions, a number of studies critically highlight that consumer perceptions and fear of RFID technology, brought about by a lack of understanding, remain.17,18 Thus, regardless of which privacyenhancing technologies are used, the concerns from the consumer’s perspective are the same.9,19 It is apparent from such studies that the real issue becomes one of fear or other underlying motives, that, when combined with perceptions of privacy and control, motivate a consumer’s acceptance of RFID technology. One quantitative study found that consumers felt a lack of perceived control over the technology as well as a great power distance,20 and another study found that cultural dimensions affected the way in which consumers viewed the privacy threat.21

The privacy debate has developed due to the identification and tracking capabilities inherent in the RFID technology. The argument is that if the tags were to remain active after the consumer has left the store, the technology could provide retailers and manufacturers the ability to track an individual’s movement and behavior in a clandestine manner.22 This is introduced by Roussos,23 who explains the ability of the technology to silently retrieve and record unique identifiers as an important contributing factor toward consumer uneasiness. Garfinkel et al.15 discuss seven key privacy threats that arise from the capabilities of RFID: (1) action threat; (2) association threat; (3) location threat; (4) preference threat; (5) constellation threat; (6) transaction threat; and (7) breadcrumb threat (i.e., leaving a trail of actions). Such threats have given rise to much concern by privacy advocates. In 2005, Eckfeldt24 explained that many major companies around the world had already scrapped RFID plans following consumer backlash. If it were not for the ‘‘haunting cries of privacy running afoul,’’ many more companies would have tested and launched RFID initiatives.1 This can also be seen clearly in the results of a Cap Gemini Ernst & Young consumer perception study of RFID that highlighted privacy concerns as ‘‘the most significant issue among consumers in all countries.’’25

The value proposition for RFID use in retail is an important topic that underscores consumer acceptance of RFID. What is apparent in surveying the literature is that while the benefits of RFID have been clearly defined and expressed for retailers, they have not been so clearly communicated to consumers. Eckfeldt24 makes an important assertion in discussing the value of RFID to consumers: ‘‘... the difference between successful and shunned RFID applications turns on delivery of clear, tangible value to the average consumer.’’ Furthermore he stresses that in assessing consumer benefit, organizations must consider consumers’ interests above their own; otherwise, they will produce a solution that fails to provide a positive balance between risk and reward in the eyes of the consumer. He further highlights that a tangible consumer benefit is pivotal to all these solutions. McGinity1 stresses the key value to consumers: better prices and product selection brought on by better efficiency at the back end, including reduced waste, reduced shrinkage, and improved supply chain processes. However, because the systems have not been widely implemented, assessing or promoting such benefits would appear to be speculative at best.

Balancing the economic interests of business against the privacy interests of consumers is another cornerstone in the privacy debate. Culnan and Bies11 introduce the centrist perspective, whereby corporate access to information should be balanced against the legitimate rights consumers have toward protection of their privacy. In addressing this balance, the notion of second exchange is introduced, whereby consumers make a non-monetary exchange of their personal information in return for improved service, personalization, and benefits.11 Importantly, they highlight that, for both organizations and consumers to realize the benefits, consumers must be willing to disclose their personal information and thus surrender some degree of their privacy. It is proposed, therefore, that people may be willing to accept a loss of privacy as long as there is an acceptable level of risk accompanying the benefits.

This idea of balancing interests is touched on by many authors. Eckfeldt,24 for example, emphasizes the idea of risk again in stating that successful RFID applications over-compensate for any privacy fears. He furthers the idea of risk in proposing that consumers will accept the risks if the application is worth the benefits. Langheinrich’s26 discussion on privacy claims that privacy practices and goals must be balanced with the convenience or inconvenience associated with them. In balancing the interests of consumers against organizations, the important issue that seems to dominate is the balancing of convenience and other terms of value for the consumer against the privacy incursion that is inevitable in providing such applications. It must be underscored that an underlying assumption made in this study by the authors is that privacy incursions, especially in the form of breaches in information privacy, are inevitable in the adoption of any emerging mass-market technology, and even more so if that technology happens to be wireless or mobile.


Figure 1 Conceptual framework for the auto-ID application cases

This study used a combination of qualitative and quantitative approaches; a literature survey of four auto-ID applications, and a quantitative analysis of the data collected from an online survey. The literature survey covers the mobile phone, electronic toll collection (ETC), e-passports, and loyalty programs. The online survey analyzed the consumer value proposition for the use of RFID in retail and privacy threats relative to education and awareness. The conceptual framework for the auto-ID application cases is illustrated in Figure 1.

The conceptual framework covers the main dimensions studied in the literature search and their relationships. Harmonization can be derived from the value offering of the RFID technology, some of which is inherent to the technology itself (e.g., contactless operation), and some offered by the provider of the service using the technology (e.g., fast checkout at a supermarket). The privacy threats that the technology exposes, and the degree of control individuals have over their personal information, are also considered.

Harmonization is also affected by how widely the technology is to be used; that is, whether it is for large, high-priced items only, or for mass-market products. It has been seen that the more people use a technology (i.e., the higher the penetration rate), the less individuals question the privacy risks. The balance is also affected by the environment in which the technology is to be adopted, whether that be mandated (as in the case of e-passports), or voluntary. Finally, harmonization is also affected by societal perceptions; for example, the idea of microchips attached to common objects immediately conjures notions of Big Brother, and thus a negative perception of the technology.

Data collection for the case applications used multiple sources, including documents such as books, media reports (e.g., Factiva27), journal articles, white papers, corporate information, and marketing materials. The documents were sourced from libraries (offline), databases (e.g., IEEE Xplore28), online journals (e.g., the Journal of Theoretical and Applied Electronic Commerce Research), and media organizations (e.g., the British Broadcasting Corporation), as well as corporate, governmental, and institutional Web sites. The data collection was an iterative process, starting with a broad search strategy involving the key topics under investigation, with more targeted searches conducted thereafter.

Data collection for the online survey was administered at for a period of 75 days, from July 10, 2007, through September 23, 2007. The online survey was openly accessible to all Internet users. In addition, targeted recruitment was undertaken in the form of electronic and physical mailings. The data collected in the online survey was based on 28 questions structured into four separate sections. The first section asked for general demographic information as well as information about the participants’ awareness and education. The second section queried participant perceptions of the consumer value proposition for the use of RFID in retail, asking participants to rank both awareness and importance against a list of suggested RFID benefits. The third section focused on assessing value and privacy in regard to a number of other technologies such as mobile phones, smart cards, loyalty programs, e-passports, GPS car navigation, and electronic toll collection. Four of these technologies are featured in the case study analyses. The final section of the survey asked questions about perceptions of privacy threats due to the use of RFID. Presented with a list of threats, participants were asked to rank awareness and concern of such threats. During the survey, respondents were given several opportunities to reply by way of open comments.

Qualitative content analysis was used to discover similarities between the four auto-ID application cases under investigation. Toward this end, the cases were structured in the same manner, around the themes of privacy, value, and control. The analysis focused on the significance of the technology given its penetration and usage rates, despite the presence of privacy threats, and the outcome is presented in narrative form. The text-mining tool Leximancer29 was used to analyze the documents collected, including the open comments provided by survey respondents. Leximancer assisted in uncovering the main concepts contained within the text and showed how these were interrelated.

The purpose of the statistical survey analysis was to uncover the perceptions held by participants toward RFID in retail, its potential threats, and its potential value given a number of typical usage scenarios. Perceptions of threat and value were also analyzed with regard to a number of other auto-ID technologies. Inferences were drawn on the population being studied by finding correlations using rating scales to reflect the real-world nature of the research. Given the use of the Likert approach, readers should note that the researchers were not working with quantities that provided precise measurements but working with rating scales (correlations of which provide general indications only). Using JMP* Statistical Discovery Software from SAS Institute, Inc., a common score for RFID value and threat, as well as value-and-threat scores for other auto-ID technologies, was determined by aggregating the rankings given by participants to relevant questions. The participants’ awareness of RFID and its potential use was also found in this way, using linear regression analysis.

The significance probability of the test (represented as a p-value) is a measure of how likely or unlikely it is to experience the observed data if the null hypothesis is true. The p-value is the area under the null distribution curve that is in bigger disagreement with the null hypothesis than the observed test statistic. When the p-value is less than 0.05, the result of the test is said to be statistically significant. When the p-value is less than 0.01, the result of the test is said to be highly statistically significant. The relationships between variables that were particularly significant in the data studied are illustrated using bivariate plots.

Auto-ID Applications

This section will present auto-ID application cases that explore the adoption and acceptance of a number of technologies and services within the context of privacy, value, and control.30

Mobile phone

The value proposition of the mobile phone extends from the convenience offered by its inherent mobility. In a study conducted by Hakkila and Chatfield31 regarding perceptions of mobile phone privacy, it was shown that greater than 82 percent of respondents considered their mobile phone a ‘‘private device.’’ The mobile phone presents a number of unique privacy threats, yet such privacy threats are seldom discussed or thought of by end users.32 Many citizens in the U.S., for example, are completely unaware that government authorities can track their movements by monitoring the signals that are emitted from the handset.33 The mobile phone also presents other privacy concerns in regard to the interception of signals by unauthorized persons.34 Theoretically, users can exercise control over other parties tracking their location by simply turning off their phones. However, in doing so, they prevent access to the features of the phone that provide the value in the first place.

Electronic toll collection

The key value proposition that electronic toll collection (ETC) systems offer is convenience and time saving. Such a system eliminates the burden to have cash available to make toll payments and provides individuals and corporations the convenience of an account that can provide better tracking of toll expenditure with more convenient payment options.35 Caldwell36 highlights two privacy concerns with regard to ETC. The first is the illegitimate use of drivers’ personal information related to payments, movement, and driving habits, which could become accessible if electronic records are compromised through a ‘‘cyber break-in.’’ This has been demonstrated on numerous occasions, such as the incident in which programmers were able to view ETC account details for subscribers in several countries, including one of the largest ETC systems in the United States.37 The second concern is the legitimate use of ETC account information by government authorities or private vendors that can use the information to monitor driving patterns and behavior of thousands of motorists. The concern also applies to other potential uses, such as traffic surveillance being used to detect speeding violations or stolen vehicles.38 Court cases in the U.S. have already demonstrated the potential for toll-tracking information to be used to verify an individual’s whereabouts and movements. The states of Delaware, Illinois, Indiana, Maryland, Massachusetts, New York, and Virginia have all released E-ZPass toll records in response to court orders for civil matters such as divorce. The states of Maine, New Hampshire, New Jersey, and Pennsylvania only release electronic toll records for criminal cases.39


The greatest value of the e-passport, as stressed by most issuing authorities, is the enhanced security it is purported to provide through the digital storage of passport information.40 Certainly, given the current level of importance placed on national security, governments have been keen to introduce this technology as a means of providing more stringent monitoring of individuals entering and exiting the country.

The privacy concerns surrounding e-passports are primarily related to the ability to access passport information without contact, a capability afforded by the use of RFID to store the data contents of the passport. Juels, Molnar, and Wagner41 identify six key areas of concern: (1) clandestine scanning; (2) clandestine tracking; (3) skimming and cloning; (4) eavesdropping; (5) biometric data leakage; and (6) cryptographic weaknesses. The main issue of the e-passport is that the International Civil Aviation Authority (ICAO) does not require authentication or encryption for communications between the reader system and the e-passport. In locations where passports are frequently open, this could allow for eavesdropping. Theoretically, the unique identifier (ID) stored on the microchip could identify individuals and be used for tracking. Passports could even be cloned, because the digital signatures cannot tie the data to a particular passport. Once a reader has the key, there is no mechanism for revoking access, thus giving the reader the ability to scan the passport in perpetuity. Globally, it is reported that more than 50 million e-passports have been issued, which suggests that despite privacy concerns, the technology has undoubtedly been deployed successfully.42 Some states have mandated that the contactless microchip be shielded by a metal jacket to prevent the chip from being read when the passport is closed.43 If the shield is not provided, a sheet of aluminum foil will equally prevent unauthorized access of personal data on the e-passport.44

The media have been quick to highlight potential failures with the technology, such as the demonstration by a hacker who successfully cloned a U.S. e-passport and then dumped the contents onto an ordinary contactless smart card.45 A further threat was exposed when programmers demonstrated how an explosive device connected to an RFID reader could be triggered when a U.S. citizen carrying an e-passport came within reach of the reader.45 Given the mandatory nature of passports, there is very little individuals can do to avoid using them when traveling abroad. There is also little an individual can do to control how government authorities access and use the information on the passport when they are entering a foreign country.

Loyalty programs

In the case of loyalty programs, the value proposition is critical for encouraging consumer use and for developing the brand loyalty that the programs aim to achieve. A number of factors that determine such value in a loyalty program are described by Yi and Jeon.46 They include: (1) the cash value of rewards; (2) the choice of rewards; (3) the aspirational value of rewards; (4) the likelihood of achieving the rewards; and (5) how easy the loyalty scheme is to use.

The major privacy threat that extends from the use of loyalty programs is the ability to tie purchases of specific products to individual consumers and monitor their purchasing behavior over time. A study conducted by Graeff and Harmon47 found that in regard to loyalty programs, consumer perceptions were typically positive and most consumers did not associate such schemes with the collection and use of personal information. Loyalty programs are the ultimate demonstration of the trade-off consumers make of their privacy in order to gain something of value: benefits, rewards, convenience, or savings.48

A key element of consumer loyalty programs is their opt-in nature. Consumers are also given control over their personal information by government regulations, which in most countries grant consumers the right to know exactly what information retailers are collecting and how it is being used.


It would appear, given the widespread use of the four auto-ID applications, that privacy has not been a barrier to their adoption and consequent acceptance by society. While the privacy concerns still exist and indeed, many individuals remain concerned about their privacy in relation to such technologies and services, on the whole it would seem that consumers have accepted each application because either the value proposition or level of control present balances against the privacy issues (mobile phones, ETC, and loyalty programs), or participation (usage) is mandatory and the appropriate safeguards to privacy are in place (e.g., e-passports).

Using Garfinkel et al.’s paradigm,15 action can be inferred by monitoring the mobile phone location, or monitoring tag usage at tollways, or monitoring passport usage, or inferred by the use of loyalty cards or the redemption of rewards. Association is prevalent in being able to identify an end user through the international mobile equipment identity (IMEI) in a mobile phone, through the tag ID or account number for tollways, through the e-passport ID number, and through the membership number on loyalty schemes. In terms of location, a mobile phone can be found through triangulation or using the Global Positioning System (GPS) chipset in the handset. The location of tags in tollways is also collected at each ETC entry and exit gantry. The location of an e-passport is established each time it is read by authorities or a reader device. For loyalty programs, the location can be established each time the card is used.

In the case of preferences, a mobile service provider has a list of features into which the user has opted. There are no preferences for ETC or e-passports. Loyalty programs allow for detailed consumer preferences to be analyzed by monitoring purchases and behavior. Information transactions are recorded by all the auto-ID applications studied. However, the loyalty card program is the only case investigated where transactions carry a value related to a monetary measure or rewards-based points scale. With respect to privacy, the breadcrumb attribute is the most invasive in terms of privacy threats. In the case of a mobile phone, a trail of actions can be inferred by the handset location or subscriber usage patterns. For ETC, a trail of actions can be generated by logging the location of the vehicle at entry and exit readers with timestamps. For the e-passport, each time it is read, the location is recorded. And for loyalty programs, a trail is automatically created of individual purchases at the point of sale. Different auto-ID applications have varying capacity to record location information, from the mobile phone that can be tracked 24-7, to the RFID in ETC that can be read several times per day on average, to the e-passport that is read at border checkpoints.

In the case of the mobile phone, the ubiquity in value terms would explain the lack of concerns consumers have toward their privacy in regard to its usage. For ETC, individuals have embraced the convenience aspects and it would seem that the ease of use of the technology (simply install the tag and forget about it) has again resulted in a general lack of concern about privacy issues. Loyalty programs are also clearly driven by their value to consumers. Of the four case studies discussed, the e-passport is the only one in which usage is almost completely mandatory for those wishing to travel internationally and also where individuals have very little control over how it is used by authorities. A summary of the key elements of value, privacy, and control for each of these technologies is provided in Table 1. For the greater part, the auto-ID technology in question provides value to the consumer by providing increased convenience. Consumers trade this value with the possibility of mobile telephone intercepts by lawful and unlawful parties, the potential to clone a tag, and the provision of personal biometric details. It is consumers’ perceived level of control of their personal information that can influence the value gained by opting in or out of a service. A key outcome that arises from the case studies presented is the varying relationship between three elements (privacy, value, and control). It is clear that in order to gain acceptance, privacy issues must be offset by value and control.

Table 1. Key elements of value, privacy, and control

In the case of mobile phones, it is evident that a somewhat low level of control is acceptable, given the relatively low vulnerability of individual privacy and the medium level of value the technology provides. With ETC, the vulnerability of user privacy is considered to be in the medium range, yet as users can exercise some degree of control over their privacy by removing the tag or opting to use alternative routes or payment methods, control is also depicted as being in the medium range. This medium range in regard to privacy and control is offset by a high level of value evident in the convenience the technology affords. With regard to e-passports, the government provides very little control. Furthermore, the value offered to the individual is, in real terms, also very low. Finally, with loyalty programs, a high vulnerability of individual privacy that arises from the vast amount of personal information collected is offset by a high level of control offered by providers by allowing consumers to freely opt out of such programs. The privacy risk is also further offset by the high level of value that such schemes must offer to encourage consumers to participate.

In the case of mobile phones, ETC, and loyalty programs, it is apparent that acceptance had to be earned through a favorable balance that was offered to consumers. In the case of e-passports, where the balance is unfavorable, acceptance was not generally required, as the technology was made mandatory by government authorities and the ICAO.


Analysis of Online Survey Data

The threats listed in the survey are potential threats of RFID (i.e., perceived threats) that have been drawn out from the literature as the major causes for consumer concern over the use of RFID in retail. Awareness refers to the aggregated score of each survey participant’s responses to a number of questions that dealt with perceptions of RFID and other auto-ID technologies. Specifically, the awareness score was calculated by the sum of responses in which participants ranked, using a Likert49 scale of 1 to 5, their knowledge on a list of 12 RFID related topics.

Sample respondents

Figure 2 Relationship between age and consumer awareness of RFID in retail

There were 142 survey responses in the pilot study. The majority (61.1 percent) of surveys were completed by Australians. The U.S. had the second largest number of responses (27.4 percent), with other responses recorded from countries such as Canada, Germany, Spain, and the United Arab Emirates.

Figure 2 aims to demonstrate the role that age plays in determining the level of awareness toward RFID. In analyzing the relationship between age and awareness, there is a highly significant relationship (p ¼ 0.0008) between a respondent’s age and his or her associated level of awareness. The data shows that awareness decreases with age, which is to be expected given that younger respondents are more likely to have been exposed to the technology, or have a heightened awareness of the possibilities and issues such technology represents.

Figure 3 Relationship between consumer awareness and value proposition for RFID in retail

Figure 3 Relationship between consumer awareness and value proposition for RFID in retail

Figure 3 shows the relationship between awareness and the consumer value proposition for RFID as being statistically significant (p ¼ 0.0337). It is seen that as awareness increases, the participants’ rankings of RFID value decreases. This relationship suggests that those individuals who are highly aware of the technology are less likely to embrace the value of technology, as they are at the same time balancing the value against their perception of the privacy threats of the technology. Individuals who are less aware of the technology are more easily swayed by the value the technology provides.

Surprisingly, it would seem that awareness plays little role in an individual’s ability to perceive the privacy threats that the technology could introduce if it were to be implemented. This suggests perhaps that participants, regardless of their awareness of RFID, are able to appreciate the privacy issues based on their previous life experiences, particularly with other technologies presenting similar issues.

Figure 4 Consumer concern over privacy: RFID in retail versus other auto-ID applications

The results also indicate that there is some statistical significance in the relationship between RFID value and privacy threat. The higher an individual ranks the potential value of RFID, the lower they rank the potential privacy threat. It would suggest that elements of consumer value proposition for RFID, such as convenience, may override any potential privacy threats. Thus, presenting a clear value for RFID could be seen as important in countering any potential losses in privacy.

A key element of the survey was the ranking participants provided on both value and privacy concerns in regard to a number of other related technologies that have enjoyed widespread adoption (Figure 4). There was a highly significant relationship (p ¼ 0.0028) found between the perceived privacy threat of these other technologies and RFID usage in retail. In essence, respondents who were concerned about their privacy in relation to the other technologies were just as likely to be concerned about their privacy if RFID were to be adopted in retail.

Analysis of open comments

Analysis of the comments revealed a great range of attitudes, ranging from individuals who were strongly focused on potential privacy issues, to individuals who saw the technology as something quite positive and thus balanced this against the potential privacy issues. There were also many individuals who proposed safeguards that would need to be in place to make the technology acceptable.

In regard to privacy, there were a number of respondents who voiced their concerns. Comments such as, ‘‘I should have my right to privacy,’’ ‘‘... it invades on our personal freedoms,’’ ‘‘It’s too obtrusive,’’ and ‘‘... this technology is a violation of people’s right to privacy’’ clearly express strong feelings toward the potential of RFID to erode privacy of the individual. Many individuals also stressed that while they could see the value, or see the positives, they were not convinced that potential privacy issues would be managed effectively. This is well represented in the comment, ‘‘the benefits ascribed to RFID technology for the retail trade are commendable, but I have zero confidence that they will be achieved, and, instead, consumers will be subjected to more advertising, intrusion, and loss of privacy than ever.’’

Contrarily, there were a number of respondents who clearly valued the technology despite any potential privacy issues. This is illustrated by the comments, ‘‘... only someone trying to hide something or [run] from something would think this system is not a positive thing,’’ ‘‘... the benefits for consumers ... far outweigh the privacy issues that are envisaged,’’ and ‘‘... the privacy issues would sort themselves out in time.’’

A few respondents critically pointed out that indeed, this study assumed RFID technology would replace the bar code at some point. They also stated that the technologies were more complementary to each other, and that the value of placing RFID tags on every item is not justified by the present cost in doing so.

It would seem that the majority of users approach the technology with the idea that control would best balance the value against the privacy issues. The clear majority of comments expressed that the design of RFID systems should incorporate privacy protection from the outset. A common theme is seen in the comment, ‘‘if proper privacy and security architectures were implemented and enforced, the deployment of RFID systems need not be so problematic ... ’’ And again from another respondent, ‘‘if privacy concerns were taken into account and proper privacy-enhancing technologies were implemented and used, we could have the benefits without the drawbacks ... ’’

Regulation and legislation were also pointed out by a number of respondents as important means of providing individuals with control over their privacy. Some consumers noted they would be happy with using the technology provided that ‘‘the technology was adequately regulated... .’’

On the whole, it is apparent that most users are more concerned about the misuse of their information than the actual collection of it. While privacy could be protected by a range of controls, the potential for the technology (as with any technology) to be misused and abused by ‘‘the low integrity sector of society’’ represents the greatest fear.

Figure 5 Overall respondent feelings toward RFID in retail

Figure 5 Overall respondent feelings toward RFID in retail

Together with the open comments, survey participants were also asked to provide a general ranking of RFID technology as it would be used in retail. Surprisingly, given the comments made and also the fact that the mean ranking in regard to privacy threats and RFID was 77 percent, the majority of individuals were neutral to very positive toward the technology (Figure 5). It would seem that most individuals can appreciate the technology, and although the privacy issues exist, they feel that the issues can be overcome, offset, or controlled in some manner.

A number of important outcomes are evident from the statistical analysis presented in this paper. These are summarized below:

  • As awareness of RFID and its associated issues increases, the relative importance of a consumer value proposition for RFID decreases.
  • Awareness of RFID and associated issues does not affect the perception of threat due to RFID.
  • The perceived privacy threat, and value, of RFID in retail is relative to an individual’s feelings toward other technologies and services with issues similar to RFID.

The most important observation in analyzing the results from the survey is the seemingly contradictory responses provided by the respondents. It was not uncommon to find participants who identified RFID as privacy-threatening, yet also stated that they were members of a loyalty program, or that they were mobile phone users.

Survey Results

In comparing the statistical results for the auto-ID application cases, it is evident that concern surrounding the privacy threat due to RFID in retail is considerably greater than the concern participants express for other applications. Where users have little to no concern regarding privacy and technologies, as is the case with the mobile phone and ETC applications and services such as loyalty programs, concern about RFID privacy threats is higher than should be expected. The key outcome that this exposes is the lack of harmonization in the current privacy, value, and control offering that RFID in retail presents.

In the application cases discussed, it was emphasized that appropriate harmonization between value and control could offset privacy issues. This is reflected in the relatively low level of concern participants in this survey placed on such technologies and services. Thus, the high rankings of privacy threats due to RFID in retail demonstrate that more education would be required to convince consumers of the value offered and the control they could exert over RFID usage. It is, however, important to understand that these rankings were given for auto-ID applications that are already widely adopted, whereby individuals have had time to understand and experience them in the context of their own lives. The privacy threat rankings individuals gave RFID, in many cases, show the lack of awareness of RFID. If consumers were actually to experience RFID usage in retail and place it in context with their own activities, it could be seen that rankings of the privacy threats may be significantly different, and perhaps more in line with the other auto-ID applications highlighted.

Therefore, it could be concluded, based on all the key results presented in this paper, that creating a favorable harmony of privacy, value, and control is perhaps an unrealistic notion when the technology has yet to be deployed. When there is such a divergent level of awareness among the greater population, striking a balance that is acceptable to all is an improbable task. It is therefore suggested that acceptance of RFID in retail may ultimately come over time, after adoption, as users become intimately experienced with its usage, or observe other user experiences. Consequently, privacy, value, and control are adjustable measures based on the feedback and behaviors of society in a given context and specific point in time. In that sense, harmonization will eventually occur with RFID in retail, just as it was shown with the auto-ID application cases presented.

The principal outcomes of this study can be summarized as follows:

  • The value proposition for RFID has not been well communicated to consumers.
  • Concerns surrounding RFID in retail were disproportionately higher than other previously adopted auto-ID applications despite similar privacy issues.
  • A harmonization between privacy, value, and control is unrealistic prior to adoption and can only be achieved once consumers can be educated through experience with the technology.

The preliminary findings of this study suggest that the harmonization between privacy, value, and control is largely dependent on individuals and their background (e.g., age), the type of technology being deployed (i.e., level of perceived invasiveness), and the type of provider (i.e., government or commercial entity). The results indicate that the perceived value and privacy threats posed by RFID in retail are commensurate with an individual’s pre-existing feelings toward other, similar, technologies. As was shown, privacy-related issues per se have not been a barrier to widespread adoption of auto-ID applications. On this point, the level of consumer awareness of RFID in retail does not seem to affect perceptions of privacy threats. It does, however, affect perceptions of value. Thus, a favorable harmonization whereby privacy is offset by value and control has been shown to encourage consumer acceptance.

The auto-ID application cases highlighted the importance of a harmonization between privacy, value, and control in influencing consumer acceptance and adoption. The online survey demonstrated the effect awareness has on perceptions and the disproportionately high rankings given for RFID privacy concerns.

The most significant outcome drawn from the combined analysis of the cases and the online survey is that achieving a harmony of privacy, value, and control for RFID adoption in retail is unrealistic at this point in time. With such differing levels of awareness and education, differing expectations, and differing perceptions, achieving a harmony that is favorable to all consumers now would be an improbable task. It is also evident in reviewing the literature that there have already been significant attempts to address privacy issues and provide individuals with a degree of control, yet the privacy concern still remains. This furthers the notion that it is unlikely that privacy concerns can be resolved prior to the technology’s adoption and use by consumers.

Figure 6 Harmonizing value, privacy, and control through the adoption process

RFID in retail can certainly achieve a favorable harmonization, one that offsets privacy risks with significant value and consumer control. It is more realistic, however, for this harmony to be achieved after adoption, when consumers can be educated through their experiences, and whereby society will consequently shape the balance as the impact of the technology becomes more evident. Figure 6 illustrates that to achieve harmonization there must first be a strong value proposition driving adoption in the first place.


In a society where it seems we are increasingly surrounded by technologies, governments, and institutions monitoring every move we make and collecting vast amounts of personal information, privacy has grown to become an ardently debated topic. Each individual living within a civil society has a right to privacy, yet in the wake of technologies that afford us great value, there will always be some loss of privacy. This study has not sought to dismiss privacy concerns, or argue to protect privacy, but rather to address it in the realistic context it plays in an environment of technological innovation driven by society itself. Ultimately, acceptance of a technology with privacy issues will always be a balancing act, a harmonization of privacy, value, and control.

Cited References and Notes

1. M. McGinity, ‘‘RFID: Is This Game of Tag Fair Play?’’ Communications of the ACM 47, 15–18 (2004).

2. J. Whitaker, S. Mithas, and M. S. Krishnan, ‘‘A Field Study of RFID Deployment and Return Expectations,’’ Production and Operations Management 16, No. 5, 599–612 (2007).

3. K. Michael and L. McCathie, ‘‘The Pros and Cons of RFID in Supply Chain Management,’’ Proceedings of the 2005 International Conference on Mobile Business (ICMB 2005), July 11–13, 2005, Sydney, IEEE Computer Society (2005) pp. 623–629.

4. A. F. Westin, Privacy and Freedom, The Bodley Head Ltd. (1970).

5. R. Clarke, ‘‘Information Technology and Dataveillance,’’ Communications of the ACM 31, No. 5, 498–512 (1998).

6. I. Altman, The Environment and Social Behavior: Privacy, Personal Space, Territory, Crowding, Brooks/Cole Publishing, Monterey, CA (1975).

7. F. D. Schoeman, Philosophical Dimensions of Privacy: An Anthology, Cambridge University Press, Cambridge, UK (1984).

8. S. T. Margulis, Contemporary Perspectives on Privacy: Social, Psychological, Political, Blackwell Publishing, London (2003).

9. S. Spiekermann, ‘‘Perceived Control: Scales for Privacy in Ubiquitous Computing Environments,’’ Proceedings of the 10th International Conference on User Modeling, Edinburgh, Scotland (2005).

10. B. D. Renegar and K. Michael, ‘‘The RFID Value Proposition,’’ Proceedings of the Sixth CollECTeR Iberoamerica: Collaborative Electronic Communications and eCommerce Technology Research, June 25–27, 2008, Madrid (2008) pp. 1–10.

11. M. J. Culnan and R. J. Bies, ‘‘Consumer Privacy: Balancing Economic and Justice Considerations,’’ Journal of Social Issues 59, No. 2, 323–342 (2003).

12. J. C. Inness, Privacy, Intimacy and Isolation, Oxford University Press, New York (1996).

13. J. R. Averill, ‘‘Personal Control over Aversive Stimuli and its Relationship to Stress,’’ Psychological Bulletin 80, No. 4, 286–303 (1973).

14. R. Bansal, ‘‘Now You See It and Now You Don’t [RFID Technology],’’ IEEE Microwave Magazine 5, No. 4, 32–34 (2004).

15. S. L. Garfinkel, A. Juels, and R. Pappu, ‘‘RFID Privacy: An Overview of Problems and Proposed Solutions,’’ IEEE Security & Privacy 3, No. 3, 34–43 (2005).

16. L. Hyangjin and K. Jeeyeon, ‘‘Privacy Threats and Issues in Mobile RFID,’’ Proceedings of the First International Conference on Availability, Reliability and Security (ARES 2006), April 20–22 2006, Vienna, IEEE Computer Society (2006), pp. 510–514.

17. G. Roussos and T. Moussouri, ‘‘Consumer Perceptions of Privacy, Security and Trust in Ubiquitous Commerce,’’ Personal and Ubiquitous Computing 8, No. 6, 416–429 (2004).

18. O. Gunther and S. Spiekermann, ‘‘RFID and the Perception of Control: The Consumer’s View,’’ Communications of the ACM 48, No. 9, 73–76 (2005).

19. S. Spiekermann, User Control in Ubiquitous Computing: Design Alternatives and User Acceptance, Shaker Verlag, Aachen, Germany (2008).

20. G. Ng-Kruelle, P. A. Swatman, D. S. Rebne, and J. F. Hampe, ‘‘The Price of Convenience: Privacy and Mobile Commerce,’’ Quarterly Journal of Electronic Commerce 3, No. 3, 273–385 (2002).

21. G. Ng-Kruelle, P. A. Swatman, J. F. Hampe, and D. S. Rebne, ‘‘Biometrics and e-Identity (e-passport) in the European Union: End-user Perspectives on the Adoption of a Controversial Innovation,’’ Journal of Theoretical and Applied Electronic Commerce Research 1, No. 2, 12–35 (2006).

22. B. J. Alfonsi, ‘‘Privacy Debate Centers on Radio Frequency Identification,’’ IEEE Security & Privacy 2, No. 2, 12 (2004).

23. G. Roussos, ‘‘Enabling RFID in Retail,’’ Computer 39, No. 3, 25–30 (2006).

24. B. Eckfeldt, ‘‘What Does RFID Do for the Consumer?’’ Communications of the ACM 48, No. 9, 77–79 (2005).

25. C. Perakslis and R. Wolk, ‘‘Social Acceptance of RFID as a Biometric Security Method,’’ IEEE Technology and Society Magazine 25, No. 3, 34–42 (2006).

26. M. Langheinrich, ‘‘Privacy by Design: Principles of Privacy-Aware Ubiquitous Systems,’’ Proceedings of the 3rd International Conference on Ubiquitous Computing, (Ubicomp 2001), Atlanta, September 30–October 2, 2001, Lecture Notes in Computer Science 2201, Springer (2001), pp. 273–291.

27. Factiva, Dow Jones & Co.,

28. IEEE Xplore, IEEE, guesthome.jsp.

29. Leximancer (2008),

30. B. D. Renegar, K. Michael, and M. G. Michael, ‘‘Privacy, Value and Control Issues in Four Mobile Business Applications,’’ Proceedings of the Seventh International Conference on Mobile Business, July 7–8, 2008, Barcelona (2008), pp. 30–40.

31. J. Hakkila and C. Chatfield, ‘‘ ‘It’s Like If You Opened Someone Else’s Letter’: User Perceived Privacy and Social Practices with SMS Communication,’’ Proceedings of the 7th International Conference on Human Computer Interaction with Mobile Devices & Services, September 19–22, 2005, Salzburg, Austria, ACM, New York (2005), pp. 219–222.

32. N. Swartz, ‘‘Mobile Phone Tracking Scrutinized,’’ Information Management Journal 40, No. 16 (2006), http:// 184698661.html.

33. W. A. Herbert, ‘‘No Direction Home: Will the Law Keep Pace with Human Tracking Technology to Protect Individual Privacy and Stop Geoslavery?’’ I/S: a Journal of Law and Policy for the Information Society 2, No. 2, 409–473 (2007).

34. R. Whitaker, The End of Privacy: How Total Surveillance Is Becoming a Reality, The New Press, New York (1999).

35. P. Hills and P. Blythe, ‘‘Paying Your Way [Road Tolls],’’ The IEE Review 35, No. 10, 377–381 (1989).

36. C. Caldwell, ‘‘A Pass on Privacy?’’ The New York Times, July 17, 2005, magazine/17WWLN.html?ex¼1279339200&en¼ c1f10d3de06adea6&ei¼5088.

37. A. McCluskey, ‘‘Position Paper: Business Ethics,’’ BT Financial Group 3, 1–5 (2004).

38. IBI Group, ‘‘Background Paper #8: Toll Technology Considerations, Opportunities, and Risks,’’ Washington State Comprehensive Tolling Study: Final Report 2, 1–33 (2006).

39. V. D. Hunt, A. Puglia, and M. Puglia, ‘‘RFID Technology in Homeland Security, Law Enforcement, and Corrections,’’ in V. D. Hunt, RFID: A Guide to Radio Frequency Identification, Technology Research Corp., New York (2007), pp. 67–82.

40. M. Meingast, J. King, and D. K. Mulligan, ‘‘Embedded RFID and Everyday Things: A Case Study of the Security and Privacy Risks of the U.S. e-Passport,’’ IEEE International Conference on RFID, March 26–28, Grapevine, Texas (2007), pp. 7–14.

41. A. Juels, D. Molnar, and D. Wagner, ‘‘Security and Privacy Issues in e-Passports,’’ First International Conference on Security and Privacy for Emerging Areas in Communication Networks, Athens, Greece (2005), pp. 74–88.

42. C. Edwards, ‘‘Borderlands of Confusion [Biometric Passports],’’ The IEE Review 51, No. 11, 34–37 (2005).

43. ‘‘Machine Readable Travel Documents (MRTDs): History, Interoperability, and Implementation,’’ working paper, International Civil Aviation Organization, Montreal (March 23, 2007), sgm/mrtd/TAG_MRTD17/TagMrtd17_WP016.pdf.

44. M. Sirotich, ‘‘ePassport Security Under the Microscope,’’ The Second Workshop on the Social Implications of National Security: From Dataveillance to Uberveillance and the Realpolitik of the Transparent Society 2, K. Michael and M. G. Michael, Eds., University of Wollongong, Wollongong, Australia (2007), pp. 257–280.

45. K. Zetter, ‘‘Hackers Clone E-Passports,’’ Wired News, August 3, 2006, discoveries/news/2006/08/71521?currentPage¼1.

46. Y. Yi and H. Jeon, ‘‘Effects of Loyalty Programs on Value Perception, Program Loyalty, and Brand Loyalty,’’ Journal of the Academy of Marketing Science 31, No. 3, 229–240 (2003).

47. T. R. Graeff and S. Harmon, ‘‘Collecting and Using Personal Data: Consumers’ Awareness and Concerns,’’ Journal of Consumer Marketing 19, No. 4/5, 302–318 (2002).

48. D. H. Nguyen, A. Kobsa, and G. R. Hayes, ‘‘An Empirical Investigation of Concerns of Everyday Tracking and Recording Technologies,’’ Proceedings of the 10th International Conference on Ubiquitous Computing 344, Seoul, Korea, ACM, New York (2008), pp. 182–191.

49. Attitude measurement used in surveys in which, in response to questions, respondents select from a set of typically five values, such as from complete agreement to complete disagreement, with no opinion in the middle.

Benjamin D. Renegar IBM Global Business Services, IBM Centre, 601 Pacific Highway, St. Leonards, NSW, Australia 2065 ( Ben Renegar is a recent graduate from the University of Wollongong, having completed a Bachelor of Information and Communication Technology degree at the end of 2007 with the award of first-class honors. For this degree program, he completed a thesis on RFID adoption in the retail industry with a focus on the harmonization of value, privacy, and control. He was also awarded the PriceWaterhouseCoopers award for the highest grade in this program. He was employed by IBM as a Graduate Consultant in the Application Innovation Service Delivery organization in 2008.

Katina Michael University of Wollongong, NSW, Australia 2500 ( Dr. Michael is a Senior Lecturer in the School of Information Systems and Technology in the Faculty of Informatics at the University of Wollongong. She received a Bachelor of Information Technology degree from the University of Technology, Sydney (UTS) in 1996 and a Ph.D. degree in information technology and communications from the University of Wollongong in 2003. Before joining the University of Wollongong in 2002 to teach and conduct research in e-Business, she worked as a senior network and business planner at Nortel Networks. In 2000, Katina received the Nortel top talent award for work completed on 3G mobile networks in Asia. She is a senior member of the IEEE and a Board Member of the Australian Privacy Foundation.

Privacy, Value and Control Issues in Four Mobile Business Applications


This paper presents four case studies that explore the adoption and acceptance of mobile technologies and services within the context of the privacy-value-control (PVC) trichotomy. The technologies studied include: the mobile phone, electronic toll payment tags, e-passports, and loyalty card programs. The study shows that despite the potential barriers to adoption in each of the depicted cases, the applications were embraced with great success soon after their introduction. An understanding of why these mobile innovations succeeded in spite of the concerns surrounding them will serve to help practitioners understand other issues currently plaguing emerging technologies like radio-frequency identification (RFID) tags and transponders. The contribution of this paper is not only in its usage of secondary sources to support case development and subsequent cross-case analysis but on the importance of emphasizing the value proposition to the consumer to ensure the success of an innovation. The PVC trichotomy emphasizes the need to harmonize privacy, value and control.

Section 1. Introduction

Surrounding the invention of every new information and communication technology (ICT) are a myriad of challenges that need to be resolved so that the innovation will not fall by the wayside. For example, some technologies face technical limitations, while others face consumer backlash. This paper uses a new paradigm to investigate mobile innovations- the privacy-value-control trichotomy. While themes of privacy and control have been addressed in the literature, the value proposition of a given service has only been considered within a business context. The four mobile business applications explored in this investigation include location-based services (LBS), e-tollway, e-passport and loyalty programs. In each case the key research issues are identified and discussed. The main question asked is why innovations that have endured such difficult beginnings- in terms of consumer acceptance- have gone on to become engrained in our everyday lives.

Section 2. Definitions

The concept of value is an all-encompassing term which references the value proposition a technology or service affords the end user. Whilst many analyze technologies in terms of benefits or simply convenience, the value proposition is an equation of all the positive factors that interest the individual. It can include cost savings, time reductions, efficiency, personalization, safety and security, as well as convenience and other tangible and intangible benefits. All the case studies that will be discussed in this paper provide some form of value to the end user. Understanding this value is critical in examining how it affects acceptance given the inherent privacy threats that the technology may impose. Privacy refers to the information privacy needs of consumers. Of primary concern in regard to RFID usage in retail, is the collection of personal information that pertains to consumer shopping preferences, actions and behavior. It is the collection, use and disclosure of this information, particularly when it may be incorrect or unverified, to track and monitor individuals without their awareness or express approval, that is commonly recognized as one of the most prominent threats. This privacy concern is similar across all the case studies to be explored in this paper, which will again provide an important platform for assessing how value and privacy is related. Finally, the dimension of control is another important variable in consumer acceptance of technologies. It relates to the individual's ability to control the information that is collected and stored by the technology or its ability to record, track or identify that individual's actions. The level of control that is provided either inherently through the technology or by the service provider, whether that be perceived or real, is seen as an important element that, when combined with the value proposition, can affect consumer acceptance. Interestingly, the case studies to be discussed all provide different means or levels of control in regard to end users and their privacy.

2.1 Key works

There was a scarcity of holistic qualitative and quantitative studies for review. Studies either addressed privacy, value and control separately, or no more than two of these concepts [1][2][3][4][5]. Key quantitative studies reviewed for this work are shown in Table 1, alongside the respective key outcomes.

Table 1. Key quantitative study outcomes


(Günther & Spiekermann, 2005; Spiekermann, 2005)/ Regardless of which privacy-enhancing technologies are used, fear remains.

(Roussos & Moussouri, 2004)/ Consumers understood the value proposition but were still concerned about privacy implications.

(Ng-Kruelle, Swatman, Hampe & Rebne, 2006)/ Cultural dimensions affect the way in which consumers view the privacy threat.

(Ng-Kruelle, Swatman, Rebne & Hampe, 2002)/ Consumers feel a lack of control over the technology and a great power distance.

Section 3. Case 1: Mobile phone

Cellular coverage is now accessible by 80 percent of the world's population of over six billion, and over 90 percent will have coverage by 2010 [6]. The actual number of mobile phone users is estimated to be around 1.8 billion, which equates to a global penetration rate of nearly 28% [7]. In developing countries where mobile communications allow them to “leapfrog” traditional wired telephony networks, growth rates are staggering. Between 1998 and 2003, mobile phone usage exploded in Africa by 5000% [8]. Similarly, India and China are now being viewed as potential “cash cows” for the industry, where the sheer number of potential subscribers is seen as a highly lucrative source of growth [9]. In many developed regions, mobile penetration exceeds the population, the greatest example shown by Luxembourg where mobile penetration is at 151.61%, although figures around 90% to 100% are more common [10]. Taking into account young children, penetration rates of around 80% would still equate to a clear majority of adults using mobile services. Even in developing countries, reports have shown that penetration rates are stabilizing at around 80–85% [11].

3.1 Convenience-communications on the go

The value proposition of the mobile phone extends from the convenience offered by its inherent mobility. Its ability to provide location-based, and even location-aware services, enabling rich communication not confined to a single location, affords individuals great power and convenience. Without being tied to a landline, or to a computer, users can communicate in a multitude of ways with others, on the move in a completely seamless fashion. Furthermore, new technologies such as 3G mobile services are further positioning mobile phones as extremely powerful mobile computing devices.

3.2 Location ID & the threat of interception

In a study conducted by Häkkilä and Chatfield [12] regarding perceptions of mobile phone privacy, it was shown that over 82% of respondents considered their mobile phone a “private device.” The mobile phone presents a number of unique privacy threats, yet interestingly, as indicated by the aforementioned statistic, such privacy threats are seldom considered by end users [13]. Richtel [14]explains how many citizens in the U.S. are completely unaware that government authorities can track their movements by monitoring the signals that are emitted from the handset.

In 1994, as O. J. Simpson infamously fled down a Los Angeles freeway, he was talking on his mobile phone, and engineers were able to use his mobile signal to triangulate his position and direct police to his location [15]. By 1996, the U.S. Federal Communications Commission (FCC) had mandated as part of the E-911 initiative that by 2001 mobile carriers must be able to identify the location of a caller with reasonable accuracy. In the United Kingdom, tracking records for mobile phones must be retained by providers for at least two years and be available to law-enforcement agencies when required [16]. Whilst the intended use of such tracking information is deemed valuable for emergency or law enforcement purposes, it is also seen that such data opens the door for mobile phone providers to unleash a multitude of location-based services that take advantage of knowing exactly where consumers are located or to generate patterns which represent their typical movements. As most mobile phone users generally carry their phone on them at all times, Charny [17] describes the potential to create a highly lucrative market on emerging services whereby providers can know the exact locations of millions of subscribers at any given time.

There are a number of methods that can be used to track mobile phone users. The first such method [18] is “network based,” and involves the triangulation of signals by using a number of fixed cellular base-stations. Such a system however can be impractical for wide-scale usage due to bandwidth constraints, and furthermore the accuracy of this method is greatly affected by cell size, which in rural areas in particular can be too great to provide reasonable accuracy. Nonetheless, newer 3G mobile networks can provide location information at even finer granularity than before [19]. Another method involves the use of GPS, a feature which many phones are now incorporating. According to Best [20], leading manufacturer Nokia has already stated that the incorporation of GPS into mobile phones will soon be as “ubiquitous as the camera phone.” Unlike cell-based triangulation, GPS provides greater accuracy and can operate independent of the phone itself, meaning that location information could be obtained even if the phone is not in use. Many services are now being offered around the world allowing individuals to track a mobile phone that is GPS-enabled via the Internet. Such services are typically positioned to parents who wish to monitor their children's activities or to employers who want to track where their mobile employees are [14]. Consider the case of teacher John Halpin who was given a mobile phone by the Department of Education which incorporated a GPS tracking device, and who was later fired from his position after records revealed inconsistencies with the times he had been lodging, showing that he was leaving work earlier than stated [21].

The mobile phone also presents other privacy concerns in regard to the interception of signals by third parties. Whitaker [15] describes how commercially available mobile phone listening devices can record multiple conversations and locate the geographical position of callers at the same time. Importantly, he emphasizes that whilst such products are marketed and sold to government agencies and telecommunications companies, they can easily find their way into the hands of unscrupulous individuals who can use them against unsuspecting mobile phone users. Many security experts will openly acknowledge that all wireless communications are inherently flawed, as there will always be the potential for some degree of interception [22].

3.3 Control maintained by opting out

Theoretically, users can exercise control over other parties tracking their location by simply turning off their phone. However, in doing so, they prevent access to the phone's features which provide the value in the first place. Given the high penetration rates of mobile phones throughout the world, it would seem that the potential for unwanted third parties to track a mobile phone's location or to intercept the signals transmitted by the phone is far outweighed by the value the technology offers and its apparent “necessity” for living in the modern world. In the case of the U.S., access to mobile phone tracking data is not openly accessible to any third parties. Even law enforcement agencies must apply for court permission and demonstrate “probable cause” that a crime is being committed before such information will be released by the phone operators [13]. Whilst such controls are put in place to protect the privacy of individuals, it is still important to recognize that where the technology provides the capability, it will almost always be exploited in some way by unscrupulous people [15]. Furthermore, with such a massive market of mobile phone users who increasingly possess ever more sophisticated mobile handsets, the potential of offering location-based services will most certainly prevail as consumers once again become lured by the value such services would provide [23].

Section 4. Case 2: Electronic toll collection

Electronic toll collection (ETC) systems are now widely deployed in most countries throughout the world and are the cornerstone for Intelligent Transportation Systems (ITS). One of the first such systems was implemented in Trondheim, Norway by the Q-Free company in 1988 [24]. International ETC examples include: TollTrax in India, Hi-Pass in South Korea, Autotoll in Hong Kong, E-Pass in Manila, Telepass in Italy, Eazy Pass in Ireland, AutoPASS in Norway, E-ZPass in north-east USA, and the e-Tag in Australia [25]. It would seem that RFID-powered toll collection systems are making their way to freeways and cities as an effective solution to the ever-increasing congestion problem and the necessity to fund new roads through the collection of tolls. By 1996 alone, there were already several thousand ETC-equipped lanes throughout the U.S., Europe and Japan [26].

An ETC system typically involves the use of an RFID powered tag which is placed on an individual's vehicle. As the vehicle passes through a toll plaza, RFID readers mounted above the road identify the individuals through the RFID tag and will then typically deduct the toll amount from their accounts [27][28]. RFID allows the system to operate such that drivers do not necessarily have to slow down, and can even maintain highway speeds with the tag still being read accurately. Advances in technology have also facilitated the ability to read tags and deduct tolls even in multi-lane free-flow situations; that is where cars are not restricted to staying in a single lane and are free to change lanes as required [26][29]. Furthermore, such a system can also accurately identify vehicles even in dense traffic without requiring direct visibility to the license plate as some vehicle-recognition systems require [28].

4.1. No need for cash and less traffic

Historically, toll payment involved an individual stopping their vehicle to pay a collector or place cash into an automated collection machine which ultimately resulted in congestion [26]. The key value proposition that electronic toll collection systems offer is convenience and time saving. Such a system eliminates the burden to have cash available to make toll payments and provides individuals and corporations the convenience of an account which can provide better tracking of toll expenditure with more convenient payment options [30]. In regard to time savings, traffic flow is greatly improved and congestion reduced [27]. Furthermore, ETC systems have also been shown to significantly reduce environmentally harmful emissions at toll-collection points by as much as 63 percent [24]. Toll operators themselves have seen great value in ETC as a means of increasing throughput, generating additional revenue, reducing operating costs, and improving the level of customer service to road users [25].

4.2 Function creep and the loss of anonymity

The electronic tag which an individual places inside their vehicle typically contains at least a unique identification number which allows the toll system to identify and subsequently charge that individual [25]. In some installations, the tag may contain further information such as license details, the account holder's name, account details and tag balance. Whereas cash payment in the past provided almost complete anonymity, electronic toll collection systems have opened up the possibility of tracking individuals' movements by monitoring the locations and times when the electronic tag is used [31]. In some countries where toll roads are common and such systems are widespread, drivers' actions can be inferred in great detail simply by monitoring their toll payment activities. Caldwell [29] highlights two potential privacy concerns with regard to electronic toll collection. The first is illegitimate use of drivers' personal information regarding their payment details, movement and driving habits that could be accessed if electronic records are compromised through a “cyber-break-in.” This was demonstrated when the New Jersey Turnpike electronic toll collection system was “hacked” in 2000 by a programmer who worked on the system [32]. He was successfully able to view account details and usage information for users of one of the largest ETC systems in the United States [31].

The second potential concern is legitimate use of such information by government authorities or road operators who wish to monitor driving patterns and behavior of motorists. This could extend to include other potential uses such as traffic surveillance in regard to monitoring driver speeds and stolen vehicles [24]. Court cases in the U.S. have already demonstrated the potential for toll-tracking information to be used to verify an individual's whereabouts and movements. The conviction against a nurse in New Jersey, who was accused of murdering her husband, was aided by E-ZPass toll records which verified to prosecutors where she had been, and when [33]. In another example, 30 New York police detectives were reportedly re-assigned after E-ZPass toll records suggested they were making false overtime claims based on their driving behavior [34].

4.3 Towards mandatory electronic collection

In some installations, cash payment options still operate in tandem with electronic toll payment. It is becoming increasingly common, however, for electronic toll collection systems to become the de facto means by which individuals can make their toll payment. Studies show that for maximum efficiency, ETC systems provide greatest benefit when used in isolation, as opposed to hybrid systems which allow traditional payment mechanisms [26]. It is becoming inherently mandatory for individual's to install an electronic tag in their vehicle if they wish to use particular routes or avoid paying higher toll prices if they pay by cash [33]. Ultimately in the case of electronic toll collection systems, it is apparent that convenience is winning out over potential privacy threats. For both toll road operators and users, this is highlighted by the high growth rates in ETC usage around the world [25].

With an ever-increasing base of tag users, the potential for privacy misuse will become more apparent over time. As road operators see value in monitoring individual driver behavior, to forecast or evaluate traffic patterns for instance, individual driver tracking may become more prevalent. It should be noted, however, that regulatory efforts in many countries can still protect ETC users with regard to the usage of their personal information. In Australia, for example, the Australian Standard AS/4721–2000, Personal Privacy Practices for the Electronic Tolling Industry attempts to address privacy issues by applying the ten National principles for the handling of personal information [35]. This standard explicitly recognizes the potential commercial use of such toll information and allows for such usage provided that the data is “de-identified” and made anonymous to protect individuals from identification [34].

Section 5. Case 3: e-Passports

For centuries, passports have been used as a standard means of providing diplomatic protection and identification of the bearer when traveling through borders and into foreign jurisdictions [36]. The passport in the form we know today is the result of conferences held following the First World War in 1920 which sought to standardize passport and visa standards for all member states of the League of Nations (later The United Nations) [35]. Passport standards have been administered by the International Civil Aviation Organization (ICAO) since 1944. Passports, which are referred to by the ICAO as Machine Readable Travel Documents, will typically contain information such as an individual's full name, nationality, place of residence, place of birth and date of birth, with a mandatory full-color photograph. Their “machine readable” capability comes from the inclusion of a two-line machine readable zone (MRZ) of characters in Optical Character Recognition-B style that incorporates key information from the passport in a manner that can be easily recognized by a machine [37].

RFID-enabled passports, which have also been termed e-Passports or biometric passports, possess all the same information, but in digital form. This includes a digitized photograph of the individual which can be used to enable biometric comparison through facial recognition [38][39][40]. It is this facial recognition that is the only mandatory, globally interoperable biometric for individual identification purposes [41]. Although ICAO standards for passports also allow for iris or fingerprint data to be used as well, this is at present optional [37][42]. The development of the e-Passport has also resulted in the development of standards which support a worldwide Public Key Infrastructure (PKI). Public Key Cryptography is utilized in e-Passports to encrypt the data contained within the RFID chip [40]. Digital signatures produced by the issuing country ensure the validity, authenticity and integrity of data stored in the RFID chip and thus theoretically prevent against fraudulent modification, copying or access [40].

5.1 Greater national security

The drive towards e-Passport adoption was spurred directly by the United States and the ICAO. In 2002 the U.S. mandated through the Border Security and Visa Entry Reform Act 2002, that countries participating in their Visa Waiver Program must have provisions in place by October 2004 to comply with the biometric and document identification standards established by ICAO in 2003 [38]. This deadline was extended to October 2006 after significant delays caused by revisions to the e-Passport's design [38]. It is important to note, however, that moves towards biometrics to enable more effective, automated verification of individuals was already progressing long before the e-Passport was given an impetus to introduction. The INSPASS system was introduced into the United States in the late 1990s as a means of allowing frequent visitors to the country unattended, automated entry through the use of biometrics to verify identity [43]. Whilst the system was discontinued in 2002, it bears a striking similarity to much of the same value governments and the ICAO have promoted with the e-Passport.

The value proposition of the e-Passport is typically couched in terms of security and convenience. Common claims include the e-Passport's ability to allow automated identity verification, faster immigration inspections, and greater border protection and security [44]. Whilst it is intended that passports will still be read by human personnel to verify the information, some countries such as Australia have already announced plans to provide self-service kiosks. The technology to be used in Australia, referred to as SmartGate, has already undergone successful trials in 2005 and is to commence operation in international airports around the country in the near future [45]. Such technology, if implemented in airports around the world, would allow much quicker processing times of passengers for travelers entering the country (Australia Customs Service, 2007). Many countries, including the UK, have already begun work on similar systems [46].

The greatest value of the e-Passport as stressed by most issuing authorities is the enhancement to security they are purported to provide through the digital storage of passport information [38]. Certainly, given the current level of importance placed on national security, governments have been keen to push this technology as a means of providing more stringent monitoring of individuals entering and exiting the country. The use of biometric information, it is claimed, will greatly aid in countering identity fraud which had become a major issue with traditional passports [41].

5.2 The risk of identity theft and civil rights

The privacy concerns surrounding e-Passports are primarily related to the ability to access passport information without contact, a capability afforded by the use of RFID to store the passport's data contents. It is this potential for surreptitious access, perhaps by a criminal attempting to commit identity fraud that has caused much controversy over e-Passport adoption [47]. Potential misuse by the government is particularly evident in the controversial USA PATRIOT Act introduced just 43 days after 11 September, 2001 whereby the U.S. Federal Bureau of Investigation was given authority to seize personal information without notifying the individual concerned [48]. It is theoretically possible for governments to use such acts in order to link passport biometric databases with other surveillance mechanisms to monitor individuals without their awareness [47]. Juels, Molnar and Wagner [49] identify six key areas of concern regarding privacy and e-Passports: clandestine scanning, clandestine tracking, skimming and cloning, eavesdropping, biometric data leakage and cryptographic weaknesses. Juels [50] also notes the threat of function creep. He explains how over time, consumer demands for convenience may give way to e-Passports being used as authenticators for a range of consumer transactions. Such a move, it is feared, could undermine or erode the data-protection measures that have been incorporated to protect privacy and furthermore spread such identification information amongst more widely divergent systems [48].

Given the global reach of e-Passport initiatives, there has understandably been much concern raised over such privacy issues. Civil rights campaigners in particular stress how such e-Passport developments have created the potential for a global database containing biometric information for over a billion people [51]. Interestingly, in development of the U.S. passport, open comments by citizens revealed that of over 2300 responses, 98.5 percent received were negative, and 86 percent were explicitly concerned about privacy [38]. Nonetheless, the U.S. e-Passport initiative has proceeded, and as of 2006, over 13 million e-Passports had been issued [52]. Globally, it is reported that over 50 million e-Passports have been issued, which again emphasizes that despite the privacy concerns, the technology has undoubtedly been deployed “successfully” [53].

The media has also been quick to highlight potential failures with the technology, demonstrated by the exposure given to Lukas Grunwald who successfully cloned the U.S. e-Passport and then dumped the contents onto an ordinary contactless smart card [54]. A further threat was also exposed by Kevin Mahaffey and John Hering who demonstrated how an explosive device connected to an RFID reader could be triggered when a U.S. citizen carrying an e-Passport came within reach of the reader [53].

5.3 Total State control

Given the mandatory nature of passports there is very little individuals can do to avoid using one for traveling abroad. As most countries are now issuing e-Passports, there is also no option for individuals to request a non-RFID passport. There is also little an individual can do to control how government authorities access and use the information on the passport when they are entering a foreign country. However, beyond the border control point, individuals concerned about the privacy threats mentioned earlier can still retain some control over their e-Passport by ensuring they manage it carefully. Companies such as Paraben have already begun marketing “strong hold bags”, which are essentially Faraday cages in which a passport can be stored when not being used, to provide a protective barrier against unwanted third-party access [55]. Such a move was even recommended as a means of completely preventing unauthorized readings by the ICAO itself, who stated that the potential for unauthorized reading could not be “completed ruled out” [56].

Section 6. Case 4: Loyalty programs

Loyalty programs have been in widespread existence now since the 1980s, when retail organizations began to focus on building lasting customer relationships instead of focusing purely on short-term profitability [57]. The first modern loyalty program was instituted by American Airlines in 1981 with its “frequent flyer” program [58]. However, such programs quickly spread across a range of consumer industries including hotels, credit card companies, retailers, car rental companies, restaurants and entertainment firms [57]. A loyalty program will typically involve consumers identifying themselves at the retail outlet, usually through a magnetic-swipe or bar-coded plastic card, in order to receive immediate or delayed benefits for purchasing certain brands or for simply using that particular outlet [56]. Astonishingly, grocery store loyalty program usage within the United States is more widespread than Internet and personal computer penetration, with statistics showing that over 86 percent of adults are members of at least one, and in many cases, multiple loyalty programs [59]. In Canada that figure is around 97 percent and in the UK, penetration had reached 85 percent [60].

6.1 Greater consumer rewards

In the case of loyalty programs, the value proposition is critical for encouraging consumer use and for developing the brand loyalty which the programs aim to achieve. A number of elements are described by Yi and Jeon [61] that determine such value in a loyalty program. They include: (1) the cash value of rewards, (2) the choice of rewards, (3) the aspirational value of rewards, (4) the likelihood of achieving the rewards, and (5) how easy the loyalty scheme is to use. Typical examples of value that loyalty programs offer members include discounts on individual items or the entire shopping bill, points which can be redeemed for a range of rewards such as flights, accommodation, homewares, clothing and entertainment, and preferential “VIP” treatment. Studies conducted by the Boston University College of Communication demonstrate that 69 percent of consumers believe that their membership in a loyalty program benefits them in the form of lower prices and special promotions [58].

6.2 Consumer data profiling and warehousing

The major privacy threat that extends from the use of loyalty programs is the ability to tie purchases of specific products to individual consumers and monitor their purchasing behavior over time. Retailers collect such information to build profiles on their consumers. They even admit that such consumer profiles are commonly shared and exchanged with “preferred partners” [59]. Almost half of people who are members of loyalty programs are completely unaware of the tracking and monitoring that is occurring by participating in such schemes [58]. Moreover, studies have shown that consumers will trade their personal information if they perceive that the loyalty program is providing substantial value to them [58]. A study conducted by Graeff and Harmon [62]also found that in regard to loyalty programs, consumer perceptions were typically positive and most consumers did not associate such schemes with the collection and use of personal information. Loyalty programs are the ultimate demonstration of the trade-off consumers make of their privacy in order to gain something of value: a benefit, reward, convenience or saving. Given the high penetration rates and evident success of these programs, it would seem that consumers have been easily won over by the premise of “something for nothing,” with many oblivious or unconcerned about the privacy transaction that they are conducting.

6.3 Opting-in for maximum returns

A key element of consumer loyalty programs is their opt-in nature. As is highlighted by Bosworth [59], consumers are not forced into participating in such programs and can, if they wish, take their business elsewhere, or simply pay cash (minus any potential savings the loyalty card may provide). Consumers are also given control over their personal information by government regulations which in most countries give consumers the right to know exactly what information retailers are collecting and how it is being used. Furthermore, access to such information will typically be provided or the information removed altogether if requested. Ultimately loyalty programs are about choice, and thus given the potential privacy invasion that participation in such schemes entails, the value proposition is clearly a very important element in convincing consumers to participate. It is important to note, that whilst loyalty programs involve voluntary participation, many such schemes have come under criticism for discriminatory pricing, in which nonmembers may be unfairly disadvantaged by not participating in the scheme [57]. This may ultimately drive consumers into participation to avoid being forced into paying higher prices or feeling ostracized.

Section 7. Cross-case comparison

The most important facet common to all of these case studies is their dramatic levels of penetration and usage. Mobile phone penetration has reached remarkable levels, even in developing countries, and in many, penetration has grown to over 100%. Electronic toll collection is becoming increasingly common as the primary means for facilitating toll payments in busy cities around the world, with millions of tags now in use. E-Passports have become the new standard in global identification and have all but replaced traditional, chip-less passports in most countries. And consumers have embraced loyalty programs enthusiastically, with the majority of adults in countries such as the U.S., the UK, Canada and Australia, actively participating in such schemes. Keeping in mind such usage rates, it is also important to note another commonality between the mobile innovations, that of the presence of a range of privacy threats. It would appear given the widespread usage of the cases detailed, that privacy has not been a barrier to their adoption and consequent acceptance by society. Whilst the privacy concerns still exist and indeed, many individuals remain concerned about their privacy in relation to such technologies and services, on the whole it would seem that consumers have accepted each technology either because:

  • The value proposition or level of control present, balances against the privacy issues (mobile phones, electronic toll collection, and loyalty programs), or

  • Participation/usage is mandatory and the appropriate safeguards to privacy are in place (e-Passports).

In the case of the mobile phone, the value has become so ubiquitous that it is no longer even thought of or discussed. This ubiquity in terms of value would explain the lack of concerns consumers have towards their privacy in regard to mobile phone usage – it is simply not something most people would even think about. For electronic toll collection, individuals have embraced the convenience aspects presented by the technology in regard to simplifying toll payment, and it would seem that the simplicity of the technology (simply install the tag and forget about it) has again resulted in a general lack of concern about privacy issues. Loyalty programs are also clearly driven by their value proposition, without which, would provide little incentive or reason for consumer participation. Furthermore, given the amount of personal information collected, there must be equally significant value provided to ensure consumers feel the scheme is fair. Of the four case-studies discussed, the e-Passport is the only one where usage is almost completely mandatory for those wishing to travel internationally and also where individuals have very little control over how their e-Passport is used by authorities. In this situation, control in the form of legislation guarantees and reassures that personal information will be protected.

Section 8. Balancing privacy, value and control

A key outcome that arises from the case studies presented is the varying relationship between these three elements and thus the balance each technology or service provides. It is clear, that in order to gain acceptance, privacy issues must be offset by value and control. This trichotomous relationship is illustrated in figure 1. In the case of mobile phones, it is evident that a somewhat low level of control is acceptable, given the relatively low vulnerability of individual privacy and the “medium” level of value the technology provides. With electronic toll collection, the vulnerability of user privacy is depicted to be in the “medium” range, yet as users can exercise some degree of control over their privacy by removing the tag or opting to use alternative routes or payment methods, control is depicted as being in the “medium” range. This “medium” range in regard to privacy and control, is offset by a high level of value evident in the convenience the technology affords. With regard to e-Passports, the provider (i.e. the government) provides very little control. Furthermore, the value offered to the individual is realistically very low as well. This is reflected in the relatively high vulnerability of the individual's privacy which stems not from flaws in the technology, but the importance of the information to the individual and the consequences that could arise if it were compromised by another party. Finally, with loyalty programs, a high vulnerability of individual privacy which arises from the vast amount of personal information collected, is offset by a high level of control offered by providers by allowing consumers to freely to opt-out of such programs. The privacy risk is also further offset by the high level of value which such schemes must offer to encourage consumers to participate. In the case of mobile phones, electronic toll collection and loyalty programs, it is apparent that acceptance had to be earned through a favorable balance that was offered to consumers. In the case of e-Passports where the balance is unfavorable (as shown in figure 1), acceptance was not generally required as the technology was made mandatory by government authorities and the ICAO.

Figure 1. Privacy-Value-Control trichotomy

Section 10. Conclusion

The purpose of this paper has been to provide a “walk” through the privacy-value-control paradigm as it applies to a number of mobile innovation. The study attempted to show how privacy concerns for specific mobile innovations have been offset by strong value propositions, or differing levels of control that allows the individual to perceive a sense of privacy, or bypassed through mandatory usage. The key outcome that has been established by this paper is that a balance between privacy, value and control depends largely on the individual, the technology and the provider of the service; that is, the vulnerability of the individual's privacy, the value inherent in the technology or service, and the level of control provided by the service provider. What has been highlighted most importantly is that privacy is not a barrier to adoption; rather, technologies and services will still be accepted and used by the population provided that the balance is favorable to the individual – whether that be perceived or otherwise – unless the technology is mandated into use in a manner which can be justified by society.


1. S. Inoue and H. Yasuura, "RFID privacy using user-controllable uniqueness," RFID Privacy Workshop, Cambridge, MA, 2004.

2. R. Bansal, "Now you see it and now you don't," IEEE Microwave Magazine, vol. 5, pp. 32-34, 2004.

3. S. Spiekermann, "Perceived Control: Scales for Privacy," International Conference on User Modeling, Scotland, 2005.

4. L. Hyangjin and K. Jeeyeon, "Privacy threats and issues in mobile RFID," International Conference on Availability, Reliability and Security, Vienna, 2006.

5. M. Ohkubo et al., RFID Privacy Issues and Technical Challenges, vol. 48: ACM, 2005.

6. AFP, "Mobile operators aim to cover 90 percent of planet," in Taipei Times Singapore, 18 Sept. 2006.

7. Informa, "1.8 bln mobile subscribers worldwide," 2005,

8. BBC, "Mobile growth 'fastest in Africa'," in BBC Business, 2005,

9. M. Reardon, "Emerging markets fuel cell phone growth," in CNET, 2007, phone-growth/2100-1039_3-6159491.html

10. ITU, "Mobile cellular subscribers," 2007,

11. Telecomworldwire, "Many countries now have a mobile penetration rate above 100%, report says," 2006, mi_m0ECZ/is_2006_June_9/ai_n16464839

12. J. Häkkilä and C. Chatfield, "Toward social mobility," in Human computer interaction with mobile devices and services, Salzburg, Austria, 2005.

13. N. Swartz, "Mobile Phone Tracking Scrutinized," Information Management Journal, vol. 40, p. 16, 2006.

14. M. Richtel, "Live tracking of mobile phones prompts court fights on privacy," in The New York Times, 2005.

15. A. Brandt, "Privacy watch: soon, your cell phone may be tracking you," in PC World, 2004.

16. R. Whitaker, The End of Privacy: How total surveillance is becoming a reality. New York, New York: The New Press, 1999.

17. B. Charny, "Cell phone tracking raises privacy issues," in CNET, 2002, privacy-issues/2100-1033_3-846744.html

18. S. C. Swales, J. E. Maloney, and J. O. Stevenson, "Locating mobile phones and the US wireless E-911 mandate," Novel Methods of Location and Tracking of Cellular Mobiles, pp. 2/1 - 2/6, 1999.

19. D. Cvrcek et al., "A study on the value of location privacy," in 5th ACM workshop on Privacy in electronic society, Virginia, 2006, pp. 109-118.

20. J. Best, "Nokia: GPS will be in every phone," in CNET Mobile Phones, 2007,, 239025953, 339279768,00.htm

21. D. Seifman, "'Track' Man is Sacked: GPS Nails Ed. Guy," in New York Post, 2007, regionalnews/track_man_is_sacked.htm.

22. J. Voorbees, "The Limits on Wireless Security: 802.11 in early 2002," in SANS, 2001, wireless/164.php.

23. P. Wayner, "What's Next; Tracking down cellphone users," The New York Times, 1999, http://query. 9A01E4D81631F93AA15754C0A96F958260.

24. Q-Free, "Company History," 2007,

25. D. Loukakos and M. Benko, "Electronic Toll Collection," in ITS Decision, 2007, Electronic_toll_collecti on/electronic_toll_collection_summary.html

26. SRI Consulting, "Electronic Toll Collection," in ITS Canada, 1996, 001025hnezpass.html

27. P. Blythe, "RFID for road tolling, road-use pricing and vehicle access control," in IEE Colloquium on RFID Technology, 1999, pp. 8/1-8/16.

28. K. Waersted and K. Bogen, "No stop electronic toll payment systems," in Second International Conference on Road Traffic Monitoring 1989, 1989.

29. Q-Free, "ETC Systems - White Paper," 2003, http://www.q-free. com

30. C. Caldwell, "A Pass on Privacy?," in The New York Times, 2005, 1279339200&en=c1 f10d3de06adea6&ei=5088

31. T. Wright, "Eyes on the Road: Intelligent Transportation Systems and Your Privacy," in Information and Privacy Commissioner/Ontario, 1995, pubpres/papers/ITS-E.HTM#ITS

32. E. Grygo, "New Jersey Turnpike electronic toll collection system hacked," in InfoWorld, 2000, xml/00/10/25/00 1025hnezpass.html

33. Anonymous, "E-ZPass Bypasses Your Privacy," 2007,

34. B. Sullivan, "E-ZPass, Now with a higher price," in The Red Tape Chronicles: MSNBC, 2006, ezpass_now_with.html

35. ETC Working Party, "Second Report to the ATC of the ETC Working Party," Australian Transport Council 2001.

36. ICAO, "History - The League of Nations," in Machine Readable Travel Documents, 2006,

37. ICAO, "MRTD Overview," in Travel Documents, 2006,

38. Australia Government, "The Australian e-Passport," in Department of Foreign Affairs and Trade, 2007, dept/passports/

39. M. Meingast et al., "A case study of the security & privacy risks of the US e-Passport," IEEE International Conference on RFID, Texas, 2007, pp. 7-14.

40. U.S. Department of State, "The U.S. Electronic Passport Frequently Asked Questions," in Bureau of Consular Affairs, 2007,

41. D. Lekkas and D. Gritzalis, "E-Passports as a means towards the first worldwide public key infrastructure," Lecture Notes in Computer Science, vol. 4582/2007, pp. 34-48, 2007.

42. Home Office, "Why has the UK introduced biometrics in its passport?," in Identity and Passport Service, 2007,

43. R. J. Hays, "INS Passenger Accelerated Service Systems (INSPASS)," in Biometric Consortium, 1996, http://www.biometrics. org/REPORTS/INSPASS.htm

44. U.S. Department of State, "The U.S. Electronic Passport," in Bureau of Consular Affairs, 2007, eppt_2498.html

45. Australia Customs Service, "SmartGate 2007, au/site/page.cfm?u=5555

46. C. Edwards, "Borderlands of confusion [biometric passports]," IEE Review, vol. 51, pp. 34-37, 2005.

47. B. Schneier, "The ID Chip You Don't want in Your Passport," in The Washington Post, 2006, p. 21,

48. T. Lupick, "E-Passports may unlock doors to your privacy," in, 2006, to-your-privacy

49. A. Juels et al., "Security and privacy issues in e-Passports," in International Conference on Security and Privacy for Emerging Areas in Communications, Greece, 2005, pp. 74-88.

50. A. Juels, "RFID Security and Privacy: a Research Survey," IEEE Journal on Selected Areas in Communications, vol. 24, pp. 381-394, 2006.

51. BBC, "Concern over biometric passports," in BBC Technology, 2004,

52. Anon, "RFID Tagging Isn't a Privacy Issue Unless You Make It One," New Media Age, vol. 16, 2006.

53. Scarmig, "E-Passport: Doorway to the Panopticon," 2006,

54. K. Zetter, "Hackers clone e-Passports," in Wired, 2006,

55. Paraben Corp, "Paraben's Passport Stronghold Bag," 2007, 26&products_id=373

56. C. Swedberg, "U.S. Tests E-Passports," in RFID Journal, 2004,

57. O. Hinz et al., "Customer loyalty programs and privacy concerns," in Merging and Emerging Technologies, Processes and Institutions, Bled, 2007.

58. R. Lacey and J. Z. Sneath, "Customer loyalty programs: are they fair to consumers?," Journal of Consumer Marketing, vol. 23, pp. 458-464, 2006.

59. Anonymous, "Grocery store loyalty card use is strong despite privacy concerns," in Coupons/Bargains, 2007,

60. M. Bosworth, "Loyalty cards: Reward or threat?,", 2005, http://www.consumer loyalty_cards.html

61. Y. Yi and H. Jeon, "Effects of loyalty programs on value perception, program loyalty, and brand loyalty," Academy of Marketing Science, vol. 31, p. 229, 2003.

62. T. Graeff and S. Harmon, "Collecting and using personal data: consumers' awareness and concerns"


transponders, data privacy, electronic money, mobile computing, mobile handsets, radiofrequency identification, smart cards, transponders, mobile business applications, mobile technology, mobile services, privacy-value-control trichotomy, mobile phone, electronic toll payment tags, e-passports, loyalty card programs, radio-frequency identification tags, Mobile Business Applications, Privacy, Value Proposition, Control, Consumer Acceptance, Adoption, Diffusion

Citation: Benjamin D. Renegar; Katina Michael; M. G. Michael, 2008, "Privacy, Value and Control Issues in Four Mobile Business Applications", ICMB'08. 7th International Conference on Mobile Business, 2008, pp. 30 - 40.

Control, trust, privacy, and security: LBS


Location-based services (LBS) are those applications that utilize the position of an end-user, animal, or thing based on a given device (handheld, wearable, or implanted), for a particular purpose. LBS applications range from those that are mission-critical to those that are used for convenience, from those that are mandatory to those that are voluntary, from those that are targeted at the mass market to those that cater to the needs of a niche market. Location services can be implemented using a variety of access media including global positioning systems and radio-frequency identification, rendering approximate or precise position details.

The introduction of location-based services, which are growing in sophistication and complexity, has brought with it a great deal of uncertainty. Unaddressed topics include: accountability for the accuracy and availability of location information, prioritization and location frequency reporting, the user's freedom to opt-in and opt-out of services, caregiver and guardian rights and responsibilities, the transparency of transactions, and the duration of location information storage. Some of these issues are the focus of court cases across the United States, usually between service providers and disgruntled end-users or law enforcement agencies and suspected criminals.

While we can wait for the courts to set precedents and then take legislative action to learn about how we should act and what we should accept as morally right or wrong, this is only a small part in considering the emerging ethics of an innovation such as location-based services. Laws, similar to global technical standards, usually take a long time to enact. A more holistic approach is required to analyze technology and social implications. This article uses scenarios, in the form of short stories to summarize and draw out the likely issues that could arise from widespread adoption of LBS. It is a plausible future scenario, grounded in the realism of today's technological capabilities.

Role of Scenarios in the Study of Ethics

Articles on ethics in engineering and computing, for the greater part, have been about defining, identifying and describing types of ethics, and emphasizing the importance of ethics in the curriculum and the workplace. A small number of ethics-related studies more directly concerned with invention and innovation consider the possible trajectories of emerging technologies and their corresponding social implications [1], [2]. Within the engineering field, these studies commonly take on the guise of either short stories or case-based instruction [3], [4]. This article uses scenario planning to identify the possible risks related to location-based services in the context of security and privacy. While “day-in-the-life scenarios” have been popular in both human-computer interaction and software engineering studies, they have not been prevalent in the ethics literature [5].

When is a person sufficiently impaired to warrant monitoring?

The most well-known usage of stories related to ethical implications of technology have been constructed by Richard G. Epstein [6]. His 37 stories in the Artificial Intelligence Stories Web are organized thematically based on how the human experience is affected by the technology [7]. Of fiction, Epstein writes that it is “a great device to help one envision the future and to imagine new concepts and even applications” [8]. His Silicon Valley Sentinel-Observer's Series ran as a part of Computers and Society [9]. John M. Artz has written about the importance of stories advancing our knowledge when exploring areas where we do not fully understand a phenomenon [10]. Artz calls stories and our imagination “headlights” that allow us to consider what might lie beyond: “[c]onsider imagination as the creative capacity to think of possibilities. Imagination lets us see the world, not as it is, but as it could be. And seeing the world as it could be allows us to make choices about how it should be.” In 1988, Artz indicated the shortage in short stories in the field, and this paper addresses the shortage by focusing on LBS.

The definition of a scenario used in this paper is “[a]n internally consistent view of what the future might turn out to be” [11]. Scenarios can be used to combine various separate forecasts that pertain to a single topic [12], designed to provide an overall picture of a possible future, and to describe this future in such a way that it is accessible to a layperson in the subject. According to Godet a scenario “must simultaneously be pertinent, coherent, plausible, important and transparent” [13].

The Track, Analyze, Image, Decide, Act (TAIDA) scenario planning framework is used here with respect to LBS to i) identify aspects of the current situation that may have an impact on the future under consideration; ii) deliberate on the possible future consequences of the aspects identified in tracking; iii) approach possible changes intuitively to create a plausible future, “to create not only an intellectual understanding but also an emotional meaning,” iv) determine what should be done about a given scenario in response to issues raised, and v) offer recommendations that will address these issues [14]. Analysis of the future scenario presented will be conducted using deconstruction to draw out the social implications. Deconstruction is an approach to literary analysis that aims “to create an interpretation of the setting or some feature of it to allow people… to have a deeper understanding” [15].

The Roman philosopher Seneca said: “[t]here is no favorable wind for the man who knows not where he is going” [13]. There is certainly merit in exploring the potential effects of LBS before they occur. As Michael and Michael highlight: “[m]ost alarming is the rate of change in technological capabilities without a commensurate and involved response from an informed community on what these changes actually “mean” in real and applied terms, not only for the present but also for the future” [16]. “[T]oday's process of transition allows us to perceive what we are losing and what we are gaining; this perception will become impossible the moment we fully embrace and feel fully at home in the new technologies” [17].

The scenario “Control Unwired” continues five short stories and is set in Australia. The critical analysis that follows is also presented within a predominantly Australian context.

Control Unwired

Vulnerability-The Young Lady

The street appeared to be deserted. Kate wasn't surprised – this part of town always quieted down at night, especially on weekday evenings like this one. There wasn't much around except office buildings and coffee shops that served to provide a steady stream of caffeine to the office workers.

If a person's resistance is bypassed or circumvented, their adaptive capacities can be overloaded, inducing feelings of desperation and helplessness.

Kate fished her smart phone out of the pocket of her grey suit jacket [18], [19]. Pressing a few buttons, she navigated through the on-screen menu to the Services option, then to Call a Taxi [20]. The device beeped at her, flashing the message: No signal available [21].

Kate swore, shoving the PDA back into her bag. The surrounding buildings must have been blocking the GPS signal [22]. She knew she needed to get to a more open area.

What a pain, she thought. They overload me with cases, expect me to stay late, and then the gadget they give me to get home doesn't work.

Although Kate was irritated more than anything else, there was a niggling sort of apprehension in the pit of her stomach. She felt alone – very alone, and not at all comfortable being by herself, at eleven in the evening, in a deserted place.

Shaking off the uneasiness, she berated herself. Get a grip, Kate. You're not a child.

As Kate strode off, a dark shadow detached from a nearby alleyway. It followed, silently, at a distance, keeping out of the dim pools cast by the streetlights.

Unfortunately, Kate didn't know which direction she should go to find a clear space for her phone to get a fix on her location.

If I keep heading the same way, she thought, I'm bound to find somewhere sooner or later.

The surrounding structures were slightly lower here, the taller office blocks just down the road. As Kate walked, the shadow some way behind flickered in the wind, as though it were wearing a long coat. It followed stealthily, steadily decreasing the distance between itself and Kate.

Suddenly, Kate's phone bleeped for attention. Kate pulled it out of her bag again and read the message on the screen: Signal acquired.

“Finally,” she breathed. Quick fingers navigated back to the Call a Taxi command. The phone gave a comforting reassurance that a taxi was on its way, with an estimated arrival time of less than a minute [23].

The shadow hung back, unsure, watching.

Within thirty seconds of making the call, a taxi veered out of nowhere and pulled to an abrupt stop alongside Kate. She opened the door and slid into the back seat.

As the taxi pulled away, the shadow shifted slightly and melted back into the darkness.

Liberty-The Husband and His Wife

The next day, the sun filtered into an east-facing bathroom window, where a man stood studying himself in the mirror.

Slight lines crinkled the skin near his eyes and mouth. His hair was still quite thick and healthy, but flecked with the salt-and-pepper grey of an aging man. Although Colin was well past his sixtieth birthday, he could have easily passed for a man in his fifties.

Suddenly, the telephone rang. Colin paused for a moment, listening – the ring only sounded in the bathroom [24]. The kitchen, bedroom, and lounge room were all silent.

“Even the damn phone knows where I am,” he muttered, shaking his head. He touched the hard lump of the RFID tag that was stitched into the hem of his shirt [25], [26]. “Helen, not again!”

Colin stabbed at an unobtrusive button on the bathroom wall, [27] and his reflection instantly gave way [28] to the face of an attractive woman with bobbed blonde hair [29] – Helen, his wife, calling from the airport in Hong Kong.

“Oh sweetheart, you look tired.” Helen sounded concerned.

Colin shrugged. “I don't feel tired. I think I just need to get some fresh air.”

“Open the window, then. It might make you feel better.”

Colin thought that what would make him feel better was a nice long walk without his wife checking up on him every five minutes.

“You haven't been to the cupboard yet to take your morning medicines,” Helen said.

“Why don't you stop pussyfooting around and just inject me with one of those continuous drug delivery things?” [30], Colin frowned.

Helen smiled. “Great idea,” she teased. “We could put a tracking chip in it too. Two birds, one stone” [31].

“At least then I wouldn't have to wear this stupid bracelet [32]. They're made for kids [33], Helen.” Colin knew his wife was joking, but the truth was that he often did feel like a recalcitrant child these days.

“Well,” Helen replied, “If you didn't insist on being so pig-headed, you wouldn't have to wear it. I was terrified when you collapsed. I'm not going to let it happen again. This way I know you're not gallivanting about without someone to look after you.”

“Ever considered that I can take care of myself? I'm not a child.”

“No, you're not. And you're not a young man either,” Helen admonished. “You need to accept that with your condition, it's just not safe to be going off by yourself. What if something happened to you? Who would know? How would we find you?”

“I feel like a prisoner in my own home, Helen. I can't even take the thing off without you knowing about it. You know they use these for prisoners?”

“Parolees, dear. And they're anklets.” She leaned in closer to the screen. “Someone needs to take care of you, Colin. If you won't, I'll have to do it myself.”

Colin sighed. “You just don't understand what it's like to be getting… older. Not being able to do everything you used to. Being betrayed by your own body. It's bad enough without you babying me along like some kind of octogenarian invalid.”

“Well, I guess that's the downside to marrying a woman almost twenty years younger than yourself,” Helen grinned.

“The only downside.” Colin smiled back at her, but his heart wasn't really in it. They had been through this argument countless times before.

He changed the subject. “Heard from our dear daughter lately? Or Scott?”

“Kate called me last night. She's doing well.”

“How's her new job?” Colin asked.

“Well, she says she enjoys it, but she's working very long hours,” Helen replied.

“And I bet you're worried about her being alone in the city at night for five minutes,” Colin said.

Helen gave a self-conscious smile. “It's not a very nice part of town. I'll feel much better about her working late when the firm moves closer to the inner city.”

“And Scott?”

“Haven't heard from him. He's back in Sydney now, though. I wish he'd call.”

“Maybe if you weren't always pestering him to marry his girl from Melbourne, he'd call more,” Colin grinned.

Helen glanced up, away from the screen.

“Sweetheart, I have to go – they've just given the final boarding call for my flight. Enjoy the rest of your day. I'll see you when I get home tonight.” She blew a rather distracted kiss at the screen, then it went blank.

Colin's shoulders sagged. Alone again.

He shuffled into the kitchen to make breakfast. Helen had left him skim milk and pre-packaged porridge oats.

“Wow,” he muttered. “Cosmic Blueberry or Bananarama? Such decisions.”

Just as Colin was finishing off the last few spoonfuls, the watch on his wrist emitted a low beep. He glanced at the screen: Low battery – critical.

Colin smiled. The device had been flashing low battery messages intermittently since yesterday evening. It had less than three days' standby time, and being on a business trip, Helen wasn't around to make sure it got recharged [34].

The screen on the little device winked out.

Munching on his porridge, Colin reached over to the cutlery drawer and took out the kitchen scissors. Very carefully, he snipped out a neat little rectangle from the hem of his shirt. The RFID tag came with it.

He swallowed down the rest of his breakfast and tossed the tag onto the counter.

Colin was going for a walk.

No alert went out to Helen. No neighbors came hurrying to see what he was doing. He reveled in the possibility of heading out without someone watching his every move [35].

Colin wandered off, his own man, if only for a morning.

Association-The Friends and Colleagues

“Hey Janet. Sorry I'm late.” Scott slid into the other seat at the table.

Janet sighed, pushing a latte and a sandwich towards him. She'd already finished her coffee. She gestured to her PDA. “These gadgets do everything. They compare our schedules, pick a place convenient to both of us, make sure there's something vegetarian on the menu for me, and book a table. Pity they can't get you here on time too.”

“I'm sure it's on the horizon,” Scott joked. “So how's life in the Sydney office?”

“All right. The weather makes a nice change. How about your parolees?”

Scott laughed. “There's a lot more of them. In Melbourne I had fifty or sixty cases at once. Now I've been allocated more than a hundred.” He bit into his sandwich. “With less parole officers able to handle more cases, I guess I'm lucky to have a job,” he continued with his mouth full [36].

Janet raised her eyebrows. “With a lot of women intolerant of bad table manners, you're lucky to have a girlfriend. I assume the workloads are greater because they use those chips here?”

“The caseload is greater, the workload is the same – yeah, because of the chips” [37]. He smiled. “It's crazy that New South Wales is already trialing these tracking implants, while Victoria's only recently got a widespread implementation of the anklets [38]. They've been around commercially for years. Mum's got Dad wearing a tracking watch now, for peace of mind after the whole angina scare.

“But the implants are much better,” Scott continued. “Who wants a chunky anklet or bracelet that makes you look like a collared freak? I'll bet it's really disconcerting having people stare at you suspiciously in the street, knowing that you're a criminal. It kind of defeats the purpose of parole – the idea is rehabilitation, reintegration under supervision. That's why the implants are so good – there's no stigma attached. No one can even tell you have one. And they're harder to remove, too.”

“I don't see what the big deal is,” Janet replied. “Why not just keep people under lock and key?”

“Resources. It costs a lot to keep someone imprisoned, but the cost drops significantly if you imprison them in their own home instead [39]. It's about overcrowding, too – jails everywhere have had an overcrowding problem for years [40].

Can it be considered reasonable to impinge upon the freedom of someone who is merely suspected of committing a crime?

“I also think electronic monitoring and parole are much better in terms of rehabilitation,” Scott went on. “People can change [41]. Often they've committed a fairly minor crime, then they go to prison, get mixed up with worse crowds [42]–[43][44]. It can be pretty rough in there. There is certainly a danger that by imprisoning people with ‘harder’ criminals, you run the risk of corrupting them further and exacerbating the problem [40].

“On parole, they can still go to work and earn money, be productive members of society, get their lives back [44], [45]. But they're watched, very closely – the tracking systems alert us if anything looks off. It's imprisonment without prisons.”

Janet smiled. “That's very Alice in Wonderland. When the Cheshire Cat disappears – how does it go? ‘I've often seen a cat without a grin, but a grin without a cat is the most curious thing I ever saw in all my life!'”

Scott laughed. “I suppose you could compare it to that.” He noted Janet's skeptical look. “It's not like we're sending people out of jails willy-nilly. There is a pretty thorough system in place to determine who gets paroled and who doesn't.”

“So how does that work?” asked Janet.

“Well, a while ago it was mainly based on crime-related and demographic variables. We're talking stuff like what sort of offense they're doing time for, the types of past convictions on their record, age, risk of re-offending” [46].

She nodded.

“Now a bunch of other things are looked at too,” he continued, finishing off his sandwich. “It's a lot more complex. Psychological factors play a big part. Even if someone displays fairly antisocial traits, they're still considered pretty low risk as long as they don't also show signs of mental illness” [47].

“So prisons are the new asylums?” Janet frowned.

“Not quite but I see your point,” Scott admitted.

“What about terrorists?” Janet argued. “How can you guarantee that there won't be another incident like the Brisbane rail bombings”[48]?

“Like I said, anyone considered really dangerous is still kept in a regular prison,” Scott said. “All the major landmarks and places people congregate in Sydney are tagged anyway [49]. There's no way a convicted terrorist would get within a hundred meters of anything worth attacking.”

Janet raised her eyebrows, unconvinced. She thought of the newspaper reports about security breaches of public places that had been linked to professional cybervandals. As far as she was concerned, no new technology was the silver bullet.

Scott continued, “And you know that governmental powers now allow ‘persons of interest’ to be implanted as well.”

Janet shook her head. “I'm all for preventing terrorist attacks. But implanting people who haven't committed a crime? How far will they take it? What if the government decided that they should just track everyone, to be on the safe side?”

Scott shrugged. “I guess we just need to find a nice balance between personal freedom and national security.”

He glanced at his watch and pushed his chair back. “I need to get back to work,” he said apologetically.

Policing-The Officer and the Parolee

Scott paused on the landing in front of Doug's apartment and steeled himself. Doug was his last visit of the day. Scott was a fairly likeable guy and had a rapport with most of his cases, but Doug, convicted of aggravated sexual assault, was different [50].

Scott knocked on the door.

A few seconds passed, then it opened a fraction and a stubbled face peered out. Doug wore a stained long-sleeved shirt and ratty jeans.

“Scott,” he sneered. “So nice of you to drop by.”

“Let's just do this, Doug.”

Scott followed Doug into the living room. He pulled out a small device and waved it up and down the man's left arm. It beeped and Scott checked the screen.

“Your chip seems fine,” he said. “Just a routine check – we like to do one every now and then to make sure everything's okay. Congratulations on your new job, by the way. How do you like house painting?”

“My true bloody calling,” Doug leered.

“Er… great. Keep it up then. With good behavior like this you'll be done in no time.”

Scott felt relieved that he would no longer have to sift through Doug's daily tracking logs.

Doug just smiled.

Duplicity-The Victim

Doug waited more than two hours after Scott left before removing his shirt. He peeled off the electrical tape covering an ugly, ragged scar on his upper arm [51]. The scar wasn't from the chip's implantation. It was created by the deep cut Doug's heavily pierced cyberpunk friend had made to remove it [52].

The tiny chip – smaller than a grain of rice – was stuck to the back of the tape. Gingerly, Doug set it on the table in front of the TV and smiled. His chip was having a night in.

He was going out.

Doug pulled his shirt back on and shrugged into a long coat.

He knew there would be a young woman in a grey suit leaving her office soon. She worked at the law firm that was hot stuff in the news. Stupid really, he thought, that she's not afraid to wander the streets in that part of town at night, alone. A Smart girl like that should know better.

The stairwell was quiet. He slipped out into the darkness, a shadow among the other shadows.

He wanted to pay that attractive little lawyer a visit before she caught her taxi home.

Critical Analysis

Legal and Ethical Issues

According to Ermann and Shauf, our “ethical standards and social institutions have not yet adapted… to the moral dilemmas that result from computer technology” [53]. This has a great deal to do with the way Helen uses the LBS technologies available to her. In Liberty, Helen obviously cares about her husband and wants what is best for his health. She is willing to “help” Colin look after himself by monitoring him and restricting the activities she allows him to participate in, especially when he is alone. It is not too difficult to imagine this happening in the real world if LBS becomes commonplace. It is also conceivable that, for some people, this power could be held by a hospital or health insurance company. However, Helen fails to balance her concern for her husband's physical welfare with his need to be an autonomous being. Although LBS technologies are readily available, perhaps she has not completely thought through her decision to use these technologies to monitor Colin, even if it is ostensibly for his own good. It could even be seen as selfish.

The current climate is indicative of individuals' willingness to relinquish their privacy (or at least someone else's) for the sake of impenetrable security.

Consideration of legal issues is also important – it does not appear that there is any specific Australian legislation that covers the unique possibilities of LBS tracking. One situation that is likely to appear with more frequency is people using LBS technologies to monitor loved ones “for their own good.” Several issues are raised here. When is a person sufficiently impaired to warrant such monitoring? Should their consent be necessary? What if they are considered to be too impaired to make a rational decision about monitoring?

Autonomy is an important part of a person's identity. Resistance to a situation is often unconsciously employed to “preserve psychically vital states of autonomy, identity, and self-cohesion from potentially destabilizing impingements” [54]. If a person's resistance is bypassed or circumvented, their adaptive capacities can be overloaded, inducing feelings of desperation and helplessness. The natural reaction to this is to exert an immediate counterforce in an attempt to re-establish the old balance, or even to establish a new balance with which the individual can feel comfortable [54].

These ideas about autonomy, identity and resistance are demonstrated in Liberty through Colin. He experiences feelings of helplessness and vulnerability because of his loss of autonomy through constant LBS monitoring. His unsupervised walk can be seen as an attempt to redress the balance of power between himself and Helen. With these issues in mind, perhaps the kindest and least disruptive way to implement a monitoring program for an aging individual is to develop a partnership with that person. In this sort of situation, LBS tracking can be a joint process that “is continually informed by the goal of fostering… autonomy” [54].

Another significant legal and ethical issue is that of monitoring people such as those suspected of being involved in terrorist activities. As hinted at in Association, this is not mere fancy – the Australian Government, for example, has passed new anti-terrorism laws that, among other things, would give police and security agencies the power to fit terror suspects with tracking devices for up to 12 months [55].

This kind of power should give rise to concern. Can it be considered reasonable to impinge upon the freedom of someone who is merely suspected of committing a crime? For tracking implants especially, do governments have the right to invade a personal space (i.e., a person's body) simply based on premise?

Criminals give up some of their normal rights by committing an offense. By going against society's laws, freedoms such as the right to liberty are forfeited. This is retributivism (i.e., “just deserts”). The central idea is proportionality: “punishment should be proportionate to the gravity of, and culpability involved in, the offense” [40]. With no crime involved, the punishment of electronic monitoring or home detention must be out of proportion.

The threat of terrorist attacks has led the Australian Government to propose giving itself extraordinary powers that never could have been justified previously.

With measures such as those in Australia's counter-terrorism laws, there is obviously a very great need for caution, accountability, and review in the exercise of such powers. Gareth Evans, the former Australian Labor foreign minister, commented on the laws by saying:

“It is crucial when you are putting in place measures that are as extreme in terms of our libertarian traditions as these that there be over and over again justification offered for them and explanations given of the nature and scale of the risk and the necessity… it is a precondition for a decent society to have that kind of scrutiny” [56].


The July 2005 London subway bombings are the justification offered repeatedly by Australian Prime Minister John Howard for the new laws, reinforced by Australian Secret Intelligence Organization (ASIO) director-general Paul O'Sullivan. However, this “justification” ignores the reality that “the London bombers were ‘clean skins' who had escaped police notice altogether” [57]. Tagging suspicious people cannot keep society completely safe.

We do not make a judgment on whether pre-emptive control legislation is proper or not. We suggest, however, that the laws recently enacted by the Australian Federal Government (and agreed to by the Australian States) could be indicative of a broader trend.

John Howard said that “in other circumstances I would never have sought these new powers. But we live in very dangerous and different and threatening circumstances… I think all of these powers are needed” [58]. Could the same argument be used in the future to justify monitoring everyone in the country? If pre-emptive control is a part of government security, then widespread LBS monitoring could be the most effective form of implementation.

Without suggesting the potentially far-fetched Orwellian scenario where draconian policies and laws mean that the entire population is tracked every moment of their lives, there is an argument to be made that the current climate is indicative of individuals' willingness to relinquish their privacy (or at least someone else's) for the sake of impenetrable security.

Social Issues

Control emerges as a significant theme in the scenario Control Unwired. Even in LBS applications that are for care or convenience purposes, aspects of control are exhibited. The title reflects the dilemma about who has control and who does not. For example, in Vulnerability, Kate experiences a loss of control over her situation when her GPS-enabled smart phone does not work the way she wants it to work, but a sense of control is restored when it is functioning properly again. Helen has control over Colin in Liberty, and in turn Colin has little control over his own life. In both Association and Policing we see how Scott uses LBS every day as a control mechanism for parolees. Finally, in Duplicity, the question arises whether faith in this sort of control is fully justified.

Trust is a vitally important part of human existence. It develops as early as the first year of life and continues to shape our interactions with others until the day we die [59]. In relationships, a lack of trust means that there is also no bonding, no giving, and no risk-taking [60]. In fact, Marano states:

“[w]ithout trust, there can be no meaningful connection to another human being. And without connection to one another, we literally fall apart. We get physically sick. We get depressed. And our minds… run away with themselves” [59].

An issue that arises in Liberty is that of trust, recalling Perolle's notion of surveillance being practiced in low-trust situations and the idea that the very act of monitoring destroys trust [61]. We can see this happening in the Colin/Helen relationship. Helen does not trust Colin enough to let him make his own decisions. Colin does not trust Helen enough to tell her he is going out by himself, without any kind of monitoring technology. He resents her intrusion into his day-to-day life, but tolerates it because he loves his wife and wants to avoid upsetting her. Their relationship could be expected to become increasingly dysfunctional if there is a breakdown of trust. It is near impossible to predict the complex effects of LBS when used to track humans in this way, especially as each person has a different background, culture, and upbringing. However, if Perolle [61] and Weckert [62] are agreed with, these types of technological solutions may well contribute to the erosion of trust in human relationships – what would this entail for society at large? Freedom and trust go hand-in-hand. These are celebrated concepts that have been universally connected to civil liberties by most political societies.

Technological Issues

There is a widely held belief that it is how people use a technology, not the technology itself, that can be characterized as either good or bad. People often see technology as neutral “in the sense that in itself it does not incorporate or imply any political or social values” [63]. However, there are other researchers who argue that technology is not neutral because it requires the application of innovation and industry to some aspect of our lives that “needs” to be improved, and therefore must always have some social effect [63]. The LBS applications in the scenario all appear to show aspects of control. This would suggest that the technology itself is not neutral – that LBS are designed to exercise control.

Control Unwired seems to echo Dickson's argument that technology is not neutral because of its political nature: “dominating technology reflects the wishes of the ruling class to control their fellow men” [63]. We can certainly see elements of this idea in the scenario. All of the LBS functions depicted are about control, whether it be control over one's own situation (Vulnerability), caring control of a loved one (Liberty), or forced control over parolees (Association, Policing, and Duplicity). These situations imply that LBS is not neutral, and that the technology is designed to enhance control in various forms.

Some believe that technology is the driving force that shapes the way we live. This theory is known as technological determinism, one of the basic tenets of which is that “changes in technology are the single most important source of change in society” [64]. The idea is that technological forces contribute to social change more than political, economic, or environmental factors. The authors would not go so far as to subscribe to this strongest sense of technological determinism doctrine. The social setting in which the technology emerges is at least as important as the technology itself in determining how society is affected. As Braun says: “[t]he successful artifacts of technology are chosen by a social selection environment, [like] the success of living organisms is determined by a biological selection environment” [65]. Technologies that fail to find a market never have a chance to change society, so society shapes technology at least as much as it is shaped by technology. In this light, Hughes's theory of technological momentum is a useful alternative to technological determinism: similar in that it is time-dependent and focuses on technology as a force of change, but sensitive to the complexities of society and culture [66].

Technological potential is not necessarily social destiny [67]. However, in the case of LBS, it is plausible to expect it to create a shift in the way we live. We can already see this shift occurring in parents who monitor their children with LBS tracking devices, and in the easing of overcrowding in prisons through home imprisonment and parole programs using LBS monitoring.

As described previously, the threat of terrorist attacks has led the Australian Government to give itself extraordinary powers that never could have been justified previously. In this situation, LBS has enabled the electronic monitoring of suspicious persons; however, it is not the technology alone that acts as the impetus. Pre-emptive electronic tracking could not be put in place without LBS. Neither would it be tolerated without society believing (rightly or not) that it is necessary in the current climate.

The scenario also demonstrates that technology and society evolve at least partially in tandem. In Association, through the conversation between Scott and Janet, we learn that LBS tracking implants were not introduced simply because they were technically feasible. The reasons for their use were to reduce overcrowding in prisons and to mitigate the burden of criminals on the ordinary taxpayer. Social and economic factors, as well as technological ones, contributed to this measure being taken.

Although technology is not the sole factor in social change, and arguably not the most important, LBS are gaining momentum and are likely to contribute to a shift in the way we live. This can be seen both in the scenario and in real-life examples today. Throughout Control Unwired we can see LBS becoming an integral part of daily life. If this does happen, consideration must be given to what will happen if the technology fails – which it inevitably will. No technology is completely perfect. There are always shortcomings and limitations.

Examples of deficiencies in LBS technologies can be found scattered throughout the scenario. In Vulnerability, Kate appears to be over-reliant on LBS (why does she not simply call a taxi from her office before leaving?) and when the technology fails, it creates a potentially dangerous situation. Even more dangerous circumstances occur in Duplicity. Doug, a convicted sex offender, is able to break his curfew without anyone knowing. Perhaps measures could be implemented to stop such breaches from going undetected, but that would not stop them from happening altogether. One U.S. study found that about 75 percent of electronically monitored “walk offs” were re-apprehended within 24 hours [45]. That means a quarter went free for more than a day – plenty of time to commit other offences. And, although the offender may be caught and punished, it is difficult to remedy the damage done to an individual who is robbed or assaulted.

And no technology is completely fail-safe. Even electricity, a mainstay of daily life, can suddenly fail, with socially and economically devastating effects. Most of Auckland, New Zealand, went without power for five weeks during a massive blackout in 1998 [68]. A 1977 electricity outage in New York led to widespread looting, arson and urban collapse [69]. If we become as reliant on LBS as we have become on other technologies like electricity, motor vehicles, and computers, we must be prepared for the consequences when (not if) the technology fails.

Risk to the Individual Versus Risk to Society

Any technology can be expected to have both positive and negative effects on individuals and on the wider community. Emmanuel Mesthane of Harvard's former Technology and Society Program wrote: “[n]ew technology creates new opportunities for men and societies and it also generates new problems for them. It has both positive and negative effects and it usually has the two at the same time and in virtue of each other” [70]. From Table I, it is obvious that there is an inherent trade-off between the interests of the individual and the interests of society as a whole: the privacy of the individual is in conflict with the safety of the broader community. As G.T. Marx reflects, “[h]ow is the desire for security balanced with the desire to be free from intrusions” [71]? This work is certainly not the first to allude to this issue. For example, Kun has said that “perhaps one of the greatest challenges of this decade will be how we deal with this theme of privacy vs. national security” [72].

Table I  Positives and negatives of LBS for different user types

Table I Positives and negatives of LBS for different user types

The original contribution of this article is that the dilemma has been related specifically to LBS, under the privacy-security dichotomy [73]. Here, each side of the dichotomy is divided into three key components that combine to greatly magnify risk. Removing one or more components for each set decreases the privacy or security risk. Where more elements are present in conjunction, the risk is increased.

Significant privacy risk occurs when the following factors are present (Fig. 1):

Fig. 1 Privacy Risk

Fig. 1 Privacy Risk

  • Omniscience — LBS tracking is mandatory, so authorities have near-perfect knowledge of people's whereabouts and activities.

  • Exposure — security of LBS systems is imperfect, leaving them open to unauthorized access.

  • Corruption — motive exists to abuse location-related data. This includes unauthorized or improper changes, thus compromising content integrity.

It is not difficult to see why the danger in this privacy-risk scenario is so great. A nation with “all-knowing” authorities means that a large amount of highly sensitive information is stored about all citizens in the country. Security of electronic systems is never foolproof. And, where there is something to be gained, corrupt behavior is usually in the vicinity. The combination of all three factors creates a very serious threat to privacy.

Significant security risk occurs with the following conditions (Fig. 2):

  • Limitedness — authorities have limited knowledge of people's activities.

  • Vulnerability — security of individuals and infrastructure is imperfect.

  • Fraudulence — motive exists to commit crimes.

Fig. 2 Security Risk

Fig. 2 Security Risk

This security-risk dimension is a life situation that people have to contend with in the present day: limitedness, vulnerability, and fraudulence. Law enforcement authorities cannot be everywhere at once, nor can they have instant knowledge of unlawful activity. Security of infrastructure and people can never be absolute. In addition, there are always individuals willing to commit crimes for one reason or another. These factors merge to form a situation in which crimes can be committed against people and property relatively easily, with at least some chance of the perpetrator remaining unidentified.

As mentioned above, the security-risk half of the dichotomy typifies our current environment. However, the majority of society manages to live contentedly, despite a certain level of vulnerability and the modern-day threat of terrorism. The security-risk seems magnified when examined in the context of the LBS privacy-security dichotomy. LBS have the potential to greatly enhance both national and personal security, but not without creating a different kind of threat to the privacy of the individual. The principal question is: how much privacy are we willing to trade in order to increase security? Is the privacy-risk scenario depicted above a preferable alternative to the security-risk society lives with now? Or would society lose more than it gains? And how are we to evaluate potential ethical scenarios in the context of utilitarianism, Kantianism, or social contract theory?

Major Implications

The issues of control, trust, privacy and security are interrelated (Table II). As discussed above, increased control can impair or even destroy trust; i.e., there is no need to be concerned with trusting someone when they can be monitored from afar. In contrast, increased trust would normally mean increased privacy. An individual who has confidence in another person to avoid intentionally doing anything to adversely affect them, probably does not feel the need to scrutinize that person's activities.

Table II  Unanswered questions in LBS

Table II Unanswered questions in LBS

Privacy requires security as well as trust. A person's privacy can be seriously violated by a security breach of an LBS system, with their location information being accessed by unauthorized parties. The other effect of system security, however, is that it enhances control. A secure system means that tracking devices cannot be removed without authorization, therefore, control is increased. Of course, control and privacy are mutually exclusive. Constant monitoring destroys privacy, and privacy being paramount rules out the possibility of LBS tracking. These relationships are summarized in Fig. 3.


The most significant implication of the work presented here is this: the potential for LBS to create social change raises the need for debate about our current path and consideration of future probabilities. Will the widespread application of LBS significantly improve our lives? Or will it have negative irreversible social effects?

Technological progress is not synonymous with social progress. Social progress involves working towards socially desirable objectives in an effort to create a desirable future world [65]. Instead of these lofty ideals, technological progress is based on what is technically possible. However, there is a difference between what can be done and what should be done – the relentless pursuit of technological advancement for its own sake is arguably a pointless exercise. Do we really need more electronic gadgets in our daily lives? As Kling states:

“I am struck by the way in which the news media casually promote images of a technologically rich future while ignoring the way in which these technologies can add cost, complexity, and new dependencies to daily life” [74].

In the Association section of the scenario, Janet's comment about Alice's Adventures in Wonderland can be seen as more than just a superficial remark. In the book, Alice has the following conversation with the Cat:

“Would you tell me, please, which way I ought to go from here?”
“That depends a good deal on where you want to get to,” said the Cat.
“I don't much care where—” said Alice.
“Then it doesn't matter which way you go,” said the Cat [75].

Martin Gardner says that John Kemeny, author of A Philosopher Looks at Science, compares Alice's question and the Cat's answer to the “eternal cleavage between science and ethics” [75]. The same could be said of LBS technologies and possible future applications. New technologies provide exciting opportunities, but human decision-making based on social and ethical considerations is also needed in determining the best path to follow. Technology merely provides us with a convenient way to reach the destination. Without a sense of direction, where might we find ourselves? And where is the logic behind a “directionless” destination? There is clearly a serious need for thought and discussion about how we want LBS to be used in the wider context of its potential application.

Besides developing a sense of purpose for the use of LBS, we need to examine very carefully the possibility of the technology having unintended side effects such as the breakdown of trust and abuse of its application. Certainly, the potential effect of unplanned consequences should not be underestimated. According to Jessen:

“The side effects of technological innovation are more influential than the direct effects, and they have the rippling effect of a pebble hitting water; they spread out in ever enlarging concentric circles throughout a society to transform its behavior, its outlook, and its moral ethic” [76].

Of course not all secondary effects can be foreseen. However, this does not mean that deliberating on the possible consequences is without some genuine worth. Surely some form of preparation to deal with adverse outcomes, or at least to notice them before they become irreversible, is better than none at all.

The scenario Control Unwired has demonstrated the potential of LBS to create social change. It has also shown that the use of LBS may have unintended but long-term adverse effects. For this reason the major recommendations are cross-disciplinary debate and technology assessment using detailed scenario planning. We need to critically engage with LBS, its potential applications, and possible side-effects instead of just blindly hurtling along with the momentum of technology-push.


1. J. E. Jacobs, "Social implications of computers: ethical and equity issues", ACM Outlook, pp. 100-114, 1988.

2. C. Huff, "Practical guidance for teaching the social impact statement", ACM CQL, pp. 86-89, 1996.

3Cases on Engineering Ethics Practice, Oct. 2006, [online] Available: eng/cases.html.

4. A. Ghafarian, "Integrating ethical issues into the undergraduate computer science curriculum", ACM CCSC - JCSC, vol. 18, no. 2, pp. 180-188, 2002.

5. J. A. Rohn, "Usability in practice: Alternatives to formative evaluations — Evolution and revolution", CHI 2002, pp. 891-897, 2002.

6. R. G. Epstein, The Case of the Killer Robot, NY, New York:Wiley, 1997.

7. R. G. Epstein, "Stories and plays about the ethical and social implications of artificial intelligence", Intelligence, pp. 17-19, 2000.

8. R. G. Epstein, "Latest developments in the killer robot computer ethics scenario", ACM SIGCSE, pp. 111-115, 1995.

9. R. G. Epstein, "In-depth! The Silicon Valley Sentinel-Observer’s public affairs NetTV program presents: Toxic knowledge", Proc. Ethics and Social Impact Component on Shaping Policy in the Information Age, pp. 86-91, 1998.

10. J. M. Artz, "The role of stories in computer ethics", Computers and Society, pp. 11-13, 1998.

11. M. Lindgren, H. Bandhold, Scenario Planning: The link between future and strategy, NY, New York:Palgrave-Macmillan, pp. 21, 2003.

12. J. P. Martino, "A review of selected recent advances in technological forecasting", Technological Forecasting and Social Change, vol. 70, no. 8, pp. 719-722, 2003.

13. M. Godet, "The art of scenarios and strategic planning: Tools and pitfalls", Technological Forecasting and Social Change, vol. 65, no. 1, pp. 3-11, 2000.

14. M. Lindgren, H. Bandhold, Scenario Planning: The link between future and strategy, NY, New York:Palgrave Macmillan, pp. 38-168, 2003.

15. P. Hogan, On Interpretation: Meaning and Inference in Law Psychoanalysis and Literature, GA, Athens:Univ. of Georgia, pp. 9, 1996.

16. K. Michael, M. G. Michael, "Microchipping people: The rise of the Electrophorus", Quadrant, vol. 49, no. 3, pp. 22-33, 2005.

17. S. Žižek, "Cyberspace or the unbearable closure of being" in Endless Night: Cinema and Psychoanalysis Parallel Histories, CA, Berkeley:Univ. of California Press, pp. 92-102, 1999.

18. G. Aquino, "Dialled in: GPS cell phones", PC World, Mar. 2004, [online] Available: http://www.,115273-page,1/article.html, accessed.

19CF Card GPS for PDA’s, Sept. 2005, [online] Available:

20Agis develops real time location service for savvy mobile phone users, Apr. 2005, [online] Available: http://www.

21How GPS Works, Sept. 2005, [online] Available: http://www.trimble. com/gps/whygps-anim00.shtml.

22. S. Dooley, P. Gough, "Software integration lowers the cost of A-GPS", Wireless-Web, 2005, [online] Available:, accessed.

23. N. Pikabea, GPS for taxis, May 2004, [online] Available: http://innovations report. de/html/berichte/kommunikation_medien/beri cht29210.html, accessed.

24. B. Gates, The Road Ahead, NY, New York:Viking, pp. 218-219, 1995.

25Silent Commerce Chips Away at Star City Casino Wardrobe Worries, [online] Available: http:// ccesses/StarCityCasino.htm.

26TAGSYS RFID Products, Sept. 2005, [online] Available: rfid/tagsys_produit/rfid_tag-4-1-1.html, accessed.

27. K. J. Lin, T. Yu, C. Y. Shih, "The design of a personal and intelligent pervasive-commerce system architecture", Proc. Second IEEE Int. Workshop on Mobile Commerce and Services, pp. 163, 2005.

28. M. Cable, The award-winning Flat Screen InvisiSound Mirror Frame makes home theater audio and video disappear, CA, Brisbane:Monster Press Room, Jan. 2005, [online] Available: http://

29. G. McArthur, "Videoconferencing over IP - The switch is on", Business Communications Rev., Sept. 2004, [online] Available: 2004/09/p62.php.

30. M. Madou, BioMEMS/BioNEMS: Research in the laboratories of Marc Madou, 2003, [online] Available: df.

31. H. Brøseth, H. C. Pedersen, "Hunting effort and game vulnerability studies on a small scale: A new technique combining radio-telemetry GPS and GIS", J. Applied Ecology, vol. 37, no. 1, pp. 182, 2000.

32. C. S. Miner, "Digital jewelry: Wearable technology for everyday life", CHI '01 Extended Abstracts on Human Factors in Computing Systems, pp. 45, 2001-Mar.

33Wherify's GPS Wherifone, Sept. 2005, [online] Available:

34GPS Marine Tracking Systems / Vessel Tracking, Sept. 2005, [online] Available: http:// king-systems/Marine-Tracking/marine-tracking.html.

35.J. Dodd, "Parents & technology: The Wherify GPS personal locator offers help but fails to protect", General Computing, vol. 15, no. 2, pp. 35, 2004.

36Job Guide, 2005, [online] Available: =615&state_id=NSW.

37Electronic Monitoring, 1996, [online] Available: http://www.

38Applied Digital Solutions Announces Working Prototype of Subdermal GPS Personal Location Device, 2003, [online] Available:

39NSWLRC Report: Sentencing, Oct. 2006, [online] Available:

40. D. Brown, D. Farrier, S. Egger, L. McNamara, Criminal Laws, NSW, Leichhardt:Federation, 2001.

41Discretionary Parole, 2002, [online] Available: http://www. ole.htm.

42. D. Sugg, L. Moore, P. Howard, Electronic monitoring and offending behavior: reconviction results for the second year of trials of curfew orders, 2001, [online] Available: http://www.probation.[1].pdf.

43Electronic Monitoring, 2004, [online] Available:

44Chapter 7: Parole, 1996, [online] Available:, accessed.

45Keeping Track of Electronic Monitoring, 1999, [online] Available: Elec-Monit.pdf.

46Parole Sex Offenders and Rehabilitation Programs, 2003, [online] Available: Offenders_Note.pdf, accessed.

47. S. J. Lee, J. F. Edens, "Exploring predictors of institutional misbehavior among male Korean inmates", Criminal Justice and Behavior, vol. 32, no. 4, pp. 412-414, 2005.

48. "Terror tape targets Melbourne", The Australian, Sept. 2005.

49. K. Michael, A. Masters, "The advancement of positioning technologies in defense intelligence" in Applications of Information Systems to Homeland Security and Defense, U.K., London: IDG Press, pp. 193-201, 2005.

50. A. M. Piehl, B. Useem, J. J. DiIulio, Right-sizing justice: A cost-benefit analysis of imprisonment in three states, 1999, [online] Available: cr_8.htm, accessed.

51. J. Scheeres, "Tracking Junior with a microchip", Wired News, 2003, [online] Available: http://www.,1282,60771,00. html, accessed.

52. M. Millanvoye, "Teflon under my skin", UNESCO, 2001, [online] Available:

53. Computers Ethics and Society, NY, New York:Oxford Univ. Press, pp. vi, 2002.

54. E. Adler, J. L. Bachant, "Intrapsychic and interactive dimensions of resistance: A contemporary perspective", Psychoanalytic Psychology, vol. 15, no. 4, pp. 451-454, 1998.

55. N. Gilmore, "PM defends anti-terrorism laws", Lateline, 2005, [online] Available: lateline/content/2005/s1456384.htm.

56. "Terror laws shouldn't go overboard: Evans", The Sydney Morning Herald, 2005, [online] Available: http:// 1127586836368.html?from=moreStories.

57. M. Wilkinson, "Powers pave way for secret new world", The Sydney Morning Herald, pp. 1-6, Sept. 2005.

58. J. Kerr, "House arrest for terror suspects", The Sydney Morning Herald, pp. 1, Sept. 2005.

59. H. E. Marano, "Trust someone again", Psychology Today, vol. 31, no. 4, pp. 7, 1998.

60. T. Mizrahi, "How can you learn to trust again", Psychology Today, vol. 35, no. 2, pp. 12, 2002.

61. J. A. Perolle, "Computer-supported cooperative work" in Computers Surveillance and Privacy, MN, Minneapolis:Univ. of Minnesota Press, pp. 47-59, 1996.

62. J. Weckert, "Trust and monitoring in the workplace", Proc. IEEE International Symposium on Technology and Society, pp. 245, 2000.

63. J. Lipscombe, B. Williams, Are Science and Technology Neutral, U.K., Manchester:Univ. of Manchester, pp. 19, 1979.

64. L. Winner, Autonomous Technology: Technics-out-of-Control as a Theme in Political Thought, MA, Cambridge:M.I.T. Press, pp. 76, 1977.

65.E. Braun, Futile Progress: Technology's Empty Promise, U.K., London:Earthscan, pp. 21, 1995.

66. T. P. Hughes, Technological momentum in Does Technology Drive History?, MA, Cambridge:M.I.T. Press, pp. 101, 1994.

67. D. Lyon, Surveillance Society: Monitoring Everyday Life Berkshire, U.K.:Open Univ. Press, pp. 23-24, 2001.

68. "Power outage hits Auckland hours after crisis declared over", CNN World News, 1998, [online] Available: auckland.outage/.

69. K. Westcott, "New York's good and bad blackouts", BBC News, 2003, [online] Available:

70. P. Bereano, "Technology is a tool of the powerful" in Computers Ethics and Society, NY, New York:Oxford Univ. Press, pp. 85, 2003.

71. G. T. Marx, Undercover: Police Surveillance in America, U.K., Berkeley:Univ. of California Press, 1988.

72. L. G. Kun, "Homeland security: the possible probable and perils of information technology", IEEE Engineering in Medicine and Biology, vol. 21, no. 5, pp. 28-33, 2002.

73. L. Perusco, K. Michael, M. G. Michael, "Location-based services and the privacy-security dichotomy", Proc. Third Int.Conf. on Mobile Computing and Ubiquitous Networking, 2006.

74. R. Kling, "The seductive equation of technological progress with social progress" in Computerization and Controversy: Value Conflicts and Social Choices, MA, Boston:Academic, pp. 22-23, 1996.

75. The Annotated Alice, NY, New York:Penguin, pp. 88, 1970.

76. P. Jessen, Technology Assessment: Creative Futures, MI, Ann Arbor:Univ. of Michigan Press, pp. 245-246, 1980.


The authors would like to acknowledge the significant contribution of Dr. M.G. Michael, Honorary Fellow at the School of Information Systems and Technology at the University of Wollongong and a member of the IP Location-Based Services Research Program.


Privacy, Security, Ethics, Technological innovation, Social implications of technology, Animals, Mission critical systems, Radio frequency, Radiofrequency identification, Uncertainty, security of data, data privacy, mobile computing, privacy-security dichotomy, location-based services, scenario planning, security risk, privacy risk

Citation: Laura Perusco, Katina Michael, "Control, trust, privacy, and security: evaluating location-based services", IEEE Technology and Society Magazine, Vol. 26, No. 1, Spring 2007, pp. 4 - 16.

The Auto-ID Trajectory - Chapter Ten: Conclusion

The principal conclusions from the findings given in chapter nine are threefold. First, that an evolutionary process of development is present in the auto-ID technology system (TS). Incremental steps either by way of technological recombinations or mutations have lead to revolutionary changes in the auto-ID industry- both at the device level and at the application level. The evolutionary process in the auto-ID TS does not imply a ‘survival of the fittest’ approach,[1] rather a model of coexistence where each particular auto-ID technique has a path which ultimately influences the success of the whole industry. The patterns of migration, integration and convergence can be considered either mutations or recombinations of existing auto-ID techniques for the creation of new auto-ID innovations. Second, that forecasting technological innovations is important in predicting future trends based on past and current events. Analysing the process of innovation between intervals of widespread diffusion of individual auto-ID technologies sheds light on the auto-ID trajectory. Third, that technology is autonomous by nature has been shown by the changes in uses of auto-ID; from non-living to living things, from government to commercial applications, and from external identification devices in the form of tags and badges to medical implants inserted under the skin.

Read More