Privacy, Value and Control Issues in Four Mobile Business Applications

Abstract

This paper presents four case studies that explore the adoption and acceptance of mobile technologies and services within the context of the privacy-value-control (PVC) trichotomy. The technologies studied include: the mobile phone, electronic toll payment tags, e-passports, and loyalty card programs. The study shows that despite the potential barriers to adoption in each of the depicted cases, the applications were embraced with great success soon after their introduction. An understanding of why these mobile innovations succeeded in spite of the concerns surrounding them will serve to help practitioners understand other issues currently plaguing emerging technologies like radio-frequency identification (RFID) tags and transponders. The contribution of this paper is not only in its usage of secondary sources to support case development and subsequent cross-case analysis but on the importance of emphasizing the value proposition to the consumer to ensure the success of an innovation. The PVC trichotomy emphasizes the need to harmonize privacy, value and control.

Section 1. Introduction

Surrounding the invention of every new information and communication technology (ICT) are a myriad of challenges that need to be resolved so that the innovation will not fall by the wayside. For example, some technologies face technical limitations, while others face consumer backlash. This paper uses a new paradigm to investigate mobile innovations- the privacy-value-control trichotomy. While themes of privacy and control have been addressed in the literature, the value proposition of a given service has only been considered within a business context. The four mobile business applications explored in this investigation include location-based services (LBS), e-tollway, e-passport and loyalty programs. In each case the key research issues are identified and discussed. The main question asked is why innovations that have endured such difficult beginnings- in terms of consumer acceptance- have gone on to become engrained in our everyday lives.

Section 2. Definitions

The concept of value is an all-encompassing term which references the value proposition a technology or service affords the end user. Whilst many analyze technologies in terms of benefits or simply convenience, the value proposition is an equation of all the positive factors that interest the individual. It can include cost savings, time reductions, efficiency, personalization, safety and security, as well as convenience and other tangible and intangible benefits. All the case studies that will be discussed in this paper provide some form of value to the end user. Understanding this value is critical in examining how it affects acceptance given the inherent privacy threats that the technology may impose. Privacy refers to the information privacy needs of consumers. Of primary concern in regard to RFID usage in retail, is the collection of personal information that pertains to consumer shopping preferences, actions and behavior. It is the collection, use and disclosure of this information, particularly when it may be incorrect or unverified, to track and monitor individuals without their awareness or express approval, that is commonly recognized as one of the most prominent threats. This privacy concern is similar across all the case studies to be explored in this paper, which will again provide an important platform for assessing how value and privacy is related. Finally, the dimension of control is another important variable in consumer acceptance of technologies. It relates to the individual's ability to control the information that is collected and stored by the technology or its ability to record, track or identify that individual's actions. The level of control that is provided either inherently through the technology or by the service provider, whether that be perceived or real, is seen as an important element that, when combined with the value proposition, can affect consumer acceptance. Interestingly, the case studies to be discussed all provide different means or levels of control in regard to end users and their privacy.

2.1 Key works

There was a scarcity of holistic qualitative and quantitative studies for review. Studies either addressed privacy, value and control separately, or no more than two of these concepts [1][2][3][4][5]. Key quantitative studies reviewed for this work are shown in Table 1, alongside the respective key outcomes.

Table 1. Key quantitative study outcomes

Study/Outcome

(Günther & Spiekermann, 2005; Spiekermann, 2005)/ Regardless of which privacy-enhancing technologies are used, fear remains.

(Roussos & Moussouri, 2004)/ Consumers understood the value proposition but were still concerned about privacy implications.

(Ng-Kruelle, Swatman, Hampe & Rebne, 2006)/ Cultural dimensions affect the way in which consumers view the privacy threat.

(Ng-Kruelle, Swatman, Rebne & Hampe, 2002)/ Consumers feel a lack of control over the technology and a great power distance.

Section 3. Case 1: Mobile phone

Cellular coverage is now accessible by 80 percent of the world's population of over six billion, and over 90 percent will have coverage by 2010 [6]. The actual number of mobile phone users is estimated to be around 1.8 billion, which equates to a global penetration rate of nearly 28% [7]. In developing countries where mobile communications allow them to “leapfrog” traditional wired telephony networks, growth rates are staggering. Between 1998 and 2003, mobile phone usage exploded in Africa by 5000% [8]. Similarly, India and China are now being viewed as potential “cash cows” for the industry, where the sheer number of potential subscribers is seen as a highly lucrative source of growth [9]. In many developed regions, mobile penetration exceeds the population, the greatest example shown by Luxembourg where mobile penetration is at 151.61%, although figures around 90% to 100% are more common [10]. Taking into account young children, penetration rates of around 80% would still equate to a clear majority of adults using mobile services. Even in developing countries, reports have shown that penetration rates are stabilizing at around 80–85% [11].

3.1 Convenience-communications on the go

The value proposition of the mobile phone extends from the convenience offered by its inherent mobility. Its ability to provide location-based, and even location-aware services, enabling rich communication not confined to a single location, affords individuals great power and convenience. Without being tied to a landline, or to a computer, users can communicate in a multitude of ways with others, on the move in a completely seamless fashion. Furthermore, new technologies such as 3G mobile services are further positioning mobile phones as extremely powerful mobile computing devices.

3.2 Location ID & the threat of interception

In a study conducted by Häkkilä and Chatfield [12] regarding perceptions of mobile phone privacy, it was shown that over 82% of respondents considered their mobile phone a “private device.” The mobile phone presents a number of unique privacy threats, yet interestingly, as indicated by the aforementioned statistic, such privacy threats are seldom considered by end users [13]. Richtel [14]explains how many citizens in the U.S. are completely unaware that government authorities can track their movements by monitoring the signals that are emitted from the handset.

In 1994, as O. J. Simpson infamously fled down a Los Angeles freeway, he was talking on his mobile phone, and engineers were able to use his mobile signal to triangulate his position and direct police to his location [15]. By 1996, the U.S. Federal Communications Commission (FCC) had mandated as part of the E-911 initiative that by 2001 mobile carriers must be able to identify the location of a caller with reasonable accuracy. In the United Kingdom, tracking records for mobile phones must be retained by providers for at least two years and be available to law-enforcement agencies when required [16]. Whilst the intended use of such tracking information is deemed valuable for emergency or law enforcement purposes, it is also seen that such data opens the door for mobile phone providers to unleash a multitude of location-based services that take advantage of knowing exactly where consumers are located or to generate patterns which represent their typical movements. As most mobile phone users generally carry their phone on them at all times, Charny [17] describes the potential to create a highly lucrative market on emerging services whereby providers can know the exact locations of millions of subscribers at any given time.

There are a number of methods that can be used to track mobile phone users. The first such method [18] is “network based,” and involves the triangulation of signals by using a number of fixed cellular base-stations. Such a system however can be impractical for wide-scale usage due to bandwidth constraints, and furthermore the accuracy of this method is greatly affected by cell size, which in rural areas in particular can be too great to provide reasonable accuracy. Nonetheless, newer 3G mobile networks can provide location information at even finer granularity than before [19]. Another method involves the use of GPS, a feature which many phones are now incorporating. According to Best [20], leading manufacturer Nokia has already stated that the incorporation of GPS into mobile phones will soon be as “ubiquitous as the camera phone.” Unlike cell-based triangulation, GPS provides greater accuracy and can operate independent of the phone itself, meaning that location information could be obtained even if the phone is not in use. Many services are now being offered around the world allowing individuals to track a mobile phone that is GPS-enabled via the Internet. Such services are typically positioned to parents who wish to monitor their children's activities or to employers who want to track where their mobile employees are [14]. Consider the case of teacher John Halpin who was given a mobile phone by the Department of Education which incorporated a GPS tracking device, and who was later fired from his position after records revealed inconsistencies with the times he had been lodging, showing that he was leaving work earlier than stated [21].

The mobile phone also presents other privacy concerns in regard to the interception of signals by third parties. Whitaker [15] describes how commercially available mobile phone listening devices can record multiple conversations and locate the geographical position of callers at the same time. Importantly, he emphasizes that whilst such products are marketed and sold to government agencies and telecommunications companies, they can easily find their way into the hands of unscrupulous individuals who can use them against unsuspecting mobile phone users. Many security experts will openly acknowledge that all wireless communications are inherently flawed, as there will always be the potential for some degree of interception [22].

3.3 Control maintained by opting out

Theoretically, users can exercise control over other parties tracking their location by simply turning off their phone. However, in doing so, they prevent access to the phone's features which provide the value in the first place. Given the high penetration rates of mobile phones throughout the world, it would seem that the potential for unwanted third parties to track a mobile phone's location or to intercept the signals transmitted by the phone is far outweighed by the value the technology offers and its apparent “necessity” for living in the modern world. In the case of the U.S., access to mobile phone tracking data is not openly accessible to any third parties. Even law enforcement agencies must apply for court permission and demonstrate “probable cause” that a crime is being committed before such information will be released by the phone operators [13]. Whilst such controls are put in place to protect the privacy of individuals, it is still important to recognize that where the technology provides the capability, it will almost always be exploited in some way by unscrupulous people [15]. Furthermore, with such a massive market of mobile phone users who increasingly possess ever more sophisticated mobile handsets, the potential of offering location-based services will most certainly prevail as consumers once again become lured by the value such services would provide [23].

Section 4. Case 2: Electronic toll collection

Electronic toll collection (ETC) systems are now widely deployed in most countries throughout the world and are the cornerstone for Intelligent Transportation Systems (ITS). One of the first such systems was implemented in Trondheim, Norway by the Q-Free company in 1988 [24]. International ETC examples include: TollTrax in India, Hi-Pass in South Korea, Autotoll in Hong Kong, E-Pass in Manila, Telepass in Italy, Eazy Pass in Ireland, AutoPASS in Norway, E-ZPass in north-east USA, and the e-Tag in Australia [25]. It would seem that RFID-powered toll collection systems are making their way to freeways and cities as an effective solution to the ever-increasing congestion problem and the necessity to fund new roads through the collection of tolls. By 1996 alone, there were already several thousand ETC-equipped lanes throughout the U.S., Europe and Japan [26].

An ETC system typically involves the use of an RFID powered tag which is placed on an individual's vehicle. As the vehicle passes through a toll plaza, RFID readers mounted above the road identify the individuals through the RFID tag and will then typically deduct the toll amount from their accounts [27][28]. RFID allows the system to operate such that drivers do not necessarily have to slow down, and can even maintain highway speeds with the tag still being read accurately. Advances in technology have also facilitated the ability to read tags and deduct tolls even in multi-lane free-flow situations; that is where cars are not restricted to staying in a single lane and are free to change lanes as required [26][29]. Furthermore, such a system can also accurately identify vehicles even in dense traffic without requiring direct visibility to the license plate as some vehicle-recognition systems require [28].

4.1. No need for cash and less traffic

Historically, toll payment involved an individual stopping their vehicle to pay a collector or place cash into an automated collection machine which ultimately resulted in congestion [26]. The key value proposition that electronic toll collection systems offer is convenience and time saving. Such a system eliminates the burden to have cash available to make toll payments and provides individuals and corporations the convenience of an account which can provide better tracking of toll expenditure with more convenient payment options [30]. In regard to time savings, traffic flow is greatly improved and congestion reduced [27]. Furthermore, ETC systems have also been shown to significantly reduce environmentally harmful emissions at toll-collection points by as much as 63 percent [24]. Toll operators themselves have seen great value in ETC as a means of increasing throughput, generating additional revenue, reducing operating costs, and improving the level of customer service to road users [25].

4.2 Function creep and the loss of anonymity

The electronic tag which an individual places inside their vehicle typically contains at least a unique identification number which allows the toll system to identify and subsequently charge that individual [25]. In some installations, the tag may contain further information such as license details, the account holder's name, account details and tag balance. Whereas cash payment in the past provided almost complete anonymity, electronic toll collection systems have opened up the possibility of tracking individuals' movements by monitoring the locations and times when the electronic tag is used [31]. In some countries where toll roads are common and such systems are widespread, drivers' actions can be inferred in great detail simply by monitoring their toll payment activities. Caldwell [29] highlights two potential privacy concerns with regard to electronic toll collection. The first is illegitimate use of drivers' personal information regarding their payment details, movement and driving habits that could be accessed if electronic records are compromised through a “cyber-break-in.” This was demonstrated when the New Jersey Turnpike electronic toll collection system was “hacked” in 2000 by a programmer who worked on the system [32]. He was successfully able to view account details and usage information for users of one of the largest ETC systems in the United States [31].

The second potential concern is legitimate use of such information by government authorities or road operators who wish to monitor driving patterns and behavior of motorists. This could extend to include other potential uses such as traffic surveillance in regard to monitoring driver speeds and stolen vehicles [24]. Court cases in the U.S. have already demonstrated the potential for toll-tracking information to be used to verify an individual's whereabouts and movements. The conviction against a nurse in New Jersey, who was accused of murdering her husband, was aided by E-ZPass toll records which verified to prosecutors where she had been, and when [33]. In another example, 30 New York police detectives were reportedly re-assigned after E-ZPass toll records suggested they were making false overtime claims based on their driving behavior [34].

4.3 Towards mandatory electronic collection

In some installations, cash payment options still operate in tandem with electronic toll payment. It is becoming increasingly common, however, for electronic toll collection systems to become the de facto means by which individuals can make their toll payment. Studies show that for maximum efficiency, ETC systems provide greatest benefit when used in isolation, as opposed to hybrid systems which allow traditional payment mechanisms [26]. It is becoming inherently mandatory for individual's to install an electronic tag in their vehicle if they wish to use particular routes or avoid paying higher toll prices if they pay by cash [33]. Ultimately in the case of electronic toll collection systems, it is apparent that convenience is winning out over potential privacy threats. For both toll road operators and users, this is highlighted by the high growth rates in ETC usage around the world [25].

With an ever-increasing base of tag users, the potential for privacy misuse will become more apparent over time. As road operators see value in monitoring individual driver behavior, to forecast or evaluate traffic patterns for instance, individual driver tracking may become more prevalent. It should be noted, however, that regulatory efforts in many countries can still protect ETC users with regard to the usage of their personal information. In Australia, for example, the Australian Standard AS/4721–2000, Personal Privacy Practices for the Electronic Tolling Industry attempts to address privacy issues by applying the ten National principles for the handling of personal information [35]. This standard explicitly recognizes the potential commercial use of such toll information and allows for such usage provided that the data is “de-identified” and made anonymous to protect individuals from identification [34].

Section 5. Case 3: e-Passports

For centuries, passports have been used as a standard means of providing diplomatic protection and identification of the bearer when traveling through borders and into foreign jurisdictions [36]. The passport in the form we know today is the result of conferences held following the First World War in 1920 which sought to standardize passport and visa standards for all member states of the League of Nations (later The United Nations) [35]. Passport standards have been administered by the International Civil Aviation Organization (ICAO) since 1944. Passports, which are referred to by the ICAO as Machine Readable Travel Documents, will typically contain information such as an individual's full name, nationality, place of residence, place of birth and date of birth, with a mandatory full-color photograph. Their “machine readable” capability comes from the inclusion of a two-line machine readable zone (MRZ) of characters in Optical Character Recognition-B style that incorporates key information from the passport in a manner that can be easily recognized by a machine [37].

RFID-enabled passports, which have also been termed e-Passports or biometric passports, possess all the same information, but in digital form. This includes a digitized photograph of the individual which can be used to enable biometric comparison through facial recognition [38][39][40]. It is this facial recognition that is the only mandatory, globally interoperable biometric for individual identification purposes [41]. Although ICAO standards for passports also allow for iris or fingerprint data to be used as well, this is at present optional [37][42]. The development of the e-Passport has also resulted in the development of standards which support a worldwide Public Key Infrastructure (PKI). Public Key Cryptography is utilized in e-Passports to encrypt the data contained within the RFID chip [40]. Digital signatures produced by the issuing country ensure the validity, authenticity and integrity of data stored in the RFID chip and thus theoretically prevent against fraudulent modification, copying or access [40].

5.1 Greater national security

The drive towards e-Passport adoption was spurred directly by the United States and the ICAO. In 2002 the U.S. mandated through the Border Security and Visa Entry Reform Act 2002, that countries participating in their Visa Waiver Program must have provisions in place by October 2004 to comply with the biometric and document identification standards established by ICAO in 2003 [38]. This deadline was extended to October 2006 after significant delays caused by revisions to the e-Passport's design [38]. It is important to note, however, that moves towards biometrics to enable more effective, automated verification of individuals was already progressing long before the e-Passport was given an impetus to introduction. The INSPASS system was introduced into the United States in the late 1990s as a means of allowing frequent visitors to the country unattended, automated entry through the use of biometrics to verify identity [43]. Whilst the system was discontinued in 2002, it bears a striking similarity to much of the same value governments and the ICAO have promoted with the e-Passport.

The value proposition of the e-Passport is typically couched in terms of security and convenience. Common claims include the e-Passport's ability to allow automated identity verification, faster immigration inspections, and greater border protection and security [44]. Whilst it is intended that passports will still be read by human personnel to verify the information, some countries such as Australia have already announced plans to provide self-service kiosks. The technology to be used in Australia, referred to as SmartGate, has already undergone successful trials in 2005 and is to commence operation in international airports around the country in the near future [45]. Such technology, if implemented in airports around the world, would allow much quicker processing times of passengers for travelers entering the country (Australia Customs Service, 2007). Many countries, including the UK, have already begun work on similar systems [46].

The greatest value of the e-Passport as stressed by most issuing authorities is the enhancement to security they are purported to provide through the digital storage of passport information [38]. Certainly, given the current level of importance placed on national security, governments have been keen to push this technology as a means of providing more stringent monitoring of individuals entering and exiting the country. The use of biometric information, it is claimed, will greatly aid in countering identity fraud which had become a major issue with traditional passports [41].

5.2 The risk of identity theft and civil rights

The privacy concerns surrounding e-Passports are primarily related to the ability to access passport information without contact, a capability afforded by the use of RFID to store the passport's data contents. It is this potential for surreptitious access, perhaps by a criminal attempting to commit identity fraud that has caused much controversy over e-Passport adoption [47]. Potential misuse by the government is particularly evident in the controversial USA PATRIOT Act introduced just 43 days after 11 September, 2001 whereby the U.S. Federal Bureau of Investigation was given authority to seize personal information without notifying the individual concerned [48]. It is theoretically possible for governments to use such acts in order to link passport biometric databases with other surveillance mechanisms to monitor individuals without their awareness [47]. Juels, Molnar and Wagner [49] identify six key areas of concern regarding privacy and e-Passports: clandestine scanning, clandestine tracking, skimming and cloning, eavesdropping, biometric data leakage and cryptographic weaknesses. Juels [50] also notes the threat of function creep. He explains how over time, consumer demands for convenience may give way to e-Passports being used as authenticators for a range of consumer transactions. Such a move, it is feared, could undermine or erode the data-protection measures that have been incorporated to protect privacy and furthermore spread such identification information amongst more widely divergent systems [48].

Given the global reach of e-Passport initiatives, there has understandably been much concern raised over such privacy issues. Civil rights campaigners in particular stress how such e-Passport developments have created the potential for a global database containing biometric information for over a billion people [51]. Interestingly, in development of the U.S. passport, open comments by citizens revealed that of over 2300 responses, 98.5 percent received were negative, and 86 percent were explicitly concerned about privacy [38]. Nonetheless, the U.S. e-Passport initiative has proceeded, and as of 2006, over 13 million e-Passports had been issued [52]. Globally, it is reported that over 50 million e-Passports have been issued, which again emphasizes that despite the privacy concerns, the technology has undoubtedly been deployed “successfully” [53].

The media has also been quick to highlight potential failures with the technology, demonstrated by the exposure given to Lukas Grunwald who successfully cloned the U.S. e-Passport and then dumped the contents onto an ordinary contactless smart card [54]. A further threat was also exposed by Kevin Mahaffey and John Hering who demonstrated how an explosive device connected to an RFID reader could be triggered when a U.S. citizen carrying an e-Passport came within reach of the reader [53].

5.3 Total State control

Given the mandatory nature of passports there is very little individuals can do to avoid using one for traveling abroad. As most countries are now issuing e-Passports, there is also no option for individuals to request a non-RFID passport. There is also little an individual can do to control how government authorities access and use the information on the passport when they are entering a foreign country. However, beyond the border control point, individuals concerned about the privacy threats mentioned earlier can still retain some control over their e-Passport by ensuring they manage it carefully. Companies such as Paraben have already begun marketing “strong hold bags”, which are essentially Faraday cages in which a passport can be stored when not being used, to provide a protective barrier against unwanted third-party access [55]. Such a move was even recommended as a means of completely preventing unauthorized readings by the ICAO itself, who stated that the potential for unauthorized reading could not be “completed ruled out” [56].

Section 6. Case 4: Loyalty programs

Loyalty programs have been in widespread existence now since the 1980s, when retail organizations began to focus on building lasting customer relationships instead of focusing purely on short-term profitability [57]. The first modern loyalty program was instituted by American Airlines in 1981 with its “frequent flyer” program [58]. However, such programs quickly spread across a range of consumer industries including hotels, credit card companies, retailers, car rental companies, restaurants and entertainment firms [57]. A loyalty program will typically involve consumers identifying themselves at the retail outlet, usually through a magnetic-swipe or bar-coded plastic card, in order to receive immediate or delayed benefits for purchasing certain brands or for simply using that particular outlet [56]. Astonishingly, grocery store loyalty program usage within the United States is more widespread than Internet and personal computer penetration, with statistics showing that over 86 percent of adults are members of at least one, and in many cases, multiple loyalty programs [59]. In Canada that figure is around 97 percent and in the UK, penetration had reached 85 percent [60].

6.1 Greater consumer rewards

In the case of loyalty programs, the value proposition is critical for encouraging consumer use and for developing the brand loyalty which the programs aim to achieve. A number of elements are described by Yi and Jeon [61] that determine such value in a loyalty program. They include: (1) the cash value of rewards, (2) the choice of rewards, (3) the aspirational value of rewards, (4) the likelihood of achieving the rewards, and (5) how easy the loyalty scheme is to use. Typical examples of value that loyalty programs offer members include discounts on individual items or the entire shopping bill, points which can be redeemed for a range of rewards such as flights, accommodation, homewares, clothing and entertainment, and preferential “VIP” treatment. Studies conducted by the Boston University College of Communication demonstrate that 69 percent of consumers believe that their membership in a loyalty program benefits them in the form of lower prices and special promotions [58].

6.2 Consumer data profiling and warehousing

The major privacy threat that extends from the use of loyalty programs is the ability to tie purchases of specific products to individual consumers and monitor their purchasing behavior over time. Retailers collect such information to build profiles on their consumers. They even admit that such consumer profiles are commonly shared and exchanged with “preferred partners” [59]. Almost half of people who are members of loyalty programs are completely unaware of the tracking and monitoring that is occurring by participating in such schemes [58]. Moreover, studies have shown that consumers will trade their personal information if they perceive that the loyalty program is providing substantial value to them [58]. A study conducted by Graeff and Harmon [62]also found that in regard to loyalty programs, consumer perceptions were typically positive and most consumers did not associate such schemes with the collection and use of personal information. Loyalty programs are the ultimate demonstration of the trade-off consumers make of their privacy in order to gain something of value: a benefit, reward, convenience or saving. Given the high penetration rates and evident success of these programs, it would seem that consumers have been easily won over by the premise of “something for nothing,” with many oblivious or unconcerned about the privacy transaction that they are conducting.

6.3 Opting-in for maximum returns

A key element of consumer loyalty programs is their opt-in nature. As is highlighted by Bosworth [59], consumers are not forced into participating in such programs and can, if they wish, take their business elsewhere, or simply pay cash (minus any potential savings the loyalty card may provide). Consumers are also given control over their personal information by government regulations which in most countries give consumers the right to know exactly what information retailers are collecting and how it is being used. Furthermore, access to such information will typically be provided or the information removed altogether if requested. Ultimately loyalty programs are about choice, and thus given the potential privacy invasion that participation in such schemes entails, the value proposition is clearly a very important element in convincing consumers to participate. It is important to note, that whilst loyalty programs involve voluntary participation, many such schemes have come under criticism for discriminatory pricing, in which nonmembers may be unfairly disadvantaged by not participating in the scheme [57]. This may ultimately drive consumers into participation to avoid being forced into paying higher prices or feeling ostracized.

Section 7. Cross-case comparison

The most important facet common to all of these case studies is their dramatic levels of penetration and usage. Mobile phone penetration has reached remarkable levels, even in developing countries, and in many, penetration has grown to over 100%. Electronic toll collection is becoming increasingly common as the primary means for facilitating toll payments in busy cities around the world, with millions of tags now in use. E-Passports have become the new standard in global identification and have all but replaced traditional, chip-less passports in most countries. And consumers have embraced loyalty programs enthusiastically, with the majority of adults in countries such as the U.S., the UK, Canada and Australia, actively participating in such schemes. Keeping in mind such usage rates, it is also important to note another commonality between the mobile innovations, that of the presence of a range of privacy threats. It would appear given the widespread usage of the cases detailed, that privacy has not been a barrier to their adoption and consequent acceptance by society. Whilst the privacy concerns still exist and indeed, many individuals remain concerned about their privacy in relation to such technologies and services, on the whole it would seem that consumers have accepted each technology either because:

  • The value proposition or level of control present, balances against the privacy issues (mobile phones, electronic toll collection, and loyalty programs), or

  • Participation/usage is mandatory and the appropriate safeguards to privacy are in place (e-Passports).

In the case of the mobile phone, the value has become so ubiquitous that it is no longer even thought of or discussed. This ubiquity in terms of value would explain the lack of concerns consumers have towards their privacy in regard to mobile phone usage – it is simply not something most people would even think about. For electronic toll collection, individuals have embraced the convenience aspects presented by the technology in regard to simplifying toll payment, and it would seem that the simplicity of the technology (simply install the tag and forget about it) has again resulted in a general lack of concern about privacy issues. Loyalty programs are also clearly driven by their value proposition, without which, would provide little incentive or reason for consumer participation. Furthermore, given the amount of personal information collected, there must be equally significant value provided to ensure consumers feel the scheme is fair. Of the four case-studies discussed, the e-Passport is the only one where usage is almost completely mandatory for those wishing to travel internationally and also where individuals have very little control over how their e-Passport is used by authorities. In this situation, control in the form of legislation guarantees and reassures that personal information will be protected.

Section 8. Balancing privacy, value and control

A key outcome that arises from the case studies presented is the varying relationship between these three elements and thus the balance each technology or service provides. It is clear, that in order to gain acceptance, privacy issues must be offset by value and control. This trichotomous relationship is illustrated in figure 1. In the case of mobile phones, it is evident that a somewhat low level of control is acceptable, given the relatively low vulnerability of individual privacy and the “medium” level of value the technology provides. With electronic toll collection, the vulnerability of user privacy is depicted to be in the “medium” range, yet as users can exercise some degree of control over their privacy by removing the tag or opting to use alternative routes or payment methods, control is depicted as being in the “medium” range. This “medium” range in regard to privacy and control, is offset by a high level of value evident in the convenience the technology affords. With regard to e-Passports, the provider (i.e. the government) provides very little control. Furthermore, the value offered to the individual is realistically very low as well. This is reflected in the relatively high vulnerability of the individual's privacy which stems not from flaws in the technology, but the importance of the information to the individual and the consequences that could arise if it were compromised by another party. Finally, with loyalty programs, a high vulnerability of individual privacy which arises from the vast amount of personal information collected, is offset by a high level of control offered by providers by allowing consumers to freely to opt-out of such programs. The privacy risk is also further offset by the high level of value which such schemes must offer to encourage consumers to participate. In the case of mobile phones, electronic toll collection and loyalty programs, it is apparent that acceptance had to be earned through a favorable balance that was offered to consumers. In the case of e-Passports where the balance is unfavorable (as shown in figure 1), acceptance was not generally required as the technology was made mandatory by government authorities and the ICAO.

Figure 1. Privacy-Value-Control trichotomy

Section 10. Conclusion

The purpose of this paper has been to provide a “walk” through the privacy-value-control paradigm as it applies to a number of mobile innovation. The study attempted to show how privacy concerns for specific mobile innovations have been offset by strong value propositions, or differing levels of control that allows the individual to perceive a sense of privacy, or bypassed through mandatory usage. The key outcome that has been established by this paper is that a balance between privacy, value and control depends largely on the individual, the technology and the provider of the service; that is, the vulnerability of the individual's privacy, the value inherent in the technology or service, and the level of control provided by the service provider. What has been highlighted most importantly is that privacy is not a barrier to adoption; rather, technologies and services will still be accepted and used by the population provided that the balance is favorable to the individual – whether that be perceived or otherwise – unless the technology is mandated into use in a manner which can be justified by society.

References

1. S. Inoue and H. Yasuura, "RFID privacy using user-controllable uniqueness," RFID Privacy Workshop, Cambridge, MA, 2004.

2. R. Bansal, "Now you see it and now you don't," IEEE Microwave Magazine, vol. 5, pp. 32-34, 2004.

3. S. Spiekermann, "Perceived Control: Scales for Privacy," International Conference on User Modeling, Scotland, 2005.

4. L. Hyangjin and K. Jeeyeon, "Privacy threats and issues in mobile RFID," International Conference on Availability, Reliability and Security, Vienna, 2006.

5. M. Ohkubo et al., RFID Privacy Issues and Technical Challenges, vol. 48: ACM, 2005.

6. AFP, "Mobile operators aim to cover 90 percent of planet," in Taipei Times Singapore, 18 Sept. 2006.

7. Informa, "1.8 bln mobile subscribers worldwide," 2005, http://www.itfacts.biz/index.php?id=P3359

8. BBC, "Mobile growth 'fastest in Africa'," in BBC Business, 2005, http://news.bbc.co.uk/2/hi/business/331863.stm

9. M. Reardon, "Emerging markets fuel cell phone growth," in CNET News.com, 2007, http://www.news.com/Emerging-markets-fuel-cell- phone-growth/2100-1039_3-6159491.html

10. ITU, "Mobile cellular subscribers," 2007, http://www.itu.int/

11. Telecomworldwire, "Many countries now have a mobile penetration rate above 100%, report says," 2006, http://findarticles.com/p/articles/ mi_m0ECZ/is_2006_June_9/ai_n16464839

12. J. Häkkilä and C. Chatfield, "Toward social mobility," in Human computer interaction with mobile devices and services, Salzburg, Austria, 2005.

13. N. Swartz, "Mobile Phone Tracking Scrutinized," Information Management Journal, vol. 40, p. 16, 2006.

14. M. Richtel, "Live tracking of mobile phones prompts court fights on privacy," in The New York Times, 2005.

15. A. Brandt, "Privacy watch: soon, your cell phone may be tracking you," in PC World, 2004.

16. R. Whitaker, The End of Privacy: How total surveillance is becoming a reality. New York, New York: The New Press, 1999.

17. B. Charny, "Cell phone tracking raises privacy issues," in CNET News.com, 2002, http://www.news.com/Cell-phone-tracking-raises- privacy-issues/2100-1033_3-846744.html

18. S. C. Swales, J. E. Maloney, and J. O. Stevenson, "Locating mobile phones and the US wireless E-911 mandate," Novel Methods of Location and Tracking of Cellular Mobiles, pp. 2/1 - 2/6, 1999.

19. D. Cvrcek et al., "A study on the value of location privacy," in 5th ACM workshop on Privacy in electronic society, Virginia, 2006, pp. 109-118.

20. J. Best, "Nokia: GPS will be in every phone," in CNET Mobile Phones, 2007, http://www.cnet.com.au/mobilephones/phones/0, 239025953, 339279768,00.htm

21. D. Seifman, "'Track' Man is Sacked: GPS Nails Ed. Guy," in New York Post, 2007, http://www.nypost.com/seven/08312007/news/ regionalnews/track_man_is_sacked.htm.

22. J. Voorbees, "The Limits on Wireless Security: 802.11 in early 2002," in SANS, 2001, http://www.sans.org/reading_room/whitepapers/ wireless/164.php.

23. P. Wayner, "What's Next; Tracking down cellphone users," The New York Times, 1999, http://query. nytimes.com/gst/fullpage.html?res= 9A01E4D81631F93AA15754C0A96F958260.

24. Q-Free, "Company History," 2007, http://www.qfree.com

25. D. Loukakos and M. Benko, "Electronic Toll Collection," in ITS Decision, 2007, http://www.calccit.org/itsdecision/serv_and_tech/ Electronic_toll_collecti on/electronic_toll_collection_summary.html

26. SRI Consulting, "Electronic Toll Collection," in ITS Canada, 1996, http://www.infoworld.com/articles/hn/xml/00/10/25/ 001025hnezpass.html

27. P. Blythe, "RFID for road tolling, road-use pricing and vehicle access control," in IEE Colloquium on RFID Technology, 1999, pp. 8/1-8/16.

28. K. Waersted and K. Bogen, "No stop electronic toll payment systems," in Second International Conference on Road Traffic Monitoring 1989, 1989.

29. Q-Free, "ETC Systems - White Paper," 2003, http://www.q-free. com

30. C. Caldwell, "A Pass on Privacy?," in The New York Times, 2005, http://www.nytimes.com/2005/07/17/magazine/17WWLN.html?ex= 1279339200&en=c1 f10d3de06adea6&ei=5088

31. T. Wright, "Eyes on the Road: Intelligent Transportation Systems and Your Privacy," in Information and Privacy Commissioner/Ontario, 1995, http://web.archive.org/web/20010910204521/http://w ww.ipc.on.ca/english/ pubpres/papers/ITS-E.HTM#ITS

32. E. Grygo, "New Jersey Turnpike electronic toll collection system hacked," in InfoWorld, 2000, http://www.infoworld.com/articles/hn/ xml/00/10/25/00 1025hnezpass.html

33. Anonymous, "E-ZPass Bypasses Your Privacy," 2007, http://www.digitaljournal.com/article/216089/E_ZPass_Bypasses_Your_Privacy

34. B. Sullivan, "E-ZPass, Now with a higher price," in The Red Tape Chronicles: MSNBC, 2006, http://redtape.msnbc.com/2006/02/ ezpass_now_with.html

35. ETC Working Party, "Second Report to the ATC of the ETC Working Party," Australian Transport Council 2001.

36. ICAO, "History - The League of Nations," in Machine Readable Travel Documents, 2006, http://mrtd.icao.int/content/view/21/194/

37. ICAO, "MRTD Overview," in Travel Documents, 2006, http://mrtd.icao.int/content/view/18/199/

38. Australia Government, "The Australian e-Passport," in Department of Foreign Affairs and Trade, 2007, http://www.dfat.gov.au/ dept/passports/

39. M. Meingast et al., "A case study of the security & privacy risks of the US e-Passport," IEEE International Conference on RFID, Texas, 2007, pp. 7-14.

40. U.S. Department of State, "The U.S. Electronic Passport Frequently Asked Questions," in Bureau of Consular Affairs, 2007, http://travel.state.gov/passport/eppt/eppt_2788.html

41. D. Lekkas and D. Gritzalis, "E-Passports as a means towards the first worldwide public key infrastructure," Lecture Notes in Computer Science, vol. 4582/2007, pp. 34-48, 2007.

42. Home Office, "Why has the UK introduced biometrics in its passport?," in Identity and Passport Service, 2007, http://www.passport.gov.uk/general_biometrics_passports.asp

43. R. J. Hays, "INS Passenger Accelerated Service Systems (INSPASS)," in Biometric Consortium, 1996, http://www.biometrics. org/REPORTS/INSPASS.htm

44. U.S. Department of State, "The U.S. Electronic Passport," in Bureau of Consular Affairs, 2007, http://travel.state.gov/passport/eppt/ eppt_2498.html

45. Australia Customs Service, "SmartGate 2007, http://www.customs.gov. au/site/page.cfm?u=5555

46. C. Edwards, "Borderlands of confusion [biometric passports]," IEE Review, vol. 51, pp. 34-37, 2005.

47. B. Schneier, "The ID Chip You Don't want in Your Passport," in The Washington Post, 2006, p. 21, http://www.washingtonpost.com/

48. T. Lupick, "E-Passports may unlock doors to your privacy," in Straight.com, 2006, http://www.straight.com/e-passports-may-unlock-doors- to-your-privacy

49. A. Juels et al., "Security and privacy issues in e-Passports," in International Conference on Security and Privacy for Emerging Areas in Communications, Greece, 2005, pp. 74-88.

50. A. Juels, "RFID Security and Privacy: a Research Survey," IEEE Journal on Selected Areas in Communications, vol. 24, pp. 381-394, 2006.

51. BBC, "Concern over biometric passports," in BBC Technology, 2004, http://news.bbc.co.uk/2/hi/technology/3582461.stm

52. Anon, "RFID Tagging Isn't a Privacy Issue Unless You Make It One," New Media Age, vol. 16, 2006.

53. Scarmig, "E-Passport: Doorway to the Panopticon," 2006, http://www.strike-the-root.com/62/scarmig/scarmig1.html

54. K. Zetter, "Hackers clone e-Passports," in Wired, 2006, http://www.wired.com/science/discoveries/news/2006/08/71521?currentPage=1

55. Paraben Corp, "Paraben's Passport Stronghold Bag," 2007, http://www.parabenforensics.com/catalog/product_info.php?cPath= 26&products_id=373

56. C. Swedberg, "U.S. Tests E-Passports," in RFID Journal, 2004, http://www.rfidjournal.com/article/articleview/1218/1/1/

57. O. Hinz et al., "Customer loyalty programs and privacy concerns," in Merging and Emerging Technologies, Processes and Institutions, Bled, 2007.

58. R. Lacey and J. Z. Sneath, "Customer loyalty programs: are they fair to consumers?," Journal of Consumer Marketing, vol. 23, pp. 458-464, 2006.

59. Anonymous, "Grocery store loyalty card use is strong despite privacy concerns," in About.com: Coupons/Bargains, 2007, http://couponing.about.com/od/groceryzone/a/loyalty_cards.htm

60. M. Bosworth, "Loyalty cards: Reward or threat?," Consumeraffairs.com, 2005, http://www.consumer affairs.com/news04/2005/ loyalty_cards.html

61. Y. Yi and H. Jeon, "Effects of loyalty programs on value perception, program loyalty, and brand loyalty," Academy of Marketing Science, vol. 31, p. 229, 2003.

62. T. Graeff and S. Harmon, "Collecting and using personal data: consumers' awareness and concerns"

Keywords

transponders, data privacy, electronic money, mobile computing, mobile handsets, radiofrequency identification, smart cards, transponders, mobile business applications, mobile technology, mobile services, privacy-value-control trichotomy, mobile phone, electronic toll payment tags, e-passports, loyalty card programs, radio-frequency identification tags, Mobile Business Applications, Privacy, Value Proposition, Control, Consumer Acceptance, Adoption, Diffusion

Citation: Benjamin D. Renegar; Katina Michael; M. G. Michael, 2008, "Privacy, Value and Control Issues in Four Mobile Business Applications", ICMB'08. 7th International Conference on Mobile Business, 2008, pp. 30 - 40.

Lend Me Your Arms: Use and Implications of RFID Implants

Abstract

Recent developments in the area of RFID have seen the technology expand from its role in industrial and animal tagging applications, to being implantable in humans. With a gap in literature identified between current technological development and future humancentric possibility, little has been previously known about the nature of contemporary humancentric applications. By employing usability context analyses in control, convenience and care-related application areas, we begin to piece together a cohesive view of the current development state of humancentric RFID, as detached from predictive conjecture. This is supplemented by an understanding of the market-based, social and ethical concerns which plague the technology.

1. Introduction

Over the past three decades, Radio-frequency identification (RFID) systems have evolved to become cornerstones of many complex applications. From first beginnings, RFID has been promoted as an innovation in convenience and monitoring efficiencies. Indeed, with RFID supporters predicting the growth of key medical services and security systems, manufacturers are representing the devices as ‘life-enhancing’. Though the lifestyle benefits have long been known, only recently have humans become both integral and interactive components in RFID systems. Where we once carried smart cards or embedded devices interwoven in clothing, RFID technology is now at a point where humans can safely be implanted with small transponders.

This paper aims to explore the current state of development for humancentric applications of RFID. The current state is defined by the intersection of existing development for the subjects and objects of RFID – namely humans and implants. The need for such a study has been identified by a gap in knowledge between present applications and future possibility. This study aims to overcome forecast and provide a cohesive examination of existing humancentric RFID applications. Analysis of future possibility is outside the scope of this study. Instead, a discussion will be provided on present applications, their feasibility, use and social implications.

2. Literature review

The literature review is organized into three main areas – control, convenience, and care. In each of these contexts, literature will be reviewed chronologically.

2.1. The context of control

A control-related humancentric application of RFID is any human use of an implanted RFID transponder that allows an implantee to have power over an aspect of their lives, or, that allows a third party to have power over an implantee. Substantial literature on humancentric control applications begins in 1997 with United States patent 5629678 for a ‘Personal Tracking and Recovery System’. Though the literature scientifically describes the theoretical tracking system for recovery of RFID-implanted humans, no further evidence is available to ascertain whether it has since been developed. Questions as to feasibility of use are not necessarily answered by succeeding literature. Reports of the implantation of British soldiers [1] for example lack the evidentiary support needed to assuage doubts. Further, many articles highlight the technological obstacles besieging humancentric RFID systems. These include GPS hardware miniaturization [2] and creating active RFID tags capable of being safely recharged from within the body. Further adding to reservation, much literature is speculative in nature. Eng [3], for example, predicts that tags will be melded into children to advise parents of their location.

Despite concerns and conjecture, actual implementations of humancentric control applications of RFID have been identified. Both Murray [4] and Eng documented the implantation of Richard Seelig who had tags placed in his hip and arm in response to the September 11 tragedy of 2001. This sophisticated technology was employed to provide security and control over personal identification information. Wilson [5] also provides the example of 11-year old Danielle Duval who has had an active chip (i.e. containing a rechargeable battery) implanted in her. Her mother believes that it is no different to tracking a stolen car, simply that it is being used for another more important application.

2.2. The context of convenience

A convenience-related humancentric application of RFID is any human use of an implanted RFID transponder that increases the ease with which tasks are performed. The first major documented experiment into the use of human-implantable RFID was within this context. Sanchez-Klein [6] and Witt [7] both journalize on the self-implantation of Kevin Warwick, Director of Cybernetics at the University of Reading. They describe results of Warwick’s research by his having doors open, lights switch on and computers respond to the presence of the microchip. Warwick himself gives a review of the research in his article ‘Cyborg 1.0’, however this report is informal and contains emotive descriptions of “fantastic” experiences [8].

Woolnaugh [9], Holden [10], and Vogel [11] all published accounts of the lead-up to Warwick’s second ‘Cyborg 2.0’ experiment and although Woolnaugh’s work involves the documentation of an interview, all three are narrative descriptions of proposed events rather than a critical analysis within definitive research frameworks. Though the commotion surrounding Warwick later died down, speculation did not with Eng proposing a future where credit card features will be available in implanted RFID devices. The result would see commercial transactions made more convenient.

2.3. The context of care

A care-related humancentric application of RFID is any human use of an implanted RFID transponder where function is associated with medicine, health or wellbeing. In initial literature, after the Cyborg 1.0 trial, Kevin Warwick envisioned that with RFID implants paraplegics would walk [7]. Building incrementally on this notion then is the work of Kobetic, Triolo and Uhlir who documented the study of a paraplegic male who had muscular stimuli delivered via an implanted RFID controlled electrical simulation system [12]. Though not allowing the mobility which Warwick dreamt of, results did include increased energy and fitness for the patient.

Outside the research sphere, much literature centers on eight volunteers who were implanted with commercial VeriChip RFID devices in 2002 trials. Murray [13], Black [14], Grossman [15] and Gengler [16] all document medical reasons behind the implantation of four subjects. Supplemented by press releases however, all reports of the trials were journalistic, rather than research-based. In contrast, non-trivial research is found in the work of Michael [17]. Her thesis uses a case study methodology, and a systems of innovation framework, to discuss the adaptation of auto-ID for medical implants.

2.4. Critical response to literature

More recent publications on humancentric RFID include the works of Masters [18], Michael and Michael [19], Perusco and Michael [20], Johnston [21], and Perakslis and Wolk [22]. Masters approaches the subject from the perspective of usability contexts, while Perusco and Michael use document analysis to categorise location services into tag, track and trace applications. Johnston uses content analysis to identify important themes in the literature, supplemented by a small-scale sample survey on the social acceptance of chip implants. Perakslis and Wolk also follow this latter methodology. Of the other (earlier) landmark studies, the majority are concerned with non-humancentric applications. Gerdeman [23], Finkinzeller [24] and Geers [25] all use case studies to investigate non-humancentric RFID and hence our methodological precedent is set here. The bulk of the remaining literature is newstype in nature and the absence of research frameworks is evident. The few exceptions to this include Woolnaugh [9] who conducted an interview and Murray [13] and Eng [3]who provide small case studies. In further criticism the news articles do not demonstrate technological trajectories but speculate on utopian implementations unlikely to be achieved by incremental development in the short to medium-term. Thus, any real value in these news articles can only be found in the documentation of events.

3. Research methodology

Several modes of academic inquiry were used in this study, though usability context analyses were the focal means of research. These analyses are similar to case studies as they investigate “a contemporary phenomenon within its real life context when the boundaries between phenomenon and context are not clearly evident” [26]. They also similarly use multiple sources of evidence, however are differentiated on the basis of the unit of analysis. In a usability context analysis methodology, units are not individuals, groups or organizations but are applications or application areas for a product, where ‘product’ is defined as “any interactive system or device designed to support the performance of users’ tasks” [27]. The results of multiple analyses are more convincing than a singular study, and the broad themes identified cover the major fields of current humancentric RFID development.

Further defining the research framework, the primary question to be answered – ‘what is the current state of application development in the field of humancentric RFID devices?’ – is justifiably exploratory. It entails investigation into contemporary technology usage and seeks to clarify boundaries within the research area. As such, this is a largely qualitative study that uses some elements of descriptive research to enhance the central usability context analyses. The usability context analyses are also supplemented by a discussion of surrounding social, legal and ethical ambiguities. By this means, the addition of a narrative analysis to the methodology ensures a thorough investigation of usage and context.

4. Usability context analysis: control

The usability context analysis for control is divided into three main sub-contexts – security, management, and social controls.

4.1. Security controls

The most basic security application involves controlling personal identification through identifying data stored on a transponder. In theory, the limit to the amount of information stored is subject only to the capacity of the embedded device or associated database. Further, being secured within the body, the loss of the identifier is near impossible even though, as has occurred in herd animals, there are some concerns over possible dislodgement. Accordingly, the main usability drawback lies with reading the information. Implanted identification is useless if it is inaccessible.

Numerous applications have been proposed to assist individuals who depend solely on carers for support. This group consists of newly-born babies, sufferers of mental illness, persons with disabilities and the elderly. One use involves taking existing infant protection systems at birthing centres and internalizing the RFID devices worn by newborns. This would aid in identifying those who cannot identify themselves. Further, when connected to security sensors and alarms, the technology can alert staff to the “unauthorized removal of children” [28]. The South Tyneside Healthcare Trust Trial in the UK is a typical external-use example case. Early in 1995, Eagle Tracer installed an electronic tagging system at the hospital using TIRIS electronic tags and readers from Texas Instruments. Detection aerials were hidden at exit points so that if any baby was taken away without authorisation, its identity would be known and an alarm raised immediately. The trial was so successful that the hospital was considering expanding the system to include the children’s ward. [29] Notably, a number of other institutions have already begun targeting RFID applications toward adolescents. In Japan students are being tagged in a bid to keep them safe. RFID transponders are being placed inside their backpacks and are used to advise parents when their child has arrived at school [30]. A similar practice is being conducted in California where children are being asked to “wear” RFID tags around their necks when on school grounds [31].

Commentators are using this lack of objection to external electronic tagging for minors to highlight the idea that a national identity system based on implants is not impossible. Some believe that there will come a time when it will be common for different groups in the population to have tags implanted at birth. In Britain, chip implantation was suggested for illegal immigrants, asylum seekers and even travellers. Smet [32] argued the following, “[i]f you look to our societies, we are already registered from birth until death. Our governments know who we are and what we are. But one of the basic problems is the numbers of people in the world who are not registered, who do not have a set identity, and when people move with real or fake passports, you cannot identify them.”

4.2. Management controls

Many smart card access systems use RFID technology to associate a cardholder with access permissions to particular locations. Replacing cards with RFID implants alters the form of the ‘key’ but does not require great changes to verification systems. This is because information stored on a RFID microchip in a smart card can be stored on an implanted transponder. Readers are similarly triggered when the transponder is nearby. This application would have greatest value in ‘mission critical’ workplaces or for persons whose role hinges upon access to a particular location. The implanted access pass has the added benefit of being permanently attached to its owner.

Access provision translates easily into employee monitoring. In making the implanted RFID transponder the access pass to certain locations or resources, times of access can be recorded to ensure that the right people are in the right place at the right time. Control in this instance then moves away from ideals of permission and embraces the notion of supervision. A company’s security policy may stipulate that staff badges be secured onto clothing or that employees must wear tags woven into their uniforms. Some employers require their staff to wear RFID tags in a visible location for both identification purposes and access control [33]. In this regard, Olivetti’s “active badge” was ahead of its time when it was first launched [34].

4.3. Social controls

In the military, transponders may serve as an alternative to dog tags. Using RFID, in addition to the standard name, rank and serial number, information ranging from allergies and dietary needs to shoe size can be stored. This purports to ease local administrative burdens, and can eliminate the need to carry identification documents in the field allowing for accurate, immediate identification of Prisoners-Of-War.

Just as humancentric applications of RFID exist for those who enforce law, so too do applications exist for people who have broken it. The concept of ‘electronic jails’ for low-risk offenders is starting to be considered more seriously. In most cases, parolees wear wireless wrist or ankle bracelets and carry small boxes containing the vital tracking technology. Sweden and Australia have implemented this concept and trials are taking place in the UK, US, Netherlands and Canada. In 2002, 27 American states had tested or were using some form of satellite surveillance to monitor parolees [14]. In 2005 there were an estimated 120,000 tracked parolees in the United States alone [35]. Whilst tagging low-risk offenders is not popular in many countries it is far more economical than the conventional jail. Social benefits are also present as there is a level of certainty involved in identifying and monitoring so-called ‘threats’ to society. In a more sinister scenario in South America, chip implants are marketed toward victims of crime rather than offenders. They are seen as a way “to identify kidnapping victims who are drugged, unconscious or dead” [36].

5. Usability context analysis: convenience

The usability context analysis for convenience is divided into three main sub-contexts – assistance, financial services and interactivity.

5.1. Assistance

Automation is the repeated control of a process through technological means. Implied in the process is a relationship, the most common of which involves linking an implantee with appropriate data. Such information in convenience contexts can however be extended to encompass goods or physical objects with which the implantee has an association of ownership or bailment. VeriChip for example, a manufacturer of human-implantable RFID transponders, have developed VeriTag for use in travel. This device allows “personnel to link a VeriChip subscriber to his or her luggage… flight manifest logs and airline or law enforcement software databases” [37]. Convenience is provided for the implantee who receives greater assurance that they and their luggage will arrive at the correct destination, and also for the transport operator who is able to streamline processes using better identification and sorting measures.

Advancing the notion of timing, a period of movement leads to applications that can locate an implantee or find an entity relative to them [38]. This includes “find me”, “find a friend”, “where am I” and “guide me to” solutions. Integrating RFID and GPS technologies with a geographic information systems (GIS) portal such as the Internet-based mapquest.com would also allow users to find destinations based on their current GPS location. The nature of this application lends itself toward roadside assistance or emergency services, where the atypical circumstances surrounding the service may mean that other forms of subscriber identification are inaccessible or unavailable.

5.2. Financial services

Over the last few decades, world economies have acknowledged the rise of the cashless society. In recent years though, alongside traditional contact cards, we have seen the emergence of alternate payment processes. In 2001, Nokia tested the use of RFID in its 5100-series phone covers, allowing the device to be used as a bank facility. RFID readers were placed at McDonalds drive-through restaurants in New York and the consumer could pay their bill by holding their mobile phone near a reader. The reader contacted a wireless banking network and payment was deducted from a credit or debit account. Wired News noted the convenience stating, “there is no dialing, no ATM, no fumbling for a wallet or dropped coins” [39]. These benefits would similarly exist with implanted RFID. Ramo has noted the feasibility, commenting that “in the not too distant future” money could be stored anywhere, as well as “on a chip implant under [the] skin” [40]. Forgetting your wallet would no longer be an issue.

It is also feasible that humancentric RFID eliminates the need to stand in line at a bank. Purely as a means of identification, the unique serial or access key stored on the RFID transponder can be used to prove identity when opening an account or making a transaction. The need to gather paper-based identification is removed and, conveniently, the same identification used to open the account is instantly available if questioned. This has similar benefits for automatic teller machines. When such intermediary transaction devices are fitted with RFID readers, RFID transponders have the ability to replace debit and credit cards. This is in line with Warwick’s prediction that implanted chips “could be used for money transfers, medical records, passports, driving licenses, and loyalty cards” [41].

5.3. Interactivity

On August 24, 1998 Professor Kevin Warwick became the first recorded human to be implanted with an RFID device. Using the transponder, Warwick was able to interact with the ‘intelligent’ building that he worked in. Over the nine days he spent implanted, doors formerly requiring smart card access automatically opened. Lights activated when Warwick entered a room and upon sensing the Professor’s presence his computer greeted him. Warwick’s ‘Project Cyborg 1.0’ experiment thus showed enormous promise for humancentric convenience applications of RFID. The concept of such stand-alone applications expands easily into the development of personal area networks (PANs) and the interactive home or office. With systems available to manage door, light and personal computer preferences based on transponder identification, further climate and environmental changes are similarly exploitable (especially considering non-humancentric versions of these applications already exist) [42].

Given the success of interacting with inanimate locations and objects, the next step is to consider whether person-to-person communication can be achieved using humancentric RFID. Such communication would conveniently eliminate the need for intermediary devices like telephones or post. Answering this question was an aim of ‘Project Cyborg 2.0’ with Warwick writing, “We’d like to send movement and emotion signals from one person to the other, possibly via the Internet” [43]. Warwick’s wife Irena was the second trial subject, being similarly fitted with an implant in her median nerve. Communicating via computer-mediated signals was only met with limited success however. When Irena clenched her fist for example, Professor Warwick received a shot of current through his left index finger [44]. Movement sensations were therefore effectively, though primitively, transmitted.

6. Usability context analysis: care

The usability context analysis for care is divided into three main sub-contexts – medical, biomedical and therapeutic.

6.1. Medical

As implanted transponders contain identifying information, the storage of medical records is an obvious, and perhaps fundamental, humancentric care application of RFID. Similar to other identification purposes, a primary benefit involves the RFID transponder imparting critical information when the human host is otherwise incapable of communicating. In this way, the application is “not much different in principle from devices… such as medic-alert bracelets” [16]. American corporation VeriChip markets their implantable RFID device for this purpose. Approved for distribution throughout the United States in April of 2002, it has been subject to regulation as a medical device by the Food and Drug Administration since October of the same year.

Care-related humancentric RFID devices provide unparalleled portability for medical records. Full benefit cannot be gained without proper infrastructure however. Though having medical data instantly accessible through implanted RFID lends itself to saving lives in an emergency, this cannot be achieved if reader equipment is unavailable. The problem is amplified in the early days of application rollout, as the cost of readers may not be justified until the technology is considered mainstream. Also, as most readers only work with their respective proprietary transponders, questions regarding market monopolies and support for brand names arise.

6.2. Biomedical

A biosensor is a device which “detects, records, and transmits information regarding a physiological change or the presence of various chemical or biological materials in the environment” [45]. It combines biological and electronic components to produce quantitative measurements of biological parameters, or qualitative alerts for biological change. When integrated with humancentric RFID, biosensors can transmit source information as well as biological data. The time savings in simultaneously gathering two distinct data sets are an obvious benefit. Further, combined reading of the biological source and measurement is less likely to encounter the human error linked with manually correlating data to data sources.

Implantable transponders allowing for the measurement of body temperature have been used to monitor livestock for over a decade [25]. As such, the data procurement benefits are well known. It does however give a revolutionary new facet to human care by allowing internal temperature readings to be gained, post-implantation, through non-invasive means. In 1994 Bertrand Cambou, director of technology for Motorola’s Semiconductor Products in Phoenix, predicted that by 2004 all persons would have such a microchip implanted in their body to monitor and perhaps even control blood pressure, their heart rate, and cholesterol levels.[46] Though Cambou’s predictions did not come to timely fruition, the multitude of potential applications are still feasible and include: chemotherapy treatment management; chronic infection or critical care monitoring; organ transplantation treatment management; infertility management; post-operative or medication monitoring; and response to treatment evaluation. Multiple sensors placed on an individual could even form a body area network (BAN).

An implantable RFID device for use by diabetes sufferers has been prototyped by biotechnology firm M-Biotech. The small glucose bio-transponder consisting of a miniature pressure sensor and a glucose-sensitive hydrogel swells “reversibly and to varying degrees” when changes occur in the glucose concentrations of surrounding fluids [47]. Implanted in the abdominal region, a wireless alarm unit carried by the patient continually reads the data, monitoring critical glucose levels.

6.3. Therapeutic

Implanted therapeutic devices are not new; they have been used in humans for many years. Alongside the use of artificial joints for example, radical devices such as pacemakers have become commonplace. The use of RFID with these devices however has re-introduced some novelty to the remedial solution [48]. This is because, while the therapeutic devices remain static in the body, the integration of RFID allows for interactive status readings and monitoring, through identification, of the device.

There are very few proven applications of humancentric RFID in the treatment usability sub-context at current if one puts cochlear implants [49] and smart pills aside [50]. Further, of those applications at the proof of concept stage, benefits to the user are generally gained via an improvement to the quality of living, and not a cure for disease or disability. With applications to restore sight to the blind [51] and re-establish normal bladder function for patients with spinal injuries already in prototyped form however, some propose that real innovative benefit is only a matter of time [52]. Arguably the technology for the applications already exists. All that needs to be prototyped is a correct implementation. Thus, feasibility is perhaps a matter of technological achievement and not technological advancement.

7. Findings

The choice of control, convenience and care contexts for analysis stemmed from the emergence of separate themes in the literature review; however the context analyses themselves showed much congruence between application areas. In all contexts, identification and monitoring are core functions. For control, this functionality exists in security and in management of access to locations and resources. For convenience, identification necessarily provides assistance and monitoring supports interactivity with areas and objects. Care, as the third context, requires identification for medical purposes and highlights biological monitoring as basic functionality.

Table 1. High level benefits and costs for humancentric RFID

With standard identification and monitoring systems as a basis, it is logical that so many humancentric applications of RFID have a mass target market. Medical identification for example is not solely for the infirm because, as humans, we are all susceptible to illness. Similarly, security and convenience are generic wants. Combined with similarities between contextual innovations, mass-market appeal can lead to convergence of applications. One potential combination is in the area of transportation and driver welfare. Here the transponder of an implanted driver could be used for keyless passive entry (convenience), monitoring of health (care), location based services (convenience), roadside assistance (convenience) and, in terms of fleet management or commercial transportation, driver monitoring (control).

Despite parallels and a potential for convergence, development contexts for humancentric RFID are not equal. Instead, control is dominant. Though care can be a cause for control and medical applications are convenient, it is control which filters through other contexts as a central tenet. In convenience applications, control is in the power of automation and mass management, in the authority over environments and devices. For care applications, medical identification is a derivative of identification for security purposes and the use of biosensors or therapeutic devices extends control over well-being. Accordingly, control is the overriding theme encompassing all contexts of humancentric RFID in the current state of development [53].

Alongside the contextual themes encapsulating the usability contexts are the corresponding benefits and costs in each area (Table 1). When taking a narrow view it is clear that many benefits of humancentric RFID are application specific. Therapeutic implants for example have the benefit of the remedy itself. Conversely however, a general concern of applications is that they are largely given to social disadvantages including the onset of religious objections and privacy fears.

7.1. Application quality and support for service

For humancentric RFID, application quality depends on commercial readiness. For those applications being researched, the usability context analyses suggest that the technology, and not the applications, present the largest hurdle. In his Cyborg 1.0 experiments for example, Professor Kevin Warwick kept his transponder implanted for only nine days, as a direct blow would have shattered the glass casing, irreparably damaging nerves and tissue.

Once technological difficulties are overcome and applications move from proof of concept into commercialization, market-based concerns are more relevant. Quality of data is a key issue. In VeriChip applications, users control personal information that is accessible, though stored in the Global VeriChip Subscriber Registry database, through their implanted transponder. The system does not appear to account for data correlation however, and there is a risk of human error in information provision and in data entry. This indicates the need for industry standards, allowing a quality framework for humancentric RFID applications to be created and managed.

Industry standards are also relevant to support services. In humancentric applications of RFID they are especially needed as much usability, adjunct to the implanted transponder, centers upon peripherals and their interoperability. Most proprietary RFID readers for instance can only read data from similarly proprietary transponders. In medical applications though, where failure to harness available technology can have dramatic results, an implantee with an incompatible, and therefore unreadable, transponder is no better off for using the application. Accordingly, for humancentric RFID to realize its promotion as ‘life-enhancing’, standards for compatibility between differently branded devices must be developed.

Lastly, the site of implantation should be standardized as even if an implanted transponder is known to exist, difficulties may arise in discerning its location. Without a common site for implantation finding an implanted RFID device can be tedious. This is disadvantageous for medical, location-based or other critical implementations where time is a decisive factor in the success of the application. It is also a disadvantage in more general terms as the lack of standards suggests that though technological capability is available, there is no social framework ready to accept it.

7.2. Commercial viability for the consumer

A humancentric application of RFID must satisfy a valid need to be considered marketable. This is especially crucial as the source of the application, the transponder, requires an invasive installation and, afterwards, cannot be easily removed. Add to this that humancentric RFID is a relatively new offering with few known long-term effects, and participation is likely to be a highly considered decision. Thus, despite many applications having a mass target market, the value of the application to the individual will determine boundaries and commercial viability.

Value is not necessarily cost-based. Indeed, with the VeriChip sold at a cost of $US200 plus a $10 per month service fee, it is not being marketed as a toy for the elite. Instead, value and application scope are assessed in terms of life enhancement. Therapeutic devices for example provide obvious remedial benefit, but the viability of a financial identification system may be limited by available infrastructure.

Arguably, commercial viability is increased by the ability of one transponder to support multiple applications. Identification applications for example are available in control, convenience and care usability contexts. The question arises however, as to what occurs when different manufacturers market largely different applications? Where no real interoperability exists for humancentric RFID devices, it is likely that users must be implanted with multiple transponders from multiple providers. Further, given the power and processing constraint of multi-application transponders in the current state of development, the lack of transponder portability reflects negatively on commercial viability and suggests that each application change or upgrade may require further implantation and bodily invasion.

7.3. Commercial viability for the manufacturer

Taking VeriChip as a case study, one is led to believe that there is a commercially viable market for humancentric applications of RFID. Indeed, where the branded transponder is being sold in North and South America, and has been showcased in Europe [54], a global want for the technology is suggested. It must be recognized, however, that in the current state of development VeriChip and its parent, Applied Digital Solutions have a monopoly over those humancentric RFID devices approved for use. As such, their statistics and market growth have not been affected by competition and there is no comparative data. The difference between a successful public relations campaign and reality is therefore hard to discern.

Interestingly, in non-humancentric commercial markets, mass rollouts of RFID have been scaled back. Problems have arisen specifically in animal applications. The original implementation of the 1996 standards, ISO 11784: ‘Radio-frequency identification of animals – Code structure’ and ISO 11785: ‘Radio-frequency identification of animals – Technical concept’ for example, were the subject of extensive complaint [55]. Not only did the standards not require unique identification codes, they violated the patent policy of the International Standards Organization. Even after the ISO standards were returned to the SC19 Working Group 3 for review, a general lack of acceptance equated to limited success. Moreover, moves have now been made to ban the use of implantable transponders in herd animals. In a high percentage of cases the transponder moved in the fat layer, raising concerns that it might be later consumed by humans. Further, the meat quality was degraded as animals sensing the existence of an implanted foreign object produced antibodies to ‘attack’ it [18].

8. Discussion

8.1. Personal privacy

Given its contactless nature and non-line-of-sight (nLoS) capability, RFID has the ability to automatically collect a great deal of data about an individual in a covert and unobtrusive way. Hypothetically, a transponder implanted within a human can communicate with any number of readers it may pass in any given day. This opens up a plethora of possibilities, including the ability to link data based on a unique identifier (i.e. the chip implant), to locate and track an individual over time, and to look at individual patterns of behaviour. The severity of violations to personal privacy increase as data collected for one purpose is linked with completely separate datasets gathered for another purpose. Consider the use of an implant that deducts programmed payment for road tolls as you drive through sensor-based stations. Imagine this same data originally gathered for traffic management now being used to detect speeding and traffic infringements, resulting in the automatic issue of a fine. Real cases with respect to GPS and fleet management have already been documented. Kumagi and Cherry [56] describe how one family was billed an “out-of-state penalty” by their rental company based on GPS data that was gathered for a completely different reason. Stanford [57] menacingly calls this a type of data use “scope creep” while Papasliotis [58] more pleasantly deems it “knowledge discovery”.

These notions of ‘every-day’ information gathering, where an implantee must submit to information gathering practices in return for access to services, offends the absolutist view of privacy and “an individual [having] the right to control the use of his information in all circumstances” [59]. Indeed, given their implantation beneath the skin, the very nature of humancentric transponders negates the individual’s ability to ‘control’ the device and what flows from it. Not only do the majority of consumers lack the technical ability to either embed or remove implants but they naturally lack the ability to know when their device is emitting data and when it is not. There is also a limited understanding of what information ‘systems’ are actually gathering. This becomes a greater danger when we note that laws in different jurisdictions provide little restraint on the data mining of commercial databases by commercial entities. In this instance, there would be little to stop RFID service providers from mining data collected from their subscribers and on-selling it to other organisations.

Moreover, even where ethical data usage is not questioned, intellectual property directives in Europe may hamper the promise of some service providers to keep consumer data private. According to Papasliotis [58] “… the proposed EU Intellectual Property (IP) Enforcement Directive includes a measure that would make it illegal for European citizens to de-activate the chips in RFID tags, on the ground that the owner of the tag has an intellectual property right in the chip. De-activating the tag could arguably be treated as an infringement of that right”.

8.2. Data security

Relevant approaches to RFID security in relation to inanimate objects have been discussed in the literature. Gao [60] summarises these methods as “killing tags at the checkout, applying a rewritable memory, physical tag memory separation, hash encryption, random access hash, and hash chains”. Transponders that are embedded within the body pose a different type of data security requirement though. They are not in the body so they can be turned off, this being a circumvention of the original purpose of implantation. Instead, they are required to provide a persistent and unique identifier. In the US however, also thwarting an original purpose, a study has shown that some RFID transponders are capable of being cloned, meaning the prospect of fraud or theft may still exist [61]. One possibility, as proposed by Perakslis and Wolk [22], is the added security of saving an individual’s feature vector onboard the RFID chip. Biometrics too, however, is fraught with its own problems [62]. Despite some moves in criminal justice systems, it is still controversial to say that one’s fingerprint or facial image should be held on a public or private database.

Unfortunately, whatever the security, researchers like Stanford believe it is a “virtual certainty” that tags and their respective systems “will be abused” by some providers [57]. Here, the main risk for consumers involves third parties gaining access to personal data without prior notice. To this end, gaining and maintaining the trust of consumers is essential to the success of the technology. Mature trust models need to be architected and implemented, but more importantly they need to be understood outside of an academic context. Though it is important that trust continues to grow as an area of study within the e-commerce arena, it will be the practical operation of oversight companies like VeriSign in these early days of global information gathering which will allow consumers to create their own standards and opinions.

Outside of clear ethical concerns regarding third-party interests in information, another temptation for service providers surrounds the use of data to target individual consumer sales in value-added services and service-sets relying on location information. Though not an extreme concern in itself, we note that any such sales will face the more immediate concern of deciding on a secure and standard location for implants. For now live services place the implant in the left or right arm but the problems with designating such a zone surround the possibility of exclusion. What if the consumer is an amputee or has prosthetic limbs? Surely the limited space of the human body means that certain things are possible, while others are not. Thus, recognizing the limitations of the human body, will service providers brand transponders and allow multifunctional tags for different niche services? Which party then owns the transponder? The largest service provider, the government or agency acting as an issuer, or the individual? Who is responsible for accuracy and liable for errors? And more importantly, who is liable for break-downs in communication when services are unavailable and disaster results?

8.3. Ethical considerations

Molnar and Wagner [63] ask the definitive question “[i]s the cost of privacy and security “worth it”?” Stajano [64] answers by reminding us that, “[t]he benefits for consumers remain largely hypothetical, while the privacy-invading threats are real”. Indeed, when we add to privacy concerns the unknown health impacts, the potential changes to cultural and social interaction, the circumvention of religious and philosophical ideals, and a potential mandatory deployment, then the disadvantages of the technology seem almost burdensome. For the present, proponents of emerging humancentric RFID rebuke any negatives “under the aegis of personal and national security, enhanced working standards, reduced medical risks, protection of personal assets, and overall ease-of-living” [22]. Unless there are stringent ethical safeguards however, there is a potential for enhanced national security to come at the cost of freedom, or for enhanced working standards to devalue the importance of employee satisfaction. The innovative nature of the technology should not be cause to excuse it from the same “judicial or procedural constraints which limit the extent to which traditional surveillance technologies are permitted to infringe privacy” [58].

Garfinkel et al. [61] provide a thorough discussion on key considerations in their paper. Though their main focus is on users of RFID systems and purchasers of products containing RFID tags, the conclusions drawn are also relevant to the greater sphere of humancentric RFID. Firstly, Garfinkel et al. begin by stipulating that a user has the right to know if the product they have purchased contains an RFID tag. In the current climate of human transponder implant acceptance, it is safe to assume that an individual who has requested implantation knows of their implant and its location. But, does the guardian of an Alzheimer’s patient or adult schizophrenic, have the right to impose an implant on behalf of the sufferer for monitoring or medical purposes [65]?

Secondly, the user has the right to have embedded RFID tags “removed, deactivated, or destroyed” [61] at or after purchase. Applied to humancentric implantation, this point poses a number of difficulties. The user cannot remove the implant themselves without some physical harm, they have no real way of finding out whether a remaining implant has in fact been ‘deactivated’, and destroying an implant without its removal from the body implies some form of amputation. Garfinkel et al.’s third ethical consideration is that an individual should have alternatives to RFID. In the embedded scenario users should then also have to ability to opt-in to new services and opt-out of their current service set as they see fit. Given the nature of RFID however, there is little to indicate the success or failure of a stipulated user requested change, save for a receipt message that may be sent to a web client from the server. Quite possibly the user may not be aware that they have failed to opt out of a service until they receive their next billing statement.

The fourth notion involves the right to know what information is stored on the RFID transponder and whether or not this information is correct, while the fifth point is “the right to know when, where and why a RFID tag is being read” [61]. This is quite difficult to exercise, especially where unobtrusiveness is considered a goal of the RFID system. In the resultant struggle between privacy, convenience, streamlining and bureaucracy, the number of times RFID transponders are triggered in certain applications may mean that the end-user is bombarded with a very long statement of transactions.

8.4. The privacy fear and the threat of totalitarianism?

Mark Weiser, the founding father of ubiquitous computing, once said that the problem surrounding the introduction of new technologies is “often couched in terms of privacy, [but] is really one of control” [59]. Indeed, given that humans do not by nature trust others to safeguard our own individual privacy, in controlling technology we feel we can also control access to any social implications stemming from it. At its simplest, this highlights the different focus between the end result of using technology and the administration of its use. It becomes the choice between the idea that I am given privacy and the idea that I control how much privacy I have. In this regard, privacy is traded for service.

Fig. 1. The privacy-security trade-off.

What some civil libertarians fear beyond privacy exchange though is a government-driven mandatory introduction of invasive technologies based on the premise of national security. While the safety and security argument has obviously paved the way for some technologies in response to the new environment of terrorism and identity fraud [38], there is now a concern that further advancements will begin to infringe on the freedoms that security paradigms were originally designed to protect. For invasive technology like humancentric RFID, the concerns are multiplied as the automated nature of information gathering means that proximity to a reader, and not personal choice, may often be the only factor in deciding whether or not a transponder will be triggered. Though most believe that government-imposed mandatory implantation is a highly unlikely outcome of advancements in humancentric RFID, it should be recognised that a voluntary implantation scheme offers negligible benefits to a government body given the incompleteness of the associated data set. This is equally true of private enterprises that mandate the use of transponders in employees, inmates or other distinct population groups.

Where the usability context of control then becomes the realm of government organizations and private enterprise, RFID regulation is increasingly important. Not only is regulation necessary for ensuring legitimacy in control-type applications, it is also needed to prevent the perversion of convenience and care-related uses. For example, many of those implanted with RFID transponders today might consider them to be life-saving devices and the service-oriented nature of these applications means they must clearly remain voluntary (Table 2). If the data collected by the device was also to be used for law enforcement or government surveillance purposes however, users may think twice about employing the technology. In regulating then we do not want to allow unrestricted deployment and unparalleled capabilities for commercial data mining, but nor should we allow a doomsday scenario where all citizens are monitored in a techno-totalitarian state [61]. Any scope for such design of regulations must be considered in light of the illustrated privacy/security trade-off (Fig. 1). Taking any two vertices of the government – service provider – consumer triangle, privacy or security (which can often be equated with ‘control’) will always be traded in relation to the third vertex. For example, where we combine government and service providers in terms of security regulations and the protection of national interests, the consumer is guaranteed to forgo certain amounts of privacy. Similarly, where we combine government and the consumer as a means of ensuring privacy for the individual, the service provider becomes limited in the control it holds over information gathered (if indeed it is still allowed to gather information).

Table 2. Mapping contexts to the environment

9. Conclusion

In the current state of humancentric development, stand-alone applications exist for control, convenience and care purposes, but as control is the dominant context its effects can be seen in other application areas. Applications are also influenced by power and processing confines, and as such, many functions have simple bases in identification or monitoring. Application usage is made more complex however, as a need for peripherals (including readers and information storage systems) is restrained by a lack of industry standards for interoperability. Though the technology has been deemed feasible in both research and commercially approved contexts, the market for humancentric applications of RFID is still evolving. Initial adoption of the technology has met with some success but, as research continues into humancentric applications of RFID, the market is still too niche for truly low-cost, high-quality application services. Any real assessment of the industry is further prejudiced by commercial monopoly and limited research into the long-term effects of use. Coupled with security and privacy concerns, then the long-term commercial viability for humancentric applications of RFID is questionable. In the short- to medium-term, adoption of humancentric RFID technology and use of related applications will be hindered by a lack of infrastructure, a lack of standards, not only as to interoperability but also as to support for service and transponder placement, and the lack of response from developers and regulators to mounting ethical dilemmas.

References

[1] D. Icke, Has the old ID card had its chips? Soldier Magazine (2001)

[2] Applied Digital Solutions, Applied Digital Solutions Announces Working Prototype of Subdermal GPS Personal Location Device, Press Release, April 13, 2003.

[3] P. Eng, I Chip? ABC News.com, March 1, 2002.

[4] C. Murray, Injectable chip opens door to human bar code, EETimes, January 7, 2002. Available from: <http://www.eetimes.com/story/OEG20020104S0044>.

[5] J. Wilson, Girl to get tracker implant to ease parents’ fears, the guardian. Available from: <http://www.guardian.co.uk/Print/0,3858,4493297,00.html>.

[6] J. Sanchez-Klein, And Now For Something Completely Different, PC World Online, August 27, 1998. Available from: ProQuest.

[7] S. Witt, Professor Warwick Chips In, Computerworld, 33 (2) (1999), pp. 89-90

[8] K. Warwick, Cyborg 1.0, Wired Magazine 8.02, February 2000. Available from: <http://www.wired.com/wired/archive/8.02/warwick.html>.

[9] R. Woolnaugh, A man with a chip in his shoulder, Computer Weekly [Online], June 29, 2000. Available from: Expanded Academic Index.

[10] C. Holden, Hello Mr Chip, Science [Online], March 23. 2001. Available from: ProQuest.

[11] G. Vogel, Part Man, Part Computer, Science [Online], 295 (5557), February 8, 2002, p. 1020. Available from: Expanded Academic Index.

[12] R. Kobetic et al., Implanted functional electrical simulation system for mobility in paraplegia: a follow-up case report, IEEE Transactions on Rehabilitation Engineering [Online], December, 1999. Available from: ProQuest.

[13] C. Murray, Prodigy seeks out high-tech frontiers, Electronic Engineering Times [Online], February 25, 2002. Available from: ProQuest.

[14] J. Black, Roll up your sleeve – for a chip implant, Business Week Magazine [Online], March 21, 2002. Available from: <http://www.businessweek.com/bwdaily/dnflash/mar2002/nf20020321_1025.htm>.

[15] L. Grossman, Meet The Chipsons, Time New York, 159 (10) (2002), pp. 56-57

[16] B. Gengler, Chip implants become part of you, The Australian, September 10, 2002.

[17] K. Michael, The technological trajectory of the automatic identification industry, Ph.D. Thesis, School of Information Technology and Computer Science, University of Wollongong, Australia, 2003.

[18] A. Masters, Humancentric applications of RFID, BInfoTech (Hons) Thesis, School of Information Technology and Computer Science, University of Wollongong, Australia, 2003.

[19] K. Michael, M.G. Michael, Microchipping people: the rise of the electrophorus Quadrant, 414 (2005), pp. 22-33

[20] L. Perusco, K. Michael, Humancentric Applications of Precise Location-Based Services, IEEE Conference on e-Business Engineering, IEEE Computer Society, Washington (2005), pp. 409–418

[21] K. Johnston, RFID transponder implants: a content analysis and survey, BInfoTech (Hons) Thesis, School of Information Technology and Computer Science, University of Wollongong, Australia, 2005.

[22] C. Perakslis, R. Wolk, Social acceptance of RFID as a biometric security method, in: Proceedings of the IEEE Symposium on Technology and Society, 2005, pp. 79–87.

[23] J. Gerdeman, Radio frequency identification application 2000, North Carolina, USA, 1995.

[24] K. Finkinzeller, RFID Handbook: Radio-Frequency Identification Fundamentals and Applications, England, 2001.

[25] R. Geers et al., Electronic Identification, Monitoring and Tracking of Animals, United Kingdom, 1997.

[26] R. Yin, The case study method as a tool for doing evaluation, Current Sociology, 40 (1) (1998), p. 123

[27] C. Thomas, N. Bevan, Usability Context Analysis: A Practical Guide, Middlesex, UK, 1996.

[28] Vxceed Technologies, RFID Technology, 2003. Available from: <http://www.vxceed.com/developers/rfid.asp>.

[29] Automatic ID News, Radio Frequency Identification (RF/ID), 1998. Available from: <http://www.autoidenews.com/technologies/concepts/rfdcintro.htm>.

[30] K. Hall, Students tagged in bid to keep them safe, The Japan Times, 2004. Available from: <http://search.japantimes.co.jp/print/news/nn10-2004/nn20041014f2.htm>.

[31] M. Wood, RFID: Bring It On, CNET.com, 2005. Available from: <http://www.cnet.com/4520-6033_1-6223038.html>.

[32] M. Hawthorne, Refugees meeting hears proposal to register every human in the world, Sydney Morning Herald [Online], 2001. Available from: <http://www.iahf.com/other/20011219.html>.

[33] D.B. Kitsz, Promises and problems of RF identification, in: R. Ames (Ed.), Perspectives on Radio Frequency Identification: What is it, Where is it going, Should I be Involved? Van Nostrand Reinhold, New York, pp. 1-19–1-27.

[34] R. Want, et al.The Active Badge Location System, ACM Transactions on Information Systems, 10 (1) (1992), pp. 91-102

[35] W. Saletan, Call my cell, Slate Magazine, May, 2005. Available from: http://slate.msn.com/id/2118117.

[36] J. Scheeres, Politician wants to get chipped, Wired News, February 15, 2002. Available from: <http://www.wired.com/news/print/0,1294,50435,00.html>.

[37] Applied Digital Solutions, Protected by VeriChip™ – Awareness Campaign Continues – VeriChip To Exhibit At Airport Security Expo in Las Vegas, Press Release, July 2, 2002.

[38] K. Michael, A. Masters, Realised applications of positioning technologies in defense intelligence, in: H. Abbass, D. Essam (Eds.), Applications of Information Systems to Homeland Security and Defense, IDG Press, pp. 167–195.

[39] L. Nadile, Call Waiting: A Cell Phone ATM, Wired News. Available from: <http://www.wired.com/news/business/0,1367,41023,00.html>.

[40] J.C. Ramo, The Big Bank Theory and what it says about the future of money, Time, April 27, 1998, pp. 46–55.

[41] S. Dennis, UK Professor Implants Chip, Turns Himself Into Cyborg, Newsbytes, 1998. Available from: <http://www.newsbytes.com/pubNews/110782.html>.

[42] Texas Instruments, Loyally Yours, TIRIS News, 1997. Available from: <http://www.ti.com/tiris/docs/manuals/RFIDNews/Tiris_NL17>.

[43] K. Warwick, Project Cyborg 2.0. Available from: <http://www.rdg.ac.uk/KevinWarwick/html/project_ cyborg_2_0.html>.

[44] W. Underhill, Merging Man and Machine, Newsweek [Online], October 14, 2002. Available from: Expanded Academic Index.

[45] T. Seneadza, Biosensors – A Nearly Invisible Sentinel, Technically Speaking, July 21, 2003. Available from: <http://tonytalkstech.com/archives/000231.php>.

[46] P.L. Harrison, The Body Binary, Popular Science, October, 1994. Available from: <http://www.newciv.org/nanomius/tech/implants>.

[47] M-Biotech: Biosensor Technology. M-Biotech Salt Lake City, 2003. Available from: <http://www.m-biotech.com/technology1.html>.

[48] IEEE, Biomimetic Systems: Implantable, Sophisticated, and Effective. IEEE Engineering in Medicine and Biology 24(5) Sept/Oct (2005).

[49] Cochlear, Nucleus 24 Cochlear Implant, 1999. Available from: <http://www.Cochlear.com/euro/nucleussystems/ci24m.html>.

[50] Sun-Sentinel, The Smart Pill, Sun-Sentinel News: The Edge, 2003. Available from: <http://www.sun-sentinel.com/graphics/news/smartpill>.

[51] J. Rizzo, J. WyattProspects for a visual prosthesis, The Neuroscientist, 3 (4) (1997) Available from: http://rleweb.mit.edu/retina/a2.page1.html

[52] G.T.A. Kovacs, The nerve chip: technology development for a chronic neural interface, Stanford University, 1997. Available from <http://guide.stanford.edu.ezproxy.uow.edu.au/publications/dev4.html>.

[53] K. Michael, A. Masters, Applications of human transponder implants in mobile commerce, in: Proceedings of the Eighth World Multiconference on Systemics, Cybernetics and Informatics, Florida, vol. 5, 2004, pp. 505–512.

[54] Applied Digital Solutions, Press Release VeriChip™ Subdermal Personal Verification Microchip To Be Featured At IDTechex Smart Tagging In Healthcare, Conference in London, April 28–29, 2003.

[55] RFID News, International Standards Organization Returns RFID Standard For Animal Use To Working Group For Major Revisions, RFID News, 2002. Available from: <http://www.rfidnews.com/returns.html>.

[56] J. Kumagi, S. CherrySensors and sensibility, IEEE Spectrum, 41 (7) (2004), pp. 22-26, 28

[57] V. StanfordPervasive computing goes that last hundred feet with RFID Systems, IEEE Pervasive Computing, 2 (2) (2003), pp. 9-14

[58] I.-E. Papasliotis, Information technology: mining for data and personal privacy: reflections on an impasse, in: Proceedings of the 4th International Symposium on Information and Communication Technologies, 2004, pp. 50–56.

[59] O. Günther, S. Spiekermann, Tagging the world: RFID and the perception of control Communications of the ACM, 48 (9) (2005), p. 74

[60] X. Gao, et al.An approach to security and privacy of RFID system for supply chain, IEEE International Ecommerce Technology for Dynamic e-Business. (2004), pp. 164-168

[61] S.L. Garfinkel, A. Juels, R. Pappu, RFID privacy: an overview of problem and proposed solutions, IEEE Security and Privacy Magazine, 3 (3) (2005), pp. 38-43

[62]J.D. Woodward, Biometrics: privacy’s foe or privacy’s friend? Proceedings of the IEEE, 85 (9) (1997), pp. 1480-1492

[63] D. Molnar, D. Wagner, Privacy: privacy and security in library RFID: issues, practices, and architectures, in: Proceedings of the 11th ACM Conference on Computer and Communications Security, 2004, p. 218.

[64] F. Stajano, Viewpoint: RFID is X-ray vision, Communications of the ACM, 48 (9) (2005), p. 31

[65] J.E. Dobson, P.F. Fisher, Geoslavery, IEEE Technology and Society Magazine, 22 (1) (2003), p. 47

Keywords: Radio-frequency identification, Transponders, Chip implants, Humancentric applications, Usability context analysis, Location tracking, Personal privacy, Data security, Ethics

Citation: Amelia Masters and Katina Michael, "Lend me your arms: The use and implications of humancentric RFID, Electronic Commerce Research and Applications, Vol. 6, No. 1, Spring 2007, Pages 29-39, DOI: https://doi.org/10.1016/j.elerap.2006.04.008

The Auto-ID Trajectory - Chapter One Introduction

This thesis is concerned with the automatic identification (auto-ID) industry which first came to prominence in the early 1970s. Auto-ID belongs to that larger sector known as information technology (IT). As opposed to manual identification, auto-ID is the act of identifying a living or nonliving thing without direct human intervention. Of course the process of auto-ID data capture and collection requires some degree of human intervention but the very act of authenticating or verifying an entity can now be done automatically. An entity can possess a unique code indicating personal identification or a group code indicating conformity to a common set of characteristics. Some of the most prominent examples of auto-ID techniques that will be explored in this thesis include bar code, magnetic-stripe, integrated circuit (IC), biometric and radio-frequency identification (RF/ID). The devices in which these techniques are packaged include labels and tags, card technologies, human feature recognition, and implants. Generally the devices are small in size, not larger than that of a standard credit card.

Read More

The Auto-ID Trajectory - Chapter Two Literature Review

The primary purpose of the literature review is to establish what relevant research has already been conducted in the field of auto-ID innovation. It is through this review of the broader research topic that a specific proposal can be accurately formulated. First, a critical response to the literature on technological innovation is required. Second, a thorough evaluation of research on auto-ID technologies is necessary. Third, an attempt to locate works that deal with both innovation and auto-ID will be made. If these works are scant, then the question of whether this warrants a sufficient gap for further research will be posed. Can this thesis act to fill the void in the literature by offering a first attempt at understanding the innovation of technologies in the auto-ID industry?

Read More

The Auto-ID Trajectory - Chapter Five The Development of Auto-ID Technologies

In this chapter the story behind the development of individual auto-ID technology will be explored. First to highlight the importance of incremental innovation within auto-ID; second to show the growth of the auto-ID selection environment as being more than just bar code and magnetic-stripe technology; third to point to the notion of technological trajectory as applied to auto-ID; fourth to highlight the occurrence of creative symbiosis taking place between various auto-ID devices; and fifth to establish a setting in which results in the forthcoming chapters can be interpreted. The high-level drivers that led to each invention will also be presented here as a way to understand innovation in the auto-ID industry.

Read More

The Auto-ID Trajectory - Chapter Seven: Ten Cases in the Selection and Application of Auto-ID

The overall purpose of this chapter is to present the auto-ID selection environment by exploring ten embedded case studies. The cases will act to illustrate the pervasiveness of each auto-ID technology within vertical sectors which are synonymous with the technology’s take up. The focus will now shift from the technology provider as the central actor to innovation (as was highlighted in ch. 6) to the service provider stakeholder who adopts a particular technology on behalf of its members and end users. It will be shown that new commercial applications do act to drive incremental innovations which shape a technology’s long-term trajectory. The four levels of analysis that will be conducted can be seen in exhibit 7.1 below, with three examples to help the reader understand the format of the forthcoming micro-inquiry. This chapter dedicates equal space to each case and for the first time will show that coexistence between auto-ID technologies is not only possible but happening presently, and very likely to continue into the future.

Read More

The Auto-ID Trajectory - Chapter Ten: Conclusion

The principal conclusions from the findings given in chapter nine are threefold. First, that an evolutionary process of development is present in the auto-ID technology system (TS). Incremental steps either by way of technological recombinations or mutations have lead to revolutionary changes in the auto-ID industry- both at the device level and at the application level. The evolutionary process in the auto-ID TS does not imply a ‘survival of the fittest’ approach,[1] rather a model of coexistence where each particular auto-ID technique has a path which ultimately influences the success of the whole industry. The patterns of migration, integration and convergence can be considered either mutations or recombinations of existing auto-ID techniques for the creation of new auto-ID innovations. Second, that forecasting technological innovations is important in predicting future trends based on past and current events. Analysing the process of innovation between intervals of widespread diffusion of individual auto-ID technologies sheds light on the auto-ID trajectory. Third, that technology is autonomous by nature has been shown by the changes in uses of auto-ID; from non-living to living things, from government to commercial applications, and from external identification devices in the form of tags and badges to medical implants inserted under the skin.

Read More