From the issue dated August 6, 2004
|
|
|
Talking TagsNew high-tech labels help libraries track books, but worry privacy advocates
Some college libraries have replaced the bar codes on their books with high-tech tags that can silently transmit information, a change that might escape the notice of most patrons. But privacy advocates hope you take a closer look. The new tags use radio-frequency identification, or RFID. They have made the news recently as a tool to make retail stores more efficient at inventory control and theft prevention -- and also as a potential source of snooping. Recently, libraries have starting adopting the tags as well. With their encased microchips, RFID tags can transmit information to devices designed to pick up the signals and interpret them. Some privacy advocates worry that a day will come when a library book's tag could broadcast information about a patron to anyone nearby with a tag-reading device -- stalkers, snoops, corporate marketers, or G-men. Librarians are weighing such concerns against the benefits the technology could bring. The tags are easy to use, allowing a library to set up automated or self-check-out stations. And with RFID, taking inventory is a snap: A tag-reading device waved across a shelf can check all the tags on the shelf against a database to find books that are out of order, thought lost, or rarely checked out and ready for remote storage. More than 300 libraries in the United States have adopted RFID. Most of them are public libraries, but some are college libraries, including those at California State University at Long Beach, North Lake College, and Providence College. Librarians typically guard patron privacy closely, and so they are carefully reviewing the new technology. Privacy advocates fear that books bearing the new tags might make it easy for government agents armed with subpoenas or hackers armed with know-how to find out who is reading what, and when. Peter E. Murray, assistant to the director for technology initiatives at the University of Connecticut's libraries, which have adopted RFID, says he doesn't believe the technology is a threat to patrons' privacy. "But it's a good point to start this discussion of the technology," he says. "If it is accepted in the library, it can be accepted anywhere, and if the library can serve as the instigator of that discussion, more power to us." The RFID technology has been around for decades, and the transmitting tags that hold the data come in different shapes and sizes. RFID is already in use in the E-ZPass boxes that hang in cars and transmit payments at toll stops on some highways. More than 60 years ago, the British used RFID to identify incoming planes during World War II. Today RFID tags can be smaller than the head of a pin, and the types used in retail cost mere pennies. How It Works The RFID tags that college libraries generally use are flat adhesive labels, a little bigger than a half-dollar coin, with a swirling, silvery antenna surrounding a tiny microchip. The antenna picks up signals sent out by nearby "reader" devices (which come in several forms, from handgun-shaped to flat pads) from one to three feet away. The readers transmit back any information programmed on the chip, usually a book-identification number. Unlike a bar-code reader, which must be pointed directly at a coded object with nothing blocking the way, the RFID reader can pick up a signal through a book bag or a coat. RFID tags used in libraries cost about 50 to 80 cents and are durable, guaranteed to last as long as the books on which they are stuck. At the University of Nevada at Las Vegas, which agreed to serve as a test site for tags marketed by 3M, the company's engineers mimicked abuse by patrons. They parked a black car in the Nevada desert and put a book with an RFID tag on the dashboard. The inside of the car reached 240 degrees, but the tag survived. RFID readers at checkout counters usually are flat black pads. A librarian simply sets a stack of books on the pad and the reader picks up the signals from all of the books, marks them as checked out in the library database, and in some models disables a theft-prevention setting that would trip alarms at a gate at the front door. (Many college libraries use hidden electromagnetic tape for theft prevention because RFID tags are relatively conspicuous and easy to tear off.) Careful Coding So far, many libraries have been careful to store very little information on their RFID tags. Jennifer L. Fabbi, director of the curriculum-materials library at the University of Nevada at Las Vegas, says that her library stores nothing but bar-code numbers on the tags. Those numbers, she says, are meaningless apart from the library catalog, which is guarded by security software. The libraries at the university were among the first in the country to adopt RFID. But she did not think about the privacy and ethical concerns raised by the tags until she prepared to speak about RFID at the annual American Library Association conference, in June. "I really had to stop and think, What privacy and ethical issues?" she says. "We have not talked about that here." She says that many of the privacy concerns might be based on some "misperceptions" about RFID. At the library conference, worried librarians could be heard in the halls talking about tracking library RFID tags via satellite. Although some RFID transmitters can be tracked from long distances, that's not possible with the kinds of tags used on library books. Other people might think that there is a mother lode of information on the chip, she says, or that hand-held RFID readers are commonplace. For now, readers are expensive and relatively rare, she says. And of the half-dozen marketers of RFID technology for libraries, none of them use a common, standard system, she says, so a snoop would have to carry readers from several different companies. The more information libraries store on the chip, the more risk, she says. But she thinks the risk is relatively low in any case. "Is it outlandish for people to be tracked by their RFID tags?" she says. "Yes, I'm not personally worried about it. But I can't speak for what could happen in the future." Lee Tien, a lawyer at the Electronic Frontier Foundation who specializes in free-speech law and privacy, has been a prominent critic of the use of RFID by libraries. He knows that a reader device has to be within a few feet of a tag to "talk" to it, but that doesn't worry him any less. That is a suitable range for an RFID reader affixed to a doorway or security gate. "We always say that read range is a red herring when it comes to the ability for people to use RFID for tracking," he says. He paints a scene to illustrate his point: A government building could have an RFID reader set up at a doorway. A person could walk in with a library book in a bag and sign in at a security gate. The bar code on an RFID tag could be picked up and connected to an identity. From there, the information could be used a number of ways, he says. Government officials could subpoena the catalogs of local libraries, or snoops could go to the library, scan the codes on controversial or hot books, and put those on a database that the RFID readers could watch for. Smart hackers wouldn't have to visit the library -- they could simply crack into the library database and gather the information they want, he says. "As far as I know, there are no high-security firewalls around library databases, like there are around the databases that we routinely read about being hacked into," he says. Those engaged in surveillance might not even be interested in the title of a book. The anonymous bar codes on RFID tags could be used to track a person. As he or she walks from building to building, the RFID readers at the doors would pick up the bar code, and surveillance programs could connect that number to a time and place. Mr. Tien admits that for such scenarios to occur, RFID readers would have to be pervasive and databases linked -- and that is perhaps years from becoming reality. But he and other privacy experts insist that these are real possibilities, not science fiction. John Han, a research assistant at the Samuelson Law, Technology, and Public Policy Clinic at the University of California at Berkeley, has studied RFID in libraries and the related privacy issues. "Personally, I don't think there is a cause for immediate concern," he says, but look at the trends in industry for a glimpse of the future: Big companies like Wal-Mart are pushing suppliers to adopt RFID. Companies are already thinking about how RFID tags on products can be used beyond purchase -- for example, how a tag on a shirt could tell a washing machine what water temperature and spin cycle to use. "So many items will be tagged, that at that point, the risk of these tags being read continuously is much greater," he says. "There will be readers at restaurants, in retail settings." He points out that Nokia is already designing a cellphone with an on-board RFID reader. Security guards would use it to check in with RFID tags posted at various locations on their rounds. And although RFID manufacturers use different operational standards now, he says, "what traditionally happens with standards is that they converge into one standard after a number of years." Emerging Standards Companies that sell RFID systems are starting to discuss ways to operate on common standards, says Rebekah E. Anderson, a marketing manager with 3M Library Systems. "The privacy people are making good points," she says. "You have to go forward with your eyes open." Ms. Anderson says that 3M tells library customers to store a minimum amount of information on the tags, both for privacy protection and to maintain good system performance. (The more information on the tag, the more time the tag takes to transmit that information.) She says that libraries have always had to worry about privacy, and guard against snoops peering at materials. "The thing that RFID changes is this contactless reading, which raises a whole lot of issues," she says. "You have to look at the value that you are getting out of the technology versus the risks." The risks, for now, are low, she says. And librarians are quick to point out the value. Ms. Fabbi says that checkout transactions are quicker using RFID because the librarian doesn't have to scan bar codes on books one by one. "That cuts down on repetitive-stress injuries," she says. And with RFID tags and a hand-held reader, librarians can more easily take inventories, a cumbersome task. "It pushes libraries to do things that they put off," she says. The University of Nevada libraries found more than 500 lost items after officials tagged 600,000 items in its collection -- which saved the library $40,000 in replacement costs. The library does inventories more frequently now. At the University of Connecticut, RFID tags have allowed the library to set up self-checkout stations. That has freed up staff members, whose salaries total about $120,000, for other tasks around the library. Patrons' privacy is more secure, Mr. Murray says, because even library staff members don't see what people check out at those stations. He says the library is now considering purchasing automated book-drop-off stations that use RFID readers. With such stations, a patron places a book on a conveyor belt; the belt runs the book past a reader, marks it as returned, then drops it into one of several bins, depending on where the book needs to be reshelved. To him, the value of the tags is obvious, while the privacy threats are remote, and speculative. "There is a little bit of science fiction" in talk of snoops lurking with RFID readers, he says. "Is it possible someday? Maybe." http://chronicle.com Section: Information Technology Volume 50, Issue 48, Page A29 | |||||||||||||||
Copyright © 2004 by The Chronicle of Higher Education