A Commodified World: Sensor tracking and its implications

In a new report from the McKinsey Quarterly, a business journal from McKinsey & Company, one of the most recognized firms in the Management Consulting Industry¹, businesses are increasingly using RFID tags and sensors to track their products, relaying information about their supply chain process. This is a very great tool for supply chain management, as it massively cuts down on the amount of overhead needed to cover shortages and inventory turnover time. We had a speaker from Microsoft come to the InfoSys class on Wednesday to talk about cloud computing. One of the sections was about the ad hoc datacenters that are sent out in tractor trailers to the makeshift site. While en route out of the distribution center, a scanner scans all the RFID tags embedded in the servers to catalog which servers are on which truck. This would greatly increase ease of use when individual servers go down or need repairs. A very innovative use of a tracking system to mitigate costs and keep order in the mass of servers.

This tool could be used for other purposes, however. The report also points out current uses for this technology that are not supply chain-related:

“Pill-shaped microcameras already traverse the human digestive tract and send back thousands of images to pinpoint sources of illness. Precision farming equipment with wireless links to data collected from remote satellites and ground sensors can take into account crop conditions and adjust the way each individual part of a field is farmed—for instance, by spreading extra fertilizer on areas that need more nutrients. Billboards in Japan peer back at passersby, assessing how they fit consumer profiles, and instantly change displayed messages based on those assessments.”

These uses, while rather benign in nature, can lead to certain invasions of privacy. The article also mentions that companies are embedding these sensors into their charge cards and monitoring which consumers buy what items, what their backgrounds are, and when they buy them…. in order to maximize profits by offer point-of-sale discounts. This sounds great for businesses, but, as a consumer, do I really want people to know that much about me? Granted, I signed up for the card, but how do I know that data is being adequately secured and not sold to information aggregators?

These new applications for RFID technology will make great changes both in how business form models of economic behavior and how consumers modify their own behavior. Consumers, in order to remain unbiased and independent (if that is desirable), will have to maintain some form of control over their own information and have to become much more proactive about finding information about company practices and policies in aspects of privacy and security. This also brings up the options that out national government has available to it in order to prevent information abuse, such as identity theft and corporate abuse of License Agreements.

An article by Rolf Weber in the Computer Law & Security Review details how governments can tailor their laws to respond to these new technologies. It notes four main areas of concern with new legislation regarding information security: Globality, Verticality, Ubiquity, and Technicity. Globality refers to the international nature of the import/export consumerist system. Verticality refers to the duration of use for these sensors, possibly requiring long-term effectiveness. Ubiquity refers to the all-encompassing nature of the Internet of Things, meaning everything in nature should be considered under the purview of these protective laws. Technicity refers to the various technical specifications of the sensors and readers themselves and their range, possibly international in scope.

These four sectors of concern for information security laws bring up some excellent questions for users of this new sensor technology which would allow real-time data to be collected and business models adjusted on the spot. What kind of consent would be required to collect this data and use it to tailor their business model? Would it require consent on the level of signing a contract, or would simply walking into one of their stores suffice? Would this have to be posted on entry? What about if you buy one of their products… since the RFID tag comes along with the product, do we implicitly allow monitoring and sending this data? These questions are the kinds of questions that consumers should ask, because an informed consumer is a protected consumer.

Now, having covered the issues regarding consumer security, what does this technology imply for businesses? How would businesses respond to this technology? Obviously, these sensors would cut down on inventory waste, streamlining the supply chain process…. but could the company also require employees to carry RFID tags on their name badges? Would being employed by the company come with implicit consent for their monitoring? Companies currently monitor their employees online usage, even when at home, and have even fired employees for their behavior away from work. Is this ethical? Is this a form of social control? What else is a company allowed to demand of its employees in return for their continued employment?

One of the most important laws that can be created is a law requiring transparency in the use of this technology. When RFID is used, it should be apparent to all users, what information is being collected and for what purpose. This should be the bedrock in a liberal democracy, where the freedom of information is held paramount. However, the next most important legislation should concern privacy. Consumers should have to give explicit consent, contractually, with the use of RFID being explicit in the contract. Consumers should have to opt-in to the collection of their information, instead of having to opt-out. There should also be laws concerning the use of jamming equipment. If hospitals or infrastructure were to use RFID technology, some paranoid citizen should not be able to jam their equipment in an emergency, just the same as protocol requires that electronic devices permit interference when an emergency system requires the bandwidth usage. Also, hijackers should not be allowed to collect data from the RFID tags that are not theirs to use, such as a company infiltrating a civil servant’s government RFID badge for their information.

There are many concerns within the area of RFID technology, with its benefits and consequences, which must be addressed if we, as consumers, are to have any hope at retaining privacy or security of identity.