RFID poses serious privacy risk, says GAO
In a report published on Friday, the Government Accountability Office said 13 of the largest federal agencies are already using RFID or plan to use it. But only one of 23 agencies polled by the GAO had identified any legal or privacy issues - even though three admitted RFID would let them track employee movements.
SUMMARY OF THE REPORT
RFID technology can provide new capabilities as well as an efficient method for federal agencies, manufacturers, retailers, and other organizations to collect, manage, disseminate, store, and analyze information on inventory, business processes, and security controls by providing real-time access to information. Several federal agencies have already begun testing and using the technology for access control and tracking and tracing assets and documents.
Because various standards exist based on the application and the industry or country in which it is used, interoperability may also be a factor to consider, although a single, common set of standards may not be necessary among different applications.
Few legal issues associated with RFID implementation were raised by the agencies. The use of the technology, however, raises several security and privacy considerations that may affect federal agencies’ decisions to implement the technology. Key security issues include protecting the confidentiality, integrity, and availability of the data and information systems. The privacy issues include notifying consumers; tracking an individual’s movements; profiling an individual’s habits, tastes, and predilections; and allowing for secondary uses of information. In addition, other areas such as the reliability, placement, and availability of tags, along with the cost and benefits of implementation and environmental concerns, are factors to consider. As agencies continue to deliberate over implementation, the considerations we identified are among the key factors to address.