2004 UCLA J.L. & Tech. 5
Relax Don't Do It: Why RFID Privacy Concerns are Exaggerated and Legislation is Premature
* Managing Editor, 2004-05, Federal Circuit Bar Journal; J.D. expected May 2005, George Mason University School of Law; B.A. in Political Science, August 1999, Florida International University. The author would like to thank Lawrence Greenberg and Gerard Stegmaier for helping him navigate the waters of privacy.1. Klaus Finkenzeller, RFID Handbook: Fundamentals and Applications in Contactless Smart Cards and Identification (Rachel Waddington trans., John Wiley & Sons Ltd 2d ed. 2003) (1999).
2. Id. at 2-7.
3. Id. at 1.
4. The Uniform Code Council, a nonprofit standards-setting body, developed the Universal Product Code (UPC) in the 1970s. The UPC was first a tool for grocery supply-chain control and checkout but soon spread to all parts of commerce. In 1974, an ad-hoc committee in Europe developed a UPC-compatible code called the European Article Numbering (EAN) system. Today, the system is known as the “EAN.UCC System” and is managed by the UCC and EAN International. UCC joined the EAN. http://www.uc-council.org/ean_ucc_system/stnds_and_tech/eanucc-faq.html). See Uniform Code Council, The Universal Product Code, at http://www.uc-council.org/upc_background.html (last visited June 22, 2004); EAN International, About EAN International – History, at http://www.ean-int.org/history.html (last visited June 22, 2004).
5. Finkenzeller, supra note 1, at 8.
6. Id. at 7-8.
7. Id. at 8.
8. Mario Cardullo, Genesis of the Versatile RFID Tag, RFID Journal, at http://www.rfidjournal.com/article/articleview/392/1/2/ (last visited June 14, 2004).
9. Finkenzeller, supra note 1, at 7.
10. Accenture, Radio Frequency Identification (RFID) White Paper (2001), available at http://www. Accenture.com/xdoc/en/services/technology/vision/RFIDWhitePaperNov01.pdf.
13. Id. at 2.
14. RFID Journal, Hitachi Unveils Smallest RFID Chip (Mar. 14, 2003), at http://www.rfidjournal.com/article/articleview/337/1/1/ (last visited Oct. 13, 2004).
15. Accenture, supra note at 2.
16. Scott Granneman, RFID Chips Are Here, Security Focus, at http://www.securityfocus.com/columnists/169/ (June 26, 2003).
18. Intermec Technologies Corporation, RFID Overview: Introduction to Radio Frequency Identification (1999), available at http://whitepapers.informationweek.com/detail/RES/1010607230_712.html. (“Historically, an RFID device that did not actively transmit to a reader was known as a tag. An RFID device that actively transmitted to a reader was known as a transponder (TRANSmitter + resPONDER). However, it has become common within the industry to interchange the terminology and refer to these devices as either tags or transponders.”)
19. Accenture, supra note, at 3.
21. Id.; Granneman, supra note 16.
22. Accenture, supra note, at 3.
24. Id. at 5. Specifically, the common passive RFID tags and their characteristics are:
Low Frequency RFID systems operate at about 125 kHz with a typical maximum read range of up to 20 inches (508 mm). High Frequency RFID systems operate at 13.56 MHz with a typical maximum read range of up to 3 feet (1 meter). Ultra-High Frequency RFID systems operate at multiple frequencies, including 868 MHz (in Europe), a band centered at 915 MHz, and 2.45 GHz (microwave). Read range is typically 3 to 10 feet (1 to 3 meters), but systems operating in the 915 MHz band may achieve read ranges of 20 feet (6 meters) or more.
Zebra Technologies, RFID: The Next Generation of AIDC Application White Paper 2 (2004), available at http:// www. Accenture.com/xdoc/en/services/technology/vision/RFIDWhitePaperNov01.pdf.
25. Accenture, supra note, at 5.
26. Kendra Mayfield, Radio ID Tags: Beyond Bar Codes, Wired News, at http://www.wired.com/news/technology/0,1282,52343,00.html (May 20, 2002).
29. Zebra Technologies, RFID: The Next Generation of AIDC Application White Paper (2004), available at http://www.zebra.com/whitepapers/11315Lr2RFIDTechnology.pdf.
30. AIM Global, What is Radio Frequency Identification (RFID)? at http://www.aimglobal.org/technologies/rfid/what_is_rfid.asp (June 14, 2004).
34. Zebra Technologies, supra note 29, at 2.
37. RFID Journal, Learning from Prada, at http://www.rfidjournal.com/article/articleview/272 (June 24, 2002); Ideo, Prada Case Study, at http://www.ideo.com/case_studies/prada.asp (June 15, 2004).
41. Id.; See also Cate T. Coran, Abercrombie To Give RFID A Try, Women’s Wear Daily, May 18, 2004 at 24.
42. Greg Lindsay, Prada’s High-Tech Misstep, Business 2.0, Mar. 2004, available at http://www.business2.com/b2/subscribers/articles/print/0,17925,594365,00.html (explaining how two years later, the technology at the New York Prada store goes unused largely because of employee and customer apathy). See also Joseph Tarnowski, No tech for tech’s sake, Progressive Grocer, Apr. 1, 2004, at 3, at 2004 WL 67671223 (opining that Prada’s failure may have been caused by foisting on consumers technology they were not ready for).
43. Cate T. Coran, Abercrombie To Give RFID A Try, Women’s Wear Daily, May 18, 2004, at 24.
44. See section I.B.2 infra.
45. ExxonMobil, Speedpass: How It Works, at http://www.speedpass.com/how/index.jsp (last visited Oct. 13, 2004).
47. While the SpeedPass system only works at Mobil and Exxon gas stations, along with a few retailers in certain geographic areas, other RFID payment systems are entering the market. Credit card companies have been working on a standard for contactless card readers, and MasterCard and American Express have already begun field tests of their RFID cards, which they say are more secure than today’s cards. Associated Press, Wave the Card for Instant Credit, at http://www.wired.com/news/technology/0,1282,61603,00.html (Dec. 14, 2003).
48. Transit systems that have adopted RFID include Chicago, New York, San Francisco, Seattle, and Washington D.C. Smart Card Alliance, Overview of Smart Card Initiatives in the Transportation Industry, at http://www.smartcardalliance.org/about_alliance/transportation_initiatives.cfm (last visited Oct. 13, 2004).
49. Washington Area Metropolitan Transit Authority (WMATA), SmarTrip: More than a smart card—It's pure genius., at http://www.wmata.com/riding/smartrip.cfm (last visited Oct. 13, 2004).
51. RFID Journal, Delta Takes RFID under Its Wing, at http://www.rfidjournal.com/article/articleview/468 (June 20, 2003). See also Bruce Mohl, Radio Tags May Yet Solve the (Costly) Lost Baggage Problem, Boston Globe (May 16, 2004), at M7.
52. RFID Journal, Delta Takes RFID under Its Wing, at http://www.rfidjournal.com/article/articleview/468 (June 20, 2003).
53. RFID has been used to track merchandise, as a cashless payment system, to verify inspectors have followed safety procedures, to replace airline boarding tickets, to track bags at airports, to track railway cars, as anti-theft devices, to track public buses, as a keyless ignition system, and to track rubbish bins. Accenture, supra note, at 33-34; to track students at a charter school. Julia Scheeres, Three R’s: Reading, Writing, and RFID, Wired News, at http://www.wired.com/news/technology/0,1282,60898,00.html (Oct. 24, 2003); To track seniors in need of care. Mark Baard, RFID Keeps Track of Seniors, Wired News, at http://www.wired.com/news/medtech/0,1286,62723,00.html (Mar. 19, 2004); To replace ID tags on pets, to track livestock, to facilitate access control, for sports ticketing, and product authentication. Cathy Booth Thomas, The See-It-All Chip, Time (Sep. 22, 2003), at A8, available at 2003 WL 58582602.
54. See generally IBM, RFID Tags: An Intelligent Bar Code Replacement (2001), available at http://whitepapers.zdnet.co.uk/0,39025945,60021109p,00.htm.
55. Mark Baard, Radio Debut Set for This Week, Wired News, at http://www.wired.com/news/privacy/0,1848,60408,00.html (Sept. 15, 2003).
56. Verisign, The EPC Network: Enhancing the Supply Chain (2004), available at http:// http://www.verisign.com/static/002109.pdf. (“Up to $30 billion each year is lost due to theft, often called ‘product shrinkage.’ The majority of this loss occurs in the middle of the supply chain, for example between the manufacturer’s front door and the retailer’s back door.”). See also Associated Press, Wal-Mart Turns to Smart Tags, at http://www.wired.com/news/technology/0,1282,63290,00.html (Apr. 20, 2004).
57. Associated Press, supra note 56. See also Verisign, The EPC Network: Enhancing the Supply Chain 3 (2004), available at http://www.verisign.com/static/002109.pdf.
58. Granneman, supra note 16.
59. See Mayfield, supra note 26.
60. FoodProductionDaily.com, How manufacturers can benefit from RFID, at http://www.foodproductiondaily.com/news/news-NG.asp?id=52546 (Mar. 6, 2004).
61. Shoppers could simply walk out of a store with RFID-tagged products. Readers at the exit would note the items taken, as well as the number of the customer’s RFID-enabled loyalty or payment card, and record the proper charge. Receiptless returns would be possible because items would be uniquely tagged and transactions would be recorded. See Josh McHugh, Attention, Shoppers: You Can Now Speed Straight Through Checkout Lines!, Wired, July 2004, at 150, available at http://www.wired.com/wired/archive/12.07/shoppers.html.
62. Verisign, supra note 56, at 4.
63. Mark Baard, Radio Tag Debut Set for This Week, Wired News, at http://www.wired.com/news/privacy/0,1848,60408,00.html (Sep. 15, 2003).
64. Verisign, supra note 56, at 2.
65. Steve Meloan, Toward a Global “Internet of Things,” Sun Microsystems, at http://java.sun.com/developer/technicalArticles/Ecommerce/rfid/ (Nov. 11, 2003).
66. The work to create a standard product code for use with RFIDs began in 1999 at the Auto-ID Center, an academic research group sponsored by industry and headquartered at M.I.T. Once the EPC standard, and the naming and tracking network it powers, were largely perfected, the move to commercialize them through established standards-setting bodies began. In October, 2003, the Auto-ID Center ceased to exist a new standards body, EPCglobal, was created under the auspices of EAN and the UCC. See generally EPGglobal, Frequently Asked Questions about EPCglobal, at http://www.epcglobalinc.org/about/faqs.html (last visited Oct. 13, 2004).
67. Verisign, supra note 56, at 2
68. For a detailed explanation of how the EPC Network works, see Verisign, The EPC Network: Enhancing the Supply Chain (2004), available at http://www.verisign.com/static/002109.pdf. See also EPCglobal, About the EPCglobal Network, at http://www.epcglobalinc.org/about/about_epc_network.html (last visited Oct. 13, 2004).
69. Verisign, supra note 56, at 4-5.
70. Id. at 6. See also Wired News, VeriSign to Manage RFID Tags, at http://www.wired.com/news/business/0,1367,61901,00.html (Jan. 13, 2004).
71. Alorie Gilbert, RFID goes to war, C-Net News.com, at http://news.com.com/2008-1006-5176246.html (Mar. 22, 2004). Another estimate puts Department of Defense RFID spending at $272 million. Cathy Booth-Thomas, The See-It-All Chip, Time, Sep. 22, 2003, at A8, available at 2003 WL 58582602.
72. Alorie Gilbert, RFID goes to war, C-Net News.com, at http://news.com.com/2008-1006-5176246.html (Mar. 22, 2004). See also Harold Kennedy, Army Trying to Expedite Flow of Supplies to Troops, National Defense Magazine, at http://www.nationaldefensemagazine.org/article.cfm?Id=500 (May 2001) (“Logistics is moving from a ‘mass model’ of dumping huge amounts of supplies into a combat theater to a ‘lean, agile delivery system focused on warfighter needs,’ James T. Eccleston, assistant deputy undersecretary of defense for supply-chain integration, told the Quartermaster General’s Symposium, in Richmond, Va.”).
73. Mark Hachman, DOD Details its RFID Plans, eWeek, at http://www.eweek.com/article2/0,1759,1490299,00.asp (Oct. 29, 2003). See also Gilbert, supra note 71.
75. Food and Drug Administration, Combating Counterfeit Drugs 11-13 (Feb. 18, 2004), available at http://www.fda.gov/oc/initiatives/counterfeit/report02_04.pdf.
76. Alorie Gilbert, FDA endorses ID tags for drugmakers, C-Net News.com, at http://news.com.com/2100-1008-5161220.html (Feb. 18, 2004).
77. International Civil Aviation Organization, Facilitation (FAL) Division – Twelfth Session Report (Apr. 22, 2004), available at http://www.icao.int/icao/en/atb/fal/fal12/documentation/fal12wp029_en.pdf.
78. Ryan Singel, Passport Safety, Privacy Face Off, Wired News, at http://www.wired.com/news/privacy/0,1848,62876,00.html (Mar. 31, 2004).
79. Janis Mara, Euro Scheme Makes Money Talk, Wired News, at http://www.wired.com/news/privacy/0,1848,59565,00.html?tw=wn_story_related (July 9, 2003). The reports of RFID in European currency remain speculative, and an Internet rumor that new US $20 bills contained RFID has been dispelled as a hoax (see http://slashdot.org/comments.pl?sid=98942&cid=8437731 and http://www.aimglobal.org/members/news/templates/industry.asp?articleid=106&zoneid=5).
80. Granneman, supra note 16.
83. Baard, supra note 55. Wal-Mart’s other 12,000 suppliers will have until 2006 to comply. Id.
84. Matthew Broersma, Defense Department Drafts RFID Policy, C-Net News.com, at http://news.com.com/2100-1008-5097050.html (Oct. 24, 2003).
86. Eric Peters, The Watershed Moment for RFID, C-Net News.com, at http://news.com.com/2010-1071-5072343.html (Sept. 7, 2003).
87. Howard Wolinsky, Chipping Away at Your Privacy, Chicago Sun-Times, Nov. 9, 2003, at 35 (“Tagging individual items ‘only becomes helpful if you want to register individual items to individuals,’ said [Katherine] Albrecht, who heads the New Hampshire-based privacy rights group CASPIAN.”) (emphasis added).
88. Albrecht et al., RFID Position Statement of Consumer Privacy and Civil Liberties Organizations, at http://www.privacyrights.org/ar/RFIDposition.htm (Nov. 2003) [hereinafter Joint Statement].
97. See generally Katherine Albrecht, Supermarket Cards: The Tip of the Retail Surveillance Iceberg, 79 Denv. U. L. Rev. 534, 560-62 (2002) (discussing the use of RFID technology by supermarkets in their marketing programs); Harry A. Valetk, Mastering the Dark Arts of Cyberspace: A Quest for Sound Internet Safety Policies, 2004 Stan. Tech. L. Rev. 2, ¶ 92-94 (2004) (noting that RFID systems could “gather unprecedented amounts of individual purchasing habits, and link it to detailed customer information databases”).
98. Valetk, supra note 98, at ¶ 93; Declan McCullagh, RFID Tags: Big Brother in Small Packages, C-Net News.com, at http://news.com.com/2010-1069_3-980325.html (Jan. 13, 2003).
99. Valetk, supra note 98, at ¶ 93.
100. Declan McCullagh, RFID Tags: Big Brother in Small Packages, C-Net News.com, at http://news.com.com/2010-1069_3-980325.html (Jan. 13, 2003). Other commentators have also mentioned the “Minority Report” scenario. See Elisa Batista, What Your Clothes Say About You, Wired News, at http://www.wired.com/news/wireless/0,1382,58006,00.html (Mar. 12, 2003).
101. But notice that a substitute for the person-identifying retina-scan in “Minority Report” would be a government-mandated RFID ID card. Unlike a book you purchased, the odds are very good that only you carry your driver’s license. See generally Jay Stanley & Barry Steinhardt, Bigger Monster, Weaker Chains: The Growth of an American Surveillance Society, (ACLU/Technology and Liberty Program Jan. 2003), at 5, 13, at http://www.aclu.org/Privacy/Privacy.cfm?ID=11573&c=39 (discussing how RFID could be combined with a national ID card for tracking and access control purposes). Government tracking by means of mandatory national ID cards is further discussed in section II.C, infra.
102. Elisa Batista, What Your Clothes Say About You, Wired News, at http://www.wired.com/news/wireless/0,1382,58006,00.html (Mar. 12, 2003).
103. Collins, Alien Upgrades Its EPC Reader, RFID Journal, at http://www.rfidjournal.com/article/articleview/825/1/ (Mar. 11, 2004). Also, retailers will not use tags that are any more powerful than necessary for their purposes given that a tag’s read-range and frequency correlates to its price.
104. See Steven Blusk, Tutorial: Measuring Time & Distance, at http://physics.syr.edu/courses/CCD_NEW/seti/tutorial/measure/part6.html (last visited Oct. 9, 2004).
105. Finkenzeller, supra note 1, at 141-42; Mark Baard, Is RFID Technology Easy to Foil?, Wired News, at http://www.wired.com/news/privacy/0,1848,61264,00.html (Nov. 18, 2003).
106. See generally Matt Hines, RSA Polishes RFID Shield, C-NET NEWS.COM, at http://news.com/2100-1029-5164014.html (Feb. 24, 2004) (discussing a jamming system that confuses RFID readers outside certain boundaries); Ari Juels & John Brainard, Soft Blocking: Flexible Blocker Tags on the Cheap, (RSA Laboratories Apr. 2004), at http://www.rsasecurity.com/rsalabs/staff/bios/ajuels/publications/softblocker/softblocker.pdf (proposing a cheaper and more flexible variant of blocker technology that allows partial reading instead of the all-or-nothing approach of ordinary blockers).
107. Valetk, supra note 99, at ¶ 93.
108. Xeni Jardin, Wireless Hunters on the Prowl, Wired News, at http://www.wired.com/news/wireless/0,1382,59460,00.html (July 2, 2003). Wardriving is the practice of driving around in a car with a Wi-Fi-equipped laptop in search of unprotected networks and open hotspots.
109. Unlike RFID tags, Wi-Fi base stations have large antennas and ample power to transmit their signals far and wide. Indeed, the purpose of Wi-Fi transmitted is to exchange large amounts of data throughout buildings and large areas. This is in contrast to the limited capacity of RFID tags.
110. McCullagh, supra note 101.
111. Hiawatha Bray, Usefulness of RFID Worth the Annoyance, Boston Globe, Apr. 12, 2004, at D2 (quoting RFID privacy activist Katherine Albrecht: “I think the main way we’re going to prevent RFID abuse is to limit its implementation.”).
112. Id. (“Albrecht’s a smart and charming woman, but she might have opposed the invention of the telephone, out of fear that the government would listen in. She’d have been right, too. But we dealt with that problem through laws, not by abandoning the idea of telecommunications.”)
113. Valetk, supra note 99, at ¶ 93.
114. Katherine Albrecht, Supermarket Cards: The Tip of the Retail Surveillance Iceberg, 79 Denv. U. L. Rev. 534 at 561 (2002) (“[EPC Network technology] would allow for seamless, continuous identification and tracking of physical items as they move from one place to another, enabling companies to determine the whereabouts of all their products at all times.”); Electronic Frontier Foundation, EFF: Radio Frequency Identification (RFID), at http://www.eff.org/Privacy/Surveillance/RFID/ (last visited July 7, 2004) (“[RFID is] a technology that pinpoints the physical location of whatever item the tags are embedded in. While this seems like a convenient way to track items, it’s also a convenient way to do something less benign: track people and their activities through their belongings.”)
115. In fact, shipping companies like FedEx are looking at replacing or complementing barcodes with RFID. Kristen Philipkoski, FedEx Delivers New Tech Lab, Wired News, at http://www.wired.com/news/business/0,1367,61266,00.html (Nov. 19, 2004).
116. Joint Statement, supra note 88; Alan Cohen, No Where [sic] To Hide, PC Magazine, at http://www.pcmag.com/article2/0,1759,1612820,00.asp (July 13, 2004) (“Your sweater could then become a sort of homing beacon. Install enough readers and it wouldn’t seem too hard to note every political rally you’ve attended….”).
117. See supra note 106. Unwanted RF transmissions have already met blocking technology. Cell phones have been jammed to prevent their ringing, especially at movie theatres and concert halls. Sam Lubell, Block That Ring Tone!, N.Y. Times, Apr. 8, 2004, at G1.
118. Ice-T, Don’t Hate the Playa, on 7th Deadly Sin (Atomic Pop 1999).
119. For differing conceptions of privacy and privacy protection, see generally, Pamela Samuelson, Privacy as Intellectual Property?, 52 Stan. L. Rev. 1125 (2000); Richard Posner, An Economic Theory of Privacy, Regulation, May-June 1978, at 19.
120. See generally Natsu Taylor Saito, Whose Liberty? Whose Security? The USA PATRIOT Act in the Context of COINTELPRO and the Unlawful Repression of Political Dissent, 81 Or. L. Rev. 1051(2002) (discussing the history of government surveillance of political activity, including the FBI’s “counter-intelligence program” of the 1960s and 1970s aimed at anti-war and civil rights activists); Peter Slevin, Police Cameras Taped Football Fans, Wash. Post, Feb. 1, 2001, at A01 (discussing government surveillance of fans with the use of face recognition technology at Super Bowl XXXV).
121. Katherine Albrecht, Supermarket Cards: The Tip of the Retail Surveillance Iceberg, 79 Denv. U. L. Rev. 534 at 562 (2002) (“As incredible as it may seem, [marketers] are now planning ways to monitor consumers’ use of products within their very homes. Auto-ID tags coupled with indoor receivers installed in shelves, floors, and doorways, could provide a degree of omniscience about consumer behavior that staggers the imagination.”); Jonathan Krim, Embedding Their Hopes In RFID, Wash. Post, June 23, 2004, at E01 (“[Katherine Albrecht] worries that companies putting tags into consumer products might forge alliances with the makers of carpeting, for example, to embed sensing devices that could develop intelligence about how consumers use the items.”).
122. See Jonathan Krim, Insider Case At AOL Shows Vulnerability, Wash. Post, June 26, 2004, at E01 (describing how an America Online software engineer stole a list of e-mail addresses for the company’s 92 million subscribers and then sold it to spammers.).
123. See, e.g., FindLaw, Merchant Agreement - Electronic Payment Exchange Inc., Certegy Card Services Inc., First Union National Bank and PayPal Inc., at http://contracts.corporate.findlaw.com/agreements/paypal/certegy.merchant.2001.11.14.html (last visited Sept. 10, 2004). Sample credit card merchant agreement including terms on the use of customer data. Id. §§ 20(o) - (q), 21, and 30.
124. Some critics say consumers do not have a choice in the matter, but that is a debate over market power and is addressable by antitrust regulations, not privacy laws.
125. Procter & Gamble, P&G Position on Electronic Product Coding (EPC), at http://www.pg.com/company/our_commitment/privacy_epc/epc_position.jhtml (last visited July 25, 2004); Wal-Mart, Radio Frequency Identification Usage, at http://www.walmartstores.com/wmstore/wmstores/Mainsupplier.jsp?catID=-8250&categoryOID=-10605&pagetype=supplier&template=DisplayAllContents.jsp.
127. Matt Hines, RFID Revolution: Are We Close?, C-Net News.com, at http://news.com.com/2008-1039-5168489.html (Mar. 3, 2004) (quoting Rainer Kerth, IBM RFID expert).
128. Matt Hines, RFID: Is It Soup Yet?, C-Net News.com, at http://news.com.com/2008-1013-5205486.html (May 6, 2004). Indeed, as the failure of the Prada New York store shows, retailers might be foisting RFID technology on consumers before they are ready, and they may reject it. See supra note 42.
129. Erika Morphy, What RFID Can Do for Consumers, CRM Daily, at http://crm-daily.newsfactor.com/story.xhtml? story_id=24123 (May 20, 2004).
131. Matt Hines, RFID Deadline Hits a Wall, Study Says, C-Net News.com, at http://news.com.com/2100-1006-5182579.html (March 31, 2004); Christine Spivey Overby, RFID At What Cost? What Wal-Mart Compliance Really Means, Forrester Research, at http://www.forrester.com/Research/Document/Excerpt/0,7211,33695,00.html.
134. Larry Dignan & Kim S. Nash, RFID: Hit or Myth?, eWeek, at http://www.eweek.com/article2/0,1759,1524634,00.asp (Feb. 9, 2004).
135. Erika Morphy, Analysis: The RFID vs. Privacy Debate, CRM Daily, at http://crm-daily.newsfactor.com/story.xhtml? story_id=23289 (March 3, 2004);
Retailers and CPG manufacturers bought into the idea that they could use RFID tags economically if they cost €0.05. But complex manufacturing techniques, a costly assembly process, and a lack of demand means the price of RFID tags won’t drop to €0.05 in the next eight years. The Forrester model forecasts that RFID tag prices will decline, on average, only 9% year on year.
Charles Homs, Exposing The Myth Of The 5-Cent RFID Tag, Forrester Research, at http://www.forrester.com/Research/Document/Excerpt/0,7211,33905,00.html (Feb. 23, 2004).
138. Jo Best, RFID: Too Few Experts, To Dear and Tech Not Good Enough, Silicon.com, at http://management.silicon.com/itdirector/0,39024673,39119783,00.htm (April 5, 2004).
139. Ross Stapleton-Gray, Scanning the Horizon: A Skeptical View of RFIDs on the Shelves 2 (Nov. 13, 2003), at http://www.stapleton-gray.com/papers/sk-20031113.pdf.
140. Id. at 2.
141. Dignan & Nash, supra note 134.
142. Stapleton-Gray, supra note 139, at 5.
145. Finkenzeller, supra note 1, at 141-42; Mark Baard, Is RFID Technology Easy to Foil?, Wired News, at http://www.wired.com/news/privacy/0,1848,61264,00.html (Nov. 18, 2003).
146. Dignan & Nash, supra note 134.
148. Auto-ID Center Field Test Report, RFIDJOUNRAL.COM at http://www.rfidjournal.com/article/articleview/84/1/1/ (Oct. 4, 2002).
149. Stapleton-Gray, supra note 139, at 3.
151. Dignan & Nash, supra note 134.
152. Spectrum Needs, Privacy Issues Debated for RFID Technologies, COMMUNICATIONS DAILY, Apr. 2, 2004, available at 2004 WL 60705576. See also Hines, supra note 127.
153. Jay Stanley & Barry Steinhardt, Bigger Monster, Weaker Chains: The Growth of an American Surveillance Society, (ACLU/Technology and Liberty Program, New York, N.Y.) Jan. 15, 2003, at 5, at http://www.aclu.org/Privacy/Privacy.cfm?ID=11573&c=39.
154. See Internet Movie Database, IMDb History, at http://www.imdb.com/Help/Oweek/history.html. A fledgling reverse-engineered database of UPC product codes is also available at http://www.upcdatabase.com.
155. Hiibel v. Sixth Judicial Dist. Court, 72 U.S.L.W. 4509 (U.S. June 21, 2004).
156. Steven Levy, Playing the ID Card, Newsweek, May 13, 2002, available at 2002 WL 7294218.
157. Granneman, supra note 16.
158. ICAO, supra note 77.
159. Jonathan Krim, U.S. May Use New ID Cards At Borders, Wash. Post, June 5, 2004, at E01.
160. Both the Joint Statement and proposed privacy guidelines put forth by EPIC focus on private uses of RFID, and mention government use only in passing. This is representative of how most privacy advocates have approached the issue. Joint Statement, supra note 88 (“Although not examined in this position paper, we must also grapple with the civil liberties implications of governmental adoption of RFID.”); Electronic Privacy Information Center (EPIC), Proposed Guidelines For Use of RFID Technology: Enumerating the Rights and Duties of Consumers and Private Enterprises, at http://www.epic.org/privacy/RFID/rfid_gdlnes-062104.pdf (June 21, 2004) (“[T]hese guidelines do not address protection of consumer privacy from any governmental action. Rather these guidelines seek to protect consumer privacy form private enterprises.”).
161. Senator Patrick Leahy, Address at the Georgetown Law Center conference on “Video Surveillance: Legal and Technical Challenges” (Mar. 23, 2004), at http://leahy.senate.gov/press/200403/032304.html.
164. Joint Statement, supra note 88.
165. Id. By necessity, “flatly prohibited” means legal restraints.
166. See Federal Trade Commission, Radio Frequency IDentification: Applications and Implications for Consumers, at http://www.ftc.gov/bcp/workshops/rfid/ (last visited July 11, 2004).
167. An example of the market disciplining the use of technology is the failure of the New York Prada store discussed above. Supra note 42. See also Ben Woodhead & Emma Connors, Chips out of fashion at Prada, Australian Financial Review, at http://www.afr.com/articles/2003/10/20/1066631355534.html (Oct. 21, 2003) (“‘It turns out the ladies who shopped at Prada objected to the data collected [using RFID loyalty cards],’ said Terry Retter, a technology forecaster at PriceWaterhouseCoopers. ‘They didn’t mind Prada keeping track of what they bought and when, but they did mind the store knowing what size they wore.’”)
168. Bray, supra note 111.
169. Elisa Batista, ‘Step Back’ for Wireless ID Tech?, Wired News, at http://www.wired.com/news/wireless/0,1382,58385,00.html (Apr. 8, 2003); Kim Zetter, Germans Protest Radio-ID Plans, Wired News, at http://www.wired.com/news/business/0,1367,62472,00.html (Feb. 28, 2004).
170. Joanna Ramey, RFID: Is It A Threat To People’s Privacy? Lawmakers Act to Restrict Use of the Devices in Stores, while retailers question the need for legislation, Women’s Wear Daily, May 12, 2004, at 13.
171. S.B. 867, 92nd Gen. Assem., 2d Reg. Sess. (Mo. 2004).
172. H.B. 314, 56th Leg., 2004 Gen. Sess. (Utah 2004).
174. Mark Baard, Lawmakers Alarmed by RFID Spying, Wired News, at http://www.wired.com/news/privacy/0,1848,62433,00.html (Feb. 26, 2004); See Zoe Davidson, RFID Right to Know Act of 2003, (CASPIAN, Boston, Mass.), at http://www.spychips.com/press-releases/right-to-know-bill.html (last visited July 11, 2004).
175. S.B. 1834, 2003-2004 Reg. Sess. (Cal. 2004).
181. McHugh, supra note 61. The same store also features a video section where holding up a DVD to a screen will play a trailer of the selected movie. Id.
182. S.B. 1834, 2003-2004 Reg. Sess. (Cal. 2004).
183. S.B. 1834, 2003-2004 Reg. Sess. (Cal. 2004), introduced version dated Feb. 20, 2004.
185. Electronic Privacy Information Center (EPIC), supra note 164, at 2-3.
186. Stapleton-Gray, supra note 139, at 4.
187. S.B. 1834, 2003-2004 Reg. Sess. (Cal. 2004), introduced version dated Feb. 20, 2004.
188. Christine Spivey Overby, Commentary: An RFID code of conduct, C-Net News.com, at http://news.com.com/2030-1069_3-5193525.html (Apr. 16, 2004).
191. EPCglobal, Guidelines on EPC for Consumer Products, at http://www.epcglobalinc.org/public_policy/public_policy_guidelines.html (last visited July 11, 2004).
193. Procter & Gamble, P&G Position on Electronic Product Coding (EPC), at http://www.pg.com/company/our_commitment/privacy_epc/epc_position.jhtml (last visited July 25, 2004).
194. See Shulman v. Group W Productions, Inc., 955 P.2d 469 (Cal. 1998); Alim v. Superior Court, 229 Cal. Rptr. 599 (Cal. App. 3d Dist. 1986).
195. The Second Restatement of Torts states:
(1) One who invades the right of privacy of another is subject to liability for the resulting harm to the interests of the other.
Restatement (Second) of Torts § 652A (1977).
196. Id. § 652B. Whether the information is publicized is irrelevant for this tort. Liability depends solely upon whether the individual's solitude was intruded upon. Id. § 652B cmt. a.
197. Id. § 652B cmt. c.
198. Id.; See also Med. Lab. Mgmt. Consultants v. Am. Broad. Cos., 306 F.3d 806, 812-13 (9th Cir. 2002).
199. Cal. Const. art. I, § 1. Many other states also protect privacy in their state constitutions. Alaska Const. art. I, § 22 (“The right of the people to privacy is recognized and shall not be infringed. The legislature shall implement this section.”); Ariz. Const. art. II, § 8 (“No person shall be disturbed in his private affairs, or his home invaded, without authority of law.”); Mont. Const. art. II, § 10 (“The right of individual privacy is essential to the well-being of a free society and shall not be infringed without the showing of a compelling state interest.”); Wash. Const. art. I, § 7 (“No person shall be disturbed in his private affairs, or his home invaded, without authority of law.”); Fla. Const. art. I. § 12; Haw. Const. art. I, §§ 6-7; Ill. Const. art. I, §§ 6, 12; La. Const. art. I, § 5; S.C. Const. art. I, § 10.
200. White v. Davis, 533 P.2d 222, 234 (Cal. 1975).
201. Id. at 233.
203. Id. See also Porten v. University of San Francisco, 64 134 Cal. Rptr. 839 (Cal. Ct. App. 1976) (student stated constitutional cause of action for invasion of privacy by private university).
204. Joint Statement, supra note 88.
205. EPIC, supra note 185, at 3.
206. Kent Walker, The Costs of Privacy, 25 Harv. J.L. & Pub. Pol’y 87, 114-117 (2001) (describing the free-rider problem that privacy legislation creates).
207. See id. at 117.
208. See generally A. Michael Froomkin, The Uneasy Case for National ID Cards (Mar. 2004), available at http://www.law.miami.edu/~froomkin/articles/ID1.pdf.
209. See supra note 199.
210. 533 U.S. 27 (2001).
211. Id. at 40-41.
212. Id. at 34 (internal citation omitted). It should be noted that the dissenting opinion took issue with the holding’s requirement that a technology must be “not in general public use” before its use can be considered a search. This is “somewhat perverse,” the dissent said, because “the threat to privacy will grow, rather than recede, as the use of intrusive equipment becomes more readily available.” Id. at 47 (Stevens, J., dissenting).
213. 460 U.S. 276 (1983).
214. Id. at 278.
215. Id. at 278-79.
216. Id. at 279.
217. 389 U.S. 347 (1967).
218. Knotts, 460 U.S. at 281-82.
219. Kyllo v. United States, 533 U.S. 27, 34 (2001) (noting that the home is an especially protected place under the Fourth Amendment).
220. 468 U.S. 705 (1984).
221. Id. at 708-710.
222. Id. at 714.