Posted by Lori Ayre on July 15, 2004

There's a lot of talk about RFID tags and whether or not libraries should be using them given the possible privacy abuses inherent in the technology. Rather than point to another big long list of articles to read on the topic (although I can do that me offline), I'm going to refer you to this one, very technical, article:

Privacy and Security in Library RFID Issues, Practices, and Architectures Ed: broken link removed 2011 by David Molnar and David Wagner.

The article explains that current tags used in library applications are very different from those used in supply chain applications. Library tags operate in the 13.56 MHz band and perform item-level tagging. Supply chain tags operate at the 915MHz band and tag pallets or boxes, not individual items. The issues and capabilities of the tags are very different in these two applications and yet most of the papers addressing privacy issues associated with RFID tags have focused on the supply-chain variety, not the library tags.

Some best practices have been identified for libraries using RFID and these should be followed (see Berkeley Public Library's Best Practices for RFID Technology Ed: broken link removed 2011 to get started). But there are still issues of tracking and hotlisting to consider with today's library RFID systems.

Tracking refers to the ability to read the book's RFID tag in multiple locations. The authors state that "combined with video surveillance or other mechanisms, this may allow an adversary to link different people reading the same book. In this way, an adversary can begin profiling individual's associations and make inferences about a particular individual's views..." The argument that the read range of today's RFID readers makes this type of tracking impossible are falacious because all that is required is that more powerful readers be used than those that are "lawful" in the 13.56 MHz band. In other words, it's a legal range limit, not a technical limit.

Hotlisting is when a number of items (books in our case) are determined to be of interest and so they are checked out by the "adversary" in order to learn the unique tag numbers associated with these items. It is then simply a matter of scanning tags to find people who have checked out any of the items onthe hotlist.

The solution, per Molnar and Wagner, is to design private authentication systems into library RFID systems. This allows the tag and the reader to simultaneously authenticate one another based on a shared secret. The recipe is in the article. Now, which library RFID vendor will step up to the plate?

One note of caution, unlike wireless networks, the cost of converting from one RFID system to another is extremely expensive and time-consuming. You might want to sit tight a bit longer before you jump in bed with a vendor. The only way libraries are going to get the kind of RFID system that makes sense in a library is if we wait them out.

What we need can be done, let's insist on it.