Joe Katzman at Winds of Change points with concern to an article on RFID privacy risks, and asks, among other questions: "how could this technology be used by criminals?". Though I'm perhaps a bit unfair in using Joe as a whipping boy on this, his and the cited post are typical of analyses of RFID that seem to take for granted both the worst fears of critics and the fondest hopes of proponents. I'm here to tell you that the situation is actually both worse and better than that.
Huh?
All right, here's how it's worse: There is a privacy and public policy issue here, but RFID itself is not its cause, it's just a symptom that's concrete enough to mobilize the otherwise technologically naive. The real issue is privacy of databased information. Most RFIDs (the cheapest, ergo most plentiful) will be nothing more than serial numbers. If you want to go from a RFID serial tag on (say) your sweater as you walk into a mall into a full-bore privacy violation fest, one has to get from the serial to a product type, from there to a particular product, from there to a transaction record, from there to an individual's identity, from there to whatever privacy violating background information will assist in preparing a compelling annoying pitch.
Everyone of these steps is a database query, and the whole process involves 'joins' of data across multiple databases held by multiple vendors. You want a policy issue? Go after the ownership of that data, the permission to export unique identifiers from the vendor's control, and to create joins across the sources. And, by the way, there's already quite a lot of this going on - what do you think merchant 'loyalty cards' facilitate? You want to hyperventilate? Learn something about database and transactional systems architecture, and take on a much larger and nastier privacy and information ownership policy issue.
And here's how it's better. The fantasies of proponents and marketers aside, the more-or-less proven pay case for RFID is in logistics aka supply chains. Faster reporting of stock levels, sales and transport. Less manual intervention. Less opportunity for theft. Tie all that data into your own and your suppliers' logistics systems and cut down your inventory and overhead costs. Can make a real difference in retail businesses with low single digit net margins.
The 'zap your sweater and try to cross-sell you the matching scarf' fantasy is just that, and will remain so for some time. For a parallel, let's look at 'personalized advertising' on the Internet. We all remember back during the bubble when that was going to drive every higher lifetime customer values, right? Phase 1: Put a cookie on the browser and track readers across websites. Phase 2: ? Phase 3: Profit. And we'll also remember how that notion collapsed along with the stock prices of personalization companies, and how the marketers fell back into ever more intrusive banners, popups, interstitials, Flash and the like which we now block or ignore.
That sequence was a confession of the inability of almost all businesses to deliver an actually personalized experience, and of almost all marketers to figure out how to make their offers individually appealing. Do we think that transposing the problem from the Web to the shopping mall is going to somehow change this? If money spent on 'drive-by personalization' via RFID turns out to be resources down a similar rathole, it won't last long.
Now, there is personalization that works, in a business sense, on the Web. Amazon does a pretty good job of tracking buying patterns over time, and making useful and revenue enhancing suggestions as a result. But this result is only incidentally about the login or cookie that tells Amazon it's you back again. It's really about customer relationships built up over time, and earning the buyer's trust that the information will not be misused. Something like RFID could be used to help implement the same in real space, but customer relationship must and will drive if there's any value to be gained. And just how eager do you think an Amazon of RFID will be to let Akbar & Jeff's Earpiercing and Scarf Hut undercut that customer value by sharing out the data?
As far as the reader-on-every-corner RFID panopticon, one must ask cui bono?. Value is not evenly distributed in space or time. If one can't make a reliable pay case for deployments in a venue where intent to purchase is likely high, the argument for ubiquity falls a little flat.