Advocates Oppose RFID Tagging on Privacy and Safety Grounds

As major pharmaceutical manufacturers introduce radiofrequency identification (RFID) tags into pharmaceutical packaging to prevent counterfeiting and diversion, some privacy advocates have begun to object that patient privacy and even safety could be compromised.

“You can be tracked by that information. Information is beamed out silently and invisibly at a distance and can be gleaned without your knowledge or consent,” asserted Liz McIntyre, a director of Caspian Consumer Privacy and coauthor of a book titled Spychips: How Major Corporations and Government Plan to Track Your Every Move with RFID. She acknowledged that RFID tags themselves do not contain a battery — power must come from the scanner used to read them — but the privacy concerns remain.

“We are opposed to the use of RFID tags on or in prescription medicines and medicine packaging that are dispensed to consumers, except in cases where consumers explicitly request the live tags for their own purposes,” McIntyre and fellow Caspian Director Katherine Albrecht wrote in a February comment to the FDA. “Except in those limited cases, the use of RFID tags should be restricted to bulk packaging and shipping containers, and should not be placed on or in individual pills or drug packaging that could be dispensed directly to consumers.”

“We don’t have a problem with it being used up to the point of being dispensed, but when consumers get [the product], they shouldn’t have to worry about it,” McIntyre told PIR.

One concern is that the RFID tags could be used to track consumers’ buying behavior within stores in order to do targeted marketing, she said. Her group fears that RFID tags could even be tracked inside consumers’ homes, allowing outside parties to learn what prescription medications an individual is taking. Pharmaceutical companies might want to use that information to remind patients to refill their prescriptions, she said, but the group is also concerned about less benign uses for the information.

But Joseph Pearson, pharmaceutical business development manager for RFID at Texas Instruments (TI), said that industry has no plans and no ability to do such spying. “I have never heard of an application that is trying to track people’s buying decisions by RFID,” he said.

While McIntyre asserted that the distance at which an RFID tag can be read ranges from two to three centimeters up to 20–30 feet, Pearson said the high frequency (HF) tags TI specializes in typically have a range of about 18 inches on the packaging line, “with good orientation and with a fairly robust antenna.” The “mini” chips themselves measure approximately 1.25 by 0.75 inches.

“We appreciate that RFID is an automatic identification technology, but we don’t see the feasibility of any scenario out there where the technology could realistically be used for any type of snooping. We certainly want to protect individual privacy and address privacy concerns,” Pearson said.

‘Decommissioning’ Product Data

Caspian is concerned about the specific information encoded on the tags. “Each RFID tag has a unique identification number that acts like a Social Security number for things,” the privacy group said in its statement to the FDA. “These numbers can be associated with the people purchasing or carrying tagged objects. Such linkage could lead to a global ‘item registration system’ where the ownership trail of items like prescription drugs could be recorded in a database and used to monitor people’s travels and activities.”

A new refinement of RFID technology could help alleviate these concerns. Pearson said he recently attended a meeting in Dallas of EPCglobal, an industry-backed organization working to develop “electronic product code” standards for RFID, and there was broad agreement on “the need for the capability to decommission product information off the tag, or disable the tag, even in pilot mode.”

Overwriting the Data

TI has developed RFID tags under the brand name HFI-Pro that include a password-protected feature in an inaccessible part of the chip’s memory that allows a user holding a scanner to overwrite certain data fields, replacing encoded product information with a string of zeroes, or disabling the entire RFID chip with a “kill” command.

Caspian’s stated concerns about RFID extend beyond potential privacy violations. The group asserts that “security researchers are warning RFID systems are vulnerable to viruses that could wreak havoc on databases around the world and potentially facilitate a terrorist attack.” The organization says that Melanie Rieback, a Ph.D. student at Vrije University in Amsterdam, recently demonstrated that “a hacker could deploy a single rogue RFID tag and infect associated databases.”

Pearson stated flatly that that is impossible. “There has been a pretty loud and clear response from the RFID industry that that is not something that’s feasible. The data on an RFID tag is just a bunch of ones and zeroes, with nothing executable.” All an RFID detector can do with an RFID chip is receive or fail to receive the data encoded on it; tags do not contain any kind of program (benevolent or otherwise) that a computer could run, Pearson said. — Martin Gidron