It’s clear that unresolved privacy issues hinder the widespread adoption of retail RFID systems. But another major market, the library, has also been touched by controversy. As a historical battleground for intellectual freedom and privacy, libraries serve as a cultural litmus test for technological development. Lee Tien of the Electronic Frontier Foundation (EFF), was quoted by the Berkeley Daily Planet as saying, “Libraries can be the poster children for RFID. People will think if they’re OK here, they’re OK anywhere else.” This article will provide (a) a basic introduction to library RFID technology and materials flow, (b) a recent history of the privacy debate, and (c) an overview of the emerging best practices for implementation.
Initial Deployments
RFID vendors began cultivating the library market in the late 1990s. The industry took off in 2000 with major installations at the University of Nevada, Las Vegas, National University in Singapore, and the Santa Clara City Library.
Systems Overview
Library RFID systems operate at 13.56 MHz and are manufactured by companies such as Checkpoint Systems, Texas Instruments, and TAGSYS. The tags tend to be priced higher than those used in supply chain operations,ranging between $.50 for plain book tags to $1.00 for specialized CD and video tags. A complete library solution would typically include tags, the hardware and software to program the tags, self check-out stations and inventory wands. Libraries with extra funds might offer self-return stations and sorting equipment. Integrators offering complete solutions include 3M, Bibliotheca, Checkpoint Systems, Libramation and VTLS.
Beyond the Barcode
Most libraries currently use barcodes to manage materials flow and electromagnetic strips for security, but of course RFID can be used for both functions. Tags may be affixed to items as they are received or pre-applied by book sellers. Unlike barcode self-check systems, RFID systems can read multiple items simultaneously. This can decrease lines and increase the number of customers using self-check, in turn reducing the staff necessary at the circulation desk. Personnel can be reallocated to other public service functions. Other benefits of the technology include high-speed inventory, shelving accuracy, the automated processing of returned materials and decreased reshelving time.
Uncertain Benefits
Despite its apparent benefits, library directors are cautious about the new technology. Benefits are anecdotal– no library has published a rigorous cost benefits analysis or return-on-investment summary. High initial costs and privacy concerns are among many factors hindering adoption. Further, many libraries are publicly funded and subject to cutbacks in the current economy.
The Privacy Debate
Privacy concerns were largely overlooked in library literature during early RFID implementations. Non-library organizations such as the Privacy Rights Clearinghouse raised the first protests. The debate reached critical mass in 2003 when the San Francisco Public Library (SFPL) included RFID in their strategic plan. The Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) went on record against the measure at several SFPL Commission meetings. The plan was highly publicized and rose to the forefront of a public debate on automated data collection.
Infringement Scenarios
Problems noted by opponents include the ability to track people, unauthorized access, and technology proliferation. A person carrying a tagged library item could have their movements traced and recorded in the automated library system (ALS). While a popular criticism, this scenario is unlikely in light of limited read distances. Privacy advocates fear proliferation– read distances could increase while prices of tags decrease, causing a slow, steady move towards ubiquity in library materials. Another scenario links a tagged library item with a patron record. While technically feasible, most libraries put very little information on the tag – typically only a bar-code like number. These are “closed systems,” only staff members with a need-to-know may view patron information. Although encouraged, the EFF considers this “security through obscurity” and not a viable means of long term protection.
Unauthorized Data Gathering
Library systems run the risk of an unauthorized third-party creating a database of tag information. Individuals are subject to undetectable identification by anyone with an appropriate RFID reader. For instance law enforcement agencies might monitor the movement of local copies of religious materials. On a broader scope, a dragnet of unobtrusive readers could be cross-referenced with ALS records to track patron’s movements.
Insecure Technology
Since the communication between tag and reader is wireless, signals can be scrambled or blocked, effectively disabling the system. Tags can also be insecure at the hardware level as tag information is not encrypted.
Pending Legislation
Legislators are aware of the privacy issues surrounding RFID. Several states have investigated or introduced legislation. Utah passed the “Radio Frequency Right to Know Act” only to have it die in their Senate when retailers lobbied against “kill tag” provisions. Massachusetts State Senator Jarrett Barrios (D-Cambridge) announced he is drafting regulatory legislation. California Senate Bill 1834, introduced by Senator Debra Bowen, has passed three readings in the Senate and is currently in the Assembly. It would authorize a library to use RFID tags to collect borrower information under the following conditions:
- Data collection is only allowed to the extent specified by law
- Information must be for the express purpose of borrowing books
- Information can not be collected before or after the circulation transaction
- Information must specifically pertain to a single borrower and item
More stringent “kill tag” provisions were eliminated from SB 1834 during its amendment process.
Best Practices
Current legislative efforts do not address the broad concerns of privacy advocates. Librarians wishing to reassure their constituents will have to create their own policies. Recommended practices include:
- Mentioning RFID in library privacy policy
- Informing library users that RFID is in use
- Keeping tag readers transparent to all parties
- Keeping appropriate security safeguards on the ALS
The work to establish guidelines is underway. Berkeley Public Library has created a best practices document and the Public Library Association Intellectual Freedom Committee is in the process of creating a similar document for nation-wide distribution. The American Library Association Intellectual Freedom Committee is considering focusing on best practices at their mid-winter meeting in January 2004.
A Public Forum
The library serves as a public forum for society to assess the impact of mandated Internet filtering, new extensions of federal monitoring capabilities, and tightly integrated automatic identification systems. Librarians do not hesitate to request modifications to systems when privacy is threatened. In evaluating RFID systems we can look to their dedication to intellectual freedom and ability to critically evaluate new technologies.