Microchips in people, packaging and pets raise privacy questions
Implanting a microchip in a pet has become a common practice, but until last week, it may have seemed quite a stretch to implant one in a person.
On Wednesday, a Florida company announced that the Food and Drug Administration had approved its microchip for embedding into humans to convey information about their medical conditions.
The FDA's decision could move privacy concerns about the emerging technology to the forefront of public debate.
The technology behind it involves radio frequency identification, or RFID, sensors that are being applied to all kinds of objects to hold information about them and track their whereabouts. Proposals for RFID tags run the gamut from tubes of toothpaste to passports and money.
Until now, much of the work has focused on using RFID tags in business-supply chains to monitor the flow of goods and increase efficiency. But as the technology moves from the lab into the real world, businesses may face more calls for regulation.
RFID isn't new technology, but as small inexpensive tags proliferate, so could the ability for companies to amass a database detailing an individual's movements and purchases.
Unlike a bar code, which identifies only the type of product, each RFID tag has a unique serial number. The tags themselves can pack greater amounts of data and transmit the information faster from farther away. In today's closed RFID systems, such as those used by libraries, data cannot be shared because only one reader — the library's — can get information from the tags. Tomorrow's open standards are designed so that tags can be read by virtually any reader.
The tags can be read through packaging, without contact with the reader, making it more convenient to get the data, but also making surreptitious retrieval possible.
These capabilities are at the heart of the debate over RFID, a debate that illustrates the difficulty of striking a balance between protecting privacy and allowing a potentially useful technology to develop.
"You don't want to constrain the potential impact of this technology. At the same time, you don't want to be careless about what potential privacy issues will come up," said Greg Plichta, a Seattle patent attorney who has studied RFID and developed a set of proposed privacy guidelines.
"The balance now certainly weighs in favor of protecting privacy," he said. "Perhaps it's time to start thinking about proposing some rules that would go beyond just espousing general guidelines."
Implantable chips
Applied Digital Solutions, the Delray Beach, Fla., company producing the implantable VeriChip, cites potential life-saving benefits the chips could have by allowing access to a patient's medical records even if the patient is unconscious.
The company says its chips contain a 16-digit number that can be read by passing a scanner over the arm where the chip has been inserted. The number links to a database accessible to health-care providers over the Internet.
But privacy advocates contend the tags are a bad idea because they could lead to abuses by government and contribute to the growth of identify theft.
"This is the most invasive use of the technology we know of so far," said Marc Rotenberg, director of the Electronic Privacy Information Center in Washington, D.C. "With an implantable chip, the person who's being tagged really doesn't have the ability to remove the tag or control the disclosure of its identity."
Medical bracelets or other low-tech methods can perform the same function, he said, so it's unclear whether implantable chips will actually succeed.
"I could easily see any number of reasons why this would fail," Rotenberg said. "It's tempting to say Big Brother is around the corner, but this is a dumb idea that might not get off the ground."
In use elsewhere
Yet the idea has already gained ground in other parts of the world.
In Mexico, government officials have had chips implanted in their arms for access to restricted areas, and chips have been embedded in some hospital patients. People in Spain have used implanted chips for entering a nightclub and buying drinks. In Japan, some parents are putting RFID tags on their children's bags or clothing to track their movements.
In the United States, many large retailers are planning to use RFID tags on boxes and warehouse pallets and have started some trials of tags on individual items. Privacy questions arise at the point the tags move from back-end supply chains to goods consumers buy and take home, Rotenberg said.
Retailers envision using data from item-level tags for targeted marketing campaigns. For example, a clothing tag could identify a frequent shopper as he or she walked through the store. Shop clerks could then approach the customer with special offers.
Privacy advocates worry that a company could collect RFID data from objects like clothing and associate it with personal information to track movements, or sell that data to other companies. Tags are small enough to be undetected if embedded into products.
Right now, the tags are too expensive for widespread use at the item level. Still, a number of states have proposed legislation governing the use of RFID technology out of privacy concerns.
A bill that passed the Utah House of Representatives required retailers to notify customers if they are using RFID tags on store products. In California, a bill that passed in the state Senate required RFID tags to be deactivated before the consumer leaves the store. Neither bill passed the full state legislature.
In Washington state, issues over RFID use and privacy are bound to come up for discussion soon, said Rep. Jeff Morris, D-Anacortes, chairman of the House Technology, Telecommunications and Energy Committee.
The fast pace of technological change makes it difficult to mandate rules for specific technologies, he said. Instead, lawmakers should focus on basic principles such as ensuring that individuals control access to their personal data.
Morris said he would be in favor of a requirement that RFID tags be deactivated at checkout.
The Federal Trade Commission held a public workshop on privacy and RFID in June and is now working on developing guidelines.
Addressing privacy issues
Retailers and companies developing RFID technologies worry that heavy-handed regulation could stifle important innovation.
This month, the Progressive Policy Institute, a New Democrat think tank, called privacy alarms being raised over RFID "at best premature and at worst hypothetical and impractical."
But some technology leaders say the industry should address privacy issues now before proceeding with RFID use.
"There are a lot of human concerns," said Michael Dierks, director of strategic investments at Intel Capital, noting Intel's experience several years ago.
After a privacy uproar, Intel backed away from a technology it developed that would have put a unique ID number into each of its Pentium III chips.
"It doesn't matter if the technology is right or wrong, they still have to be addressed," Dierks said.
Kristi Heim: 206-464-2718 or kheim@seattletimes.com.