When advising companies on how to go about planning an automatic identification and data capture (AIDC) system, I always encourage them to engage in some "blue sky" thinking. That is, I suggest they generate a list of "must have," "like to have," and "wouldn't it be great if..." items.
The reason I do this is to help them lay the foundation for possible future add-on systems. Obviously, incorporating these possible future needs during the initial system design simplifies subsequent implementations.
Recently, however, I gave an RFID presentation to a group and added a different color to the sky, suggesting they engage in some serious "black sky" thinking when it comes to RFID privacy and security issues. In essence I told them, "Imagine the worst that could happen. Then, imagine... it... gets... worse."
Now, it may seem a bit Dilbertesque to suggest that you imagine the unimaginable or put together a list of all possible unforeseeable results, but as an exercise, it's worthwhile because it encourages you to think in non-rational terms. Non-rational because some people have an irrational fear of how RFID might some day invade their privacy, and others have an almost child-like delight in discovering ways to exploit or corrupt RFID systems. The concerns expressed by, or threats posed by, these groups cannot necessarily be anticipated by purely logical approaches.
Admittedly, there are those who want to exploit limitations in the technology for personal gain, a rational if illegal motivation. These people are relatively easy to understand. They're essentially thieves and logical systems can be developed to make things much more difficult for them. Here are several, well-publicized, real-world examples of non-rational developments that would have been difficult to anticipate using strictly logical planning.
- The data on a Metro store RFID customer loyalty card was changed to show how "unreliable" RFID was. The data on the card wasn't locked because no one could conceive of any reason a customer (or anyone else) would want to change the number. No logical reason has yet been proposed. It was done simply because it could be done.
- The "Can your cat infect your computer with a virus?" news from March of this year suggested that an animal ID tag could somehow contain malicious code that could infect or corrupt the entire companion animal ID database is another example that leaves most people scratching their heads. Aside from the fact that the demonstration assumes a software backend that has never been demonstrated to exist (outside of one developed specifically to prove the concept), it's another example of the "who would even think of that?" kind of threat.
- A threat of another kind is illustrated by the announcement by Levi Strauss & Co. earlier this year that it would begin testing RFID tags on some of its clothing in an undisclosed store location. RFID would be part of the removable tags attached to clothing so they would normally be removed from the item prior to wearing. Disclosing the test was an act of good faith yet privacy groups angrily denounced Levi for running a "covert" test and announcing that they would have picketed the store if they knew its location. The level of Levi's disclosure, however, wasn't really the issue. It was fear by these groups that RFID tags might some day lead to some sort of global tracking system or allow perverts to identify what kind of underwear a woman is wearing.
These examples illustrate why you need to do some "black sky" thinking no matter what your use of RFID might be. Not so Dilbertesque after all, is it?
