THE PRIVACY HURDLE

For Metro Group, it was a double whammy.Last February, the German mega-retailer managed to stir up controversy involving two technologies that have made supermarkets the focus of consumer privacy concerns: loyalty cards and RFID (radio frequency identification).At its Future Store, an Extra Supermarket noted for its many consumer-oriented technology applications, Metro embedded an RFID microchip in

For Metro Group, it was a double whammy.

Last February, the German mega-retailer managed to stir up controversy involving two technologies that have made supermarkets the focus of consumer privacy concerns: loyalty cards and RFID (radio frequency identification).

At its Future Store, an Extra Supermarket noted for its many consumer-oriented technology applications, Metro embedded an RFID microchip in its loyalty card simply to enable shoppers to trigger age-restricted movie trailers in the DVD department. After privacy advocates made an uproar over the card, Metro reverted to traditional bar-coded cards. (See Page 68.)

While they differ widely in makeup and history, both loyalty (or frequent shopper) cards and RFID have raised profound questions about privacy and retailers' relationship with shoppers.

Both systems collect consumer data, with the cards in a sense paving the way for the more massive databases needed to accommodate RFID. More important, they constitute textbook examples of how privacy can be a critical roadblock that must be traversed before retailers and consumers can reap the benefits of new technology.

Loyalty cards, through which retailers acquire data on shoppers' purchases in exchange for discounts and rewards, have been a fixture in the supermarket industry since the late 1980s. In some major U.S. markets, including Dallas, Chicago and San Francisco, more than 90% of households participate in at least one card program, according to ACNielsen Homescan data.

By contrast, RFID, while hardly a new technology, has gained momentum in retailing only this year with Wal-Mart Stores' widely publicized program in the Dallas area. RFID is still years away from impacting shoppers in stores, yet the technology has set off a tidal wave of activity that only promises to grow.

The importance of privacy has not been lost on the organizations pioneering the use of RFID in retailing, such as Wal-Mart. "We can certainly understand and appreciate consumer concern about privacy," said Linda Dillman, Wal-Mart's chief information officer.

EPCglobal, Lawrenceville, N.J., is the organization overseeing the development and standardization of RFID technology in retailing and other industries. It has put privacy at the center of its activities. "Privacy is as important as anything else we're doing, including standards development and implementation," said Jack Grasso, spokesman for EPCglobal.

Successor to the Bar Code

The fascination around RFID stems from the notion that RFID tags may someday replace bar codes as the standard for identifying products and other objects, such as pallets and cases.

An RFID tag is equipped with a microchip programmed with information about a specific product. (So it identifies each unique two-liter bottle of Coke, not just a standard two-liter bottle of Coke, as would a bar code.) The identification process is based on a digitized system called the Electronic Product Code, or EPC.

The tags used by supermarkets also contain a tiny antenna, which lies dormant until in the presence of an RFID reader. The energy from the reader "wakes up" the antenna and causes it to transmit the data on the chip, thereby identifying the product. This all happens without the assistance of a human being "aiming" the reader at the tag -- as in bar-code scanning -- and the tag doesn't have to be in plain sight.

With its greater versatility and power, RFID is projected to provide benefits -- to both retailers and consumers -- that far outstrip anything offered by loyalty programs. These include greater accuracy of product delivery and availability on the shelf; faster returns and warranty processing; easier product recall; faster removal of expired products; and prevention of counterfeiting in pharmaceuticals.

For many consumers, the Holy Grail will be attained when RFID allows a shopping cart full of groceries to be scanned and checked out instantaneously. "Some people will say, 'My time is valuable,' and be willing to give up privacy to obtain that efficiency," said Jim Sheehan, longtime executive at Shaw's Supermarkets, West Bridgewater, Mass., and now head of ComponentSoft, Cambridge, Mass. Sheehan likened it to highway toll passes, which also employ RFID.

Despite its potential upside, EPC-based RFID has sparked greater unease in the privacy community than cards ever did. For one thing, unlike bar codes, privacy advocates see RFID tags posing risks after consumers leave the store. For some critics, it's not too far a leap before society is plunged into nightmare images straight out of the Tom Cruise movie "Minority Report," with billboards reading your retina and flashing ads targeted to your tastes.

Aware of these privacy implications, the nascent RFID industry is taking measures to ensure consumers are not compromised by the technology, now or in the future. Whether this satisfies consumer groups remains to be seen. All agree that for RFID to move forward, its privacy issues must be resolved.

In the United States, the biggest RFID splash is being made by the biggest retailer, Wal-Mart, Bentonville, Ark. In April, the company launched its ballyhooed RFID project in the Dallas market, where a distribution center began receiving RFID-tagged pallets and cases from eight suppliers, and shipping the cases to seven supercenters. The DC and stores were equipped with RFID readers.

By January, three DCs and more than 130 stores will be receiving tagged pallets and cases from Wal-Mart's top 100 suppliers, plus more than 30 others. By next October, the program is slated to grow to 13 DCs and up to 600 Wal-Mart and Sam's outlets. Another 200 suppliers will join in 2006.

Privacy advocates don't take issue with retailers tracking tagged pallets and cases moving through the supply chain, as long as the tags don't show up on the products sold to consumers on the sales floor. Wal-Mart, however, included tagged boxes of two Photosmart photo printers and one ScanJet scanner from Hewlett-Packard in the project. These items are indeed sold to consumers in the store.

Wal-Mart recently added bikes and lawn mowers to the list of other RFID-tagged products for sale. Moreover, at a Sam's club, which becomes part of the project this fall, tagged pallets and cases of products will be sold to consumers.

Wal-Mart has taken a number of steps to deal with the privacy issue for products sold in stores. First, outer packaging is marked with a symbol from EPCglobal. (EPCglobal is a joint venture of the Uniform Code Council and EAN International, the two bodies responsible for bar codes worldwide.) The symbol is on a sticker located next to the tag. In addition, signs designed to help customers identify tagged products -- which also feature the EPCglobal symbol -- are placed at adjacent shelf and aisle locations. Informational tear-off sheets are mounted on shelves. (These are now also available at customer service areas.) Consumers can also access information online at walmartstores.com, or by calling 1-800-wal-mart.

Consumers are informed that they have the option of removing RFID tags after purchasing tagged products. This is one of the hallmarks of the privacy guidelines set forth by EPCglobal. Standards are also being developed for technology that would "kill" the tags at the point of sale. "We don't ever expect that someone's going to walk out of a store with a tagged item and not know about it," said EPCglobal's Grasso.

For David Diamond, former Catalina Marketing executive and currently a New York-based consultant, it's important that the consumer have the ability to "opt out" of the RFID scenario by asking that the tags be killed at the checkout. The absence of a fully developed kill technology "is the flaw in RFID at the moment."

In its communications to shoppers, Wal-Mart points out that RFID technology is already being used in toll tags and remote keyless entry devices for cars. Shoppers are also told that RFID tags will not contain or collect any consumer information. "We want to use the technology to make products available to customers," said Gus Whitcomb, Wal-Mart's director, corporate communications. "That's our focus."

According to Wal-Mart, a local Dallas/Ft. Worth television station, NBC affiliate KXAS-TV Channel 5, interviewed some customers entering a Wal-Mart store with tagged products shortly after the project began. The station aired several comments, which were accepting of the technology.

Whitcomb described consumers as taking a "measured approach" to RFID technology. "People say, 'If Wal-Mart has a privacy policy and sticks to it, and the tags help make sure the product is on the shelf, then I'm for it,"' he said. "We've done everything we could think of so consumers become informed about this."

Katherine Albrecht, however, disagreed. Albrecht, director of CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering), a grass-roots organization she founded in 1999, has become known as the most outspoken critic of both loyalty cards and RFID in the supermarket industry. Based in the Boston area, she is a doctoral candidate at the Harvard Graduate School of Education and operates three Web sites: nocards.org, spychips.com and BoycottGillette.com. The latter two pertain to RFID.

"Wal-Mart," Albrecht said, "is taking the first steps to creating a society where everything could be surveilled at all times. A shopper would hardly learn this by reading their Web site." She also criticized Wal-Mart for violating a call for a moratorium on item-level tagging issued by "40 of the world's most respected privacy and civil liberties organizations."

As Albrecht sees it, if all products eventually contain RFID tags -- a scenario years away from realization -- retailers could eventually develop databases that link consumers to every item they buy. This would be an extrapolation of what retailers do today with loyalty cards. In theory, shoppers who have some of these tagged products in their possession could be identified in stores by retailers. "They can identify you as you walk in the door, and even pinpoint your location in their store as you shop," Albrecht said in a statement earlier this year.

Speaking to SN recently, she expanded her theory to include what could occur if live tags were allowed to leave the store on products. In one scenario, criminals with readers could read the contents of someone's bag. "This essentially gives people a form of X-ray vision," she said.

In another, the government, by justifying the seizure of retailer databases on national security grounds, would have a means to identify individuals in places like political rallies. "If retailers create POS records that link items to consumer IDs, that's going to be an almost irresistibly tempting target for the Homeland Security and Defense Departments to get their hands on," she said. "In this climate, it's a matter of time before these records become part and parcel of what the government does to keep us safe from terrorists."

Wal-Mart's response to such comments is that "some of their proposals are not even possible," Whitcomb said. "Or you'd have to be a very nefarious company to even think about using the data this way."

Carlene Thissen, president, Retail Systems Consulting, Naples, Fla., observed that most retailers lack the kind of technological sophistication required to even handle the data stream expected with RFID. "Retailers have trouble managing basic scanner data," she said.

Moreover, Thissen said, retailers typically separate their scan data from their shopper information, and "only two or three people in a company have the authority to put them together."

In addition to a retailer's own databases, EPC information will be available through what is known as the EPC Network, made up of Web-based interconnections between databases over which companies can gain the most updated information on a particular product. Industry experts said this network is well protected from hackers and criminals.

"Only authorized users can access the network and data points in the network," said Pat Walsh, senior director of industry relations for Food Marketing Institute, Washington. Pete Abell, senior partner, ePC Group, Boston, noted the distributed nature of the data makes it hard for anyone to access, adding that further data safeguards are being discussed.

Grasso observed that some of Albrecht's criticisms do not square with the laws of physics. "No one can stand outside your house and read what's in your medicine cabinet," he said. Abell also pointed out that the water content of the human body makes it difficult to read objects in a handbag held by a person, and would require enormous power from the reader. "This alone will make the criminals afraid to use it as they will immediately be flagged and caught."

Wal-Mart's Dallas program is not its first run-in with Albrecht over store-based RFID tests. In 2003, the company planned a test with Gillette in a Boston-area store that would have tracked inventory levels on store shelves, but canceled it after CASPIAN protested. Another shelf-level test with Procter & Gamble did take place quietly over four months last year near Tulsa, Okla., but it later sparked criticism after being described in the Chicago Sun-Times.

Ironically, despite her criticism of Wal-Mart, Albrecht said all she is calling for is labeling of products bearing RFID tags -- something Wal-Mart has been doing. "We are not calling for bans or government restrictions," she said. "CASPIAN is a free-market, libertarian organization."

One retailer that decided to consult with Albrecht on privacy issues is London-based Marks & Spencer. The retailer is engaged in a large supply chain RFID project in which it has tagged 3.5 million returnable produce delivery trays. Albrecht worked with M&S on its other RFID project, involving item-level tagging of men's clothing. "I'm very impressed with their attention to privacy," she said. Neither project is based on EPC technology.

Olivia Ross, senior corporate press officer, M&S, confirmed the company has agreed to avoid using RFID readers in the store for inventory counting while shoppers are present, and to instead roll in a reader on a cart after hours.

Ross said M&S uses RFID tags within "throwaway labels" that read "Intelligent Label for Stock Control." The tags contain "a number unique to each garment," she said. The labels, which the consumer can easily remove, are not scanned at the register. An explanatory leaflet is available in all stores where tagged suits are sold.

Notice and Choice

The steps Wal-Mart has taken in regard to informing and educating consumers about RFID tags on products in its stores is in accordance with the "Guidelines on EPC for Consumer Products" established by EPCglobal.

The EPCglobal guidelines essentially call for retailers to provide consumers with notice of RFID/EPC tags; choice regarding removing or disabling the tags; education about the uses and benefits of the EPC; and access to policies regarding the retention, use and protection of consumer-specific data generated via EPC systems.

The guidelines will be updated as the technology develops and more is learned about consumer attitudes, noted Grasso.

Food Marketing Institute, Washington, has maintained a policy statement on consumer privacy, geared to loyalty programs, for the supermarket industry since early 1991. The policy was most recently updated in May to reflect RFID technology.

FMI's policy guidelines parallel those of EPCglobal in many ways, but also state it is "not appropriate to sell, rent, or relinquish personally identifiable information to third-party vendors, suppliers or marketers." In its latest revision, FMI addressed tampering with EPC-related databases, stating it "supports both federal and state legislation that would make it illegal for unauthorized third parties or individuals to access, intercept or receive an EPC signal or to disseminate information unlawfully accessed or intercepted."

In January, EPCglobal formed a Public Policy Steering Committee to address privacy, among other issues. The committee includes representatives of multiple industries and trade associations, as well as retailers like Wal-Mart and Target, and manufacturers like Procter & Gamble and Gillette.

The Public Policy Steering Committee has conducted consumer research globally this year to assess consumer attitudes toward privacy and RFID. According to Grasso, about 25% of consumers are aware of RFID technology, and about half of those have heard of privacy concerns regarding tracking and surveillance. "There's a natural disposition to believe the more ominous overtones, vs. the benefits," he said.

Nonetheless, EPCglobal is encouraging retailers to emphasize the upside. "Once they are informed about the potential benefits of the technology -- fresher products, safer drugs and less out-of-stocks -- their confidence rises quite a bit," said Grasso. "A large part are willing to trade imagined privacy concerns for better, safer drugs." Education, he added, is "the only way [consumers] are going to get a balanced view of how this technology will improve their lives."

Elizabeth Board, executive director, public policy steering committee, pointed out that RFID is sometimes incorrectly linked to technology like global positioning systems (GPS) and even computer spyware. "This presents a false and misleading image to the public," she said in a panel discussion at the EPCglobal U.S. Conference in Baltimore on Sept. 30. She acknowledged, though, that education remains a challenge during the technology's infancy. "It's difficult to talk to consumers if they don't see [the technology]," she said.

Still, consultant Diamond urged RFID stakeholders to "start telling consumers why they should want RFID tags. Start a groundswell."

The Steering Committee is also addressing legislative efforts, mostly at the state level, to control the use of RFID. Board said 10 to 15 states are looking at the issue A bill in the California legislature, which Grasso described as "pretty restrictive." The bill was defeated; a new bill is expected to be introduced shortly in Massachusetts.

EPCglobal's view is that rather than be subjected to legislation, the industry should follow its policy guidelines, monitor itself, and "let the free market decide," said Grasso. "The reality is the industry is based on consumer trust. If anything we're doing makes people uneasy, that's not good for business." Diamond noted this is especially true in a repeat-business like food retailing.

Grasso also questioned whether concerns about privacy or legislation should "stand in the way of the development of an incredibly powerful technology that will save lives, save money, and make life better for consumers and businesses."