Senator Patrick Leahy and American Progress COO Sarah Rosen Wartell
In a major address at Georgetown University Law Center, Sen. Patrick Leahy Tuesday outlined the risks to privacy posed by Radio Frequency Identification (RFID) technology – minute electronic tags that are about to burst on the scene in applications ranging from retailing to law enforcement to inventory control. Leahy (D-Vt.), the ranking Democratic member of the Senate Judiciary Committee, seeks to launch a national debate on whether and where to draw privacy protection lines in the use of RFID tagging. Blending his interest in technology and his leadership on privacy issues, Leahy often has helped Congress bridge the gap between robust technological progress and the implications of new technologies upon the public's privacy rights. This column is an abridged version of Senator Leahy's address.
As a former prosecutor, I value technology's role as a silent partner in helping us ramp up our law enforcement and national security capabilities, particularly in a post-9/11 world. But technology tends to highlight the tension in our constitutional system between liberty and security, and as lawmakers we face the challenge of finding the right balance.
It should be our priority to find ways to allow technology to flourish, encourage private sector development and enhance security, while also protecting consumer privacy and constitutional freedoms. That was the balance I sought to strike in my work on CALEA and in other legislation that blends law enforcement's needs, the needs of our robust technology sector, and the privacy interests of the American people.
The dazzling new technology of the moment is RFID. These tiny chips – as small as a grain of sand – are like barcodes on steroids. They can be added to almost any object, can be read remotely and carry much more information than a barcode. RFIDs seem poised to become the catalyst that can take personal surveillance to a new level, especially as this technology becomes intertwined with ever more sophisticated databases and networks that allow us to easily collect, store, distribute and combine video, audio and other digital trails of our daily transactions. The marriage between RFID and databases can easily lead to micro-monitoring – the highly detailed, largely automatic, widespread surveillance of our daily lives.
Some of these uses we should encourage; others may be improperly invasive. I am a long-time advocate of a Vermont pilot program for tracking cattle and am pleased to see its emulation for a national tracking system to curtail outbreaks like mad cow disease. I am also encouraged by the FDA's decision to support the use of RFID in thwarting prescription drug counterfeiting.
Wal-Mart, Target, and the Department of Defense already are directing their suppliers to use RFID. We have already seen "smart tags" at toll booths, "speed passes" at gas stations and tracking tags on millions of pets.
But this is just the beginning. RFID technology is on the brink of widespread applications in manufacturing, distribution, retail, healthcare, safety, security, law enforcement, intellectual property protection and many other areas, including mundane applications like keeping track of personal possessions. Some visionaries imagine "an internet of objects" – a world in which billions of objects will report their location, identity, and history over wireless connections.
Recent reports about clandestine tests of RFID by Wal-Mart and others suggest a need to begin drawing appropriate lines to protect consumer privacy. But in setting principles today, we will also need to keep in mind the evolving nature of technology and other innovations on the horizon like sensor technology and nanotechnology.
We still have a lot to learn about the technology and many issues are still in flux – like voluntary standards, and systems and infrastructure to manage RFID data. But the RFID train is beginning to leave the station. Now is the right time to think about these issues before it is too late and so I am encouraging a national dialogue.
As with other surveillance technologies, we need to ask what information will RFID systems gather, and how long that data will be kept? Who will have access, and under what checks-and-balances? Will the public have appropriate notice, opportunity to consent and due process in the case mistakes are made? How will the data be secured from theft, negligence and abuse, and how will accuracy be ensured? In what cases should law enforcement agencies be able to use this information, and what safeguards should apply? There should be a general presumption that Americans can know when personal information is collected, can see it, and can correct any errors.
There is no downside to this public dialogue. We can use this opportunity to consider all of our important goals – allowing RFID to reach its potential without unnecessary constraints, protecting our security, aiding law enforcement, and protecting our cherished constitutional rights. If we wait too long, we risk sacrificing one or all of these goals.
This dialogue should include constructive, bi-partisan congressional hearings. The earlier we begin our work together, the greater the prospects for success in reaching consensus on a set of guiding principles. I look forward to engaging the private and public sectors in this discussion, and I look forward to consulting widely with private and public sector leaders and visionaries as we strive to balance technological innovation, security and civil liberties.