Informational Hearing of the
SENATE SUBCOMMITTEE ON NEW TECHNOLOGIES
Senator Debra Bowen, Chair

 

"Radio Frequency Identification Technology (RFID) Where Is It Headed?"

 

November 20, 2003
Sacramento, California

 

SENATOR BOWEN: Welcome, and thank you for joining me today to continue our talk about Radio Frequency Identification (or RFID) technology and the benefits and potential privacy implications associated with the technology.

RFID is expected to replace the bar code in the next decade because of the efficiencies it creates. Unlike bar codes, RFID tags can be made in tiny formats, some no larger than a grain of salt, and the tags do not have to be manually scanned. Instead, RFID tags send out a radio signal that can be captured at a distance and at indirect angles by RFID readers, eliminating the need for an employee with a hand-held scanner to read a label.

Retailers and manufacturers hope to save millions of dollars by automating the shipping and inventory process and reducing theft using RFID. However, some privacy advocates fear that RFID will become as omnipresent as video surveillance and will give marketers another method of tracking people’s whereabouts, interests, and habits.

This subcommittee held its first hearing on RFID technology on August 18th, and there we talked about how RFID technology works, and we heard from some privacy advocates about some of the potential uses of the technology that they fear could invade people’s privacy. Today I’d like to continue that discussion.

Since the August hearing, there have been several new developments:

• Wal-Mart announced plans to require its top 100 goods suppliers to tag shipping cases and pallets with RFID technology by 2005 and to require the rest of its suppliers to begin using RFID tags by 2006.
• Wal-Mart and Procter & Gamble tested RFID tags on Max Factor Lipfinity lipstick sold at a Wal-Mart store in Oklahoma, where store shelves equipped with Webcams allowed Procter & Gamble researchers in Cincinnati to watch customers as they picked up and looked at lipsticks.

Hmm. Pause for thought, huh?

• The San Francisco Public Library Commission approved plans to start tagging library books with RFID chips by 2005-2006. And Berkeley and Santa Clara are considering similar plans for their own public libraries.

We have two panels on today’s agenda. First, we will look at the manufacturing and retail uses of RFID and hear from the Uniform Code Council/EPCglobal, the Electronic Frontier Foundation, and the Grocery Manufacturers of America. I also invited the International Mass Retail Association (or IMRA), Wal-Mart, and Procter & Gamble to come talk about how and why they’re embracing RFID technology, but they declined to participate today. Their absence is noted, though I’m sure if and when someone decides to introduce a bill to create some standards and restrictions about how RFID technology can be used, they’ll have no trouble finding Sacramento on the map—even though it doesn’t have an RFID tag.

Our second panel today will focus on using RFID systems in public libraries, and here to testify on that issue we have Jackie Griffin, the director of the Berkeley Public Library, Karen G. Schneider with the California Library Association, and again, the Electronic Frontier Foundation, Lee Tien.

As always, this hearing will be interactive. I’d like to ask the first panel to step forward and have a seat at the table, and we will begin with Mr. Grasso, who is here today representing the Uniform Code Council and its new subsidiary EPCglobal, which was recently established to work closely with the retail and manufacturing industries to study RFID applications and to develop uniform technology standards for RFID systems.

Thank you for coming, Mr. Grasso. I hope you will enlighten us as to a little bit about your organization: what are its charges; how it works. We are televised, so if you would use the red button. When you light up, you should be on.

MR. JACK GRASSO: Well, it’s lighted.

SENATOR BOWEN: Good. Californians will be, I’m sure, watching, and we’ll have an interesting discussion today. Thank you very much again for coming.

MR. GRASSO: Well, thank you, Senator Bowen, and thank you for inviting me here this morning to participate in today’s hearing. You’re addressing a very, very important subject—the implications of Radio Frequency Identification for consumers around the world—and we welcome the opportunity to share some of our thoughts on this very important issue.

I’m here today as the director of public relations for the Uniform Code Council. As you may know, the UCC was an original sponsor of the Auto-ID Center’s research effort to develop the Electronic Product Code. In May of this year, we entered into a joint venture agreement with EAN International to commercialize the EPC technology. That joint venture functions under the name of EPCglobal. I work very closely with EPCglobal, advising them on a variety of public relations and public policy issues.

Among the myriad of activities that EPCglobal is involved in during this very, very formative period of standards development and implementation, nothing is of higher priority than issues of consumer privacy and protection. To be clear about it, protecting consumer privacy and deploying the EPC technology in a responsible way is and always has been a very high priority for UCC and EPCglobal. In fact, through the Auto-ID Center, we began to address this issue in the very earliest stages of the research effort and, over the past few months, have been very involved in a process to develop guidelines for the use of EPC on consumer products. We’re very proud of our leadership in this area and are committed to maintaining a focus on protecting personal privacy as the commercialization process moves forward.

Now, before I get into the substance of my remarks today, I’d like to just take a few minutes to share a little bit about the background about the UCC for those present who may not be familiar with us.

The UCC is a not-for-profit organization dedicated to the development and implementation of standards-based, global supply chain solutions. The UCC actually pioneered the development of the Universal Product Code (or UPC), and that is the foundation of the standards that we use today which have been shown to produce about $17 billion in savings annually in the United States across a wide variety of channels, including manufacturers, retailers, and consumers.

UCC-based solutions, including business processes, and the bar code identification standards of the EAN.UCC System are currently used by more than one million member companies worldwide. In a nutshell, we touch the lives of millions of consumers every day, and through our standardized automatic identification technologies, we enable improved supply chain management around the world. Meeting consumers’ needs and driving customer satisfaction is a large part of our mandate as an organization. So, you can see why we take very seriously this consumer-related implications of the EPC technology.

To get to the subject of today’s hearing—RFID and consumer products—let me start by sharing some background about the EPC technology. Electronic Product Code is an emerging system that uses Radio Frequency Identification for the automatic identification of consumer products. RFID is now being used in everything from automobiles to security pass cards, and it serves a variety of purposes. One of its widespread usages is in devices such as EZ Pass in the United States and Liber-T in France that speed the passage of autos through highway tollbooths.

EPC has the potential to be used on many everyday consumer products as they move through the supply chain: from factories through distribution centers and into retail stores. As EPC evolves, it promises to offer significant benefits to consumers and companies. The improved information in the supply chain will help speed products to the shelf and ensure they are available when consumers want them and in the quantities they need them. Removal of expired products will be easier, and prompt removal of any recalled product will be facilitated. In addition, checkout times for customers could be significantly reduced.

To allow EPC to realize its potential for consumers, retailers, and suppliers, it is important to address privacy concerns prompted by the current state of the technology while establishing principles for dealing with its evolution and implementation.

Accordingly, at the final Auto-ID Center Board of Overseers meeting on October 28th, the sponsors of EPC adopted guidelines for use by all companies engaged in the large-scale deployment of EPC. These guidelines are intended to complement the substantive and comprehensive body of national and international legislation and regulation that deals with consumer protection, consumer privacy, and related issues.

As new developments in EPC and its deployment occur, these guidelines will evolve while continuing to represent the fundamental commitments of industry to consumers. It is hoped that further developments, including advances in technology, new applications, and enhanced post-purchase benefits, will provide even more choices to both consumers and companies on the use of EPC tags.

These guidelines will be administered by EPCglobal, which, as I mentioned, is a joint venture between EAN International and the Uniform Code Council. The EAN.UCC works closely with user companies to develop and maintain standards for the product code now used on many consumer products. EPCglobal will also be responsible for updating these guidelines. For EPC to gain broad acceptance, consumers must have confidence in its value and its benefits and the integrity of its use. EPC participants are committed to gaining and retaining this public confidence. EPCglobal will monitor the proper use of these guidelines and will be responsible for updating them.

Because EPC is an emerging technology in an early development stage, usage guidelines supplementing or modifying those adopted by the sponsors will evolve as applications are developed and implemented. Given the current state of the technology and the relatively, I would say, premature stage of its deployment at the consumer unit level and to allow participants appropriate amounts of time to implement these guidelines, EPCglobal has established January 1st, 2005, as the expected date by which companies will begin following the adopted guidelines.

I’ve provided the subcommittee with a complete version of the "Guidelines for Consumer Products" for your review. Additional information on this policy can be found on our web site. In general—and I’ll briefly touch on the main points of them—the elements included in the guidelines are:

• Consumer Notice ( is the first one): Consumers will be given clear notice of the presence of EPC on products or their packaging. This notice will be given through the use of an EPC logo or an identifier on the products or packaging.
• Consumer Choice: Consumers will be informed . . .

SENATOR BOWEN: Can I ask you, is there any PC logo at this point?

MR. GRASSO: It’s under development. None has been developed yet.

SENATOR BOWEN: Good. Then I was not losing my mind.

MR. GRASSO: Right. You haven’t missed that yet.

SENATOR BOWEN: I haven’t missed it yet.

MR. GRASSO: But the theory is that it would be a visible, recognizable, familiar logo on products that would be tagged as such.

SENATOR BOWEN: Okay. And when do you expect that to be completed?

MR. GRASSO: I don’t know, Senator. We don’t have any specific timetable on that because it really depends on the wide deployment of the technology at the unit level, which is a number of years off.

• Consumers will be informed of the choices they have to discard, disable, or remove EPC tags from the products they acquire. It’s anticipated that for most products, the EPC tags will be part of a disposable packaging or would be otherwise discardable. EPCglobal, among other supporters of this technology, is committed to finding additional cost-effective and reliable alternatives to further enable consumer choice.
• Consumer Education: Consumers will have the opportunity to easily obtain accurate information about EPC and its applications, as well as information about advances in the technology. Companies using EPC tags at the consumer level will cooperate in appropriate ways to familiarize consumers with the EPC logo and to help consumers understand the technology and its benefits. EPCglobal would also act as a forum for both companies and consumers to learn of and address any uses of EPC technology in a manner that’s inconsistent with these guidelines.
• Record Use, Retention, and Security: As with conventional bar code technology, companies will use, maintain, and protect records generated through EPC in compliance with all applicable laws. Companies will publish, on their web sites or otherwise, information on these policies regarding the retention, use, and protection of any consumer-specific data generated through their operations, either generally or specifically with respect to EPC.

These guidelines that I’ve just briefly reviewed demonstrate that EPC participants are committed to addressing the issue of consumer privacy and engaging in a constructive and ongoing dialogue with interested parties. The overriding goal of the guidelines is to provide a responsible basis for the use of EPC tags on consumer items. Under the auspices of EPCglobal, these guidelines will continue to evolve as advances in EPC and its applications are made and consumer research is conducted.

Again, we’re proud of our work in the area of RFID and consumer protection, and I thank you again for the opportunity to be here today.

SENATOR BOWEN: Thank you. I actually have a number of additional questions.

MR. GRASSO: Yes.

SENATOR BOWEN: You mentioned the guidelines. It’s my understanding that these guidelines, because they’re voluntary, basically only apply to users who agree. So, in that sense, they’re like some web site privacy policies: a web site operator who doesn’t wish to post a privacy policy is not required to do so.

MR. GRASSO: As a condition of their participation in the EPCglobal universe where they would get an identification number, where they would be part of the EPCglobal network, a condition of their doing that is that they sign a paper saying that they will adhere to the guidelines.

SENATOR BOWEN: Help me understand what participation in EPCglobal means. Could you, for example, use RFID for tracking containers at the Port of Los Angeles, which we think is one of the positive things that could happen with this, without being an EPCglobal member?

MR. GRASSO: To understand that issue, you need to have a perspective on what standards are. Standards are universally applicable ways of doing things: ways of communicating information, ways of storing it, ways of constructing the data.

Companies for many years used to have their own closed systems of doing this until they discovered there was no competitive advantage to them in so doing, and that’s how the universal code system came into being. The same will be true with RFID. Companies can implement it and deploy it however they wish, but in order to get the maximum benefit from it by adhering to standards that are universally used, they would then join the EPCglobal universe; which means they would get an identification number, and they would have access to the network where all of the codes would be stored. Part of the EPCglobal process right now will be to create what we call an ONS, or an Object Naming Service. It’s like a domain-naming service on the Internet.

SENATOR BOWEN: I was actually going to work with you on using that example because clearly, you can’t create a web page without a domain name, but we have a number of different domain-name enablers.

MR. GRASSO: Right.

SENATOR BOWEN: There’s not one organization. You have to use one of them, but they are not all the same.

MR. GRASSO: Well, in the early stages of this technological development, we will be the one place where that data is stored.

SENATOR BOWEN: So, you’ll be the network solutions _________.

MR. GRASSO: Yes. We’ll be the "library in the sky," although I’m sorry I mentioned libraries.

SENATOR BOWEN: That’s all right. We’ll get there.

With domain names, you really couldn’t create a web site presence without using, at that time, Network Solutions. So, the question I’m really after is can you utilize this technology for private purposes? What deployment, if any, is possible without EPCglobal membership? Do you basically not get access to the inventory that translates. . . . the list that translates the code into something meaningful, which would basically make membership mandatory?

MR. GRASSO: If you’re not a subscriber to EPCglobal, you will have to deploy the technology in a closed way; in other words, within your own organization.

SENATOR BOWEN: So, that means that if you’re dealing with mascara, for example, you could create your own set of mascara codes but that they’re not readable anywhere else.

MR. GRASSO: That’s right. And if you were a manufacturer of that mascara and you didn’t subscribe to the EPCglobal network and you had a retailer who had a closed system, you would have no way of accurately tracking sales, distribution, customer feedback, any of those things.

SENATOR BOWEN: So, for anybody who’s going to provide products to more than one retail outlet, it probably doesn’t make sense to do that.

MR. GRASSO: Correct. The same drivers of the Universal Product Code system will drive this technology as well. And the market will decide. There’ll be competition. There’ll be other people who will compete to create a better way of doing it, and that’s good.

SENATOR BOWEN: I’m just asking you these questions because when we talk about voluntary guidelines, we always have to ask the question: Well, who is subject to those guidelines? I mean, we certainly have a lot of experience with this when it comes to web privacy policies where there’s a set of guidelines, but no one is required to adhere to them. And then there’s the second level question which is—second level tier question—which is: What happens if someone doesn’t comply with the guidelines? And the third is: How on earth does "Jane Two-Buck Chuck" know whether or not anyone is complying with the guidelines or not?

MR. GRASSO: Well, imagine a consumer walking into a retail establishment where they are given notice that EPC technology is present and they have that experience. You know, they have the choice of not shopping there, or they have the choice of having the tags disabled upon checkout or have a blocker tag that will prevent them from being read while they’re in the store.

SENATOR BOWEN: I’ll come back to that. Let me put a little marker there.

MR. GRASSO: And then they go into another store where they don’t have such a notice, but yet, the technology is in use. There’s a problem there, and the consumers will quickly become aware of that.

SENATOR BOWEN: How?

MR. GRASSO: Well, it depends on how the retailer uses that information. If the retailer decides to use the information in a way that it violates the guidelines that we set down—if they don’t give notice, if they don’t use the information according to applicable laws and regulations—eventually they will not be in business anymore because the market will force them to adhere, and they will have to do so. Besides which, the optimum application of this technology requires. . . . or involves belonging to a broad network of users. And if you don’t, you will be in a noncompetitive position.

SENATOR BOWEN: Let me go back to the question of disabling because I was interested to hear you talk about discarding, disabling, or removing. But it’s my understanding that that is an option that members/subscribers would have. And then, of course, you have another issue when you’re dealing with applications in which there’s not a removable or discardable tag. And there the only solution that I’m aware of, the only technical solution, is a "kill" switch; again, very difficult for a consumer to know. Even if they see the equipment sitting there, you don’t know whether it’s working. It’s unlike one of those great big plastic inventory tags where you . . .

MR. GRASSO: Right. Pretty hard to miss that on the way out.

SENATOR BOWEN: It’s pretty hard to miss whether it’s gone or not, yes.

MR. GRASSO: I think that’s an open question right now; how the most cost-effective method of disabling will be implemented.

I attended a seminar at MIT last Saturday where there were many technologists who presented alternative ways to do that and also raised many of the issues around that technology, such as disabling tags that could then be revived afterwards, which is another possibility.

SENATOR BOWEN: That’s interesting. That’s one I hadn’t thought about. You could actually revive a disabled tag.

MR. GRASSO: They could be designed as such that they could be "killed," although I wish we had a nicer word for it, but they could be disabled and then revived by another device of some kind.

I might point out another thing—and I’m not a technologist. I was an English major.

SENATOR BOWEN: That’s okay. I’m a lawyer. It takes all kinds.

MR. GRASSO: It’s important to understand that in the first deployment of these RFID tags, the zero class one tags don’t actually send any signal out. They’re inert; they have no power. They have to be energized by an outside radio frequency signal. So, unless there is such a device nearby, the tags are basically inert and useless.

SENATOR BOWEN: But it’s not a broadcasting device.

MR. GRASSO: No, it isn’t.

SENATOR BOWEN: A device that reflects when there is a broadcast.

MR. GRASSO: Only when they are excited by a radio frequency signal and only within a very relatively close proximity and under optimum conditions. There’s a lot of problems with it right now that need to be worked out. They’re very affected by moisture, by metal, and by distance. So, there’s a lot of research that has to be done before they’re a hundred percent dependable, which may never be achieved.

SENATOR BOWEN: When we talk about the record use, retention, and security policies, I haven’t done an exhaustive study but there are no—that I’m aware of—there are no existing laws that deal specifically with RFID information. Is it your view that, for example, the EEC policies that deal with privacy apply without any additional legislation?

MR. GRASSO: Well, I’m also not a lawyer, but I would imagine that laws would have to be modified in some way to include data that was gathered by RFID technology.

SENATOR BOWEN: I ask you this because when you talk about record use, retention, and security, the guidelines say, well, you have to comply with existing laws; but to my knowledge there aren’t any.

MR. GRASSO: I guess what we mean is existing laws that govern the type of information: shopping patterns, matching products with credit cards, those kinds of things that regulate the usage of that type of consumer information.

SENATOR BOWEN: To my knowledge, they’re all specific to the method of collection. Or at least in California we have a law that deals with supermarket club cards, and we have now a law that deals with, what you call, EZ Pass, which we call FastTrack, that deal with dissemination of that information. But we don’t have anything that broadly says that any information that’s collected. . . . we have it now for financial transactions, although I suspect that the Congress is about to torch that by preempting the states. But I don’t believe there is just a more broad Information Practices Act except as it applies to financial information where the Fair Credit Reporting Act would be . . .

MR. GRASSO: I will take that point back and make it part of our planning.

SENATOR BOWEN: When retailers are thinking about deploying this technology, what would be the advantage to a retailer of not disabling the RFID tag? Why wouldn’t you just set up a system where when the customer leaves the store you disable the tag? I mean, presumably it leaves information open to a competitor if there are standards, if it stays enabled.

MR. GRASSO: I offer two answers on that. One is that it might be somewhat inconvenient for the customer to have to do that. It might take extra time to check out. If the disabling device is not functioning, it creates enormous difficulty at the point of sale.

And the second thing is there are post-purchase advantages to RFID technology, such as returns to the store, things like that, that would be valuable to the store to have.

SENATOR BOWEN: So, basically we’re looking at the RFID equivalent of the current bar code use. I know in many large department stores now, when you purchase an item your receipt gets a bar code stuck on it. Now you don’t need the actual. . . . or the tag, not the receipt. So, when you return an item, you no longer need the sales receipt because the information is . . .

MR. GRASSO: Contained in there. Right.

SENATOR BOWEN: So, you’re basically looking at the electronic equivalent. . . . or the RFID equivalent.

MR. GRASSO: That’s right.

SENATOR BOWEN: But that’s in a tag that presumably the customer, under most circumstances, would either stick in a file drawer, a shoebox, or put in their recycle bin. Those are the only three choices, right?

MR. GRASSO: Well, I think most of the tags that will be in use will be discardable anyway because most of the products we buy are perishable and consumable, and they would go away with the product.

SENATOR BOWEN: I think the issue comes up on tags where it’s probably more difficult for a consumer to remove a tag. The first example that comes to my mind is books where the back of a book jacket in some bookstores now has an RFID tag on it. In some instances, people are reluctant to remove a purchase tag from a book jacket because they don’t want to damage the book jacket. So, we’re going to have some where we have a removability issue, and I think that’s probably one of the first places to focus.

MR. GRASSO: That might be a more appropriate and practical tag disabling scenario; in a bookstore or library where you can have a tag "killed" on the way out as opposed to a bag of groceries or something like that.

SENATOR BOWEN: I hadn’t thought about it but I can see how having to disable—particularly in a grocery store situation where a customer may be purchasing upwards of a hundred items—trying to figure out a mechanism that would disable every tag might be a challenge.

MR. GRASSO: Right. There is much research that needs to be done in that area. They actually had a "kill station," they called it, at the seminar. They would take a tag and they would read it, put it in the "kill station" and read it again, and it would be disabled. So, it works under optimal conditions, but in the real world, it needs a lot of development yet.

SENATOR BOWEN: Great, thank you. If you’d be willing to stay here for a little bit longer, there may be additional questions that come up.

MR. GRASSO: I’d be happy to. Thank you.

SENATOR BOWEN: Our next panelist is Lee Tien, senior staff attorney for the Electronic Frontier Foundation. Lee will be here for both panels. For right now, we’d like to hear about your research and your concerns about the commercial uses of RFID. We’ll leave libraries aside for the time being.

MR. LEE TIEN: Thank you very much for inviting me to speak today.

EFF, the organization that I represent, is a public interest group that was founded about twelve, thirteen years ago to protect free speech and privacy in an increasingly computerized world.

I mention in this context EFF’s devotion to free speech because the law of free speech provides, I think, a concept that really does need to be developed in privacy law today, and that’s the concept of a breathing room, breathing space, a buffer zone, for civil liberties and speech. First Amendment jurisprudence has always used the idea that we not only have to protect speech immediately, but we need to set the boundaries of protection a bit further out because we know that there are a lot of things that happen with respect to speech, censorship, self-censorship—chilling effect—that are, in a way, invisible . . . [tape turned – portion of text missing] . . . when someone has decided not to say something. And so, we have a law that is especially solicitous of speech in that way.

What I’m suggesting today, as sort of a general overview point, is that we’re in a place in society in time and technology where we need to have that same kind of approach to questions of privacy because privacy is now an area that technology is threatening to invade in so many ways that most people in society are not really aware of, and the kinds of decisions that people make because of possible threats to their privacy, often invisible to what most of us can see. And so, there is a need to think about privacy as a social good that needs to be protected. The same way we want to protect the marketplace of ideas, we need to protect privacy and privacy norms.

This view has several implications, but first, I think, is simply that privacy invasive technologies like RFIDs need to be addressed early in their development rather than late. This is a point that Professor Pottie made at the last session; that it is actually likely to be cheaper to address the privacy issues up front by designing the technologies in a way that respect privacy rather than waiting and seeing and then trying to retrofit an infrastructure or a technology.

SENATOR BOWEN: I think we’re very much committed to that, and if anyone has a question about the design implications of how you create systems, they have only to take a look at our whole credit reporting system, which is Social Security number-based and has no effective mechanism for protecting the Social Security number, which is the key to identity. If we were designing a system right now to deal with credit transactions, we would never make it based solely on a Social Security number with no additional security concerns. So, we’re having to go back and redesign and redo an enormous set of financial systems at great expense, which, if we had instituted a different set of protocols when we began using the Social Security numbers as the basis for credit tracking, we would have saved ourselves not only a lot of money but a lot of identity theft.

MR. TIEN: That’s exactly right. That’s one of the two or three examples that I was going to use. It’s an interesting example because it’s not a technological design issue; it’s a social design issue. But really, society, technology, all these practices, work together. And so, one of my little points here is that if we want to avoid creating the RFID version of ID theft, we have got to get moving today.

Another example of the same problem is questions of Internet security. We are now in a situation where we hear from policymakers, from computer scientists, that we have serious problems with the security of our cyber infrastructure. Part of the problem is that we have a lot of software out there that is not particularly well-designed. We have protocols that were invented before the security issues really were obvious. And so, once again we are very much playing catch-up in terms of trying to ensure people . . .

SENATOR BOWEN: I think it’s patch-up with software.

MR. TIEN: Patch and catch; that’s right.

The next point I wanted to make was that one of our sets of guiding principles here has to be the concept of the Fair Information Practices, which I think most people are familiar with in this room. The joint coalition paper that we submitted to the subcommittee from Privacy Rights Clearinghouse and a number of organizations goes into the question of applying the Fair Information Practices in the RFID space. At the same time, we need to think about new threats to privacy. . . . or new issues in privacy that are not really covered well by the Fair Information Practices and existing law.

Senator, you anticipated a rather large number of the points that I was going to make today, which is wonderful, and one of those is the question of the adequacy of existing law with respect to technologies like RFID.

I would like at this point to say that RFID is. . . . while it is the focus of our discussion today, it’s really just one example of a class of what I could call "location tracking technologies," including GPS and any kind of transponder, beeper, tracking the use of Smart cards, or other kinds of devices at toll plazas or in BART machines or any sort of situation; ways to take to another level the ability to track an individual’s movements throughout society. This produces a clash with reigning concepts of privacy law because at least if you follow along the lines laid down by the Supreme Court in its Fourth Amendment jurisprudence, there really is supposed to be no expectation of privacy in public. And yet, I think that we are seeing now so much technology being deployed in public space that records us with video cameras or is able to track our movements or simply because we engage in electronic transactions at an ATM, at a supermarket, and then we may drive through some spot where we are seen or there’s a FastTrack, the ability of technology and this technological infrastructure to really put together a highly detailed picture of a person’s movements and activities in society has now gotten to a point where my organization thinks we really need to rethink the idea that there is no privacy in public.

SENATOR BOWEN: Actually, I think the courts have begun to do that too.

MR. TIEN: You know about the Washington State case, right?

SENATOR BOWEN: The infrared case. Or thermal imaging case we’re talking about?

MR. TIEN: Well, the Kyllo case deals with thermal imaging into a home, but there’s a Washington State case that recently came down.

SENATOR BOWEN: Since you and I know what we’re talking about but I’m sure that other people watching this don’t, could you give us a thumbnail of that case?

MR. TIEN: Yes. This is a case involving police installation of a GPS tracking device in a car as part of a criminal investigation. Under current Supreme Court law which recognizes no expectation of privacy in one’s movements in public, the police do not need a search warrant in order to install a GPS beeper onto your vehicle, at least while it is moving on public highways.

SENATOR BOWEN: That would be of great surprise to most Americans.

MR. TIEN: I think it would be, but it is in fact the law. However, the State of Washington, in reviewing this kind of beeper tracking, declared under the Washington State Constitution’s version of the Fourth Amendment, which protects the right of the people against unreasonable search and seizure, they held that in contrast to what the federal Fourth Amendment requires, that it was in fact a search and you needed probable cause and a warrant in order to put that kind of a device on someone’s car.

SENATOR BOWEN: Which means in Washington that the state law enforcement officials cannot install it but the FBI can. Right?

MR. TIEN: Yes.

SENATOR BOWEN: I think it’s important for people to understand that when the states have a different law than the federal law, you can get erratically different results. We saw that recently in California with a medical marijuana prosecution where the jury basically revolted at the end of a federal trial after learning that the person in question had actually been given sanction by the state to do what he was being prosecuted for doing under federal law. So, I think we have to be mindful of those jurisdictional lines in any event.

Would you talk a little about the thermal imaging case as well?

MR. TIEN: Well, the thermal imaging case is a case called Kyllo v. United States. There have been a number of situations where law enforcement has attempted to use infrared sensing primarily in marijuana growing type cases to detect whether or not there was a lot of heat being emitted from a house as part of a marijuana investigation.

SENATOR BOWEN: Presumably, that would signal the presence of light.

MR. TIEN: Grow lamps, I believe. So, the question . . .

SENATOR BOWEN: Either that or a pottery kiln.

MR. TIEN: Right. Came up through the courts in various circuits as to whether or not the law enforcement use of this kind of technology qualified, again, as a search. Did it violate a reasonable expectation of privacy? To be honest, it was not clear from the Supreme Court’s precedence how a court should come out. There were arguments based on the California v. Greenwood case, which is when you put your garbage out on the curb, you have no expectation of privacy. The government argued, Well, the heat you emit is waste heat, and so, it’s just like the trash you put out. Another argument was, Well, it’s like plain view. If I could see through your window with a pair of binoculars, I would not need a warrant; and so, if I can simply see infrared into your home, I don’t need a warrant.

Surprisingly, the Supreme Court actually found that police use of thermal imaging required probable cause and a warrant. The implication on one hand is that we are going to look carefully at how new technologies can violate a person’s reasonable expectation of privacy. The court was very clear that it was concerned about how technology is shrinking the realm of guaranteed privacy. On the other hand, Kyllo is a home case, and it is not clear that Kyllo’s solicitude for privacy would extend to any kind of thermal imaging in a non-home context.

SENATOR BOWEN: If you’re growing marijuana in your Airstream, you’re in a different . . .

MR. TIEN: You’re in big trouble.

There was an interesting part in the Kyllo decision where the courts said essentially—at least up until the time that this technology becomes commonly available—there will be a requirement for a warrant. There is a sort of negative pregnant to this, which is that when the technology of thermal imaging does become sufficiently common, then they won’t need a warrant. This is the sort of logic that has worked in cases involving, say, helicopter overflights or airplane overflights where the court will say, Well, everyone knows people are flying over and they can look down, and if they happen to have a camera, then that’s your tough luck; you have to accept that risk. So, that part of Kyllo is interesting because it suggests that when a technology such as RFID becomes commonly available and widely used, then even if there had been some degree of Fourth Amendment protection, there wouldn’t be anymore.

Now, I don’t think any legal scholar or lawyer I know of has figured out exactly why the court has that commonly available concept that toggles a switch in Fourth Amendment protection. If I had to answer that question, I’d suggest that it’s because they believe that when a technology is sufficiently common and known to the public, at least one of two things will happen: One, that people will understand the risk and, therefore, it’s not a surprise; and two, they may be able to defend against it—take a precaution in some way.

Unfortunately, one of the points that Senator Bowen brought up earlier in her questioning of Mr. Grasso really affects the meaningfulness of that kind of reasoning, and that is the question of information asymmetry. The tradition we have in consumer protection law is to recognize that consumers often don’t know what it is they are getting into. I think one of the reasons why we need to think about the idea of buffer zones and breathing space for privacy is the same concept: that consumers don’t know what they’re in for with respect to their privacy. And this is both social and technological. It’s social in the sense that most people don’t know when they give their information to Macy’s or to the bank or to anybody they deal with what kinds of privacy constraints. . . . well, basically how they’ve lost their privacy once that information has been given out. Even if there were laws about it, they would not be able to detect the fact that someone has either given away your information or allowed that information to be taken in an unauthorized fashion, which is one reason why we now have in California the Notice of Breach law. So, you have the social problem, which is the backend sorts of privacy violations are invisible to the general public, and second, that the laws are so complicated, as anyone who’s ever tried to figure out how the Fair Credit Report Act really works. It’s tough.

SENATOR BOWEN: I think it’s really important to highlight the tracking problem. You know, those of you who know me know that my dog does a lot of surfing of the Internet. He does some shopping on the web and so forth. In addition to having gotten a pre-approved credit card authorization—I guess it means his credit is good—he routinely gets solicitations from a particular set of stockbrokers and, more bizarrely, for contact lens solutions. [Laughter.] You know, it really highlights the problem. I have no idea what he was doing that led to the contact lens solicitations. I can guess where the credit card application and the stock information came from. But the problem of tracking who the violator was or whether there was a privacy policy five years ago when I assisted him in filling out whatever that form was, where he disclosed his birth date and his gender and his income and all those other things, he has no way of tracking that.

And so, it makes enforcement a very difficult proposition because the number of transactions that an ordinary person engages in is just so enormous, that it becomes impossible to separate which piece of junk mail is the result of what earlier transaction.

MR. TIEN: That’s right.

SENATOR BOWEN: The persistency of data that’s wrong is a major issue within this regard too.

MR. TIEN: Yes. I mean, if you buy a bad car, you’re going to take it back to the dealer. If you get a piece of junk mail, you cannot figure out what breach way, way back in the chain may have actually led to it or whether, frankly, you allowed it. And that’s where the technology side of it comes in. Not only do you have these problems simply because there are so many intermediaries and such underground economy interactions—it’s not underground—the economy and people’s information, but people were worried about cookies; people worry about web bugs. People don’t know that when they go to an ad, they’re not actually on the original web site anymore; they’re actually maybe on a double-click web site because that’s what the banner stands with. There’s so much that people don’t know about what they do does, and that’s only going to increase.

And so, all of these kinds of information asymmetries make us very nervous about relying purely on market forces because market forces, to work properly, presuppose informed consumers, and what we’re seeing, I think, is a systematic lack of information on the part of consumers about what is happening to their privacy, and what we get today. . . . or what we see today is, I think, a backlash because of concern about privacy. And then something like ID theft really puts it into everybody’s mind because most everyone knows someone or someone who knows someone who’s a victim of ID theft, and that has put the entire credit system into an area of public concern. And I think we will, if we are not careful, run into the same problem with our ID, and that’s not even bringing in the question of governmental use of it.

So, I’m going to close here real quickly and say that one of the things that we are very, very concerned about is trying to get to a situation where RFIDs are not promiscuous. Much of the concern about RFIDs is they will talk to anyone. I don’t want us to see a world of promiscuous RFIDs. I want to see secure RFIDs; ones that only talk when I let them, when there is some kind of authorization user control. This is, as with most other areas in privacy, really about who can get the information and say what can be done with it. In the short term, I think we need to think very much about "kill" technologies, about blocking technologies. I don’t rule any of those out as solutions, but I think that they are not part of a true future that features RFIDs. If RFIDs are going to be ubiquitous, they must be truly secure.

Thank you.

SENATOR BOWEN: Mr. Grasso—and then I have a couple of questions; although, we have addressed in a roundabout way some of the questions I had.

MR. GRASSO: Would it be appropriate to ask Mr. Tien a question?

SENATOR BOWEN: No, but you can direct your question . . .

MR. GRASSO: Oh, may I ask you then?

SENATOR BOWEN: . . . through the chair.

MR. GRASSO: Forgive my ignorance. Buffer zone and breathing space: I wonder if we can explain that.

SENATOR BOWEN: That’s a fine question to ask Mr. Tien.

MR. TIEN: I’m sorry—what was the . . . ?

SENATOR BOWEN: Can you explain how you would deal with the buffer zone or breathing space in the context of RFIDs or other locational tracking technologies?

MR. TIEN: Well, I think this sort of goes to the. . . . there are a couple of different dimensions. One of the things we hear a lot about any kind of technological privacy threat is that the technology is limited; it’s too early. My concept of a buffer zone or a breathing space is an attitude towards saying we are going to attack the problem of privacy early and we are going to consciously say: Just because the privacy problem looks like it’s this big today, we are not going to design a solution or a response that assumes that it’s just this big. We’re going to build in a safety margin just as you would say: Well, we don’t want the risk of some kind of a consumer device to be too close. We’re going to say: This is what we want and then let’s build out so it’s actually ten times safer, a hundred times safer.

In the privacy context, that means things like looking at security. We wouldn’t simply be satisfied perhaps with using a simple form of encryption because we would know that, well, if you are using a simple form of encryption but you talk to your RFIDs or your RFIDs talk to readers, over time the risk of multiple transactions means that there’s far more greater likelihood of a compromise, and once you’re comprised, you’re done for.

So, there are a lot of ways technically, I think, that this principle has implications of building in a privacy safer kind of technology.

SENATOR BOWEN: Is it fair to say that you believe that there are Fair Information Practices that can be applied to RFID and other locational tracking technologies? You’re not advocating that we just say we just can’t take the risk of using this kind of technology.

MR. TIEN: Well, first of all, I think as our coalition statement made clear, there’s no real issue in the pure internal supply chain context because the average person is not at any risk of being tracked. The risks begin to become serious when you talk about the in-store tracking situation, and there you have a situation where the consumer’s interest is great; but the retailer user arguably has some sort of an interest as well. And then you have this post-purchase area—the outside the store—where, at that point, I think right now today, we have very, very little grounding for any kind of benefit to the consumer.

So, what we are thinking about is, in terms of Fair Information Practices, that you do need, definitely need, to have notice. One of the things that I think is very, very dangerous is stealth deployment of any kind of RFID technology. That’s why even the testing of what’s happening in the Wal-Mart in Oklahoma is a disturbing practice because there is just no notice to the persons who are handling those cosmetics that they were being subject to this kind of a trial. Back when I was a grad student, that would have been a real violation of any kind of human subjects protocol.

So, notice, I think, also serves the great value of making it clear not only to the individuals who are the subject of tracking but everyone else that something is going on. One of the dangers in today’s technological world is many modes of surveillance are, as I mentioned before, invisible. By making them visible, we make it possible for people to say, Hey, wait a minute. I don’t want to be there. I want to avoid that area. And as they become more pervasive, that readers pop up and there are more and more signs saying, Here’s a reader, here’s a reader, here’s a reader, it creates the possibility of a kind of public dialogue about is this the sort of society we want to build as opposed to one . . .

SENATOR BOWEN: I think it could create a major level of paranoia. You have no idea what clothing item or what in your briefcase you might not have disabled or disattached some RFID device coming into the Capitol, or you’re going various other places where that’s the method that’s used to deal with security issues. I think either people become totally immune and they pay no attention until something happens based on the collection of the data, or they just have this sense that they really are living in George Orwell’s nightmare.

MR. TIEN: Right. My concerns, you know, the basic principle and basic idea under the Fair Information Practices is transparency, openness, accountability. So, we are happy to hear that UCC, EPC has got voluntary guidelines, but as the Senator pointed out, there’s a real question of whether or not there’s going to be any actual compliance with the guidelines. And that’s one of the reasons why another part of the Fair Information Practices is the notion of access: access to one’s own records to find out what kind of information has been captured and how that information has been used.

I’ll be very honest here. This is one of the Fair Information principles that has always had problems in the political arena. The FTC ran into real problems trying to think about how they were going to implement an access principle in the context of web site privacy because companies naturally say, Hey, wait a minute. You’re asking us to open up our files, our records, so that individuals can see their own information? So yes, it’s a politically difficult concept, but at the same time, I think it’s really the next step in advancing or evolving our privacy policy because the kinds of issues that we have talked about traditionally under Fair Information Practices in the commercial sector have mainly been noticing a choice and you get tied up in this interminable opt-in/opt-out debate: What’s the content of someone’s privacy policy when privacy policies or any of those things are just words if you don’t know what an entity is actually doing?

SENATOR BOWEN: I think that the shift to electronic-based money really exacerbates this. What I mean by that is that there are very few people who, at this point, don’t have either an ATM or a credit card, or both, that they use for a large number of transactions. And I think if you looked at people under forty, that number gets much smaller. It may be that our great-grandmas are still not comfortable with an ATM; although, most of them probably use credit cards. But that creates a kind of information path that simply did not exist when we had a primarily cash-based society. A checking-account-based society had that to a lesser extent, although searching a bank’s database or a handwritten name on a check was a whole different matter than searching an electronic database where it’s easy to see who did transactions with a particular entity or what sort on a whole bunch of different fields. I think that adds to our concern.

Thank you.

MR. TIEN: Thank you.

SENATOR BOWEN: Let me next turn to Kristin Power with the Grocery Manufacturers of America.

Ms. Power, I greatly appreciate GMA’s willingness to step forward on this issue and begin a candid discussion about the pros and cons of the RFID systems and the manufacturing and retailing industry. I think the goal is to try to find the appropriate balance and to create a system of dealing with Fair Information Practices and information gathering that may not give comfort to every single American but that is generally viewed as an acceptable way to deal with deployment of this new technology.

With that, the floor is yours—or the table.

MS. KRISTIN POWER: Before I begin, I do want to acknowledge that some of my statements may be somewhat repetitive to Mr. Grasso’s. Hopefully, I will be able to put those into context from the manufacturer perspective. So, as we go along, if you’ll allow me a little latitude there.

The Grocery Manufacturers of America is the world’s largest association of food, beverage, and consumer products companies. with U.S. sales at more than $460 billion. GMA members employ more than 2.5 million workers in all fifty states, including over 300 facilities employing more than 700,000 California residents. The organization applies legal, scientific, and political expertise with its member companies to vital food, nutrition, and public policies issues affecting the industry. Led by a board of 42 chief executive officers, GMA speaks for food and consumer products and manufacturers at the state, federal, and international levels on legislative and regulatory issues.

We appreciate the invitation to provide the manufacturer perspective on the use of RFID technology. GMA and its member companies believe this technology offers benefits for consumers, but we also acknowledge and share concerns regarding consumer privacy as it relates to the use of this emerging technology. We are committed to working with the technology providers and to maintaining open communications with policymakers at the state and federal government as the use of RFID technology is adopted.

As you know, for more than four years the Auto-ID Center at the Massachusetts Institute of Technology has been developing new applications for the technology that promises to deliver significant benefits to the economy and consumers. Led by scientists from prestigious academic institutions around the world, the Auto-ID Center’s work on the development of the Electronic Product Code (or EPC) has evolved into an innovation story. It stands out as certainly one example of how public, private, and academic interests can unite and support research and development and help move technology forward to benefit society. The Auto-ID Center is supported by over ninety of the world’s leading companies and organizations, including many in the food, beverage, and consumer products industry.

Very generally, the EPC offers the next generation of product identification, building on the success of the commonly used UPC code. The EPC provides more than just the basic information about a manufacturer or product. It uses an extra set of digits to enable companies to add additional information about their products. For example, by reading the tag on one of the EPC-shipped products, a business can know the date on which the item was shipped, the manufacturing facility from which it was shipped, and the retailer to which it was shipped. Connected to a network, the EPC technology will allow companies for the first time to manage their global supply chain in real time at any time, offering never-before-available benefits. Some of the benefits will include streamlining inventory control on a global scale, deterring theft and counterfeiting, keeping shelves stocked with products desired by consumers, speeding the placement of new products, and easing removal of expired products.

Though much of the research today is focused on business and supply chain applications of the technology, the EPC holds tremendous promise for consumer benefits as well. Customers will see improved checkout procedures and customer service. Other benefits could include better availability of products and swifter and more effective food and product safety recalls between retailers and suppliers. It is also important to note that EPC technology can offer solutions to government such as improved custom handling and border controls, enhanced Department of Defense logistics management, and better security for moving luggage through airport terminals.

Specifically within the food, beverage, and consumer products industry, RFID is part of a broad range of E-commerce activities designed to make the supply chain more effective and efficient. Microchip and radio frequency technologies have advanced to a stage where it’s possible to place radio frequency-enabled chips containing an EPC on pallets, cases, and individual products.

As you have mentioned previously, well-known and widespread uses include the EZ Pass on U.S. highways and bridges and speed pass at gas stations.

Full realization of the benefits of EPC will depend on the implementation of RFID. From GMA’s perspective, some of the benefit of an RFID include product tracking during distribution, meaning that products in the supply chain will no longer need to be counted manually time after time. Readers can be installed in warehouses, trucks, backrooms, and shelves to continually track products and maintain perpetual and accurate inventory data. Out-of-stocks can be virtually eliminated through preset triggers which would automatically call for replenishment. This would also allow for theft to be measured and controlled in real time. And it will increase our ability to identify counterfeit products. Additionally, product recalls could be conducted in a much more effective and efficient manner because products in the supply chain could be continuously monitored. It is also possible that today’s checkout systems could be replaced with RFID systems that . . . [tape turned – portion of text missing] . . . we pilot in field tests that amplify the need for standards from everything from tag specifications and RF frequencies to reader systems and data classification. Continuing research and application will need additional refinements as industry implements RFID.

The technology and standards advancement can and will be made quickly. While it is clear that broad implementation of EPC on individual items tracked to the store level is still years away, the market is on the verge of accelerating its adoption of the technology on a broader scale for supply chain applications for several reasons. Vendors of RFID technology are embracing the economics of lower-cost production and higher-volume uses that could bring individual tag costs, which currently is a very significant barrier, below ten cents—or even lower according to some estimates. Several large retailers are making plans to require their suppliers to start equipping arriving pallets and cases with RFID devices in the not-too-distant future. Several remaining factors have been leading initiatives to use RFID technology to reduce theft in the supply chain, especially for high-value goods, and look forward to realizing benefits from the day-to-day use of the technology.

While few would deny that RFID EPC can and will afford major benefits, the technology also raises public policy issues that need to be addressed in a proactive and responsible way. Chief among those issues are concerns about consumer privacy. This technology will eventually have an impact on consumers as the products they purchase may have an RFID tag.

Our industry takes the issue of consumer privacy very seriously and has been addressing it since the founding of the MIT Auto-ID Center back in 1999. Even today in the ________ RFID field, field tests and pilots are allowing participants to think through privacy concerns. Technology or options are under development to facilitate the protection of consumer privacy and to offer consumers choice about the use of RFID EPC technology and the sharing of personal information.

Clearly consistent with the pillars of privacy protection, consumers should be aware where and when the technology is being used. Also, vendors and retailers alike have indicated that upon customer request, the tag on individual items will be turned off after an item is purchased or designed that they can be easily removed by consumers. Further, the Auto-ID Center Board of Overseers is addressing privacy concerns, in part by establishing guidelines for dealing with this evolution and implementation. The guidelines, of course, do not stand by themselves as there already does exist a substantive and comprehensive body of national and international legislation and regulation that addresses consumer protection, consumer privacy, and related issues.

SENATOR BOWEN: Do you think any of that actually deals with RFID collection though?

MS. POWER: Not specifically. More in general terms of use of data and how it can be collected and general privacy concerns. We recognize that there is certainly an area that can be filled in terms of the RFID-specific privacy.

SENATOR BOWEN: I’m not aware of any California law that would deal with the data collected. Because our laws are specific to the mechanisms of collection or the type of data, I just don’t think there’s anything right now. So, if you’re aware of something, some general provisions of laws anywhere, I’d love to know what they are.

MS. POWER: I certainly will have the folks who do that research for us try to find that information.

SENATOR BOWEN: I have no doubt that someone has been looking at that issue.

MS. POWER: The guidelines address consumer notice, consumer choice, consumer education, and records used for retention and security. They’re available to consumers at www.epcglobalinc.org.

Consumers will have the opportunity to easily obtain information about the technology, its applications, and advances. The guidelines focus on the need to give consumers notice when RFID tags are present in or on what they are purchasing. Additionally, consumers will be given choices to discard, disable, or remove the tags from the products they acquire. As with conventional UPC bar code technology, companies will use, maintain, and protect records generated through RFID EPC in compliance with all applicable laws regarding privacy. Finally, the guidelines will continue to evolve as more widespread use of the technology occurs and more consumer research is conducted.

GMA and its member companies look forward to participating in continuing discussions about the use of RFID and the consumer packaged goods industry. As the industry adopts this technology, we are committed to doing so in a way that protects consumer privacy and offers consumer benefits.

Thank you.

SENATOR BOWEN: You made a reference to data classification. I assume there that you’re talking about distinguishing between, for example, pallet-based data and individual product data. Do you see different types of data might suggest different information practices?

MS. POWER: Certainly at this point what we’re talking about is backroom inventory management. And the difference in data classification is, is it a product recall that you’re trying to remove product from the shelf, or is it a fact of keeping product on a shelf in a timely fashion for consumer availability? That’s the issue that we’re talking about there.

SENATOR BOWEN: I think the good news for the grocery manufacturers at this point is that, to my knowledge, there’s no real concern about the use of this technology in backroom functions and shipping tracking and so forth. I just have heard no one make a credible argument that there ought to be any kind of restriction. I mean, it’s up to the industry to figure out how to make it work, but there really are no privacy implications that I’m aware of in that context. The picture definitely changes when we get to the retail customer application.

Do you think that there ought to be some kind of rules regarding how information gathered at the retail level can be used?

MS. POWER: We have expressed that in both written and oral testimony, and our concern is as yours is—about how that data is used and how it’s collected—and we are committed to working with you to identify how we can manage that supply of information.

SENATOR BOWEN: You stated that you thought consumers should be able to disable the tags upon request. I think that would probably give heartburn to a lot of people. Are you willing to discuss how that might work in a particular context?

MS. POWER: Certainly.

SENATOR BOWEN: I think that’s going to be a critical issue. It’s unfortunate that we always seem to wind up in opt-in/opt-out, particularly with the technology that is. . . . or even with notice or a logo, it may be difficult for people to know that the tag is there. We may need to really have a focus on that.

Anything else? We actually did a pretty good job. You get to skate a little bit because I gave Mr. Grasso most of my questions—and Mr. Tien.

Either of you have questions that you think ought to be addressed, Mr. Grasso, Mr. Tien, at this point, before I dismiss this panelist?

MR. GRASSO: I just had a couple of comments, Senator.

There are many technological issues that need to be solved; many of which touch upon some of the things that Mr. Tien was talking about relative to the post-purchase application of these tags. I would direct you to the MIT media lab web site which has a wealth of recent information on many of the issues regarding "killing" tags, reading distances, and things like that, to provide perspective on just how far away this technology might be.

I’d also like to point out that there are some compelling usages of this technology at the item level right now, like pharmaceuticals to track counterfeit drugs, to help people take drugs correctly and not risk taking the drugs wrong dosage, wrong drug; which is a problem in our country and many people are inconvenienced and victimized.

SENATOR BOWEN: It seems like a hospital-based trial would probably be the first step.

MR. GRASSO: Right. And also tracking toxic substances is another consumer protection type application for this technology. One aspect of that, of course, is that to develop the technology on a cost-effective basis, it needs widespread application. So, to do it for a few narrow areas would make it very cost-prohibitive.

Those are my comments. Thank you again.

SENATOR BOWEN: Thank you.

Yes, I think that there’s a lot of potential benefit from this technology, but the goal is to, as Mr. Tien said and as Professor Pottie testified at our last hearing, it’s to build in wherever possible, as a part of the technology, mechanisms that allow us to deal with the social and legal consequences as we’re developing it out so that we are not saying to a company that’s on the verge of a massive deployment or into it, Oh, sorry, we’re going to have a new set of laws and you have to scrap all the product development software and time that’s been devoted to making this work because we’ve determined that there’s some legal and social issues, privacy-related issues, that need to be addressed. That’s not in anyone’s interest.

This subcommittee tends to be. . . . we don’t just tend to be—we try to be far ahead of where product deployment is because even by having this discussion, we start the manufacturers and the researchers and the development process thinking about how we might solve some of these issues. The longer we wait, the harder it is and the more expensive it is to do the kinds of technological things, make the kinds of technological improvements, that can help us solve the very problems that the technology creates.

Mr. Tien, a few final words on this topic? And then we’ll go to library.

MR. TIEN: Just a couple of quick comments.

First of all, I wanted to point out that our coalition statement on RFIDs definitely regards some of the uses that Mr. Grasso mentioned as appropriate. In particular, the pharmaceutical use to the point of dispensing is something that we’ve recognized is acceptable. And in terms of toxics to landfills, this is something, again, that we believe is accepted. However, we want to point out that in the latter situation, there is no need for a uniquely item identification. It could be just like an ordinary bar code because all you have to know about it is the generic product.

SENATOR BOWEN: You may actually be interested, though, if there’s a disposal. . . . for example, in California a long time ago we outlawed mercury in batteries, but we still had an issue with batteries coming in on an import basis that had mercury. For purposes of assigning responsibility for cleaning up mercury in a landfill, I’m sure that U.S. battery manufacturers and others who deal with mercury might be very interested in knowing who the responsible party is.

MR. TIEN: I think you definitely can make the argument. I’ve always put the burden of proof on someone to show that you really need to get that unique ID.

The other general point that I wanted to make with respect to what we’ve been talking about in terms of technological protection mechanisms is the question of incentives. It is, I think, all very well and good to talk about the possibility of a blocker chip, the possibility of "kill," all these kinds of ways of dealing with the threat of RFIDs, but I am not going to be complacent about the idea that the industry necessarily has as much interest in or is willing to invest as much in research that would really secure or protect the privacy in RFIDs as they are in rolling them out cheaply as possible. I mean, there is just, I think, a built-in tension here between what I would call the need for security and privacy in RFID and the idea of we want to roll out mass deployment. I think that our public policy, or consumers in general, have to recognize that . . .

SENATOR BOWEN: Mr. Tien, that’s precisely why I’m sitting here, and that’s why you’re sitting there, and that’s why we’re all here is there is a tension. Obviously, the less you have to deal with these issues, the less you have to spend in creating and deploying a system. But if it’s not acceptable to the majority of citizens and it doesn’t work on a social and legal level, you really haven’t made an investment that’s useful. I hope that we can convince everyone who’s looking at using this technology that it’s better to try to sort out these problems in advance, even if it does cost a little more in the development stage. It will cost a lot more if we wait. But your point is well taken.

MR. TIEN: Thank you.

SENATOR BOWEN: Thanks. Thank you very much, panel; I really appreciate it.

Let me call up the library panel. That means Mr. Tien stays put, and we ask Jackie Griffin to come up from Berkeley. I believe that Karen Schneider may not be here. I think there’s a server problem at the. . . . I think she’s maybe dealing with a. . . . so you had a server problem too—e-mail problem. Anyway, there is some kind of a site server problem. Just because it’s a technology hearing, we have to have a demonstration that none of the technologies we create are full-proof no matter how carefully we set about to make systems that work.

Our first witness is Jackie Griffin, director of Berkeley’s public library system. Welcome. Thank you for coming.

MS. JACKIE GRIFFIN: Thank you for asking me to be here. I spend every day dealing with the fact that technologies are fallible.

SENATOR BOWEN: Yesterday it was our microphone system. We had a problem with cell phone instant messages disrupting our. . . . garbling our microphone systems. Not something that anyone expected. In any event.

MS. GRIFFIN: I’m here today to talk about libraries and RFID and the issues that we face in the future and why we’re considering this technology and what we’re trying to do to make that technology work within the principles that libraries have always operated under.

Most of the time when people think about libraries, they think about organized access information or children’s story times or any number of things. But for those of us who work there, a real underlying fact is that, among other things, libraries are material handling centers. We have 500,000 items in Berkeley, and we have 2,500 users a day, and over the course of a year, they check out 1.3 million items. So, in some ways we’re just a big factory of books and videos and CDs.

The problem with that for us, of course, is that we don’t sell them. We check them out and then they come back over and over and over again. And so, we have staff who spend their days picking materials up, wanding them with a wand, and then sliding them along a desensitizer to turn off our security systems and then repeating that when the materials are returned. The consequence of that is that in any one year, we incur about $200,000 in workers’ comp costs. Over a five-year period, Berkeley Public Library incurs about a million dollars in direct workers’ comp costs and about a million dollars in indirect workers’ comp costs.

SENATOR BOWEN: Is that repetitive injury?

MS. GRIFFIN: It’s almost all repetitive injury. About 90 percent repetitive injury and about 90 percent of that 90 percent happens during that check-in and check-out stage. Some of it occurs when people are preparing materials to go out on shelves: putting on jackets and labels; those kinds of things. But essentially, it occurs at the check-out/check-in stage.

In addition to that, two years ago we opened a building that was twice the size and yet did not have funding to add staff.

SENATOR BOWEN: That’s what I thought you were going to talk to me about is the staff costs of doing all of that.

MS. GRIFFIN: Right. And it is. It’s a huge cost. It’s a cost in that now we have more people using our library—we’re incredibly popular—and yet, I have no more staff; and so, they’re checking out more materials every day, every year. And, of course, as everybody in California, we face in the next year a million-dollar-budget deficit, which means that we’ll probably be laying people off and the remaining people will be doing more with less and we’ll incur more injuries and we’ll incur more workers’ comp claims. The whole thing just gets uglier and uglier.

So, we’ve been looking at RFID because it takes us out of the business. It allows us to have patrons go select their materials from the shelf, come to a work station—which we imagine will be something like this counter and there will be four self-help stations and a staff person to stand behind for people who have fines or other issues—and that the patron will put their card in front of a scanner. It will still be the bar code card. Then there will be a platform on which they can lay their books down, up to six books high can read through, and then we’ll print a receipt. We have eliminated our repetitive motion injuries by doing that. And we can set up a similar stand where our staff will have to be checking them in, or perhaps our patrons will, but it will lessen even the check-in part of it where they have to do that. For us that’s tremendous to have people not injured; to not have life-time injuries out of it.

However, we’re a library, and we operate on the principles of intellectual freedom and patron privacy. Those are the backbones of what we do. So, we’ve had to take a look at how can we protect that privacy, how can we protect that confidentiality, how can we allow people to feel free in a library, and, at the same time, how can we stop our people from getting injured? And that’s our tension. When you were talking about the tension before, that’s the tension for us.

Over the past couple of months, we’ve talked to Lee, and we’ve talked to the Bolt Hall Technology and Privacy Group, and they’ve walked us through our processes. We’ve taken the questions that they’ve asked us very seriously, and one of the things they said is, You’re at a point where you can make vendors change the way that they do things. And they also said, Your libraries, if you do it, everybody will think it’s okay, so don’t just do it, and we hear that very clearly.

So, we have just started to talk about: What does it look like for best practices? And we are trying to incorporate those in our RFP for purchase. What does it look like when a library cuts down their injuries, and yet, their patrons can walk out feeling pretty safe? So far, where we are is vendors of RFID for libraries do it in two ways: either they make a tag in which the bar code is on it and the title of the book and the author and anything else that you want to put on it, but some of the vendors only put the bar code on. So, we have decided to limit ourselves to vendors who only put the bar code on. The bar code is a 14-digit number. The first six digits identify it is as our individual library. The other eight digits are random, and they don’t relate to anything.

SENATOR BOWEN: Is your bar code system proprietary to your library? In other words, if I took a bar code on the back of a Berkeley book and went to Ralphs and scanned it, it would be garbage.

MS. GRIFFIN: It would tell you nothing, yes. It would tell you absolutely nothing.

SENATOR BOWEN: There’s no library-wide standards for the bar coding.

MS. GRIFFIN: No. And there are several different vendors of the library bar codes.

SENATOR BOWEN: But there are bar codes on many books, CDs . . .

MS. GRIFFIN: That come from the publisher.

SENATOR BOWEN: Right.

MS. GRIFFIN: But those are not the bar codes we use.

SENATOR BOWEN: Okay. So, you add a second . . .

MS. GRIFFIN: We add a second bar code.

SENATOR BOWEN: You have a closed system.

MS. GRIFFIN: We have a closed system. And those bar codes are assigned randomly. We purchase them that way so that there’s no relationship. You can’t tell anything about how something was accessed or anything else from it.

In addition, our particular circulation system, a patron cannot come in and search that bar code number and find the title of a book. Some automated systems do that. We decided that one of our best practices would be to say that if we ever, in the future, purchase a different automated system, we will not include one where a patron could search a bar code number.

SENATOR BOWEN: Which basically gives somebody the ability to figure out what somebody else. . . . is that the concern?

MS. GRIFFIN: Well, I think our concern is, okay, so we’ve only offered the bar code. And then we’ve tried to look at scenarios in which that would be useful for somebody. We know that the tags that are currently used only have a scanning distance of about twenty inches, but we say, Okay, suppose that scanning distance becomes greater and somebody can discover what the bar code number of that book is? Now, by law, the number one thing that we have to do is keep them from knowing the patron name and the book tied together. That’s the piece of information that by law we absolutely must protect.

SENATOR BOWEN: Except under the Patriot Act.

MS. GRIFFIN: Except if we’re subpoenaed. Well, we could be subpoenaed for other reasons. Typically, libraries get subpoenaed by one parent trying to prove that the other one is a terrible parent in a divorce case by what books they allow the child to check out. That’s the kind of thing that we generally get subpoenaed for. But yes, under the Patriot Act also.

So, what our concern is, is if somebody could scan that, what value would it be to them? And so, our number one concern is to keep it from being able to be tied either to a title of a book or a CD or whatever but specifically to the patron. So, one of the things that we’ve decided is a best practice is . . .

SENATOR BOWEN: My dog doesn’t have to come in and check out books. I’m safe if I come in . . .

MS. GRIFFIN: You can check out a book and the most we think that they’ll be able to know is the bar code number. Now, one of our best practices has been the vendors are offering Smart cards and we’ve decided that we will not purchase Smart cards unless those cards are not tied to patron data in any way. And so, that’s another best practice that we’re proceeding with.

SENATOR BOWEN: You know, I would expect no less from Berkeley. If you set up a system that allowed the massive tracking of your patrons’ reading habits, you’d have different librarians in short order, I would suspect.

MS. GRIFFIN: And one of the fun things has been is we did a library committee on how to put this together, and it’s been good, yes, because they are Berkeley people and we do spend a lot of time thinking about how do we protect those things. We are left with Lee’s concern that someone can nevertheless use the RFID device to track; to simply follow someone. We don’t have a great response to that right now. We have the response that at this point I don’t think scanners can do more than twenty inches, and the reason for that is obvious: because otherwise our patrons would be checking out the books of people walking five feet behind them or something, and we don’t really want them to do that. But it is true that those devices will probably get better and stronger. We have asked our vendors to look at encrypting or at "kill" when they leave the library. So, we still have those things to answer. We had pretty good response from our vendors in terms of trying to look at that and look ahead, but at the end of the day, here we are. We absolutely will protect patron privacy because that’s what we do, but if we’re going to keep our library open and if we’re going to be able to continue to function, we have to find some ways to do things, and this looks for us like something that will save both injury and a great deal of money.

SENATOR BOWEN: It seems to me that you would have a great interest in a disabling reactivation type of system.

MS. GRIFFIN: Right. You know, when you talk about retail outlets and they talk about "killing it" when it leaves the place, that’s great; but for us that won’t work. It’s got to "kill" it and then it’s got to reactivate.

SENATOR BOWEN: You don’t want to have to reapply it every time it comes back, or you’re right back with the staffing.

MS. GRIFFIN: Exactly. There’ll be repetitive motion injury all over the place, right.

SENATOR BOWEN: All right. Very interesting. You implemented an RFID system in Oregon in a public library or worked on it?

MS. GRIFFIN: I purchased it. I purchased it and then I immediately left and came to Berkeley, so I haven’t actually seen it in action.

SENATOR BOWEN: That’s a great strategy. [Laughter.]

MS. GRIFFIN: So, if there are big problems, I’m a whole state away; but yes, actually I’ve heard good things about it.

SENATOR BOWEN: Perhaps at some time we’ll ask the folks in Oregon to help us. We don’t want to ask them to fly down here. We know their budgets are as tied as ours.

MS. GRIFFIN: You actually have a couple of libraries. Santa Clara and San Jose both have implemented RFID in the last year and have very good things to say about it.

SENATOR BOWEN: All right.

I believe Ms. Schneider is not here. It’s too bad because I really wanted to know how she went from being an aircraft maintenance officer in the US Air Force to being a librarian, but that question will have to wait for another day. We’ll get back to Mr. Tien again to get the EFF’s perspective on RFIDs in libraries.

MR. TIEN: Thank you again.

We have been interested in the RFID issue for some time. We were prodded into becoming fairly vocal as a result of discovering that the San Francisco Public Library seemed to be ready to adopt an RFID system, and no one seemed to have talked about it, and no one seemed to have talked about the privacy issues involved. This is the reason why we became involved in RFID because we saw here a classic example of a clash, I would say, between individual and collective rationality. It was especially disconcerting in a governmental context, because while I think most people don’t think of libraries as the government—they’re just libraries and we trust them—they are, in fact, governmental entities. The protections, certainly, that the California Constitution has for privacy as well as any other sorts of legal protections apply, and at the same time, it is also something that is a governmental use of a technology that has significant privacy implications.

Now, I use the phrase "individual versus collective rationality." I think Jackie’s discussion of Berkeley’s plight is a perfect example. I live in Berkeley, and I’ve now had dialogues with the Berkeley Public Library that have been a lot more productive and a lot more engaging than I’ve had with San Francisco. We were told the day that things began to break open in San Francisco that, Okay, we are changing the strategic plan. The strategic plan is not going to say we adopt, but we’re going to consider adopting. I’m not sure what that really meant. We were told that there was going to be a public or an open forum where EFF and others would be invited to discuss the questions of RFIDs in the library with the public. That doesn’t seem to have happened either, as compared to Berkeley where I was invited to come and speak to a large number of people that were either with the Berkeley Library or with other libraries in the area, and we had a really interesting discussion. I mean, we don’t agree on a lot of things, but at the same time . . .

SENATOR BOWEN: What don’t you agree on? What about the Berkeley system troubles you?

MR. TIEN: Well, I don’t think it’s anything particular about the Berkeley system that troubles me. What troubles me is that they, as with everyone else, are buying into the idea of RFIDs that are not secure. And one of the things that we have been talking to people about, or at least trying to get the idea out in the library community, is that when a library—at least not a really big one—deals with the RFID vendor or the RFID industry individually, it is as a price taker more than as a. . . . you know, Well, let’s talk about what features we want. It’s more like they’re buying off the rack. And what I’ve been trying to suggest, and I know that the librarians are hearing this, is the possibility of collective action among librarians and libraries to say to the library RFID industry: Look, the same way that we might negotiate with you over the price of something, let’s negotiate over the privacy safeguards. Because, as a group, there is bargaining power, there is leverage; whereas individually, they have to take what’s out there. I don’t know where that’s going to go. I don’t know how successful that is, but that seems to us to be an appropriate thing to try in this area, and it’s actually, frankly, I think, an appropriate thing for the State of California to try as well.

Because one of the things we’re seeing in the entire rollout of RFIDs is that while we were talking about . . . [tape turned – portion of text missing] . . . As the Senator noted, the Department of Defense has made a commitment to RFIDs in its purchasing, and they’re looking for the lowest possible level. I suspect, because this is the military and they are not all that concerned about the privacy of the people that they are dealing with, and understandably so, that it’s going to effectively be a subsidy or a scale economy for the insecure or promiscuous RFID.

I would love to see the State of California, which has a commitment to privacy protection, to really go down the road of a state policy development on the use of location tracking technologies, such as RFID, rather than being. . . . you know, we see the FastTracks; we see the 511 systems built on it; we see individual libraries in California adopting it. In the current situation, without some kind of steering from the state in a deliberative fashion, what you will have is a lot of incremental moving and adopting of the options that industry offers as opposed to a chance to take the bull by the horns and say, There has got to be another way. There has got to be a way to produce secure RFID systems. The State of California is a big purchaser.

I’m worried about the. . . . we’re moving a little bit off of the library issue because I think the library issue is just a great example of how they are. . . . they are caught in a way that maybe the State of California is not or a group is not caught in taking what the industry can offer. And I think that a commitment to studying the use of RFIDs in every area of the state is something that has to be done before it’s just unthinkingly and unwittingly done one by one.

I worry about, just the same way that Jackie was saying no to the Smart card, I worry about at some point the DMV deciding that they’re going to have RFIDs in our drivers’ licenses. You know, at that point, a lot of what other people do doesn’t really matter because we have to carry those things and we will be tracked by them. I don’t want this state to lead the way down that road, and I think it’s really important for the general government use of RFIDs to be very, very, very carefully considered. Libraries are one example where there’s a heightened interest. While I’ve been criticized by librarians for criticizing them about RFID, at the same time they, I think as a whole, they listen and they take this issue of patron privacy incredible seriously.

Thank you very much.

SENATOR BOWEN: Let me ask you about the FastTrack system. Is there sufficient security in your view in the FastTrack system? Have you looked at how we handle FastTrack data?

MR. TIEN: I’d like to ask my staff technologist who’s done a little more study of this data to talk about that.

SENATOR BOWEN: I ask that because that’s a government, or quasi-governmental use of the technology; certainly where it goes across the bridges that are governmental. It’s governmental where it’s on private toll roads. It’s if a person went to a franchise.

MR. DAN MONIZ: My name is Dan Moniz. I’m a staff technologist for the Electronic Frontier Foundation.

On the issue of FastTrack, specifically in California, there’s been no publicly available research on its security efficacy to date. Caltrans may or may not have some study that does something in that area, but we don’t know about it.

In a more informal circumstance, the security system of FastTrack and other systems like EZ Pass, generally electronic toll collection systems in general, are precursors to the RFIDs we’re talking about primarily today but are still important. They’re powered RFIDs that have been developed for a very specific-use case: automotive and vehicle applications. They have a much longer read range. The read range is several feet. Most electronic toll collection units have antenna platforms that are several feet above a vehicle that can read vehicles going anywhere from five miles to twenty-five miles per hour through the gate.

The way in which the data is used is primarily the data is associated. . . . each individual’s tag has a number associated with it or some other identifying criteria which is then linked to an account. That account has some information about credit card and the details: amount of money in the account for tolls, etc., which is then debited and transacted on a day-to-day basis. Everything is usually settled at the end of the day.

SENATOR BOWEN: The interesting thing about the transponders—and I have a dead one that I often carry around. I mean, it literally is dead. Its internal battery, I’m sure, died long ago. But unlike an RFID tag on, for example, a specific volume in a library, an RFID transponder in the FastTrack system can be passed from person to person. So, the data is not necessarily attached to a particular person and practice. It’s likely to reflect a particular person’s commute patterns, but you actually can fork over your transponder to somebody else who’s driving the same pattern.

MR. MONIZ: And you can hand it over to anybody and they can use it in their vehicle. I think, though I’m not certain, there is a law or regulation with Caltrans in the use of the FastTrack system; that you’re only authorized to use it with one vehicle that’s associated with it.

SENATOR BOWEN: I was wondering about that.

MR. MONIZ: I believe that’s the case. I’m originally from New York, and I was there during the EZ Pass law(?).

SENATOR BOWEN: But how would anybody know?

MR. MONIZ: Well, they wouldn’t.

One of the concerns that Caltrans, I think, voiced in its concern is that if somebody were to steal a car and violate a toll, there would be some discrepancy between the plate number and then the FastTrack signal or the DMV information associated with the FastTrack communication. But generally you wouldn’t. Many people do do that.

SENATOR BOWEN: You’d have to literally have continuous videotaped license plate records of every car that went across the Carquinez Bridge, for example, to figure that out, and I can’t even begin to imagine that.

MR. MONIZ: And it’s a massive data recognition issue.

I think one of the reasons they do it is also for accounting. They do allow you to use, I believe, one transponder tag for more than one vehicle as long as you authorize that with them and specify which vehicles.

SENATOR BOWEN: I delve into this a little bit because it highlights some of the issues that we discussed a number of years ago when we first began to talk about the supermarket club cards. I’ve seen a number of instances where somebody handed their supermarket club card to the person in front of them in line who either didn’t have one at all or didn’t have it with them, and so, you get data really questionable. If you’re going to use that data for something other than inventory or internal tracking purposes, the question arises: What does it actually mean? What does it reflect?

MR. MONIZ: Most retailers today, also, that have customer ________ programs will actively support you in doing that. I mean, I walk into bookstores all the time and they’ll ask me if I have a card and I’ll say no, and many times I was previously asked, like, "Well, do you know anybody who has a card?"

And I’m like, "Well, yes, I know a friend of mine who has a card."

"Well, you’ll get a 10 percent discount if you know what their phone number is," or some such.

So, there are definitely gray lines that are violated not necessarily out of menacing purposes but out of a need to help the customer at the end either due to commission or just due to being nice.

SENATOR BOWEN: What about the actual security of the software and the data collection storage? We have no way of knowing?

MR. MONIZ: We have no public information about it. Caltrans, I’m assuming, and I believe I’m recalling seeing a paper about this but not having many details from a technical perspective that I would feel confident standing behind, but knowing that they’ve done the work somewhere, they’ve evaluated a certain set of criteria. They have a certain set of criteria as far as what data they retain and how they retain it, how they separate it out, both the credit information, the driver’s license information, and the vehicle information. But there’s no publicly available study that I know of.

MR. TIEN: Let me jump in here for a second. EFF was actually contacted by the state’s Department of Consumer Affairs’ Office of Privacy and Protection last year, or the year before, to see if there was any kind of help we could give in evaluating the technology that was being used by FastTrack for security. Unfortunately, we simply were not given enough data by the system, and the OPP office was not able to get enough information out of the system in order to figure out, really, whether they were doing anything in a secure fashion or not. I think this is one of the things that is important for the state to do is to think about the need to do some kinds of security and privacy audits. Certainly this area, what I call "location tracking and privacy" but it can also be more generally thought of as transportation privacy as well, is one that we have seen legislation in the form of the event data recorded black box law. This is something that is a growing issue.

I’m going to add an anecdote here which I think is sort of both tangential but at the same time relevant which has to do with the importance of not separating out the commercial retail side use of these kinds of technologies from the governmental use because they really do end up being tied together. The Ninth Circuit recently—two days ago—decided a case called The Company v. The FBI, and in this case, what I learned—and I did not know about this—is that in some of the luxury car packages like GM OnStar where you get emergency road service and navigational services and anti-theft devices, in one particular situation the anti-theft system creates a live cell phone connection between the car and this company. And so, the company can turn that on and essentially listen to all the sounds inside the car without the occupants of the vehicle knowing about it.

Now, this was intended apparently as an anti-theft device, but the FBI, being very quick, said, Huh. We can use this as a bugging device. And so, they applied and got eavesdropping orders from a district court that were served on the company to require the company to essentially turn on the bug in people’s cars.

SENATOR BOWEN: I would think that that would create a major marketing problem for anyone trying to sell that technology if it became widely known.

MR. TIEN: Well, that’s part of the reason why the name of the company is The Company. It’s a John Doe situation. I give them credit: they fought in court and took it up to the Ninth Circuit to try to say that, Hey, you can’t make us listen to people’s conversations in their car. But essentially the court said, Yes, we can. The only reason that the warrant was actually found to be excessive in scope is because the way that the company has figured this system is that when you turn on this let’s-listen-to-what-they’re-saying mode, it turns off the airbags. And so, federal statutory law on the requirement of a provider to assist says that it must occur with the minimum of interference to the service you’re providing. And so, the Ninth Circuit said, Well, if you turn off the airbags and you turn off the emergency road service, then that’s more than a minimum of interference. But there’s a rather chilling footnote that says, Well . . .

SENATOR BOWEN: Well, that’s pretty easy to fix, isn’t it?

MR. TIEN: It could be configured differently. By now I’m concerned that either informally or by law they will require these things to be configured differently.

SENATOR BOWEN: But that is a warrant situation.

MR. TIEN: That is a warrant situation. But sort of the moral of that particular story is, really, for us to recognize the interplay and interaction between what is put out by the commercial sector for a particular purpose and how it can be easily re-purposed by someone else, and frankly, the company could eavesdrop on people without you knowing about it as well.

SENATOR BOWEN: A theme in a lot of the discussions we’ve had is who gets access? The FastTrack was the classic. It’s a government agency. Do law enforcement folks need a warrant to get information from another government agency? It’s the library situation with what books did the parent let their kid check out? It’s repeated with locational information in many divorce cases: Who was where they said they were or not where they said they were? So, there are a whole lot of implications to the collection of this information because warrants and subpoenas do allow the dissemination of information that people expected would not be disseminated pursuant to the basic informational privacy practices. It’s been a matter of significant interest here.

We’ve gone more beyond libraries, but I think the point’s well taken that this kind of technology. . . . the library is just one good example of governmental use and a system where there are some real benefits. You can see the benefits, the budget benefits, among other things to using this kind of a system. It’s very interesting to contemplate a particular application and begin to understand what the pros and cons are and how it actually works.

I want to thank all the witnesses who cleared their schedules to be here today as well as everybody who’s listening in from their offices and the Californians who are watching what I think is a very interesting discussion about technology and privacy and the future of how we live in California and in this country. I look forward to continuing to work with anyone who’s interested on RFID, on locational tracking, and on privacy matters and technology more generally as we approach the 2004 legislative session in January. I look forward to e-mail from anyone out there listening or watching this on the California Channel. If you have thoughts, concerns, issues that we didn’t address, we would very much like to hear from you. You can find us on the California Senate’s web site, which is www.sen.ca.gov.

Thank you very much. The hearing is adjourned.