Release 4.0

Monday, June 16, 2003

Am I my product's keeper?
I've been feeling guilty for a while about not keeping this blog up to date, and now I have another problem; my e-mail server is down. (Interesting, how the urge to write, normally sated by my voracious e-mail outbox, is now finding another outlet...)

I have been beavering away on the next issue of Release 1.0, on RFID and its implications, and in the pool this morning I finally got to ...not the answers, but at least some of the questions to ask. Since I can't send them to my regular eminences grises, I am posting them here instead. All comments welcome (to, but please note that this is blind speculation, un-fact-checked, unedited, all disclaimers incorporated by reference:

Total information awareness: Am I my product’s keeper?

There are a lot of parallels between personal identity and – call it “object identity.” There are also lots of ways the parallels break down. For starters, each person born is in charge of his own identity. There’s someone there paying attention. By contrast, most products are born without an identity (though they certainly have characteristics, makers and other associated information). To the extent that the information is explicit, it resides outside the product; it doesn’t know itself. So the first difference is that RFID is in a sense a way of conferring DNA, or an identity that is inherent rather than attributed (in theory, and as long as the tag stays on).

Thus the identity of people is far more persistent; RFID gives some of those attributes to products. The big metaphysical – and IT – question is what will actually happen? Will products actually carry their identities with them through life? or only through point of sale? When I purchase a rice cooker, for example, will a pointer simply change in the maker’s registry – or is there a way I can add it to my own registry?

The answers are different for food I consume or pencils, for example, but it’s useful to be able to maintain the identities and care instructions for clothes and appliances. It’s useful for my bicycle to be ID’d so I can identify it (and so can the police) if it goes astray.

In the personal identity world, we have the notion of federated identity; the unique individual (however defined) is the token by which different records are linked. In the RFID world, we’re just starting with the notion of identity. If we think about these questions from the start, can we do a better job of keeping the world straight? Do we want to? Individuals are comfortable maintaining multiple identities or at least multiple facets of their identities – two addresses, for example, for weekday and weekend or home and work; a different last name for dealing with the stepkids’ school officials; a “duh” password for a host of online content sites and more serious security for communicating with merchants who have your credit card. Will it be the same for products? Or will the ePC actually establish and maintain its hold as the one true place where things are identified and classified? What are the benefits and what are the costs?

When a person buys something in a shop, there’s this notion of deactivating the tag. The real issue is not about the thing or its tag; it keeps its identity. It’s who has control of the thing’s history – especially its history going forward.
So far we have seen just one start-up that has glommed on to this idea, and we're not srue yet whether the entrepreneur in question isactually building a workable service. Just as consumers use banks to keep their money, it’s unlikely they would manage their personal registries themselves; product-ID banks would compete for the consumers’ business, perhaps offering pre-identified toasters!

Privacy: Where the data is

Despite the obsession with tags, both among investors and among self-styled consumer advocates, the real issue around data and RFID is more with the data it generates than with what’s on the tags. Most tags don’t carry much more than their own identity: what kind of thing they are, plus a unique serial number. The interesting data comes from the context: where the item travels, who purchases it, and so forth. The directory of what things are is public; it will be the EPC. But that’s like a domain name; it gives you the pointer, but it doesn’t necessarily give you access to the data. That is, I can find out what kind of product a certain number refers to, and I may have the unique serial number. It’s like a license plate… I know you are Fred Jones, but I don’t know anything else about you. What good is that? at least product categories are helpful…

But you can rest assured that IBM, for example, is not about to provide public access to its tracking information; that’s between IBM and the logistics suppliers it uses, and perhaps the retailers it is shipping to. Likewise, Banana Republic is not going to let anyone (other than its selected marketing partners) know who purchased that cunning red linen sweater. Most of the data generated by the movements and readings of the tags will be as proprietary as most business data is today.

There are privacy issues, however. As in other areas, the sheer volume of data extant in the world is going up, and if you cross-reference it you can find out a lot. For now, though, the RFID numbers are indexed around the products, not around the people. That is, you can find all the people who purchased red linen sweaters, but you can’t (because of RFID) find out all the things Juan or Alice purchased. (You could, of course, if you had access to all of Banana Republic’s data and Benetton’s and Nordstrom’s and all the other places they buy their clothes.) The records are likely to be more accurate because of RFID, but it doesn’t make much difference to know which sweater out of the lot Juan is wearing and which went to Alice.

Where such things do matter is with food and product recalls, where you may want to be able to find a particular item and the particular customer who bought it.

The more scary scenarios have to do with people’s things being recognized as they walk along the street tk. Those are not beyond the realm of possibility, but they are far from being realistic, or from having any kind of business justification.

On the plus side, you can imagine a system that manages interactions between products – pharmaceuticals, for example, or that monitors the products in your household so that you can automatically reorder them – most likely with a shopping list that says something like: “You have reached [based on past consumption patterns] one week’s supply of the following products. Check the ones you wish to reorder: Sunmaid Cinnamon Raisin Bread. Swiss Miss Sugar-Free Cocoa Mix. 16-oz Grape-Nuts….” Of course, there needs to be a lot of software to manage all this, from recognizing the incoming signals to fetching product IDs from the Web and recognizing what kinds of things fit into what categories.

These kinds of applications will mostly be in consumers’ control. The software for drug interactions will come from manufacturers and – this is where the public registry comes into play – from third parties and medical experts (or more likely, health insurance companies) who understand the interactions between drugs from different manufacturers. The data gets federated in the consumer’s home, though there may be a system by which the client’s health insurance company monitors whether the customer actually removes the pill jar from the medicine cabinet every evening at 10 pm.

You may find this creepy, or you may find it a great way to increase health care compliance, reduce medical costs and perhaps even increase the general welfare. It all depends on exactly how these systems are rolled out, how much choice individuals have in their use, and what restrictions are placed on the collection and use of the data. You can have software the monitors drug interactions without reporting back who took the drugs.. or you can wire a system to do just that.

Many of these questions aren’t at all new, but we still haven’t figured out what to do about them. RFID just pours a little more data onto the fire.

posted by Esther 5:04 AM

Powered by Blogger


Esther's travelogue