RFID systems, standards and privacy within libraries

The goal of this paper is to provide an overview of the perceived threats of radio frequency identification (RFID) systems in libraries, to probe their technical feasibility and to present a clear picture of what may and may not be done by libraries to mitigate the risk that actually exists.

The current RFID standards are examined in the context of privacy and their limitations are weighed.

The paper finds that current standards do not offer a platform for secure RFID systems and have several vulnerabilities that may permit privacy compromising activities and acts of digital vandalism. It suggests that libraries need to be aware of these.

The RFID application space is vast and spans multiple technology platforms and standards of which libraries are but a small part. Observations made regarding one application are not necessarily valid in another application.

The paper shows what could be done in the future by commercial RFID vendors to maintain compatibility with standards while maximising the data security and therefore borrower privacy of their systems.

No subject has so polarised libraries in recent years as the potential risk to personal privacy brought about by the introduction of RFID systems. It can be extremely difficult for libraries to accurately gauge the risks to the privacy of their borrowers in the context of rhetoric, which at times borders on the hysterical and is often misinformed. The paper addresses the myths and misconceptions and raises awareness of the issues.