RFID in Libraries


Flashscan/Library Automation Technologies announce RFID encryption

Filed under: — Laura @ 8:58 am

Flashscan/Library Automation Technologies has created Flashscan RFID Encryption Envelope (FREE) which claims to solve one of the eavesdropping vulnerability mentioned in Molnar’s article. FREE will encrypt the communication between an RFID reader/write device and a tag.

Better still, they are making the solution available as a standalone API set for licensing by ILS and library software vendors.

I’ve been talking to a few of the other vendors and the Flashscan announcement was news to them. Since best practices are still emerging it might be a good idea to ask your prospective vendors about their awareness of the vulnerabilities and what they would be willing to do to mitigate the problems. Kudos to Flashscan for their proactivity!

Checkpoint Upgrades RFID system

Filed under: — Laura @ 8:46 am

There will probably be many vendor announcements due to ALA. Checkpoint has launched an upgrade of their RFID system. According to this article in Techweb, “Intelligent Library System 2.0 … has been enhanced with software that enables a staff member to monitor several self-checkout stations from one workstation.”


FTC has no plans to regulate RFID

Filed under: — Laura @ 1:06 pm

The headline says it all. Check out this news article discussing yesterday’s workshop.

FTC Workshop Comments Posted

Filed under: — Laura @ 12:56 pm

You can view comments submitted to yesterday’s FTC RFID Worshop. Remember they are accepting comments unti July 9.


Update to draft article

Filed under: — Laura @ 5:01 pm

I’ve made some minor revisions to the draft article on Library RFID. Thank you to all of the folks who commented – it really was a great help and your suggestions made the article better.

Off to ALA

Filed under: — Laura @ 3:16 pm

Updates to the blog will be sporadic in the next month. I’m off to ALA and then on to vacation. I’ll have the laptop & wireless card with me but I make no guarentees as to frequency of posting.

I’ve put my subject-to-change schedule below, in case anybody wants to hook up for coffee/drinks/whatnot in Orlando.

ALA Assistance?

Filed under: — Laura @ 1:27 pm

Due to a late-breaking request to speak about RFID privacy issues to public library trustees, I’m going to be missing the last part of the following session. Would anybody attending the whole session be willing to write a summary for the blog?

Sunday June 27 1:30pm-3:30pm
Tiny Trackers: The Use of Radio Frequency Identification (RFID) Technology by Libraries and Booksellers
Rosen Centre Hotel, Salon 9/10

Please let me know ASAP.

Canucks post privacy guidelines

Filed under: — Laura @ 1:05 pm

The Information & Privacy Commissioner of the province of Ontario has released “Guidelines for Using RFID Tags in Ontario Public Libraries.” This is a substantial (15-page) document. It includes a glossary, a statement of broad assumptions (such as regular auditing and appropriate patron notification) which provide context for the specific recomendations (such as libraries should only use passive tags, no patron information should be included on a tag).

What is really notable about the document is that it asks libraries to ensure privacy issues are addressed at the design stage (emphasis mine). No closing the barn door after the horse there, eh?

The office of Information & Privacy Commisioner is a neat idea. The IPC is “acts independently of government to uphold and promote open government and the protection of personal privacy.” But the office was established by the provincial legislature to oversee two privacy statutes. [thanks to amada etches-johnson]


New vendor enters the fray

Filed under: — Laura @ 8:41 am

Sentech EAS corporation has announced that they are entering the library RFID market. Their website doesn’t yet have any library specific information, however.

File this under one to watch. I’m a bit surprised to see a vendor choosing to serve the library market since we’re probably a very small piece of the RFID pie. I think it bodes well for any efforts librarians make towards influencing the design and manufacture of chips with better security features. If they are interested in us as a market, then they should be willing to listen to our concerns, no?


Another draft article for comment

Filed under: — Laura @ 3:05 pm

I’ve just completed a draft of an article which I hope to submit to an academic librarian publication. It explains the pros and cons of RFID technology (with a big tip of the hand to David Molnar for bringing me up-to-speed on the technical cons) and the current state of library best practices.

Comments, criticisms, etc. gratefully accepted via email to ljsmart at csupomona dot edu. It’s quite a struggle to explain this issue succinctly and I’m not quite sure I’ve succeeded. Running the draft by a few eyes can only help.

Filed under: — Laura @ 2:59 pm

Laura Quilter from the Samuelson Law Technology & Public Policy Clinic at UC Berkeley tells me that the clinic will be talking about RFID in connection with information and library applications at the FTC workshop on June 21. This is good news because it means that our applications (and concerns!) won’t be completely buried by the commercial cheer-leaders.

Don’t forget that public comments on RFID can be sent to FTC until July 9. Be sure to send your thoughts, pro and/or con, by then.

CA SB 1834 Read 2nd time

Filed under: — Laura @ 10:59 am

More updates on California Senate Bill 1834: It was amended in commitee and yesterday it was read a second time on the assembly floor. It’s been referred back to committee.

The amendments are interesting. Now it says that it prohibits (emphasis mine) a library from using RFID unless certain conditions are satisfied. This is a shift from authorizing a library to use unless certain conditions are met. These conditions have not changed much since the last amendments.


Update on CA SB 1834

Filed under: — Laura @ 9:41 am

The California Senate Bill to add RFID privacy guidelines to the business and professions code was sent to Assembly Committee on Business and Professions on 6/10/04.

Checkpoint gets NZ library contract

Filed under: — Laura @ 9:28 am

Botany Downs library in South Aukland becomes first library in New Zealand to use RFID. They choose Checkpoint as their vendor.


RFID @ JCDL keynote

Filed under: — Laura @ 1:53 pm

Apparently Vint Cerf talked about RFID during the keynote speech at the Joint Conference on Digital Libraries. [thanks digital librarian]

Draft Paper on Library RFID Security/Privacy Risks

Filed under: — Laura @ 12:53 pm

I’m happy to announce that David Molnar has released his draft paper on security and privacy issues with library RFID. David is a Berkeley doctoral student in electrical engineering, and he wrote the paper with his advisor David Wagner. He is looking for comments on the draft, contact info is on the PDF.

It’s not too technical to understand and it should be required reading for any librarian considering RFID. He does a great job outlining the types vulnerabilities inherent in the tags. These include:

  • eavesdropping on the wireless communication between readers and tags
  • static identifiers at the hardware-layer. These identifiers help readers perform “collision-avoidence” when simultaneously reading multiple tags.
  • authorized tag writing on re-writable tags, or “session-hijacking”

It would take a lot of leg-work to violate the security of a library RFID system. But we can’t rely on the laziness of hackers. David uses a great phrase for this: “security through obscurity.”

This document will be very useful for the development of library best practices - Kudos!


FTC Posts Workshop Agenda

Filed under: — Laura @ 2:55 pm

The agenda for the 6/21 FTC workshop on RFID privacy has been posted. There is no explicit mention of library use in any of the proposed discussions. All the familiar players will be speaking from CASPIAN, privacyrights.ort and the EFF, to EPCGlobal and RSA (remember the folks who developed the blocker?).


Another ROI tool

Filed under: — Laura @ 4:51 pm

This report “explores the benefits of RFID versus bar codes; the real costs of tags, readers and new software; where the technology really stands in terms of performance; and how to use it internally to drive ROI.”

ROI calculator tool

Filed under: — Laura @ 4:45 pm

Baseline magazine has a nifty spreadsheet for calculating return-on-investment. Unfortunately, it’s geared for warehouse/supply chain apps. More unfortunately, it also requires that you fill out the free subscription registration in order to use it.

Librarians could adapt the idea, however. Let me add that to the blog to-do list. And if somebody does it before me (likely), please mount it and let us all know.

This reminds me of a thread on RFID_LIB. I was brainstorming with our stack manager on what type of information we need to compare before and after an implementation in order to calculate ROI. Our working list is included in the extended post.

I’d like to write an “how-to-do-it” article on calculating ROI for RFID. I’d appreciate the thoughts of folks in this forum. Is there any other data that you think we should track?

BTW, Cal Poly still hasn’t committed to RFID purchase. We’re going to tour Oxnard PL next week (so there’s a big clue about one vendor still in the running).

Powered by WordPress