RFID in Libraries

1/24/2005

KDL update

Filed under: — Laura @ 4:38 pm

Kent District PL in MI got their funding approved for RFID. Libraryrfid.net has been following them since last August. They put their RFP out on their website when they went out to bid this past October, which was a great model for other librarians to adopt. The RFP is no longer up, unfortunately.

1/21/2005

Tagsys announces new tag

Filed under: — Laura @ 8:35 am

Straight from RFID Journal:

RFID hardware supplier Tagsys has announced the release of its FOLIO 320 tag, designed for use with library applications for theft prevention, inventory control, the check-in/check-out of library materials and sorting returned items. The tag has a 256-bit memory capacity and comes with an adhesive backing for insertion inside books or onto other library items such as CDs. The FOLIO 320 meets ISO/IER DTR 18047-3, the conformance test for the ISO 18000-3 interoperability standard. Tagsys, which has its U.S. headquarters in Doylestown, Pa., recommends the use of its tags and readers with a data management system that fully complies with American Library Association and National Information Standards Organization recommendations for assuring patron privacy. The FOLIO 320 tag is available immediately; pricing information was not released.

Note the mention of the ALA privacy guidelines.

1/20/2005

Checkpoint CD/DVD tag

Filed under: — Laura @ 3:53 pm

Checkpoint has announced a “one-case” CD/DVD circulation solution which is compatible with RFID. It’s a case-based answer, unlike Bibliotecha’s approach of using a tag on the media itself. Case unlocking units make it possible for patrons to self-check and for staff to easily re-secure returned items. They will even offer cases with the RFID tags embedded, saving additional labor.

Checkpoint’s press release & product information.

1/19/2005

Chip security

Filed under: — Laura @ 11:57 am

Computerworld has a great article about Securing RFID information.

Our old friend RFDump is mentioned, as well as the security vulnerabilities hotlisting and racing. It’s good to note that the vulnerabilites were inherent in the standards and that RFDump was not a “hack” per se. The article discusses how next gen UHF chips have some protection designed-in. Racing is avoided via “masking.” Bear in mind that masking does not equal encryption. It only hides the data. If that data is found, it’s still readable.

1/11/2005

ALA IFRT Resolutions

Filed under: — Laura @ 10:18 am

Happy 2005!

There are some new developments at the American Library Association regarding RFID and privacy best practices.

The ALA Intellectual Freedome Committee (IFC) is submitting resolutions (to ALA Council? )at the upcoming mid-winter meeting. They will ratify the best practices that they created with the BISG (for background see prior entries on the topic from 7/2/2004 and 10/19/2004) and they will give the IFC Privacy subcommittee and the Office for Intellectual Freedom the mandate to continue developing best practices.

Here’s the text of the proposed resolution:

RESOLUTION ON RADIO FREQUENCY IDENTIFICATION (RFID) TECHNOLOGY AND PRIVACY PRINCIPLES

WHEREAS, Radio Frequency Identification (RFID) is a technology that uses various electronic devices, such as microchip tags, tag readers, computer servers, and software, to automate library transactions; and

WHEREAS, the use of RFID technology promises to improve library operations by increasing the efficiency of library transactions, reducing workplace injuries, and improving services to library users; and

WHEREAS, many libraries are adopting or in the process of adopting RFID technology to automate library circulation, inventory management, and security control; and

WHEREAS, consumers, consumer groups, librarians, and library users have raised concerns about the misuse of RFID technology to collect information on library users’ reading habits without their consent or knowledge; and

WHEREAS, protecting user privacy and confidentiality has long been an integral part of the mission of libraries; and

WHEREAS, Privacy: An Interpretation of the Library Bill of Rights states that “The American Library Association affirms that rights of privacy are necessary for intellectual freedom and are fundamental to the ethics and practice of librarianship,” and calls upon librarians “to maintain an environment respectful and protective of the privacy of all users"; and

WHEREAS, the ALA Intellectual Freedom Committee’s Privacy Subcommittee recognizes the importance of developing policies and guidelines for appropriate implementation of RFID technology in light of the profession’s commitment to preserving user privacy and its concern for preserving the trust of library users; and

WHEREAS, the ALA Intellectual Freedom Committee and the ALA Office for Information Technology Policy, recognizing the immediate need to draft privacy principles to protect and promote ALA’s values, joined with the Book Industry Study Group (BISG) to form a working group dedicated to developing a set of privacy principles to govern the use of RFID technology by all organizations and industries related to the creation, publication, distribution, and retail sale of books and their use in libraries; and

WHEREAS, the RFID working group agreed to affirm its respect for established privacy norms within and across the business, government, educational, and nonprofit spectrum, specifically acknowledging two essential privacy norms:

Data transferred among trading partners related to customer and/or patron transactions shall be used solely for related business practices and no unauthorized transaction shall be permitted.

Data related to customer and/or patron transactions shall not compromise standard confidentiality agreements among trading partners or information users; and

WHEREAS, the following RFID privacy principles were subsequently agreed to by the RFID working group:

All businesses, organizations, libraries, educational institutions and non-profits that buy, sell, loan, or otherwise make available books and other content to the public utilizing RFID technologies shall:
1) Implement and enforce an up-to-date organizational privacy policy that
gives notice and full disclosure as to the use, terms of use, and any change in
the terms of use for data collected via new technologies and processes,
including RFID.
2) Ensure that no personal information is recorded on RFID tags which,
however, may contain a variety of transactional data.
3) Protect data by reasonable security safeguards against interpretation by any
unauthorized third party.
4) Comply with relevant federal, state , and local laws as well as industry best
practices and policies.
5) Ensure that the four principles outlined above must be verifiable by an
independent audit.

Now, therefore, let it be RESOLVED, that the ALA adopt the RFID privacy principles developed by the IFC and OITP with the BISG to address concerns about the potential misuse of RFID technology in the library to collect information on library users’ reading habits without their consent or knowledge;

and be it further RESOLVED, that the ALA Intellectual Freedom Committee’s Privacy Subcommittee and the ALA Office of Information Technology Policy be directed to continue to develop implementation standards for the use of RFID technologies in the library.

Draft 01/05/05
Submitted by the Intellectual Freedom Committee

C&RL article is out

Filed under: — Laura @ 9:59 am

My article, “Considering RFID: Benefits, limitations and best practices” has been published in the January College & Research Library News. Only ALA members will be able to use the link.

Powered by WordPress