Friday, 7 November 2003
LAS to use RFID baggage tags
McCarran International Airport in Las Vegas (IATA city and airport code LAS) has signed a 5-year, US$25 million contract to track all baggage checked in by passengers at LAS using 100 million remotely readable, uniquely numbered radio-frequency (RFID) identification tags.
Regardless of the merits or demerits of RFID, what got my attention was the rationale being offered for it in this case, and the discrepancy between the arguments for RFID usage in airports presented to the travelling public and to the RFID industry.
In their press release , the airport and the RFID suppliers lead with the claim that RFID tags are "for use in tracking passenger bags as part of the airport's ongoing commitment to improving customer safety."
What does RFID baggage tracking have to do with safety? "The new system, operational in 2004, is designed to automatically track all passenger bags through inline explosive detection and screening equipment, ensuring safe passage for the airport's millions of customers."
What's that really supposed to mean? If a bag sets off the explosives detector, or the X-ray image is deemed suspicious, it's immediately opened and searched. Are we supposed to believe that, without an attached radio transponder, the bag inspectors would lose track of bags on the conveyor inside the screening machine, and wouldn't be able to figure out which one had the suspicious image or set off the explosives alarm? I don't think so. Lost bags at other points in the process are costly for airlines, but not a safety issue.
It we were going to do something about baggage tracking for safety , virtually all security experts would agree that the most important area for improvement would be to match passengers with checked bags when they change planes. (That's standard in the rest of the world, but not yet required in the USA.) But since the RFID system will only be used for passengers originating at LAS, it will do nothing to address the concerns of the seucrity community, and many in Congress, about connecting bags, at LAS (an America West hub) or anywhere else.
While a Computerworld story based on the press release echoes the putative "safety" rationale for RFID deployment, the contractors told a different story to those within their industry: a longer, more detailed article in RFID Journal mentions "safety" only in a throwaway final sentence. It's solely about cost savings for airlines.
What's really going on here? Under intense atttack on privacy grounds (especially in the USA, where there are no general privacy laws to protect travellers and consumers against abuse of RFID data), the RFID industry is trying to exploit fears of flying that are widespead and understandable, but grossly disporportionate to actual risk , in order to scare the public into acquiescence and suppress public scrutiny of the implications of widespread, unregulated deployment of RFID tracking -- just as "aviation security" has become a magic mantra invoked against criticism of CAPPS-II and other surveillance and tracking programs, even when, as with this RFID scheme, they actually have nothing to do with any actual risk or threat.
At least they're not using RFID to track passengers --yet. (That's in the next phase of plans by IATA and immigration authorities for an integrated, RFID enabled, passport/visa/e-ticket/boarding pass/frequent flyer/trusted traveller/credit/debit/ATM card.)
[Addendum, 7 November, 2003: In a similar vein of doublespeak, I got an e-mail message today from the Chief Privacy Officer of Earthlink, informing me that, unless I opt out within the next 30 days, "Earthlink plans to start buying "publicly available" information about me from credit bureaus":http://mail.hasbrouck.org/Redirect/www.earthlink.net/optout , "so we can provide new and improved products and services." Uh-huh. You need my entire credit history in order to figure out how to forward my e-mail messages for $6.95 a month? Credit files aren't really "public information" even now, and wouldn't be at all if the USA complied with global norms of privacy protection.