Skip to main content
SpringerLink
Log in

RFID and privacy: what consumers really want and fear

  • Original Article
  • Published:
Personal and Ubiquitous Computing Aims and scope Submit manuscript

Abstract

This article investigates the conflicting area of user benefits arising through item level radio frequency identification (RFID) tagging and a desire for privacy. It distinguishes between three approaches feasible to address consumer privacy concerns. One is to kill RFID tags at store exits. The second is to lock tags and have user unlock them if they want to initiate reader communication (user model). The third is to let the network access users’ RFID tags while adhering to a privacy protocol (network model). The perception and reactions of future users to these three privacy enhancing technologies (PETs) are compared in the present article and an attempt is made to understand the reasoning behind their preferences. The main conclusion is that users do not trust complex PETs as they are envisioned today. Instead, they prefer to kill RFID chips at store exits even if they appreciate after sales services. Enhancing trust through security and privacy ‘visibility’ as well as PET simplicity may be the road to take for PET engineers in UbiComp.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

References

  1. Fusaro R (2004) None of our business. Harv Bus Rev 82(12):33–44

    Google Scholar 

  2. Smith H, Milberg J, Burke, J (1996) Information privacy: measuring individuals’ concerns about organizational practices. MIS Q 20(2):167–196

    Google Scholar 

  3. Jannasch U, Spiekermann S (2004) RFID Technologie im Einzelhandel der Zukunft: Datenentstehung, Marketing Potentiale und Auswirkungen auf die Privatheit des Kunden. Lehrstuhl für Wirtschaftsinformatik Humboldt Universität zu Berlin: Berlin, Germany

  4. Berthold O, Guenther O, Spiekermann S (2005) RFID Verbraucherängste und Verbraucherschutz. Wirtschaftsinformatik 47(6):422–430

    Google Scholar 

  5. FoeBuD e.V (2003) Positionspapier über den Gebrauch von RFID auf und in Konsumgütern http://www.foebud.org/rfid/positionspapier. 12 September 2007 [cited 14]

  6. Duce H (2003) Public policy: understanding public opinion. In: A.-I. Center (ed.). Auto-ID Center, Massachusetts Institute of Technology (MIT), Cambridge

  7. Auto-ID Center, 860 MHz – 930 MHz Class 1 radio frequency (RF) identification tag radio frequency and logical communication interface specification, 2004. EPCGlobal, Cambridge

  8. Sarma S, Weis S, Engels D (2002) RFID systems, security and privacy implications. In: A.-I. Center (ed.) Massachusetts Institute of Technology (MIT), Cambridge

  9. Auto-ID Center, Technology Guide (2002) In: A.-I. Center (ed.) Massachusetts Institute of Technology (MIT), Cambridge

  10. GCI (2003) G.C.I., Global Commerce initiative EPC roadmap. G.C. Initiative and IBM (eds) GCI, Metro Gruppe, IBM Inc., Köln

  11. Auto-ID Center (2003) EPC-256: the 256-bit electronic product code representation. A.-I. Center (ed) Massachusetts Institute of Technology (MIT), Cambridge

  12. Auto-ID Center (2003) EPC information service—data model and queries. A.-I. Center (ed) Massachusetts Institute of Technology (MIT), Cambridge

  13. Auto-ID Center (2003) Auto-ID object name service (ONS) 1.0. Mealling M (ed) Auto-ID Center, Cambridge

  14. Engels D et al (2003) Security and privacy aspects of low-cost radio frequency identification systems. In: First international conference on security in pervasive computing, SPC 2003. Springer, Boppard

  15. Engberg S, Harning M, Damsgaard Jensen C (2004) Zero-knowledge device authentication: privacy and security enhanced RFID preserving business value and consumer convenience. In: Second annual conference on privacy, security and trust, New Brunswick, Canada

  16. Spiekermann S, Berthold O (2004) Maintaining privacy in RFID enabled environments—proposal for a disable-model. In: Robinson P, Vogt H, Wagealla W (eds) Privacy, security and trust within the context of pervasive computing. Springer, Vienna

  17. Inoue S, Yasuura H (2004) RFID privacy using user-controllable uniqueness. In: RFID privacy workshop. Massachusetts Institute of Technology (MIT), Cambridge

    Google Scholar 

  18. Floerkemeier C, Schneider R, Langheinrich M (2004) Scanning with a purpose—supporting the fair information principles in RFID protocols. In: Murakami H et al (eds) Ubiquitious computing systems. Springer, Tokyo

  19. Langheinrich M (2003) A privacy awareness system for ubiquitous computing environments. In: Fourth international conference on ubiquitous computing, UbiComp2002. Springer, Göteborg

  20. Christian M et al (2007) Making radio frequency identification visible—a watchdog tag. In: Fifth annual IEEE international conference on pervasive computing and communications, New York, USA

  21. Stajano F (2002) Security for ubiquitous computing. Wiley, Chichester

    Book  Google Scholar 

  22. Cranor LF (2003) P3P: making privacy policies more useful. In: IEEE security and privacy, pp 50–55

  23. Juels A, Rivest R, Szydlo M (2003) The blocker tag: selective blocking of RFID tags for consumer privacy. In: 10th ACM conference on computers and communications security (CCS 2003), Washington, USA

  24. Karjoth G, Moskowitz PA (2005) Disabling RFID tags with visible confirmation: clipped tags are silenced. In: ACM workshop on privacy in the electronic society. ACM Press, Alexandria

    Google Scholar 

  25. Shamir A (1979) How to share a secret. Commun ACM (CACM) 22(11):612–613

    Article  MATH  MathSciNet  Google Scholar 

  26. Fishbein M, Ajzen I (1975) Belief, attitude, intention and behavior: an introduction to theory and research. Addison-Wesley, Reading

    Google Scholar 

  27. Ajzen I (1985) From intentions to actions: a theory of planned behavior. In: Kuhi J, Beckmann J (eds) Action-control: from cognition to behavior. Springer, Heidelberg, pp 11–39

  28. Ajzen I, Fishbein M (2005) The influence of attitudes on behavior. In: Albarracin D, Johnson BT, Zanna MP (eds) The handbook of attitudes on behavior. Erlbaum, Mahwah, pp 173–221

  29. Rogers E (2003) Diffusion of innovations, 4th edn. The Free Press, New York

    Google Scholar 

  30. Venkatesh V (2000) Determinants of perceived ease of use: integrating control, intrinsic motivation, and emotion into the technology acceptance model. Inf Syst Res 11(4):342–365

    Article  Google Scholar 

  31. Baier G (2004) Kontrollüberzeugungen im Umgang mit Technik: Ein Persönlichkeitsmerkmal mit Relevanz für die Gestaltung technischer Systeme, in Institute of Psychology. Humboldt University, Berlin

    Google Scholar 

  32. Spiekermann S, Grossklags J, Berendt B (2001) E-privacy in 2nd generation E-commerce. In: Proceedings of the 3rd ACM conference on electronic commerce EC’01. ACM Press, Tampa

  33. Berendt B, Guenther O, Spiekermann S (2005) Privacy in E-commerce: stated preferences vs. actual behavior. Commun ACM 48(4):101–106

    Article  Google Scholar 

  34. Kassarjian HH (1977) Content analysis in consumer research. J Consumer Res 4(1):8–18

    Article  Google Scholar 

  35. Grabner-Kräuter S, Kaluscha EA (2003) Empirical research in on-line trust: a review and critical assessment. Int J Hum Comput Stud 58(6):783–812

    Article  Google Scholar 

  36. Chen SC, Dhillon GS (2003) Interpreting dimensions of consumer trust in E-commerce. Inf Technol Manage 4(2–3):303–318

    Article  Google Scholar 

  37. Patrick AS, Briggs P, Marsh S (2005) Designing systems that people will trust. In: Cranor LF, Garfinkel S (eds) Security and usability. O’REILLY, Sebastopol, pp 75–99

  38. Adams A, Sasse A (1999) Users are not the enemy—why users compromise computer security mechanisms and how to take remedial measures. Commun ACM 42(12):40–46

    Article  Google Scholar 

  39. Maes P, Wexelblat A (1997) Issues for software agent UI. MIT Media Lab, Cambridge

  40. Sheeran P (2002) Intention–behavior relations: a conceptual and empirical review. In: Stroebe W, Hewstone M (eds) European review of social psychology. Wiley, Chichester, pp 1–36

  41. Trafimow D et al (2002) Evidence that perceived behavioural control is a multidimensional construct: perceived control and perceived difficulty. Br J Soc Psychol 41:101–121

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Information Systems, Humboldt University, Berlin, Germany

    Sarah Spiekermann

  2. Institute of Research in Information Systems (IRIS), European Business School (EBS), Oestrich-Winkel, Germany

    Sarah Spiekermann

Authors
  1. Sarah Spiekermann
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sarah Spiekermann.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Spiekermann, S. RFID and privacy: what consumers really want and fear. Pers Ubiquit Comput 13, 423–434 (2009). https://doi.org/10.1007/s00779-008-0215-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00779-008-0215-2

Keywords

Search

Navigation