Libraries have been early adopters of RFID systems. Here's a recent account of some of the steps that didn't quite get implemented on the way into production:
Wired 14.05: The RFID Hacking Underground:
Frank Mussche, Libramation's president, acknowledges that the library's tags were left unlocked. "That's the recommended implementation of our tags," he says. "It makes it easier for libraries to change the data."
For the Oakland Public Library, vulnerability is just one more problem in a buggy system. "This was mostly a pilot program, and it was implemented poorly," says administrative librarian Jerry Garzon. "We've decided to move ahead without Libramation and RFIDs."
But hundreds of libraries have deployed the tags. According to Mussche, Libramation has sold 5 million RFID tags in a "convenient" unlocked state.
This state of affairs is noted in the UBC SLAIS (library school) "Foundations of Information Technology" project notes by student Todd Gnissos :
One of the primary issues to be concerned with an RFID implementation is the immaturity of the industry. Standards are only just being developed. Tags and readers are being modified and improved at a rapid rate. Competing technologies and non-crosscomplient systems still exist. This ongoing development could make equipment and tags obsolete, rendering investments in older equipment useless, and requiring expensive conversions and upgrades. This is especially concerning for multi-unit libraries that may implement one branch at a time over several years.
A paper by Molnar and Wagner from CCS '04 entitled "Privacy and Security in Library RFID: Issues, Practices, and Architectures" (pdf) looks at first read to have a good computer-science background review of the key special issues in RFID in libraries:
We expose privacy issues related to Radio Frequency
Identification (RFID) in libraries, describe current de-
ployments, and suggest novel architectures for library
RFID. Libraries are a fast growing application of RFID;
the technology promises to relieve repetitive strain in-
jury, speed patron self-checkout, and make possible com-
prehensive inventory. Unlike supply-chain RFID, library
RFID requires item-level tagging, thereby raising imme-
diate patron privacy issues. Current conventional wis-
dom suggests that privacy risks are negligible unless an
adversary has access to library databases. We show this
is not the case
Technorati Tags: rfid
The UBC webpage isn't course notes, it's a page created by a student (Todd Gnissios) for an assignment as part of the "Foundations of Information Technology" course. (I'm a recent UBC grad myself, and everyone creates a webpage on a research topic as part of this introductory course.)
Posted by: heidi d. | 12 May 2006 at 06:41 PM
Thanks for the update, Heidi, I fixed it in the item text.
Posted by: Ed Vielmetti | 12 May 2006 at 08:21 PM