Spies in your shopping basket?

Possible implications of RFID product tagging in supermarkets

Last July, anyone picking up a pack of Gillette Mach3 razor blades at Tesco's Cambridge supermarket had their picture taken. The act of removing the packet from the shelf triggered a CCTV camera which took the customer's photo, and later at the checkout a second photo was taken, to confirm that the item had been paid for. The technology that made this possible was Radio Frequency Identification (RFID) - each packet of razor blades contained a tiny, radio-activated identification tag. The objective was to catch shoplifters, and as a result of the scheme at least one thief had his picture presented to the police (Jha 2003).

In the future, many retailers and manufacturers hope to use RFID technology on large scale, not only to catch thieves, but to provide an efficient means of tracking the millions of items that pass through their warehouses and stores. However, the Gillette trial in Cambridge attracted a storm of protest from privacy activists, and similar trial of RFID-tagged razor blades in Australia resulted in a consumer boycott (Needham 2003). Campaigners, such as Katherine Albrecht of privacy group CASPIAN, fear that companies might use RFID technology to spy on individuals.

In this essay, I will examine the debate surrounding RFID and its use in supermarkets. Why are retailers so keen to adopt the technology, and does it really represent a threat to personal privacy?


How RFID works

An RFID tag consists of a microchip attached to a tiny radio antenna. Each tag has a unique number, which it will broadcast in response to a radio signals from a scanning device, enabling the scanner to identify the tag. RFID tags thus work much like barcodes or magnetic strips, as a means of product identification. Unlike a barcode, however, an RFID tag can be electronically read at a distance of several metres, even if the scanner cannot physically 'see' the tag (O'Hara 2004). If the items in a customer's shopping basket carried RFID tags, a scanner could instantly identify each item without the customer removing it from the basket, or even being aware that the scan had taken place.

RFID tags require no batteries, and can theoretically last forever. They vary in size and complexity, but can be as small as a grain of rice, allowing them to be inserted into product packaging or sewn into clothes without the consumer necessarily being aware of their presence (Garfinkel 2000). This is one reason that they arouse such suspicion amongst privacy campaigners.


The use of RFID by supermarkets

For manufacturers, retailers, and logistics companies, new technologies bring the promise of increased efficiency. Supermarket have already realised the benefits of using vast computerised systems to keep track of their stock, co-ordinating delivery and sale of goods to ensure that adequate supplies are always available while avoiding the build-up of excess inventory. Such systems require each item in stock to carry a unique, machine-readable identification, for which barcodes are currently used. Suppliers of RFID technology claim that their tags have several advantages over traditional barcodes as a means of stock identification. RFID tags can be read more rapidly and over longer distances, they generally take up less space than barcodes, they are free from "line of sight constraints", and unlike barcodes they do not have to be correctly oriented in relation to the scanner. For supermarkets, RFID tags therefore promise to make the process of stock control quicker and more efficient, which will result in cost savings (O'Hara 2004).

An increasing number of firms are already deploying RFID to monitor the progress of crates and pallets of goods from manufacturer to retailer. British supermarket chain Marks and Spencer uses RFID tagging to track trays of food through its supply chain, and hopes that the new technology will reduce wastage and enable later despatch times. According to a Marks and Spencer executive, the consumer will benefit from fresher food as a result (Marks and Spencer 2002). The American retailing giant Wal-Mart also believes that its inventory management can be improved by the use of RFID, and has demanded that all its top 100 suppliers deliver radio-tagged goods by 2005 (Brewin & Vijayan 2003). However, not all the suppliers approve of the idea: the implementation of RFID will cost them a total of more than US$2 billion, and many see little benefit in the new technology. Most suppliers already have highly-accurate systems for inventory control, and there is concern that the introduction of RFID tags will make things worse rather than better, especially since trials have found that the new tags are prone to failure (Collins 2003). Most of Wal-Mart's suppliers probably will end up adopting the technology, not because it makes their own operations more efficient, but because they wish to remain in favour with the world's largest retailer (Dignan 2003).


The ethical problems

Despite reassurances by manufacturers and supermarkets that they are interested in RFID purely as a method of stock control (Jha 2003), many individuals and campaign groups remain highly suspicious of the technology. They fear that RFID tags will not only permit companies to improve efficiency and catch thieves, but also allow them to spy on the habits of law-abiding shoppers to an unprecedented extent (O'Hara 2004).

Through schemes such as loyalty cards, supermarkets already collect vast quantities of personal data about their customers' shopping habits. They use this information to target promotions more effectively, marketing products selectively to those who are considered most likely to buy them. In theory, this benefits both the company and the customer. Bombarding individuals with advertisements for products that they don't want is not only a source of irritation for consumers, it is also a waste of money for the marketers (Garfinkel 2000). Providing companies with better information on individuals and their lifestyles can help prevent this.

Data on consumers' personal shopping habits can, however, be put to more insidious uses. In one example, an American supermarket threatened to use the fact that a particular customer purchased large quantities of alcohol to discredit him in a court case (Garfinkel 2000). Such misuses of personal data are currently rare, but the possibilities raised are frightening.

Gary Marx (1999) has argued that techniques for collecting personal data are ethically dubious if they "cross personal boundaries without permission" or violate a person's trust. If these principles are to be followed, supermarkets must be open and honest about their use of RFID tags: the customer should be aware of the tags' presence and of what they are being used for. Scanning the contents of a person's shopping basket without their knowledge would constitute a clear invasion of privacy. Tony Watson MP echoed this viewpoint in a recent Parliamentary debate; he believes that new legislation may be necessary to ensure that there are "no hidden tags and no hidden readers". It is presently unclear to what extent current European data protection legislation, and the Human Rights Act (which gives individuals the right to privacy), can protect consumers against the unscrupulous use of RFID technology (Kotadia 2003).

The use of RFID in durable items such as clothing raises particular concerns, since an individual could in theory be tracked using the RFID tags in items that they wear or carry. Manufacturer Benetton recently abandoned plans to embed RFID tags in clothes after consumer protests (O'Hara 2004). Current RFID systems do not incorporate any form of encryption or security - the tags can be read by anyone within range, without a person's awareness or consent. However, an RFID tag itself merely stores an identification number, which corresponds to an entry in a company's database that contains details of the product (Garfinkel 2003). To find out what item a person was carrying, a potential spy would need access to this database. Rules limiting the extent to which companies can share such databases would therefore provide at least some protection against invasions of privacy, although critics of RFID claim that databases are at risk of being hacked into by criminals (O'Hara 2004).

Another simple way in which retailers can reassure their customers that RFID will not be used to invade their privacy is to disable the tags at the checkout. In direct response to consumer pressure, electronics manufacturers such as Philips have begun to offer RFID tags that can be "killed" when no longer required, and one German supermarket has already adopted this technology (Chai 2003).


The practical problems

Consumer opinion is not the only thing preventing the ubiquitous radio-tagging of products on supermarket shelves. Currently, the cheapest RFID tags cost between 25 and 50 cents, making them uneconomical to use on items costing less than $15, according to a report by analysis firm Semiconductor Insights (2004). Future economies of scale may reduce the cost of the tags to as little 5 cents each, but even at this price it would not be cost-effective to tag every single item in a supermarket. A recent trial of RFID-tagged Gillette razor blades conducted by Wal-Mart in the USA was abandoned primarily because of cost, not because of privacy concerns (Ewalt 2003).

There are also technical difficulties for manufacturers to overcome in adding radio tags to certain products. Campbell Soup Co., for example, has found the use of RFID tags on its tinned goods impractical, because "radio waves bounce off the cans and don't move through liquid well" (Dignan 2003).



The day when every single product on a supermarket shelf carries an RFID tag is still a long way off. Futurist Simon Ellis of manufacturing giant Unilever believes that his firm will not do "item-level tagging" for at least five to ten years, if ever (Ewalt 2003). This is not just because consumers are suspicious of the technology, but because the tags are currently too expensive and unreliable for use on mass-produced, low-value goods. The use of RFID tags on expensive items such as clothing may prove to be a valuable weapon against shoplifters, but if retailers wish to use RFID in this way they will have to convince the public that they are not exploiting the technology to spy unfairly on law-abiding customers.

If and when RFID tags do become cost-effective and reliable enough to be attached to every item in a supermarket, consumers may ultimately benefit, as companies realise efficiency gains that result in fresher products and lower prices. Privacy fears surrounding the technology can be allayed if supermarkets disable or remove the tags at the checkout, and provide customers with assurances about the uses to which the tags - and the data gathered from them - will be put. New legislation, as well as continued consumer vigilance, may be necessary to ensure that these assurances are not violated. One thing that most commentators agree on is that the gathering of personal data on private individuals should be done only with their full knowledge and consent.



Chris Baker (2003), "Wal-Mart to forgo tracking chips". Washington Times, 18 July 2003.

Bob Brewin and Jaikumar Vijayan (2003), "Wal-Mart to deploy radio ID tags for supply tracking". Computer Weekly, 13 June 2003.

CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) web site - www.nocards.org

Winston Chai (2003), "Philips adds 'off switch' to RFID tags. CNET news, 6 May 2003.

Jonathan Collins (2003), "The Cost of Wal-Mart's RFID Edict". RFID Journal, 10 September 2003.

Larry Dignan (2003), "Wal-Mart's RFID Deadline: A Chunky Mess". E-Week, 15 December 2003.

David M Ewalt (2003), "Wal-Mart Cancels RFID Trial As Companies Get Realistic About The Technology". Internet Week, 14 July 2003.

Simson Garfinkel (2000), Database Nation: the death of privacy in the 21st century. O'Reilly & Associates.

Hansard (archive of House of Commons Daily Debates), 27 January 2004

Alok Jha (2003), "Tesco tests spy chip technology". The Guardian, 19 July 2003.

Munir Kotadia (2003), "Government may regulate RFID use". ZDNet, 30 July 2003.

Marks and Spencer (2002). Press release: "Marks and Spencer rolls out largest supply chain application of RFID tagging in the world", 14 November 2002.

Gary T Marx (1999), "Ethics for the New Surveillance". In Visions of Privacy: policy choices for the digital age. University of Toronto Press.

Kirsty Needham (2003), "A free big brother in every pack". Sydney Morning Herald, 20 December 2003.

Mary O'Hara (2004), "Chips with everything". The Guardian, 24 January 2004.

Semiconductor Insights (2004), summary of RFID Cost Comparison Report

Trovan Electronic Identification Systems web site - www.trovan.com

Reg Whitaker (1999), The End of Privacy. The New Press, New York.



This was originally written as a university Business Studies essay

More essays


© Andrew Gray, 2004