Friday, March 16, 2007

Steps Toward a Policy Framework for RFID in Europe

RFID Law Journal
Newsletter No. 44
March 16, 2007

The Commission of the European Communities announced its much anticipated communication on steps toward a policy framework for radio frequency identification in Europe. You can read the complete file at the following link:

http://ec.europa.eu/information_society/policy/rfid/doc/rfid_en.pdf

In its view, RFID is a “gateway to a new phase of development of the Information Society.” The Commission recognized that the phase of wide commercial and public sector deployment is approaching, and with such wider usage, it felt obligated to examine the legal framework under which RFID takes place to ensure safeguards for fundamental “values, health, data protection and privacy.” As a result, the Commission carried on a public dialogue during 2006 with early adopters and concerned citizens with respect to its tracking applications. The goal is taking in the perceived large social benefits of RFID while simultaneously incorporating privacy, health and environmental safeguards.

The Commission noted that Europeans are leading the way with innovative applications of RFID, smart sensors and RFID-enabled actuators and intelligent networks, and it is generally believed that RFID could “further strengthen the role of information and communication technologies in driving innovation and promoting economic growth.” According to the Commission, while the European market for RFID systems is growing at approximately 45% annually, it is lagging a global growth rate close to 60%.

One of the major factors holding back growth is the absence of a “clear and predictable legal and policy framework” making this new technology “acceptable to users,” including clarity on ethical implications, privacy and security protection, governance of RFID identity databases, the availability of radio spectrum, harmonized international standards and concerns over health and environmental implications. The Commission launched a wide public consultation to address these issues in 2006 with thousands of participants contributing to the study. During the study phase, the Commission noted emergence of concerns over privacy and data protection, finding that “RFID will only be able to deliver its numerous economic and societal benefits if effective guarantees are in place on data protection, privacy and the associated ethical dimensions that lie at the heart of the debate on the public acceptance of RFID.” The Commission noted that EC’s strong tradition in support of data protection (the regulations are substantially more stringent than US regulations). Indeed, the Data Protection Directive is broad, and in the view of the Commission, applicable to all technologies, including RFID.

The Commission noted that a “one-size fits all” approach to RFID would not be appropriate, given that security and privacy risks depend, in large part, upon the nature of the RFID application. A CBA of specific security and privacy-related risks prior to selection of RFID systems and deployment of applications is necessary according to the Commission. In view of limited information available to the public at this stage of deployment, the Commission felt that awareness and information campaigns would be an important part of RFID policy response.

The Commission noted that most respondents were concerned that the registration and naming of identities in the “Internet of Things” be interoperable, open and non-discriminatory, and it believes that the policy principles developed in the context of the World Summit on the Information Society will be relevant to the emerging policy debate.

Easy mobility and low costs of RFID systems depend, in part, upon the availability of radio spectrum and harmonization of spectrum usage conditions. The Commission opined that the allocation of RFID frequencies in the UHF band will be sufficient for the purposes of the next 3-10 years, but noted that it will be necessary to monitor demand as usage of RFID increases.

The Commission discusses both environmental and health impacts implied by widespread usage of RFID. Noting that the electromagnetic fields related to RFID applications are generally low in power, the Commission stated that “exposure of the general public and workers to RFID-related EMF is expected to be well below the current standard limits.”

Over the coming two years, the Commission is expected to continue to analyze the options and respond to concerns expressed by stakeholders. The Commission will work with the US and Asian counterparts to strive toward global interoperability on the basis of “open, fair and transparent” international standards.

The Commission advocates “security and privacy-by-design,” i.e., privacy and security built into systems prior to their widespread deployment. The Commission supports the development of codes of conduct and best practices by experts representing all stakeholders along the lines of the strategy for a Secure Information Society set out in COM (2006) 251. By year-end, the Commission is expected to establish principles for public authorities and other stakeholders applying to RFID usage.

The Commission aims to further stimulate research on the security of RFID systems and privacy-enhancing technologies. In view of the limited experience with the technology, the Commission indicated that it is necessary to carry out in-depth overall evaluations of RFID implementation through large-scale pilots in specific application domains as a precursor to widespread adoption. The Commission also recognized the importance of standardization within Europe and the maintenance of a dialogue with counterparts in US, China, Korea and Japan to ensure cooperation on standards on applications such as the security of containers, counterfeiting, air transportation and pharmaceutical goods. By the end of 2008, the Commission expects to publish a Communication analyzing the nature and effect of developments, in particular with respect to privacy, trust and governance, and at such time, will assess whether it is necessary to propose further legislative steps to safeguard data protection, privacy and other policy issues.

While one could construe the Commission’s statement as a relaxed, wait-and-see approach supportive of RFID adoption (See RFID Update “EU Opts for Hands-Off Approach to RFID Regulation”- http://www.rfidupdate.com/articles/index.php?id=1319),
it is worth noting that the Commission has expressly reserved (and called for) assessment following further experience with the technology. Just like their American counterparts who must actively engage in the dialogue over data protection, privacy and other societal concerns with state (and federal) legislatures and educate the public about RFID, European stakeholders must vigilantly educate their public about the technology and its applications and take steps to proactively address privacy, data protection and other safeguards to ensure that the “helping hand” of government doesn’t hamper the rollout of RFID.

© 2007 – RFID Law Journal, LLC. All rights reserved.

Learn more about RFID legal issues at http://www.rfidlawjournal.com. You may contact our editor about this publication at editor@RFIDLawJournal.com. Usage of this material (and any linked materials provided by third party sites) is subject to the terms and conditions set forth at www.rfidlawjournal.com.

You may not rely upon any material provided herein as legal, financial or other advice. You should consult your own advisor (legal, investment or otherwise) with respect to the advisability or accuracy of any of the material provided in this newsletter or any other material provided by us. We are not responsible for and do not attest to the accuracy of any third party content.

Tuesday, February 27, 2007

RFID - Don’t Fold Up Your Tent

RFID Law Journal
Newsletter No. 43
February 27, 2007

Kudos to Bill Hardgrave, Ph.D., Director of RFID Research Center, University of Arkansas, for publishing a rebuttal to The Wall Street Journal’s recent article entitled “Wal-Mart’s Radio Tracked Inventory Hits Static” (February 15, 2007) in a special edition to the RFID Product News published on February 23, 2007. You can access Dr. Hardgrave’s article through the following link provided by RFID Product News:

http://www.rfidproductnews.com/reader/spe01/articles/index.php#one

© 2007 – RFID Law Journal, LLC. All rights reserved.

Learn more about RFID legal issues at http://www.rfidlawjournal.com/. You may contact our editor about this publication at editor@RFIDLawJournal.com. Usage of this material (and any linked materials provided by third party sites) is subject to the terms and conditions set forth at http://www.rfidlawjournal.com/.
You may not rely upon any material provided herein as legal, financial or other advice. You should consult your own advisor (legal, investment or otherwise) with respect to the advisability or accuracy of any of the material provided in this newsletter or any other material provided by us. We are not responsible for and do not attest to the accuracy of any third party content.
Border Tracking Efforts Abandoned

RFID Law Journal
Newsletter No. 42
February 27, 2007

Earlier this month, the Department of Homeland Security (DHS) abandoned its substantial effort to deploy RFID in connection with its US VISIT program based upon, among other things, inadequate read rates and the inability of the system to tie back the data with the individual carrying the tagged travel document.

The RFID application envisioned embedding a tag within the I-94 travel document, aiming to facilitate secure border entry/exit by foreign nationals. However, during the course of a 15 month study, it was found that the biometric identity-matching capability envisioned within the entry/exit security system was ineffective because the I-94 form couldn’t be physically tied to individuals. The GAO also cited examples of poor read rates at five ports of entry tested as part of the US VISIT program.

© 2007 – RFID Law Journal, LLC. All rights reserved.

Learn more about RFID legal issues at http://www.rfidlawjournal.com. You may contact our editor about this publication at editor@RFIDLawJournal.com. Usage of this material (and any linked materials provided by third party sites) is subject to the terms and conditions set forth at www.rfidlawjournal.com.
You may not rely upon any material provided herein as legal, financial or other advice. You should consult your own advisor (legal, investment or otherwise) with respect to the advisability or accuracy of any of the material provided in this newsletter or any other material provided by us. We are not responsible for and do not attest to the accuracy of any third party content.
Final “Interim” DoD RFID Rule

RFID Law Journal
Newsletter No. 41
February 27, 2007

Effective as of February 12, 2007, the Department of Defense’s interim RFID rule, which had initially been proposed on May 19, 2006, became final, effectively extending its passive RFID tagging rules to additional classes of commodities as well as expanding from two U.S. depot locations to most locations in the 48 contiguous states. Our readers can access these rules and related comments at the following link:

http://a257.g.akamaitech.net/7/257/2422/01jan20071800/edocket.access.gpo.gov/2007/E7-2209.htm

It should be noted that this latest iteration of the rules is merely finalization of an “interim” rule, and in the spring of 2007, it is expected that a new set of even more expansive rules will likely be put into effect as the Department of Defense rolls into the third – and final – year of its three year deployment effort. Now that the Department of Defense has, indeed, wired its U.S. depots, and has contracted for the wiring of its OCONUS depots, it is expected that the DoD will be administering ever more stringent requirements on its suppliers as it seeks to realize cost efficiencies with trading partners across its supply chain.


© 2007 – RFID Law Journal, LLC. All rights reserved.

Learn more about RFID legal issues at http://www.rfidlawjournal.com. You may contact our editor about this publication at editor@RFIDLawJournal.com. Usage of this material (and any linked materials provided by third party sites) is subject to the terms and conditions set forth at www.rfidlawjournal.com.
You may not rely upon any material provided herein as legal, financial or other advice. You should consult your own advisor (legal, investment or otherwise) with respect to the advisability or accuracy of any of the material provided in this newsletter or any other material provided by us. We are not responsible for and do not attest to the accuracy of any third party content.

Wednesday, January 31, 2007

Benchmarking the National Animal Identification System

RFID Law Journal
Newsletter No. 40
January 31, 2007

The USDA is openly benchmarking its success in registering premises under the NAIS. Readers can note the progress of this program at this link to the USDA website: http://animalid.aphis.usda.gov/nais/premises_id/update.shtml. According to the statistical data set forth on the USDA website, 24.6% (i.e., 353,504) of the nation’s estimated 1.4 million livestock farms were registered in the National Animal Identification System as of January 29, 2007. The USDA defines a livestock farm as premises with more than $1,000 in annual income, and the total number of livestock farms is based upon an estimate of the National Agricultural Statistical Survey. The data counts premises with more than one species only one time. Wisconsin and Idaho represent the leadership in premises registration, with substantially all premises registered, and as of January, 2007, a majority of the livestock farms located in Indiana, Michigan, New York, North Dakota, Pennsylvania and Utah have registered themselves in the NAIS.

Some of the basic guidelines for registration can be found at the USDA’s website: http://animalid.aphis.usda.gov/nais/premises_id/index.shtml. The registration is free, and at present, it does not require participation in the other two components of NAIS – animal identification and animal tracking.

Since our last publication on the NAIS, the USDA updated its website. You can locate baseline information on animal tracing at this USDA link: http://animalid.aphis.usda.gov/nais/animal_track/index.shtml. Our readers can also find out more about animal identification at this USDA link: http://animalid.aphis.usda.gov/nais/animal_id/index.shtml. The USDA has formed working groups for different species and identified working group leaders, enabling information sharing, etc. Readers are invited to learn more about these working groups at this USDA link:
http://animalid.aphis.usda.gov/nais/species_work_groups/index.shtml.

In late January, 2007, the USDA also announced its endorsement of industry- recommended international standards for animal identification technologies. The USDA endorse the use of ISO 11784 and 11785, which would establish RFID technology standards for producers and service providers electing to use Radio Frequency Identification technology in NAIS. This will facilitate use of one reader to scan all Animal Identification Number (AIN) tags. However, the USDA is not requiring the use of RFID tags or implants. That decision is left to owners. It is also clear the USDA will continue reviewing other technology options over the horizon.
The USDA’s press release can be located through the following link: http://animalid.aphis.usda.gov/nais/naislibrary/documents/announcements/StakholderAnnouncement1_17_07.pdf.

© 2007 – RFID Law Journal, LLC. All rights reserved.

Learn more about RFID legal issues at http://www.rfidlawjournal.com. You may contact our editor about this publication at editor@RFIDLawJournal.com. Usage of this material (and any linked materials provided by third party sites) is subject to the terms and conditions set forth at www.rfidlawjournal.com. You may not rely upon any material provided herein as legal, financial or other advice. You should consult your own advisor (legal, investment or otherwise) with respect to the advisability or accuracy of any of the material provided in this newsletter or any other material provided by us. We are not responsible for and do not attest to the accuracy of any third party content.

Tuesday, January 23, 2007

Air Travel Rules for Western Hemisphere Travelers

RFID Law Journal
Newsletter No. 38
January 23, 2007

This is a short follow-up article to our Newsletter No. 37 (January 22, 2007). The Department of Homeland Security has released its official press release with respect to the new rules for air travel into the U.S. which became effective today. Initial signs suggest that most air travelers arriving in the US were aware of the new rules and came equipped with their travel documents.

You can read the DHS press release through this link:

http://www.dhs.gov/xnews/releases/pr_1169569034747.shtm

© 2007 – RFID Law Journal, LLC. All rights reserved.
Learn more about RFID legal issues at http://www.rfidlawjournal.com/. You may contact our editor about this publication at editor@RFIDLawJournal.com. Usage of this material (and any linked materials provided by third party sites) is subject to the terms and conditions set forth at http://www.rfidlawjournal.com/. You may not rely upon any material provided herein as legal or other advice. You should consult your own advisor (legal, investment or otherwise) with respect to the advisability or accuracy of any of the material provided in this newsletter or any other material provided by us. We are not responsible for and do not attest to the accuracy of any third party content.

Monday, January 22, 2007

New Rules Kick-in for Western Hemisphere Travel

RFID Law Journal
Newsletter No. 37
January 22, 2007

On Tuesday January 23, 2007, Canadian, Mexican and Bermuda citizens traveling by air, along with U.S. citizens, into the U.S. must, subject to few exceptions, provide border officials with a passport to gain entrance into the United States. This rule will bring our North American neighbors under the same rules applicable to all other worldwide travelers. In January, 2008 and June, 2009, the rules will expand to include land and sea entry, with the potential of clogging the borders.

Up until now, these Western Hemisphere neighbors typically were required only to display a birth certificate or driver’s license to gain entry into the U.S., but these more stringent rules were implemented following recommendations by the 9/11 Commission. The exception is the NEXUS Air card issued to frequent travelers and active members of the U.S. military. DHS is also considering the PASS Card as an alternative to the passport. A PASS Card is significantly less expensive than a passport, but it wouldn’t be accepted for other worldwide travel.

The new rule isn’t expected to materially impact business travelers, who usually carry a passport, but there is some concern that it could disrupt travel among ‘snow birds’ (e.g., the tens of thousands of Canadians who visit Florida and other sunny destinations each winter). It’s plausible that some jurisdictions, such as Puerto Rico and the U.S. Virgin Islands, will enjoy an incremental windfall because they’re exempted from the new rules.

While it’s certainly possible that the new rules may deter travel among some travelers, it could cause more American citizens over the longer term to procure and hold passports. At present, only 73 million citizens hold valid passports. If the supposition is correct, then the new rules will, in part, further enable e-passport deployment over the long haul.

You are invited to learn more at the State Department’s link:
http://travel.state.gov/travel/cbpmc/cbpmc_2223.html.

© 2007 – RFID Law Journal, LLC. All rights reserved.

Learn more about RFID legal issues at http://www.rfidlawjournal.com. You may contact our editor about this publication at editor@RFIDLawJournal.com. Usage of this material (and any linked materials provided by third party sites) is subject to the terms and conditions set forth at www.rfidlawjournal.com. You may not rely upon any material provided herein as legal or other advice. You should consult your own advisor (legal, investment or otherwise) with respect to the advisability or accuracy of any of the material provided in this newsletter or any other material provided by us. We are not responsible for and do not attest to the accuracy of any third party content.

Sunday, January 07, 2007

2007 Kick off – FDA Provides Draft Guidance for Industry & FDA Staff: RF Wireless Technology in Medical Devices

RFID Law Journal
Newsletter No. 36
January 7, 2007

On January 3rd, the FDA released for public comment purposes only a draft document on radio frequency wireless technology in medical devices. The FDA published this document to guide stakeholders in the development and evaluation of RF wireless technology with respect to medical devices. The rationale is providing guidance on the safe and effective use of RF wireless technology in medical devices (e.g., performance, data integrity, security, etc.). Among other things, the draft document provides examples of potentially problematic applications. The FDA provides recommendations, including consideration of issues in product design requirements, design verification and validation, and risk management processes.

You’re invited to learn more at the FDA link: http://www.fda.gov/cdrh/osel/guidance/1618.html. During the 90 day public comment period, the FDA invites questions through Donald M. Witters, Jr. at donald.witters@fda.hhs.gov. Interest parties may provide comments on the draft guidance document at: http://www.fda.gov/dockets/ecomments.

© 2007 – RFID Law Journal, LLC. All rights reserved.

Learn more about RFID legal issues at http://www.rfidlawjournal.com. You may contact our editor about this publication at editor@RFIDLawJournal.com. Usage of this material (and any linked materials provided by third party sites) is subject to the terms and conditions set forth at www.rfidlawjournal.com. You may not rely upon any material provided herein as legal or other advice. You should consult your own advisor (legal, investment or otherwise) with respect to the advisability or accuracy of any of the material provided in this newsletter or any other material provided by us. We are not responsible for and do not attest to the accuracy of any third party content.

Sunday, December 31, 2006

A 2006 RFID Wrap-up

RFID Law Journal
Newsletter No. 35
December 31, 2006

The U.S. federal government played a significant role in driving RFID adoption in 2006 through its agency mandates, policies and spending decisions. A compliance-driven marketplace was particularly evident among DoD suppliers, who scrambled to educate themselves on the RFID and UID mandates. In 2006, it became evident that a number of other agencies will also play significant roles in establishing the timeline for adoption. While the federal government proved that it could promote the growth of RFID applications in 2006, industry participants faced initiatives, including those pertaining to privacy and data protection legislation, which could have tempered RFID’s growth in the coming years. The basic message - the industry must more effectively work with legislators to educate the public about the technology and its applications.

It seems likely that RFID legal developments in the coming year will probable follow a couple of trends established in 2006, including (1) expansion of the mandate-driven market, especially among DoD suppliers; (2) further adoption driven by government policies and spending decisions and (3) continuation of the privacy debate, which could potentially temper deployment decisions by government participants outside of basic supply chain applications.

We’d like to draw your attention to a couple of year-end overviews that may be of interest to our readers. RFID Product News provides a high level overview of legal issues for 2006. You can access this content at the following link: http://www.rfidproductnews.com/issues/2006.11/legal.side.php. RFID Update provides an interesting top 10 list for trends in the RFID marketplace observed in 2006. You can access this content at the following links:
http://www.rfidupdate.com/articles/index.php?id=1264
http://www.rfidupdate.com/articles/index.php?id=1266
http://www.rfidupdate.com/articles/index.php?id=1267

© 2006 – RFID Law Journal, LLC. All rights reserved.
Learn more about RFID legal issues at http://www.rfidlawjournal.com. You may contact our editor about this publication at editor@RFIDLawJournal.com. Usage of this material (and any linked materials provided by third party sites) is subject to the terms and conditions set forth at www.rfidlawjournal.com. You may not rely upon any material provided herein as legal or other advice. You should consult your own advisor (legal, investment or otherwise) with respect to the advisability or accuracy of any of the material provided in this newsletter or any other material provided by us. We are not responsible for and do not attest to the accuracy of any third party content.
RFID Policy Memo Wired into DSCP Guidebook

RFID Law Journal
Newsletter No. 34
December 31, 2006

RFID Law Journal has confirmed with appropriate authorities that CP Memo 06-32 is now wired into the local Philadelphia Center DSCP guidebook. You can access the guidebook at http://www.dscp.dla.mil/contract/dgpa/dgpahome.htm. This development could be viewed as an additional indication that RFID is now part of every day business at the Department of Defense. Of course, contracting officers have always been required to follow applicable regulations, including the RFID mandate. Readers may recall that CP Memo 06-32 details more exacting procedures for allowance of a deferral or waiver and would appear to close systemic loopholes. The latest development reinforces the point that the passive RFID requirements are here to stay.

© 2006 – RFID Law Journal, LLC. All rights reserved.
Learn more about RFID legal issues at http://www.rfidlawjournal.com. You may contact our editor about this publication at editor@RFIDLawJournal.com. Usage of this material (and any linked materials provided by third party sites) is subject to the terms and conditions set forth at www.rfidlawjournal.com. You may not rely upon any material provided herein as legal or other advice. You should consult your own advisor (legal, investment or otherwise) with respect to the advisability or accuracy of any of the material provided in this newsletter or any other material provided by us. We are not responsible for and do not attest to the accuracy of any third party content.