Wired has a great article on RFID and hacking it. As a library tech, the section about library theft and tracking is the one that most concerns me, especially this line:

Private citizens and the government could likewise place cookies on library books to monitor who's checking them out.

For all you Big Brother fans, the part about the government really isn't something you should worry about. Libraries are big on privacy and it would really take nothing less than the FBI with a warrant to get someone's records. Besides, library staff are good at spotting something unusual. We deal with the weird ones every day.

No, the one you have to worry about is the private citizen part.

If you are not a library user, you don't have an accurate idea about how libraries are used. Library patrons are competitive, jockeying for new or severely needed books. In a university library, the problem intensifies with holds on books needed for classes and projects. The problem lies in there being a small number of books versus a large community of borrowers that need them.

And this is where it all gets scary:
  • Patron #1 checks out a book out. The book is encoded with RFID.
  • The book is recalled from Patron #1.
  • Patron #1 puts a cookie on the RFID code and returns the book.
  • Patron #2 checks out the book.
  • Patron #1 uses the cookie on the radio signal to track down Patron #2.
From there, you can use your imagination to suggest everything from harrassment and theft to assault.

And if you think I'm kidding, you should spend some time working in a library. Furious patrons will harrass, abuse, and threaten to get the books they need or want. Many libraries staff security guards for this reason.

Few libraries use RFID at present, mostly because it costs more money than most libraries, which run off donated funds, can manage. For a library the size I work for to equip just the books in the primary complex would cost 5 million dollars: a dollar per RFID tag. Of course, that's the low end, easy to manipulate tag.

At current, my library uses 'tattle tape' which is a strip of magnetic tape sealed into the binding of the book for security. You'd litertally have to destroy the book in order to find the tape and get it out to steal the book. It makes theft difficult, especially since the general populace isn't library savvy. And really, what RFID in libraries is about: security and prevention of theft.

In five to ten years, it might actually be secure and prevent theft, but right now, it is cost ineffective and anyone can get an RFID tracker put on their PDA to manipulate the data on a book and cause damage.

Though you'll be hard pressed to find a library that thinks of safety in terms of how library technology can harm, we're lucky enough that RFID is too pricey for most libraries. That, in and of itself, will put off a form of stalking that's slowly been developing in libraries for a few more years.

Nick out.

No comments: