Jeff Richards' Demand Insights

I will not go into laborious detail in this post, but the fundamental points to be understood here are as follows:

1) Consumer privacy is a major issue that can and should be dealt with by both the private (through innovation, new technologies, etc.) and public sectors (primarily through debate and legislation). In fact, I would probably fall into a camp arguing we do not yet have an adequate legislative structure to deal with the onslaught of consumer privacy issues that have arisen in the past 5 years via the Internet, mobile, credit cards, etc.

2) In our zeal to develop new consumer privacy legislation, however, we should not be focused on the means, but rather the end. In other words, remain focused on the issue and policies around the issue, not the technologies which may (or may not) be used to protect and impact consumer privacy. This is a point that I, along with other industry leaders (from RSA, The Center for Democracy in Technology, McKenna Long & Aldredge, EPCglobal and others), stressed at the U.S. Congressional Internet Caucus back on June 27th of this year.

3) If we do focus on the means to the end - RFID in this case - we are completely missing the "problem" and focusing on the "symptom" - and of course ignoring many, many other technologies that have the same types of capabilities. If you understand technology cycles, RFID is just a starting point for a whole new world of sensor, "mesh networking," and "Internet of Things" technologies that will come onto the scene over the next 5-10 years and make a positive material impact to our daily lives (see: Zigbee, Wi-Fi, WiMax). Watching our legislators focus on the "hot" technology that happens to be attracting media attention and venture funding, rather than the core policy issues at hand, will not only be painful but a very constraining environment for innovation and growth. For example, had legislators grabbed hold of WiFi (one can come up with many fantastic scenarios under which the wireless technology could be used to violate consumer privacy) the way they are RFID, I may not be writing this post (I'm using a T-Mobile WiFi Hotspot in Weisbaden, Germany).

4) The other implication of focusing on the technology, as opposed to the policy, is we potentially place great limitations on the future uses of the technology - many of which have not even been conceptualized yet. I think most citizens would favor technology that can place a high degree of certainty on the authenticity of prescription pharmaceuticals. While this is not a huge problem in the U.S. - an estimated less than 1% are counterfeit in the U.S. - it is a rampant problem in countries like China, Russia and elsewhere (driving the worldwide esimates to more than 10%, or $45B+ per year). RFID, along with other technologies, has the potential to make a major dent in the global counterfeiting market (via serialized authentication) - but not if we pre-legislate the technology's viability before we've even gotten started. Hence, the Governor's quote so aptly described the situation:

"I am concerned the bill's provisions are overbroad and may unduly burden the numerous beneficial new applications of contactless technology."

Thank you, Governor, for understanding the issues and taking a long term view. We will continue to generously support legislation, education and other efforts to help the market make the right decisions around consumer privacy. We hope others take the view the Governor has - focus on the policies and issues at hand, not the specific technologies.