It’s been an interesting week for RFID users.
It began with a question from Connie Moss (from I think Garland City, TX) on the US Library RFID list about buying tags. She’d been advised to buy tags with an SLIX chip on board and wanted to know how to tell what chips she had already.
A seemingly innocent question, but it proved to be the trigger for one of the most prolonged and wide-ranging discussions on the lists in a long time.
The initial response to Connie’s question came from my colleague Lori Ayre of the Galecia Group who advised Connie to keep using the chips she had as there weren’t sufficiently compelling reasons to switch to SLIX – and besides using some of its features might mean abandoning the NISO recommended RFID tag standard – ISO 28560.
This prompted a lengthy response from the other side of the world by Australian Alan Butters of Sybis who pointed out that there were issues surrounding the use of smartphones equipped with NFC that might make the use of SLIX, or possibly even SLIX-S chips a good idea.
At this point I copied these threads to the UK Library RFID list as the whole issue of NFC is one I’ve been talking about for some time now and I thought the discussion would be of interest to UK librarians. I have no intention of rehearsing all the arguments that followed on the blog. If you want the detail you can find them all here.
Suffice it to say that by the end of the week the debate had moved on to encompass the relationship between RFID and LMS suppliers, the nature of library security in general, the relative merits of an Open Source approach vs the narrow self-interest of the commercial market – with contributions from commercial suppliers and concerned librarians alike.
I began to find it all a bit confusing myself and thought that others might as well – so I thought it might be helpful to make a few simple points of my own – in the hope of not confusing things further.
The initial question concerned security – specifically RFID security. By one of those quirks of technological development the library RFID market is facing a challenge not of its own making. The term “RFID” covers a wide range of products, devices and frequencies. Almost all UK (and most US and Australian) libraries use the same frequency tags in their stock – 13.56MHz. By a wonderful irony this is the same frequency used by yet another kind of RFID – Near Field Communication (NFC).
Now NFC, like other RF devices such as the readers available with Arduino, has been around for a while and has always posed something of a threat to library users. Anyone equipped with the right device has been able to read and write data to library tags operating at the same frequency and using a compatible air interface for some time now but – outside of the labs, experiments at home and events like Chips and Mash (in Huddersfield in 2010) – no-one has seen fit to use this capability to wreak havoc in a library.
What has changed is the decision by many smartphone manufacturers to include NFC in their devices. Put very simply that means anyone with the right kind of smartphone or tablet could, using a free “app” read and write data to library tags.
The initial discussion centred on the likelihood of this happening – and what steps might be taken to prevent it. There are, as both Alan and Paul Chartier point out in the list exchanges, a number of ways in which individual libraries may be able to protect themselves against theft or scrambled data but without the co-operation of LMS suppliers most of the solutions bring problems of their own. Locking down the tags may seem like a good idea but it’s a “knee-jerk” response that will limit both the development of the technology and interoperability between applications and library services.
RFID suppliers are aware of the problem – but it is not one of their making and possibly not one they can elegantly solve. There is a clear and pressing need to find a solution which, in my opinion, will require rather more engagement from the LMS market – whether Open Source or proprietary – than we have seen up to now. One of the solutions originally put forward by Alan in 2012 would be to use the tag UID in conjunction with the LMS database – and idea reworked by Eric Grosshans of ISNG in this week’s discussion.
The debate looks like continuing for a while yet. I’m going to be watching with interest. In the meantime I’ve begun approaching suppliers with a view to brokering a meeting to develop a common approach to finding a solution. Early responses are encouraging.
If you have a specific question about any aspect of this issue please feel free to contact me – or post on the blog.