On Wednesday NXP made a seemingly routine product announcement about their new RFID chip designed especially for libraries – the reassuringly geeky sounding ICODE SLIX 2.

The press release doesn’t say very much about the reasons for the chip’s development, rather it concentrates on the improvements it will bring to library users of RFID technology. The more technically minded can download the full specification of the chip here.

The poor benighted librarian reading this announcement – which has been duplicated by the excellent Marshall Breeding on his website – will however probably be simultaneously confused and reassured. After all just about all the major players (in the UK RFID market at least) have made supportive and excited noises about the significance of the new product in the announcement – and I know from my annual surveys that librarians trust their suppliers above almost everybody else in the market (apart from other librarians) when it comes to RFID.

So why this post?

Well you can call me a sceptic (people do you know) but I take very little at face value and there are some threads running through this announcement that raise questions in my mind. Coupled with other information I received last week I’m beginning to wonder whether we’re about to see a realignment in the library automation world that we haven’t seen the like of since the birth of the Internet.

Let’s look at what the statement says and try and figure out what’s going on here.

After the usual “it’s all going to be so much better” messages we are told that,

“The SLIX 2 is fully compatible with existing ICODE library systems, ensuring that over 5000 public and university libraries already using ICODE SLIX and ICODE SLI based labels can migrate and benefit from the latest technology without difficulties”.

Which is good news for the 5000 (where ARE all these libraries, and how are they being counted I wonder?) but there will be many more libraries out there NOT using the ICODE family of products that won’t. Unlike most RFID users libraries tend not to replace their RFID tags – and their “product” lifecycles are significantly longer than in retail for example.

So the chances are that many libraries will still be using tags that even predate the existence of the ICODE family of products. An obvious point I know – but I know some librarians who will think that this statement means everything’s fine. When it may not be.

The next point that caught my eye was,

“In addition to improved scanning and reading capabilities the new SLIX 2 introduces near field communication (NFC) technology to enhance library services.”

Now THAT’s a really interesting way to present information that already applies to ANY RFID tag using 13.56 MHz tags (and that’s ALL of them in the UK by the way).  Regular readers will be aware that the potential for NFC devices (like smartphones and tablets) to be used to alter or delete data on RFID tags is something of an obsession of this author’s. It’s been possible for years now, what’s different is the recent surge in the number of NFC devices on the market. To me this sounds like spin – the implication that NFC has been “added” suggests that it hasn’t been possible before. But it has. For ages now.

What the data sheet will also tell you is that NXP are introducing a number of new features on this chip that will enable suppliers to password protect, and even kill tags. Librarians should consider two aspects of this news.

Firstly that this protection will only available on the new tags, and secondly that password protection may not be the answer to the problem because of the way in which libraries actually work (something frequently misunderstood both by RFID suppliers and manufacturers alike). Integration with an LMS might indeed be made more difficult if RFID suppliers start to manage additional aspects of the circulation process – and that’s one of the reasons for my opening, somewhat hyperbolic(?), remarks about change.

The last part of the announcement to which I want to draw your attention is this one,

“The new chips offer additional memory space to store dedicated URLs without compromising the library management memory areas. The URLs will point to internet spaces that contain additional information related to the book or media.

Sophisticated content, such as movie trailers, author bios, book reviews, and much more, becomes automatically accessible through NFC-enabled mobile devices as they tap marked areas on the books. “

Sound familiar?

Again regular readers (and those who have attended any of my conference presentations in the last few years) will be aware that I have long advocated the use of physical stock as a discovery tool for other resources. Examples of this obvious benefit already exist in libraries as far apart as Australia and Norway. By linking with a discovery system – or even an OPAC – library users can already enjoy the benefits of using books, DVDs etc. to discover author interviews or live performances for example (it’s already documented on this blog).

But the difference here is that the URLs that make this possible will be stored on the chip – rather than on a remote database which, in the light of the recommendations on user privacy in the EU’s mandate to standards bodies – M436 (as discussed at length on this blog and elsewhere), may be almost culpably reckless. The mandate isn’t only concerned with the data present on tags but also with what might be inferred from it. Someone carrying an item with a URL on it could easily be inadvertently advertising a personal or commercial interest to someone equipped with the right (and probably free) software on their smartphone.

So what to make of all this?

To me it all sounds like the RFID market has run out of existing products to sell to its traditional library market and has decided to take on the LMS companies for their circulation business.  It’s not a surprising development – the potential has existed for many years now, what was missing was a chip that could support the additional features that would make an entirely RFID based circulation solution possible. Until now.

Of course this is not an overnight process. First librarians will need to buy the new chips that make the reinvention of circulation possible.

I wonder what they cost?

The second half of 2014 saw the first signs that its mandate on RFID privacy M436 might be gaining some teeth with the issue of two new standards EN 16570 and EN 16571 – respectively defining the display of warning signs in RFID-enabled establishments and the process by which Privacy Impact Assessments (PIAs) should be completed. The second of these documents, created under the direction of its Project Editor, Paul Chartier, gives details of the process to be followed in creating a Privacy Impact Statement (PIS) to be displayed alongside signs warning that RFID is being used in an establishment – a library for example.

Paul’s company – Convergent Technologies – has been quick to alert librarians and their suppliers of the requirements of EN 16571 and has partnered with the French RFID organisation – CNRFID – to produce software that enables what the standard refers to as “Operators” to complete a PIS. This software can be purchased from either Convergent or CNRFID.

EN 16571 applies to any business using RFID but singles out libraries for special attention its Project Editor having a special interest in the sector having previously been PE for a number of other standards, most notably the somewhat over-engineered ISO 28560. Some of the requirements of EN 16571 would have profound implications for libraries. The need to label every single item that contains an RFID tag for example. Signing up to complete a PIS might therefore commit a library to more expenditure than simply buying the software.

So how should librarians respond to this new challenge? Convergent’s answer would probably be – “show us the money!” and that’s certainly one option. However the standard is not (yet) legally binding and may be enforced – or not – quite differently in different member states. The standard – like ISO 28560 before it – suggests to me that its creators may have been more familiar with the needs of the book supply chain than with running a library service and it is to be hoped that wiser counsels will prevail if it ever becomes the subject of legislation.

Book Industry Communication (BIC) – a charity funded by both the book trade and libraries – is an organisation that seeks to advise and inform its members on issues such as standards adoption. Its various committees and task-oriented working groups are populated by both suppliers and their clients (librarians) working in the sector. It liaises with other concerned parties (like the UK’s Information Commissioner’s Office (ICO)) to try and ensure that legislation is informed by those who work in the library sector rather than by EU experts who may have little experience of the day to day problems of running a library service.

BIC today issued an advisory notice to UK librarians about M436 seeking to reassure them that precipitate action is not necessary and detailing the approach it is taking on behalf of its members (and UK libraries in general). This might be summarised as “Don’t Panic” – but this should not seen as a call for complacency so much as a call to arms for librarians to be aware of the issue.

As a part-time BIC consultant I will be working with them to represent the interests of libraries in these cash-strapped times. I hope I can count on your support?

On July 31st the European Union finally published directive M436 on Radio Frequency Identification (RFID). M436 has been in process for so long that many RFID users may have forgotten all about it some time ago. A few may never even have heard of it.

M436 attempts to deal with concerns over the privacy issues that have surrounded this technology since it first appeared – in libraries over 20 years ago. The directive is “application agnostic” – meaning that the rules apply to RFID users regardless of how they are using the technology. Libraries are one of the key areas of activity already identified by the EU and they will certainly feel the effects of mandate M436 over the next few months/years.

Locations will be required to display a sign

Locations will be required to display a sign

There are two main elements to the directive as I outlined in my “quick guide” for librarians back in 2013. The first, and simplest, is signage. Locations where RFID is being used will be required to display a sign advising users of this fact.

The second, and slightly more demanding requirement is to carry out a Privacy Impact Assessment in order to produce a Privacy Impact Statement that should also be made available to anyone wishing to understand the implications of the use of RFID in an establishment. In a library this might be displayed alongside the sign – or advice be displayed indicating where the statement can be found – on a website for example.

 

The mandate is issued to European standards bodies to create standards for ensuring the privacy of individuals using RFID solutions. As such it has no legal force as such, but may grow teeth if either the UK Information Commissioner’s Office (ICO) or the European Union itself decides this issue requires formal legislation. Certainly the display of signs and the creation of a Privacy Impact Statement should now be regarded as “best practice” for librarians.

Book Industry Communication (BIC) established a Privacy Group (which I chaired) in 2013 to maintain a watching brief on the progress of M436 and to liaise with the ICO in order to ascertain that body’s attitude to possible legislation. This group will now be reconvened in the near future to initiate its education programme for librarians wishing to know more – or to comply with the directive. Invitations have been issued to both the Society of College, National and University Libraries (SCONUL) and the Society of Chief Librarians (SCL) to participate in this process.