As regular readers will know I have been working closely with an organisation called Book Industry Communication (BIC) – a charity supported by both the book trade and the library community – for many years. BIC’s mission is, as the name suggests, to improve communication across all sectors of the book trade (including electronic) and has been instrumental in establishing many of the standards now used in libraries.

This post has been inspired in part by an email from Kathy Settle. In a three-way discussion about BIC’s recent report on RFID privacy she commented that the sample poster template included at the foot of the web page (for use in libraries to help inform users about the potential risks associated with RFID tags) , “If it was my mum reading it, I’d think she would be very confused – and worse, very worried – about what this all means”.

She has a point. The public aren’t included in the long list of people for whom the guidance is intended – but it does suggest ways in which libraries should inform their users that RFID is being used by the staff.

By pure coincidence I received an email this morning from a library user who is writing his own application to interact directly with library stock. I can’t tell you what he wants to do with it in case he plans to sell it to other members of the public, but I can at least assure you that it is an entirely innocent idea that has some merit.

This may sound surprisingly ambitious – after all librarians have been rather slow to recognise the potential that now sits on their shelves – but such initiatives are likely to become increasingly more frequent as the public recognise that most of the stock on the shelves of our libraries are wide open to exploitation by anyone with a smartphone app.

Why a ‘UK’ guide? Well almost 100% of UK libraries now use essentially the same technology and standards whether they know it or not, so this guide will work for almost 100% of UK library users. There’s no mention of data models, frequencies, encryption, or any of the myriad other variables that make RFID sound more complicated than it is – and which have led to other countries choosing different paths to RFID deployment.

This guide is different from everything else I have written about RFID over the past 10 years or so. It is much shorter, and is for the individual who wants to write their own app as well as the ordinary citizen who just wants to borrow a book.

And of course it’s for Kathy’s mum.

A UK Library User’s Guide to RFID

What’s RFID?

RFID stands for Radio Frequency Identification. Your library uses it to keep track of its books etc. It’s a very simple idea with a huge range of applications so you probably already have some form of it in your possession already. If you have a bus pass, travelcard (like Oyster), a bank card that you can just wave at a terminal or a library book the chances are that it has RFID on board.

There are lots of different kinds of RFID but they all have two things in common – they use a ‘chip’ to store information and an aerial (attached to the chip) to send and receive information. The ones in your library books are about the size of a credit card and are called ‘tags’.

Why is my library using RFID?

Well according to the findings of surveys that I used to carry out annually almost 100% of them are using it to allow you to borrow items from the library without the need to trouble a member of staff. Libraries call this “self-service circulation” and it’s a bit like using the self-service device to buy goods in a supermarket except that you don’t have to pay and you use a radio scanner to read a library RFID tag instead of an optical scanner to read a supermarket barcode.

Like supermarkets libraries still do use barcodes to manage their stock sometimes although the information in the barcode is also present on the tag – plus a whole lot more. The main reason libraries switched from barcodes to tags was to improve security. Before RFID libraries tried a variety of ways to protect themselves from theft – the most popular was something called ‘tattle-tape’ – a magnetic strip hidden in a stock item that could be magnetised and de-magnetised. Security gates at library exits used magnetic waves to detect any item being removed illegally. The system worked well but required expensive and bulky electromagnets to arm and disarm the strips. RFID simply writes a code to each tag to specify whether it can be borrowed or not.

RFID security devices often resemble the earlier electromagnetic ones but work in a completely different way so you cannot ‘mix and match’ the two technologies.

Is RFID harmful?

The technology has been in use for more than half a century without any reports of any impact on health and the voltages used to run RFID systems are very much lower than those used by electromagnetic devices.

Why does my library want me to know if they are using RFID?

The European Union issued a mandate some years ago that recommends that libraries (and other establishments) notify their users if RFID technology is in use in a location to enable them to assess any personal risk to their privacy.

Are there risks to my privacy?

Because data is being broadcast over the airwaves there is the possibility that a third party could intercept messages exchanged between your books and the library’s self-service devices.

However most libraries do not record any data that can be traced to an individual on their RFID tags. Anyone seeking to discover what someone is reading would also have to gain access to the library’s database in order to decode what would otherwise be just a stream of numbers flying through the ether. It is nonetheless a level of risk that the EU feels deserves advertisement by the library.
Your membership card by the way is still most likely to be using the ‘old’ technology barcodes which cannot be read by radio.

Is RFID used for anything else?

Some librarians have been very creative in finding ways to exploit RFID technology and use it for much more than issuing and returning stock. There are examples all over the internet and elsewhere in this blog. None of them offer any additional threat to library users over and above that mentioned above.

…….

So that’s my attempt at a user’s guide to RFID. I am aware that it will not apply to everyone but I think it works quite well for the majority of UK libraries. My thanks to Kathy’s mum for taking the time to read it and offer some helpful suggestions – likewise to Kathy for finding the time to do likewise.

A final word for librarians

If there are any additional concerns about public interaction with the library they should be troubling librarians rather than the public. The reason for my saying this concerns recent advances in a technology called NFC (short for Near Field Communication) that have resulted in many smartphones being able to read and write to library tags. As I indicated at the start of this post some members of the public are already using this capability to develop their own apps to interact with library stock. For the moment this appears to be for purely benign reasons.

But that could change of course.

The second half of 2014 saw the first signs that its mandate on RFID privacy M436 might be gaining some teeth with the issue of two new standards EN 16570 and EN 16571 – respectively defining the display of warning signs in RFID-enabled establishments and the process by which Privacy Impact Assessments (PIAs) should be completed. The second of these documents, created under the direction of its Project Editor, Paul Chartier, gives details of the process to be followed in creating a Privacy Impact Statement (PIS) to be displayed alongside signs warning that RFID is being used in an establishment – a library for example.

Paul’s company – Convergent Technologies – has been quick to alert librarians and their suppliers of the requirements of EN 16571 and has partnered with the French RFID organisation – CNRFID – to produce software that enables what the standard refers to as “Operators” to complete a PIS. This software can be purchased from either Convergent or CNRFID.

EN 16571 applies to any business using RFID but singles out libraries for special attention its Project Editor having a special interest in the sector having previously been PE for a number of other standards, most notably the somewhat over-engineered ISO 28560. Some of the requirements of EN 16571 would have profound implications for libraries. The need to label every single item that contains an RFID tag for example. Signing up to complete a PIS might therefore commit a library to more expenditure than simply buying the software.

So how should librarians respond to this new challenge? Convergent’s answer would probably be – “show us the money!” and that’s certainly one option. However the standard is not (yet) legally binding and may be enforced – or not – quite differently in different member states. The standard – like ISO 28560 before it – suggests to me that its creators may have been more familiar with the needs of the book supply chain than with running a library service and it is to be hoped that wiser counsels will prevail if it ever becomes the subject of legislation.

Book Industry Communication (BIC) – a charity funded by both the book trade and libraries – is an organisation that seeks to advise and inform its members on issues such as standards adoption. Its various committees and task-oriented working groups are populated by both suppliers and their clients (librarians) working in the sector. It liaises with other concerned parties (like the UK’s Information Commissioner’s Office (ICO)) to try and ensure that legislation is informed by those who work in the library sector rather than by EU experts who may have little experience of the day to day problems of running a library service.

BIC today issued an advisory notice to UK librarians about M436 seeking to reassure them that precipitate action is not necessary and detailing the approach it is taking on behalf of its members (and UK libraries in general). This might be summarised as “Don’t Panic” – but this should not seen as a call for complacency so much as a call to arms for librarians to be aware of the issue.

As a part-time BIC consultant I will be working with them to represent the interests of libraries in these cash-strapped times. I hope I can count on your support?