As regular readers will know I have been working closely with an organisation called Book Industry Communication (BIC) – a charity supported by both the book trade and the library community – for many years. BIC’s mission is, as the name suggests, to improve communication across all sectors of the book trade (including electronic) and has been instrumental in establishing many of the standards now used in libraries.

This post has been inspired in part by an email from Kathy Settle. In a three-way discussion about BIC’s recent report on RFID privacy she commented that the sample poster template included at the foot of the web page (for use in libraries to help inform users about the potential risks associated with RFID tags) , “If it was my mum reading it, I’d think she would be very confused – and worse, very worried – about what this all means”.

She has a point. The public aren’t included in the long list of people for whom the guidance is intended – but it does suggest ways in which libraries should inform their users that RFID is being used by the staff.

By pure coincidence I received an email this morning from a library user who is writing his own application to interact directly with library stock. I can’t tell you what he wants to do with it in case he plans to sell it to other members of the public, but I can at least assure you that it is an entirely innocent idea that has some merit.

This may sound surprisingly ambitious – after all librarians have been rather slow to recognise the potential that now sits on their shelves – but such initiatives are likely to become increasingly more frequent as the public recognise that most of the stock on the shelves of our libraries are wide open to exploitation by anyone with a smartphone app.

Why a ‘UK’ guide? Well almost 100% of UK libraries now use essentially the same technology and standards whether they know it or not, so this guide will work for almost 100% of UK library users. There’s no mention of data models, frequencies, encryption, or any of the myriad other variables that make RFID sound more complicated than it is – and which have led to other countries choosing different paths to RFID deployment.

This guide is different from everything else I have written about RFID over the past 10 years or so. It is much shorter, and is for the individual who wants to write their own app as well as the ordinary citizen who just wants to borrow a book.

And of course it’s for Kathy’s mum.

A UK Library User’s Guide to RFID

What’s RFID?

RFID stands for Radio Frequency Identification. Your library uses it to keep track of its books etc. It’s a very simple idea with a huge range of applications so you probably already have some form of it in your possession already. If you have a bus pass, travelcard (like Oyster), a bank card that you can just wave at a terminal or a library book the chances are that it has RFID on board.

There are lots of different kinds of RFID but they all have two things in common – they use a ‘chip’ to store information and an aerial (attached to the chip) to send and receive information. The ones in your library books are about the size of a credit card and are called ‘tags’.

Why is my library using RFID?

Well according to the findings of surveys that I used to carry out annually almost 100% of them are using it to allow you to borrow items from the library without the need to trouble a member of staff. Libraries call this “self-service circulation” and it’s a bit like using the self-service device to buy goods in a supermarket except that you don’t have to pay and you use a radio scanner to read a library RFID tag instead of an optical scanner to read a supermarket barcode.

Like supermarkets libraries still do use barcodes to manage their stock sometimes although the information in the barcode is also present on the tag – plus a whole lot more. The main reason libraries switched from barcodes to tags was to improve security. Before RFID libraries tried a variety of ways to protect themselves from theft – the most popular was something called ‘tattle-tape’ – a magnetic strip hidden in a stock item that could be magnetised and de-magnetised. Security gates at library exits used magnetic waves to detect any item being removed illegally. The system worked well but required expensive and bulky electromagnets to arm and disarm the strips. RFID simply writes a code to each tag to specify whether it can be borrowed or not.

RFID security devices often resemble the earlier electromagnetic ones but work in a completely different way so you cannot ‘mix and match’ the two technologies.

Is RFID harmful?

The technology has been in use for more than half a century without any reports of any impact on health and the voltages used to run RFID systems are very much lower than those used by electromagnetic devices.

Why does my library want me to know if they are using RFID?

The European Union issued a mandate some years ago that recommends that libraries (and other establishments) notify their users if RFID technology is in use in a location to enable them to assess any personal risk to their privacy.

Are there risks to my privacy?

Because data is being broadcast over the airwaves there is the possibility that a third party could intercept messages exchanged between your books and the library’s self-service devices.

However most libraries do not record any data that can be traced to an individual on their RFID tags. Anyone seeking to discover what someone is reading would also have to gain access to the library’s database in order to decode what would otherwise be just a stream of numbers flying through the ether. It is nonetheless a level of risk that the EU feels deserves advertisement by the library.
Your membership card by the way is still most likely to be using the ‘old’ technology barcodes which cannot be read by radio.

Is RFID used for anything else?

Some librarians have been very creative in finding ways to exploit RFID technology and use it for much more than issuing and returning stock. There are examples all over the internet and elsewhere in this blog. None of them offer any additional threat to library users over and above that mentioned above.

…….

So that’s my attempt at a user’s guide to RFID. I am aware that it will not apply to everyone but I think it works quite well for the majority of UK libraries. My thanks to Kathy’s mum for taking the time to read it and offer some helpful suggestions – likewise to Kathy for finding the time to do likewise.

A final word for librarians

If there are any additional concerns about public interaction with the library they should be troubling librarians rather than the public. The reason for my saying this concerns recent advances in a technology called NFC (short for Near Field Communication) that have resulted in many smartphones being able to read and write to library tags. As I indicated at the start of this post some members of the public are already using this capability to develop their own apps to interact with library stock. For the moment this appears to be for purely benign reasons.

But that could change of course.

I am indebted to both the National Acquisitions Group and Book Industry Communication (BIC) for sponsoring me to write a revised version of the widely used (and much copied!) Guide to Library RFID Procurement published in 2011.

A great deal has changed in the 5 years since the old guide was published. RFID has found its way into many more aspects of all of our lives, libraries included. The emergence of mobile technologies that can read library RFID tags by using an RFID technology called Near Field Communication (NFC) has opened up even more possibilities for using the technology and new applications are now appearing almost daily – some of them written by enthusiasts and students rather than the big commercial companies.

Libraries around the world can now use RFID to help them manage many more processes than simply self-service loans and returns – from building access to stock disposal and everything in-between.

So writing a new guide was something of a challenge! I should warn any plagiarist that they really won’t be able to simply this guide – or even the specification of requirements – in support of a procurement process without doing some work of their own. This guide focuses on helping you define what you want to achieve with the technology – rather than enabling suppliers to tick some boxes on a form before you hand over large sums of money for a solution that doesn’t quite deliver what you expected.

But before anyone criticises me here for being negative about those who use or supply RFID solutions I should say that both constituencies have been equally vocal in urging me to “do something” about the procurement process for some time now. It clearly helps neither party if requirements are ill-defined.

So this guide seeks to steer you toward a better definition of your needs and desires for this still developing technology whilst still ensuring that you ask the right questions – about standards, privacy etc. – of potential suppliers. Who knows what you might be able to achieve with RFID over the coming years? You may surprise yourself!

I am however mindful of the fact that many procurements are still driven by a desire to replace staff so I have tried to emphasise the questions that still need to be asked of potential suppliers to do that, so that even if you have no interest in making stock interactive, automating your accessions processes, saving money on kiosks by encouraging users to use tablets and phones, using the technology to improve user experience, facilitate consortia creation and co-operation or any of the many other things you ought to be doing with RFID you will still find it useful.

You can download a copy of the new guide here.

Over the past two weeks I’ve been talking to quite a few UK librarians about RFID issues. A few had misconceptions about some aspects of the technology and suggested that it might be helpful if I posted about them here. So here goes…

  1. RFID self-service doesn’t use sensitisers.

Many libraries invested in Electromagnetic (EM) security systems long before RFID appeared. These usually relied on a thin strip of metal (often called “tattle tape”) hidden in the book’s spine.EM

When items were borrowed a “de-sensitiser” reversed the polarity of these strips allowing them to pass security gates – set to sound an alarm when they detect sensitised items. High voltages powered the de-sensitiser which transmitted electricity in much the same way as an electric toothbrush does.

When self-service units first appeared in libraries they included these same de-sensitisers together with barcode readers to allow readers to issue their own items.

RFID self-service looks almost exactly like its EM counterpart but works in a completely different way. Instead of changing polarity on a bit of metal RFID depends entirely on data.

Library RFID tags usually comprise an aerial and a tiny chip stuck to a label. The data resides on the chip, while the aerial transmits data values to and from other devices via a scanner/receiver. Security is managed by writing specific values to an area of memory on the chip.

No high voltages. No magnetism. No sensitising or de-sensitising.

Because data is used to carry out the security function it is important for libraries know what data is being written – and how.  This is one reason why data standards are so important in RFID installations. RFID scanners using the same frequency – in another library for example – constantly scan for tags, and since not everyone uses the same values to set or clear security data false alarms can and do occur.

  1. It’s not the RFID system that makes the decisions.

This is a perennial topic. Every year I run a survey of RFID use in libraries around the world and one of the most common complaints I receive is that suppliers of RFID systems are very poor at responding to development requests.

Whilst many of these complaints are fully justified a significant number are asking for changes that could only be made by the management system (aka ILS or ILS) supplier.

All RFID solutions in use in UK libraries depend on a connection to the LMS. It is the LMS that continues to hold all the information – loan policies, borrowing limits, locations etc. All the information required by the RFID system – for displaying items on loan, fines owed or even to determine whether an item may be borrowed – is carried between the LMS system and RFID device by a message of some sort. This may be a web service, an API or some other proprietary means but most often it will be 3M’s “SIP”.

The Standard Interchange Protocol has been developed over many years to allow communication between an LMS and self-service systems (some of them RFID). It was designed primarily to support circulation and has been in use for over almost 30 years.

So RFID suppliers seeking to extend functionality for their clients are often restricted by their dependence on this protocol. Many have sought to improve matters by forming partnerships with specific LMS companies but of course the solutions they develop in this way are by definition bilateral in nature (i.e. they only work for products developed by the two partners).

The UK industry is trying to improve matters by developing an alternative to SIP called the “Library Communication Framework” (LCF).

  1. Adopting standards doesn’t usually require re-tagging stock

I frequently see messages on the RFID lists (particularly in the USA) from librarians explaining why they have decided not to use standards. One of the reasons given for not doing so is the cost.

taggingThere are of course still some costs incurred in switching over to a data standard but one of those often suggested – the cost of tag replacement – is often unnecessary. As I mentioned before a tag comprises a chip, an aerial and a sticky label and it’s the chip that matters here. Most of them are manufactured by the same supplier – NXP – but even if yours aren’t there is every chance that they can be converted without having to replace them.

In the early days of library RFID suppliers used many different manufactures for their tags and some of these products were discontinued, leaving library clients with no alternative but to replace existing tags altogether. That all changed in 2011 and it’s a simple enough matter to ask your supplier whether it’s possible to make the switch. Anyone wanting to future-proof their implementation should seriously consider doing so.

Some companies already offer hardware that will automatically convert tags to the UK standard as they are borrowed and since all UK suppliers have undertaken to support both their own and the UK data standard there should be no need to swap tags.

  1. You don’t have to buy everything from the same supplier

Before RFID suppliers agreed to support the UK data standard they each decided what data to use and critically where and how to store it on the chip. This often varied from site to site as some librarians mandated data elements they wanted to store.

This state of affairs rapidly created an inflexible market in which libraries had no choice but to buy all their RFID supplies from the same company.

Framework agreements – very popular with the public sector – have tended to perpetuate this practice and most procurements are still based on buying from a single supplier.

Academic libraries have proved more adventurous than their public sector counterparts in asking suppliers to support existing systems – usually by writing bespoke software to read another supplier’s data model – but this has become unwieldy for suppliers and libraries alike so most new installations use the standard – making it easier to mix and match hardware from different suppliers as well as allowing librarians the freedom to buy any new products that support the data standard.