26. May 2009 · 3 comments · Categories: Uncategorized

Recently one of the UK’s early RFID adopters asked me a question that rang alarm bells about the attitude of one UK supplier to the standards issue.

It was a simple scenario. The library had installed an RFID self-service issue and security solution from one supplier and was now interested in installing an automated returns sorter from another. They were aware that there might be some programming work required since, as readers of this blog are fed up with hearing, all UK suppliers use different data models.

Their reasonable expectation was that, with programming, the new sorter could be enabled to read their existing tags. At least one other university has done this successfully, so it seemed reasonable to assume that the same course of action could be followed here.

But sadly this was not so. The university has been advised that permission to read the tags has been denied by the incumbent supplier.

They were curious to know if anyone else had encountered a similar problem. So I asked the list. So far no-one has felt moved to respond – on or off list – although an email from a public library colleague revealed that their most recent project was being delayed by the absence of permission from the same company.

And yesterday came the suggestion in another email that this isn’t simply a case of permission. The data being written to the tags may in fact be encrypted.

What does that mean? Put simply it means that no other supplier can read the data without access to the encyption key. I recall suggesting that this could happen about a year ago at a presentation I gave in Glasgow but was very firmly told I was being alarmist (by the same supplier!) Maybe I inadvertently gave them the idea?

I have not yet been able to establish the accuracy of this latest assertion but its source has always been entirely reliable. So I suggest that if you have already have RFID installed in your library you ask if your data is being encrypted because, if it is, future development might be more difficult than it need be.

3 Comments

  1. That might their argument, although it’s doubtful that anyone could make much capital from the data on a book tag. But I think the real issue here is that supplier appears to have mislead the client, or at least changed their mind – see latest posting which quotes from the email in question.

    The whole privacy debate has been given another good airing on the RFID list recently, but this isn’t the same point.

  2. This is all very confusing! How can I tell if my tags are encrypted and why would it matter anyway?

  3. Hello Debby

    It’s not that easy to find out if your tags are encrypted. The library that contacted me about this isue only found out theirs were when they tried to buy equipment from another supplier and discovered that the assurances they had been given about tag readability were false.

    So one way would be to ask another supplier to try and read your tags.

    If you are lucky enough to be in a country with a common data model any RFID supplier should be able to read your tags. If you are in the UK, US or Australia (and most countries outside mainland Europe) they may have to decode the data model first, but they ought to be able to “dump” the raw data and manually look for a recognisable string – like a barcode number for example. If the data is encrypted they will be unable to “crack” the code and all they will see is gobbledegook.

    Why does it matter? Well it may not. It depends if you ever want to change suppliers. In the UK the present situation is that if you do, you have two choices. Either a) convert all your existing tags to the format supported by the new supplier or b) (and more popular) get your new supplier to alter their software to read the existing tags.

    Of course b) means we will eventually have every RFID company trying to adapt their software to read every other suppliers’ tags. Which would be complex enough if RFID suppliers were consistent in their use of data model – but they’re not. So we are heading for the “Tower of Babel” scenario at some speed!

    A better solution – and one that all the UK RFID suppliers have signed up to – is to all agree to use the same data model standard. Except that we don’t have one…yet.

    At the end of this year though, we will. So my advice would be that if you haven’t already got RFID either a) wait or b) insist on the new standard now.

    Of course if it turns out that your tags ARE encrypted you have no choice at all. Your supplier has effectively painted you into a corner I’m afraid.

Have a view? Please share!