I’m attending the American Psychological Association’s (APA’s) annual meeting again this year. I tend to go every few years, as it’s a big convention (over 10,000 attendees) and can be a bit overwhelming. My symposium submission about online mental health interventions also got accepted, so I’m looking forward to chairing a great talk by researchers from around the world (today in Room 29B at 10:00 am).
I pre-registered, so got my registration badge in the mail (hey SXSW, this is a great idea you should implement!). Then all you have to do is go to the registration area and pick up your badge holder and convention bag.
There are two interesting things about the convention this year — the badges come with attached passive RFID chips. And the APA encourages people to use an insecure third-party social networking website to connect with others (which I discussed yesterday — and because of that article, has now had the security concerns I raised addressed by requiring users to enter a unique password they receive by email).
How is the APA using the RFID chip in your badge and where is its use disclosed to attendees?
RFID tags are generally passive devices that allow a scanner within range of the tag to read the information embedded in it. RFID tags are typically used for tracking inventory, products and shipping containers, but have been slowly making their way into other uses — like tracking convention goers and meeting attendees.
How it works is simple. Each tag has a unique identifying number that a special device can read when in the vicinity of the RFID tag. That number is tied into the attendee database for the convention. Unless there are dozens of readers used throughout the convention center, the RFID isn’t generally used to “track” attendees. But it can be used to tell who passed an RFID reader — such as when they enter or leave the exhibit hall or other areas of interest to the convention organizer.
The privacy concern related to the use of an RFID tag is that there’s no notice or notification when someone reads your tag. While that’s fine for a product you’re tracking from manufacturing to the retail store, it has privacy implications when used for individuals.
“With RFID, privacy is really the key issue,” meetings industry tech consultant Corbin Ball, of Bellingham, Wash.-based Corbin Ball Associates told Meetings Focus magazine in a 2006 article. “People today are very sensitive to any notion that they’re being tracked, for any reason whatsoever. If you’re going to use RFID at a meeting, you need to let people know about it, and you need to give people some added conveniences in return for being tracked.”
So I went looking for information about this RFID tag on the APA website and in the registration and convention materials sent to me. I came up empty. I could find absolutely no information about the RFID tag being used with the name badge.
So I sent an email inquiry into the APA Convention and Public Affairs Offices, and received the following response.
“What I can tell you is the RFID will be used for APA to count the number of people who enter the exhibit hall each day,” noted Kim I. Mills, M.A., Associate Executive Director of the Public and Member Communications office at the APA. “We will not be tracking personal information. There will be no RFID readers at exhibit booths.”
Kim Mills did not respond to the specific questions about the use of the RFID tags this year at the convention, nor why members were not informed about their use. “RFID tags will only be used by APA to get an accurate count of people entering the exhibit hall,” she explained. “These are passive tags and only good for up to 6 feet from the reader. The benefit of the tag is to APA but there is no demographic data in the tag, only a unique number.”
I’m no privacy nut (although I do think that choices about our personal information and privacy should be left to individuals, not companies or organizations), but I am a transparency nut. I really don’t care what you do — just let me know you’re doing it and give me a reasonable rationale for your decision. Then give me a choice about how I can respond to your decisions regarding my privacy. So if you want me to give up a little bit of my privacy at a convention — ask me first. Then give me a choice if I want to opt-out of it.
If you don’t want your attendance in certain areas of the convention to be tracked — in any way, shape, manner or form — at this year’s APA, here’s a simple civil disobedience solution. The RFID tag is separate from your actual name badge. If one were so inclined, one could simply remove it before putting the name badge in its sleeve, and toss the RFID tag portion. There are no repercussions for doing so. The APA hopes you won’t do so (as it will affect their counts), but really… They should explain new technologies as they are implemented to the people most affected by the technologies — their own members.
This is an unfortunate oversight, but like the InPsych debacle I detailed in yesterday’s blog entry, an example of where APA member privacy is sometimes seemingly overlooked or forgotten.
I personally don’t think the APA’s use of the RFID tag is that big a deal — it appears more and more larger conventions are using them to track attendee numbers. But I do think it’s a big deal that the APA failed to inform its members about the use of this technology at the convention this year.
6 comments
A pair of scissors or a hammer will fix that problem for you. WIRED has a How To for this – http://www.wired.com/wired/archive/15.01/start.html?pg=9
As printed on the badge – yours shown in the picture – it apparently informed *you* that the technology was being used at the convention this year? It would have been nice if it came with a flyer – Scan your badge at station 321 for a free ice cream!
Probably time to assume that nearly every ID you get will have one? Your passport has one, as does your EZPass, your subway fare card. Even some credit cards have them.
Gee, whatever happened to sign-in sheets 🙂
Instant data-collection is important I assume. I can’t imagine why except that they will get attendance results sooner.
*sigh* We are all in such a rush these days.
I’m all about transparency, but let’s not take this issue too far.
The APA software application issue you mentioned the other day was a good catch. This one, not so much.
So you have a RFID attached to you – big deal. Do you actually know what’s stored on it? From the looks of it, not much: “…there is no demographic data in the tag, only a unique number.â€
You are a number, one among 9,999 other numbers – each one indistinguishable from the next other than the addition or subtraction of another number. Basically, a fly on a map without any personality.
You even go on to report “…the RFID isn’t generally used to “track†attendees. But it can be used to tell who passed an RFID reader — such as when they enter or leave the exhibit hall or other areas of interest to the convention organizer.” They are counting beans. You are a bean. Everyone else is a bean. If being a bean bothers you are anyone else, then you and they have more issues at hand than an RFID.
Where’s the privacy concern? The fact that you may be counted on a tally sheet somewhere? They can do that without RFIDs – it’s easier and faster to use RFIDs than hire someone to stand in the corner somewhere and count how many people go in and out of exhibits. So where’s the difference?
Privacy advocates pick fights over meaningful and significant privacy concerns. Privacy nuts cry afoul over privacy concerns when there is no privacy concern in the first place. No personal identification is stored on these things. No big deal.
The other half of your post focuses on wishing attendees would be notified. Of what? That they are going to be counted when they go in and out of exhibits. Again, this could be done without the RFIDs. In fact, it probably has been. You fill out evaluation forms at conferences don’t you? Guess what – you were tracked!
Then again, there is more privacy concern over your name badge than the RFID. I can get a whole lot of information on you just by obtaining your name, and without any special equipment, then what it appears that APA is doing with these tags.
Of course, as your picture at top illustrates, if you don’t like it, just separate the RFID from your badge. Dump it into the garbage. Let them believe you are spending your entire day in a trash can. I highly doubt the RFID police are going to come looking for you and throw you into a virtual jail cell.
Thanks for the heads up for next year. As a grad student in the field, I will be opting out of the system…with a hammer, or with a minute or two in the nearest microwave oven.
This is now on APA’s website:
“Convention badge information
A small silicon microchip (RFID tag) is embedded in the name badge. These RFID tags are passive tags and only can function when within eight feet of the electronic sensor (the reader). APA is using RFID to track traffic flow through the exhibit area and calculate the average amount of time spent inside the exhibit area. The exhibit hall data will be in aggregate form only and not identified with any individual attendee. This information provides useful data for future planning and accurate daily traffic figures for our exhibitors. In a separate function, the RFID tags will replace the “swipe in—swipe out†CE attendance verification system. Instead, individual rooms where CE sessions are held will be wired to track individuals planning to claim CE credit by attending CE sessions during convention. In this case, the RFID tags do track individuals while attending CE sessions. CE credit can then be claimed at any of the CE kiosks in the registration area.”
Evidently, you can’t get CE credit without the RFID chips.
I assume that, as in Europe, the badges at last year’s convention had barcodes on them and those barcodes were scanned at the entrances to the exhibit halls etc. The RFID tags are merely an electronic form of barcode. Is it necessary for an organiser to tell attendees that their presence will be recorded by scanning the barcode on their badges?
Comments are closed.