Ed Felten had a nice post talking about the inherent design decisions in toll booth transponders (e.g. EZPass) and what they mean for functionality v. privacy. I was intrigued in the application by Texas A & M where they used it to calculate traffic flow on specific highways.
Since toll transponders area form of RFID (active tags), this post also applies to the flow of RFID-tagged goods through the retail, pharmaceutical and DoD supply chains. While we are only on the front end of this, there is lots of focus on the privacy implications. One shared, but non-obvious characteristic comes from the core desire of these systems to work across organizations. In the case of toll transponders it’s across state toll system and in the case of the others its across organizations in the supply chain. The supply chain case also has the additional constraint of wanting to be consistent with existing public numbering schemes such as the UPC bar code. As a result I can identify Charmin 12-packs from the RFID without relying on any insider information.
So which of Felten’s cases is the supply chain? It’s really a fourth case: third parties can recognize something as the same thing, and, assuming it adhered to the standards, can gain partial knowledge as to what it is.