Radio Frequency Identification in Libraries: Technical and Security Aspects

Introduction

Radio Frequency Identification (henceforth RFID) is the application of a small tag into a product, animal, or person to identify or track them via radio waves (wikipedia, 2008). This small tag is a low-cost device that can hold a limited amount of dataolnar). RFID is a technology that has been used for the last 30 years. The initial use of the technology was in radio tracking of wild and agricultural animals and theft detection (Kern, 2004), however, in the last decade RFID has evolved into a technology of multiple uses, particularly in libraries (Kern, 2004). It was introduced to libraries in 1999 in Rockefeller University library in Michigan – North America ( Singh, Bara & Fong,2006,p.24). In the past, libraries have used a security technology to ensure that patrons did not try to remove books out of libraries before checkout (Muir, 2006), then RFID was recommended as a way to make self-serve processing of books and media (Singh et al.). Unlike the traditional bar-coding labels, RFID promises to provide a fast and reliable self-service system, where a patron may borrow books or items without physically opening the item to be borrowed. In addition, RFI would allow a person to return library items at any time of the day (Singh et al), thus it is time-saving and effective. Currently, an increasing number of libraries worldwide have implemented the RFD solutions or are willing to try them to replace the existing barcode system (Muir, 2006). It is estimated that there are 35 million library items tagged with RFI worldwide (Singh et al). Libraries have decided to employ the RFID system due to its many advantages, such as “the reduction of queues at front desks, lowering the cost of manipulating and managing collections and raising the efficiency of inventory and arrangements” (Yu, 2006, p. 60). While many indicate that RFID is a must-have technology in libraries, there have been concerns about the privacy and security of item-level tagging (Monar and Wagner). Evidence shows that RFIDs generate numerous opportunities for privacy invasion both inside and outside the library (Muir, 2006), thus it is recommended that librarians need to take extra measures to protect patrons’ privacy (Muir, 2006).

Literature Review

Molnar (2004) notes that many libraries are starting to tag every item in their collections with radio frequency identification (RFID) tags and this has raised privacy concerns for patrons and customers who borrow the books. Many libraries such as the University of Nevada, Santa Clara City Library, and others have placed RFID tags on books CDs, tapes, magazines, and other items that are borrowed. This process gives the ability for librarians to keep track of the reading habits of the borrowers and raises the possibility of surveillance. The author conducted a survey and study in two large libraries to understand what impacts the RFID tags have on privacy risks for users. The authors report that there are serious vulnerabilities that can compromise the privacy of customers. There are no access control mechanisms and this allows tracking of people and books they carry. RFID tags have a collision-avoidance protocol and this protocol does not conceal the tag identity. Key management practices are poor and this threatens tag security. In general, the author concludes that the RFID systems deployed in libraries do not protect the privacy of customers and vulnerabilities are present at all layers of the system. The authors identify private authentication as one of the key technical challenges in this area. Tags should reveal their identity to authorized RFID readers or those owned by the library), so that the library can track books as they are checked in and out. However, for privacy, the tag must not disclose its identity until the reader has been authenticated; thus, the reader must authenticate itself to the tag before doing anything else. Current library RFID tags do not prevent unauthorized reading of tag data. Therefore, information such as title, author, shelf location, patron information, or last check-in/checkout time should in no circumstance be stored on library RFID tags. At the same time, both tracking and hot listing are possible whenever a static identifier is used. Therefore, if a static identifier is in place on the RFID tag, it is imperative to prevent unauthorized tag reads. Static identifiers may include collision IDs that are not protected by access control mechanisms intended to protect tag data. To avoid tracking tags by collision ID, some mechanism for private collision avoidance must be used.

Yu (2005) speaks more about the use and advantage of using RFID tags in libraries. According to the author, barcodes, book cards, and magnetic strips can all be integrated into one RFID tag. This type of RFID tag provides memory to record information and supply the system. The memory not only stores bibliographic records and circulation status, but the system also traces the location of the specific collection material. Depending on this service, the system can offer assistance in tracing services when looking for a particular material in libraries. RFID systems provide efficient operation processing. Librarians do not need to scan

barcodes one by one. Patrons can simultaneously process check-in/out, verification, and entrance guard control with RFID reader equipment. Videotapes and diskettes are unable to use magnetic strips to enforce entrance guard because demagnetization will destroy the data on the material. Because RFID tags do not use demagnetization to modify data, they can use tags to manage magnetic materials the same as the books. Library cards will include RFID tags. Readers will detect and fetch information from library cards when patrons enter a library, and it will be transmitted to a backend system process. After that, the front desk shows loans, overdue, reserves, and another circulation status on the monitor about this patron. Librarians depend on these

messages to provide service. There are several advantages to inventory management. According to the author, batch processing can also apply to libraries to perform inventory or shelf reading. Take hand-held readers to sweep shelves, for instance – readers can immediately detect all of the collection within this range, including abnormal situations such as books put on the wrong shelf. To conclude from the above discussion, libraries can use RFID to replace barcodes and obtain several advantages. They can reduce queues at the front desk; decrease repeatable tasks; increase interaction with patrons; extend internal security; lower the cost of manipulating and managing collections; procure collections, check and accept automation; and raise the efficiency of inventory and arrangement. There are some barriers and these include interference from the metal surface, effects of fog and distance between reader and tag, and other factors such as cost, access rate, privacy, security, and patent.

Kern (2004) reports that RFID systems in libraries play a significant role. They are used for self-checkout, anti-theft control, inventory control, and for sorting and conveying library books and AV materials. These applications can lead to significant savings in labor costs, enhance customer service, and lower book theft, and can provide a constant record update of media collections. New non-proprietary systems can be used for libraries today since the new generation of RFID chips with the ISO standard 15693 is available. With this technology, libraries are not dependent on one company for their lifeline. A library RFID system can keep track of patron history, the life cycle of a book, and hence, enables the librarian to keep better inventory and keep better security control of his/her library, which corresponds to the view of a librarian. The author mentions the number of advantages of using RFID systems and they is: reduced lines at the check out counter; less repetitive work and repetitive stress injuries for personnel and an increase in interaction with the patrons; the use of an RFID system increases the security function in a library; reduced material costs and handling and only one label is required instead of two or three; regular inventory control and update of the database is possible; automation of sorting and conveying functions; and the easy search for misplaced books. Speaking of costs, the author comments that it is difficult to get representative pricing structures, as the requirements vary significantly between the libraries. But estimation is possible, considering that the price for a label is $0.55 at 100,000 pieces plus the additional equipment cost, a library of this size would have to invest about $150,000 in total. However, it is possible to start with a small budget like tagging the books only and doing the stack reading at the counter, and add the further components at a later stage. Some libraries may find it difficult to invest such a large sum in tags and would prefer to buy books instead.

Muir (2004) speaks of the rising privacy concerns that Librarians face when RFID tags are used. The increased use of radio frequency identification tags worries many people because they allow inconspicuous scanning of any items a person has with these tags, including their library books. The question of privacy as it relates to the books a library patron may check out and who can monitor that information once they leave the library. It also leads to the possibility that some store or organization might scan you for all the purchases you are carrying with you to further understand your buying habits.

Conclusion

There are some counter-arguments such as libraries use passive tags they are less likely to be read; tags used in libraries have a very short read range; the data stored on the library RFID tag does not reveal any important information, and the real threat comes from vulnerabilities in the library’s database. According to the Electronic Frontier Foundation, many data aggregator companies are intensely interested in every aspect of our lives from what we purchase, to our health care, to our television and entertainment habits to the books we read. There are some stringent privacy protection acts but they have not been enforced on libraries. RFID is a wireless technology and is therefore subject to third-party interception unless the signal is secured. Only a very restricted amount of security can be incorporated on today’s library RFID tags due to the limited amount of data they can hold and no library tags today employ password or read access control. However, the threat of privacy concerns due to RFID use is real and needs to be handled.

References

1. Kern Christian. 2004. Radio-frequency identification for security and media circulation in libraries. The Electronic Library, 22(4), pp. 317-324.
2. Molnar David, & Wagner David. 2004. Privacy and Security in Library RFID Issues, Practices, and Architectures. Computer and communication security, pp. 210-230.
3. Muir Scott. 2007. RFID security concerns. Library Hi Tech, 25(1), pp. 95-107.
4. Yu Shien-Chiang. 2006. RFID implementation and benefits in libraries. The Electronic Library, 25(1), pp. 54-64.