Information Technology/Retail Crime

§ Mr. Tom Watson (West Bromwich, East) (Lab)

My heart went out to my hon. Friend the Member for Greenock and Inverclyde (David Cairns) this afternoon when 600 hon. Members filled the Chamber for his ten-minute Bill. I can hear the sound of 600 hon. Members scurrying away from my Adjournment debate. Nevertheless, I am pleased to have secured a debate on IT and retail crime.

I want to make several points that are of growing concern to many thousands of people outside the House. The Government and our party are currently engaged in a big conversation, and I have been holding a big conversation on my weblog—www.tomwatson.co.uk. The issues raised in that online conversation are different from those that arise in our constituency surgeries and public meetings. Webloggers around the world have raised a specific point about the new wireless technology, which is known as radio frequency identification—RFID.

I want to begin by thanking several weblogs for alerting me to RFID technology and its uses in Britain and abroad, notably, reeengage.co.uk, notags.co.uk and CASPIAN—Consumers Against Supermarket Privacy Invasion and Numbering. The latter is an American pressure group that advises groups in the United Kingdom.

Radio frequency identification tags are tiny microchips, little bigger than a grain of sand, which can contain information from the price of goods in a shop to a person's entire medical records. They have been proclaimed as the global successor to the 30-year-old barcode, but they are much more sophisticated. They can not only store much more data, such as a product's expiry date, colour, packaging, origin and destination, but transmit it through the airwaves. Crucial to their operation is a microscopic antenna, invisible to the naked eye, which allows the chip to be read by a scanning device.

A barcode label can be read only with the customer's knowledge and co-operation, but with a scanner next to the product, active RFID tags can be scanned remotely, without the customer knowing. Most scanners are currently in the range of around 5 ft to 20 ft, but more powerful devices, which can read smart tags at a wider range, already exist and could conceivably become more commonly used.

Although the technology has existed since the 1960s, its use has become more widespread only through recent advances. As the technology gets smaller and smaller and cheaper and cheaper, it is increasingly used under our noses, with most UK citizens completely oblivious to it. It is not surprising that the tags have become known in some circles as Big Brother-style "spy chips."

Supermarket chains are already testing the extent to which British consumers are willing to accept those discreet invasions of our privacy. Stores, including Marks and Spencer and Tesco, have been using them in their warehouses to keep track of stock for some time. 285 However, last summer, the tags strayed outside the storeroom and were tested for the first time on the shop floor. Tesco and Gillette created a so-called smart shelf to house their razor blades—one of the most commonly shoplifted items. In Tesco's Cambridge store each packet of blades bore an RFID tag, and the shelf contained a tag reader and a small CCTV camera. Every time someone picked up a packet from the shelf the tag triggered the camera, which took a picture. Photographs were also taken when the blades were taken to the till. By combining the information, Tesco could, in a small number of cases, pass to the police photographs of shoplifters and other criminals—people who had taken the razor blades from the shelf, but had not been to the till to pay for them.

Perhaps understandably, there was a significant consumer outcry once people began to realise just what was happening in the store where the trials were taking place. Protests outside ultimately led to the suspension of the Tesco tests. However, British retailers continue to test the technology, although for the moment closed-circuit television cameras are not being tested after the initial test. Only yesterday, Philips and IBM announced a deal for joint development of RFID technology for shops, with Philips manufacturing the chips and IBM developing the computer systems.

§ Mark Tami (Alyn and Deeside) (Lab)

Many of these developments, like CCTV. can be very positive in picking up crime. Does my hon. Friend know whether any of the companies making the devices or any of the shops using them have had any discussions with Government to establish how they could be introduced in a way that would not infringe on civil liberties, and would have a positive effect rather than amounting to a snoopers' charter?

§ Mr. Watson

They have discussions with the Government, and I am sure that the Minister will answer my hon. Friend's question more fully. What I am trying to do is sound a note of caution, and perhaps persuade the industry, along with consumers and Government, to examine the issue more closely.

Earlier this month, Tesco announced that it was forming a European working group with Intel, Carrefour and the Metro Group to accelerate the adoption of this technology. Last year, Safeway ran an RFID pilot with Unilever involving 40,000 cases of deodorant, which were tracked from the factory and through the shelves of three of its stores. Safeway's own chief information officer, Mr. Ric Francis, has been so impressed with the trials that he believes RFID is key to the future of the retail sector, especially as costs continue to fall. In an interview with the website silicon.com only last week, he said: If these things end up being a penny a go, which I'm sure they will be at some point in time, then that will be a route to implement in a ubiquitous nature. The tags could be used on billions if not trillions of items, tracking them from manufacturer to warehouse to retailer to customer, into the home and into the dustbin.

To his credit, however, Mr. Francis also recognised that people's worries and unease about their use must be addressed and common standards must be introduced 286 before RFID tests can or indeed should be permitted to become as widespread as the barcode. That brings me to some specific concerns.

Like so much modern technology, RFID has the potential to be exploited in both a positive and a negative way. It can indeed be a force for good, helping stock control, tracking supplies, even tracing animals on a farm. It can help to clamp down on shoplifting and retail crime. The industry is right to want to do that: after all, the cost of retail crime to businesses, and ultimately to consumers, is—according to a recent British Retail Consortium report—some £2.25 billion a year. It is also increasingly linked to violence against shop staff, an issue that the Union of Shop, Distributive and Allied Workers and I have raised a number of times. Indeed, I have raised it in the House.

The Home Office has invested £5.5 million in pilot projects in the "chipping of goods" initiative as part of the Government's continuing efforts to combat property crime. Can the Minister tell me what other initiatives involving this technology are being undertaken or planned by the Government in partnership with industry? I should be very interested in the outcomes of such trials. Perhaps the Minister will be able to give the House some early feedback on their effectiveness. However, the technology can just as easily be exploited to track our purchases and, in the worst case scenario, our every move, in a way that was previously the preserve of science fiction and Hollywood movies such as "Enemy of the State". As Kevin Ashton, a former executive director of the Auto-ID Center who was involved in the development of the technology, has said: One day, and not this decade, it's not impossible that everything in the global supply chain, almost every manufactured object, could contain a tiny wireless computer. So the computers that we use to manage this supply chain will know where everything is, all the time. The risk is that with billions of active tags on every conceivable item and hundreds of thousands of scanners, a permanent surveillance will be established. Katherine Albrecht, the founder of CASPIAN, told The Guardian this weekend: Fast-forward 10 years and a person could be going into a store, or even a government building or bank, and scanners could pick up the Electronic Product Code of everything in that person's purse. It's like an automatic profiling—an electronic frisk without even being aware of it. Customers must therefore be made fully aware of the use of RFID and retailers must be completely open and transparent about what they are doing and what any information they collect will be used for, especially if the tags are used in conjunction with CCTV cameras or other surveillance devices. There should be no hidden tags and no hidden readers. We must not allow the technology to be used without any regulation. Before we know it, RFID could become ubiquitous in the retail sector—and not only to prevent theft.

Without guidelines, the potential for retailers to use RFID to monitor closely who purchases what, why, where and when is very real. Not only our buying habits but our browsing behaviour could be monitored. In the British Retail Consortium's November 2003 newsletter, Ruth Carpenter noted: 287 While the retail world currently uses source tags mainly for inventory help and crime prevention, the move into marketing is a logical progression. It is also a dangerous progression. My shopping habits could be analysed by marketing departments. For example, I might pick up product A or B before choosing product C. Should supermarkets be allowed to collect such data? Linking together different databases or combining information with credit cards and store cards that also contain tags would be a huge invasion of customers' privacy, which British consumers simply will not tolerate.

Liberty has warned that RFID could allow retailers to build ever more personal and more sophisticated profiles of their customers for specific, targeted marketing campaigns. I do not always see eye to eye with that organisation, but on this occasion it has rightly kept a close watch on developments with a new unit to monitor the use of the technology in supermarkets and big chain stores.

Can the Minister give assurances that the data protection legislation can provide adequate safeguards? If not, what new legislation is needed? What steps has the Information Commissioner taken to ensure that existing laws have not already been broken?

Major concerns also arise about whether and how tags are deactivated at the point of sale. There are currently no guarantees to ensure that the tags will be removed or switched off when customers leave the shop or that they will not be tracked. Tesco have used RFID tags on DVDs at its Sandhurst store in Berkshire, but the tags were not deactivated when the customer paid at the checkout. As "Channel 4 News" demonstrated last year in a report entitled "Chips with Everything", the tags could still be read remotely.

Even if retailers have a policy of always deactivating the tags, which at present does not appear to be the case, that needs to be followed through by staff in every instance. Many people have had the embarrassment of setting off an alarm in a library or a shop after they have borrowed books or purchased goods, because busy staff had not successfully switched off security tags attached to them. With RFID tags, which are not intended to trigger loud alarms and cannot necessarily be seen by the naked eye, it would be even easier for staff to forget to deactivate them. However, the consequences could be more serious than a few seconds of red faces and beeping alarms.

The tags could be active forever and people would leave an electronic trail wherever they went. That is particularly worrying in the case of clothing, which could be tagged without people's knowledge. Marks and Spencer has been keen to trial the technology on the clothes in some of its UK stores and Benetton floated the idea of embedding tags inside the clothes themselves, only abandoning the plan after a public backlash.

Tags in credit cards, cheque books and even bank notes have also been proposed. They could prevent counterfeiting and forgery, but they also present further opportunities for the tracking of what we spend and where we spend it.

Will my hon. Friend the Minister therefore consider a code of conduct and common standards for the industry, to prevent the information collected from being abused? Strict guidelines are needed to reassure 288 people that RFID cannot be misused and to protect people's privacy and rights. If the industry cannot police itself, it is up to the Government and my hon. Friend's colleagues in other Departments to lay down the law. Does the Home Office, for example, have a view on the relative benefits and dangers of using RFID technology in banknotes and credit cards?

In the absence of any enthusiasm on the part of retailers for informing customers about their increasing use of RFID, could the Government insist that where RFID is used in consumer goods, it must be done in a clear and open manner, with appropriate labelling?

Regulations on the use of RFID technology would go some way to addressing people's fears. However, more work also needs to be done to prevent the data falling into the hands of hackers and to protect tags from being intercepted over the airwaves and read by eavesdroppers. Clearly, wherever this technology is used, adequate safeguards and data encryption must be put in place.

RFID is not the only technological advance that is being used to combat retail crime. Birmingham's 800-strong retail crime reduction partnership, for example, makes use of a shared database of digital photographs. Once an offender has been banned from one shop, he or she can be banned from every store in the scheme. The Birmingham retail crime operation has helped to reduce crime in the city centre, and is helping to make the new Bull Ring a safe place for people in the Midlands to work and shop.

For the first time ever, thanks to state-of-the-art technology, retailers, pubs and clubs, the business community, car park attendants, street wardens, the police and British Waterways patrols right across the city will all be working on the same radio network for the purpose of crime prevention, and will have the ability to communicate with each other at the press of a button.

The so-called AB trunked radio system also allows its users to make group calls or one-to-one calls to individual users. Using the radios to warn each other of known thieves who are approaching, retailers have been able to save thousands of pounds every year.

A sophisticated computer database that is being used in as many as 250 town centres—the business intelligence crime system, or BICS—collects, disseminates and uses intelligence about retail crime in a new way to allow crime analysis by type of store attacked, type of merchandise stolen and its value, particulars of the offender's modus operandi and other factors. Police or CCTV photographs are also circulated along with any previous retail crime history.

The key difference between systems like those and RFID technology is that, although they can both help tackle retail crime, the latter is more discreet and can be misused by big businesses to get information about shoppers, rather than just shoplifters. So regulation and common standards are required. RFID should be used to target criminals, not customers.

I am grateful to have had this opportunity to raise the use of RFID technology in the House for what I believe is the first time. I hope that this will in some way help to open up a wider debate in the country, and indeed in Parliament.

289 New technology has always presented us with both challenges and opportunities in tackling crime, and RFID is no exception. However, if we do not stay ahead of the game and regulate its use, we could find that the negatives soon outweigh the positive benefits.

Public confidence in the use of RFID for entirely honourable reasons could easily be shattered—and nobody will benefit from that. By the end of the decade RFID could become a multi-billion-pound industry, as much a part of everyday life as the internet or mobile phones have become over the last 10 years: unavoidable, wherever we go, whatever we do.

The House has an opportunity to take an early lead, before it is too late, by taking firm action against the dangers and invasions of privacy that RFID can lead to, while harnessing the technology for the fight against retail crime and for the wider public good.

§ The Minister for Energy, E-Commerce and Postal Services (Mr. Stephen Timms)

I congratulate my hon. Friend the Member for West Bromwich, East (Mr. Watson) on securing the debate and introducing this important subject. I pay tribute to him for engaging a large part of the technology community worldwide with the business of the House through his remarkable and widely renowned weblog.

My hon. Friend rightly referred to the scale of retail crime—over £2 billion in 2002. The British Retail Consortium annual retail crime survey, to which he referred, tells us that some 300,000 customer thefts accounted for 44 per cent. of that, staff theft accounted for 37 per cent., and a variety of kinds of fraud accounted for the balance.

The subject that my hon. Friend has raised is important, and we are working closely with the retail sector and others to tackle it. I want to take the limited time that I have to highlight some of the activities that we have in hand in this area.

The business-led retail strategy group announced by my right hon. Friend the Secretary of State at the British Retail Consortium in October 2002 has identified crime as one of the five key issues for the sector and recognised the role that technology can play in reducing it. There is a host of local and national initiatives. My Department is responsible for the management of information— MI—and next wave programmes. The Home Office has led a number of programmes, including the highly successful chipping of goods programme, which my hon. Friend mentioned.

The MI programme was established in 1998 in response to the Foresight-initiated fraud liaison awareness and research exploration project, which showed a strong interest in combating retail fraud in a collaborative way. That project has a budget of £7.8 million from public sources, including the Department of Trade and Industry, the Home Office and others, matched with equal funding from the private sector. There have been three calls for proposals under that programme and a total of 15 projects. It addresses fraud prevention, privacy and security, principally in the retail sector, using a variety of technologies. One project, 290 which my hon. Friend mentioned, the business information crime system, has attracted particular attention and is being evaluated.

The Home Office launched the chipping of goods initiative in March 2000 to show how property crime could be reduced throughout the retail supply chain using the radio frequency identification technology that my hon. Friend has spoken about. A range of stakeholders are involved in that initiative. As he said, £5.5 million of Government funding has been more than matched by investment from other partners to establish eight world-class demonstrator projects, showing the effectiveness of chipping in combating crime. It is widely expected that that technology can help in assessing whether goods have been stolen, providing proof of ownership of goods and providing an audit trail to show where goods have been and who was involved in handling them during their life cycle.

In technological terms, the initiative has been a resounding success. Given a little more time, I could tell my hon. Friend about a number of projects that have been taken forward under that initiative, including several that he mentioned, such as that advanced jointly by Unilever and Safeway. The British Marine Federation has worked on a boat identity scheme based on RFID. TRI-MEX International is working with Nokia and DHL to combat mobile phone theft. Argos is working in conjunction with Integrated Product Intelligence on a system to track and trace jewellery. Woolworth's, EMI Distribution, Dell Computers and others have been involved. That initiative is now closed, but the Home Office and DTI are working to ensure that the best practice that has been identified is made available to the wider retail and supply community through business support networks.

The next wave programme is a DTI initiative that seeks to advance pervasive computing—an environment in which billions of programmable or pre-programmed devices are around us in a networked environment. The areas potentially affected are vast, and clearly the monitoring and tracking of assets, RFID and other services in the retail and transport sectors could be a very important part of that programme. Activities are organised into virtual centres, one of which caters for information on the move and is hosted by IPI Ltd. "Project Inform" within it is based on an intelligent shelf—my hon. Friend mentioned Tesco tagging razors, but this is a slightly different initiative involving DVDs. "Project Fabric" within the programme has been testing the feasibility of individual garments being equipped with a unique electronic identity.

The Massachusetts Institute of Technology Auto-ID centre has prompted much speculation about where "the internet of things" is taking us. It envisages a world in which all products carry an RFID tag, uniquely identifying the item. The tags will contain an electronic pointer to a server where data on the item and its history captured during its manufacture and distribution can be accessed. Immediate information of any item's location and condition would be useful to businesses in supply chains and retail, but that raises the question whether tags should remain active outside the supply chain.

In theory, it would be possible for a suitably equipped individual or agency to identify any item anywhere on the planet, which raises a host of privacy issues. It is 291 worth making the point, however, that read ranges are limited to a few metres and even in the light of possible future enhancements, there are some tight restrictions.

We are probably at least two decades away from anything resembling that "internet of things". Current technology cannot do it: it does not have the necessary network coverage or the capacity, and we do not have the capacity to process the information that might arise from it. RFID tags are falling in price to the extent that item-level tagging is becoming a possibility, but it would have to be an order of magnitude cheaper to make a convincing business case. A tag costing a penny, which has not yet been achieved, on a DVD worth £10 makes some sense, but not on a can of beans costing 30p.

Some have argued that there may never be a business case for using electronic product code technology on commoditised retail items, but EPC is being developed into a standard and is the basis for systems being specified by the US Department of Defence, WalMart and Tesco. It continues to raise questions and to fuel speculation. What the recent speculation has done is to identify the perceived risks to civil liberties from wider use of RFID, particularly relating to intrusive selling techniques and privacy issues.

Those issues are under discussion between the Department of Trade and Industry, the Home Office, the Department for Constitutional Affairs, and various industry forums. The National Consumer Council is hosting a forum on the use of RFID technology in February. My Department will be represented, as it is important for us to understand and address the perceived risks if business is to benefit from the improved productivity and supply chain efficiency potentially available and, indeed, the reduced levels of crime.

Best practice examples are already emerging in the introduction of new technologies. Marks and Spencer, to which my hon. Friend referred, went to great lengths to explain to staff and customers what the trial of RFID tags on garments was about. All the tags were clearly identified and removed at the point of sale. Where the tag was attached to a wrapped item, customers were offered an alternative bag before leaving the premises. The tags could be read only with a Marks and Spencer reader.

292 Marks and Spencer also met with Consumers against Supermarket Privacy Invasion—the pressure group that my hon. Friend mentioned—to explain what it was doing. CASPIAN remains fundamentally opposed to the technology, but I understand that it was satisfied at least with Marks and Spencer's intentions on the initiative. The M&S approach worked well in comparison with the experience of other retailers such as WalMart, Proctor and Gamble, Prada and Benetton, where less well-communicated objectives resulted in lost customer confidence and, in some cases, protests.

No one, least of all in retailing, wants negative responses from customers. That affords some confidence that retailers will not want to risk giving rise to the sort of fears that my hon. Friend mentioned. There has been one protest here, against the "Inform" project at Tesco. It was attended by four people—three adults and a child—suggesting that the great majority of customers recognise that the technology is being used to improve stock management rather than something more nefarious

. Some individuals object to the wider use of IT in principle. More constructively, Liberty is intelligently articulating the civil rights issues and is already airing them in industry forums and with the Government. I welcome such intervention, as we all need to address the concerns, as we have done with other technologies. Not to do so would deprive businesses of the means significantly to improve efficiency for themselves, improve choice and availability for customers and reduce crime and the opportunity for crime.

We will continue to foster links between retailers, technology providers and the science base. The UK has strengths in technology and it is no coincidence that the intellectual property from MIT's Auto-ID centre has been assigned to the UK-based e-centre for commercialisation. We will continue to support the development of innovative technologies that address crime, reduce the threat of crime and promote competitiveness and productivity. We will also help cultivate and capture best practice and ensure that it is widely disseminated. That will benefit both business and citizens, and position the UK favourably—