Jim Harper of Privicilla.org has written a paper outlining why many privacy concerns over RFID are overblown. The paper is a 12-page PDF published for the Competitive Enterprise Institute.

Yet, the paper seems to be a case of the pendulum swinging too far in the opposite direction of the privacy debate.

The paper tries to make the point that the U.S. does not need any RFID privacy legislation because a number of existing conditions and factors will limit RFID privacy abuses, including:

• economic realities will curb companies' overuse of RFID to collect consumer data -- in other words, financially it just doesn't make business sense to use RFID in some of the abusive ways that privacy advocates have imagined;
• consumer preferences will shape the evolution of the technology in ways that are not harmful to consumers;
• existing privacy laws and legal remedies, and counter-technology such as RFID blockers, will be sufficient protection without enacting any new legislation.

I commented once before on a much shorter piece written by this author, pointing out three shortcomings in his arguments. This paper has much more detail and makes a better case than the shorter article, yet it is still unconvincing in many aspects.

The business community runs the risk that one side or another in the privacy debate will swing the pendulum too far in either direction. Either the privacy advocates will blow the privacy debate out of proportion with far-fetched fears that are never likely to come to pass. Or, legitimate concerns will be swept under the rug and ignored, leading to the possibility of consumer backlash.

Instead of sweeping privacy concerns under the rug, business is far better served by being open to listening to consumer concerns, and addressing them head-on.

I am a strong supporter of RFID, but this privacy issue needs to brought into the light of day, and patiently and logically addressed, not ignored.

Hat tip to Declan McCullagh's Politech site for the link to the PDF.