RFID Industry Confidential Memos

An anonymous reader writes "Cryptome has learned www.autoidcenter.org (RFID flak) has made internal memos available for perusal at their site. Those RFID people sure have some interesting plans for the future. Who needs conspiracy theories, when you can hear it from the horses mouth? Weeeeee!"

So when you walk into a store...

[hashish (62254)]

Will the clerk know what you aready are wearing down to your jocks size. I can see lots of good things with these tags but I can see lots of missuses too.

I wonder if govts will legislate to make it possible for us to op-out with these tags? Some tags maybe built into the products that it would be impossible for us to remove them. I think we need protection too.

Re:So when you walk into a store...

[ArsonPanda (647069)]

Some tags maybe built into the products that it would be impossible for us to remove them

So just dont buy anything you're not willing to throw in the microwave for 10 seconds.

Re:So when you walk into a store...

[agentZ (210674)]

Which creates an interesting problem when buying a tin-foil hat, I suppose.

Re:So when you walk into a store...

[mrmez (585359)]

Oh, man, what are you thinking?!?!?! Never purchase a tin-foil hat! It could secretly be rigged with a mind-control device or fake foil which transfers the rays unfettered! You can't trust a tin-foil hat unless you've assembled it yourself. It's best if you can mine and smelt the ore and roll the foil yourself. Remember, you need to get it thin enough that it won't develop metal fatigue and crack along the bends - otherwise the microwaves and mind-control rays can seep in. ***grumble*** store-bought tin-foil hats... what next?

Re:So when you walk into a store...

[pyrote (151588)]

So just dont buy anything you're not willing to throw in the microwave for 10 seconds.
that rules out pet shops...

'sorry timmy, poor lassie didn't make it through the deactivation procedure'

Re:So when you walk into a store...

[by Anonymous Coward]

It should be opt-in, not opt-out. Problem solved.

The problem with opt-in is that nobody would ever opt-in. Even if you don't they will just say you did. Take all the opt-in spam I get. I never opted in for penis enlargement e-mail yet it says I did. Who are they to believe? The spammer said I opted in so I must've right? Yes, yes, I know, that's the point. Nobody would opt-in so the thing dies, but tell that to businesses. That's why opt-in will never be accepted by THEM.

Re:So when you walk into a store...

[Nucleon500 (628631)]

Seems to me that it would be possible to make a 3rd-party RFID "bug scanner" for $20-40 that could scan for the devices, and optionally burn them out if found.

Such a device would be illegal under the DMCA. After all, a RFID tag is a technological measure that effectively controls access to a work, and burning them would be circumvention. Your "bug scanner" doesn't even have substantial non-infringing uses.

Fulltext of post

[by Anonymous Coward]

FOR IMMEDIATE RELEASE

July 7, 2003
RFID Site Security Gaffe Uncovered by Consumer Group

CASPIAN asks, "How can we trust these people with our personal data?"

CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) says anyone can download revealing documents labeled "confidential" from the home page of the MIT Auto-ID Center web site in two mouse clicks.

The Auto-ID Center is the organization entrusted with developing a global Internet infrastructure for radio frequency identification (RFID). Their plans are to tag all the objects manufactured on the planet with RFID chips and track them via the Internet.

Privacy advocates are alarmed about the Center's plans because RFID technology could enable businesses to collect an unprecedented amount of information about consumers' possessions and physical movements. They point out that consumers might not even know they're being surveilled since tiny RFID chips can be embedded in plastic, sewn into the seams of garments, or otherwise hidden.

"How can we trust these people with securing sensitive consumer information if they can't even secure their own web site?" asks CASPIAN Founder and Director Katherine Albrecht.

"It's ironic that the same people who assure us that our private data will be safe because 'Internet security is very good, and it offers a strong layer of protection'

http://cryptome.org/rfid/questions_answers.pdf

would provide such a compelling demonstration to the contrary," she added.

Among the "confidential" documents available on the web site are slide shows discussing the need to "pacify" citizens who might question the wisdom of the Center's stated goal to tag and track every item on the planet,

http://cryptome.org/rfid/communications.pdf

along with findings that 78% of surveyed consumers feel RFID is negative for privacy and 61% fear its health consequences.

http://cryptome.org/rfid/pk-fh.pdf

PR firm Fleischman-Hillard's confidential "Managing External Communications" suggests a variety of strategies to help the Auto-ID Center "drive adoption" and "neutralize opposition," including the possibility of renaming the tracking devices "green tags." It also lists by name several key lawmakers, privacy advocates, and others whom it hopes to "bring into the Center's 'inner circle'".

http://cryptome.org/rfid/external_comm.pdf

Despite the overwhelming evidence of negative consumer attitudes toward RFID technology revealed in its internal documents, the Auto-ID Center hopes that consumers will be "apathetic" and "resign themselves to the inevitability of it" instead of acting on their concerns.

http://cryptome.org/rfid/cam-autoid-eb002.pdf

Consumer citizens who are not feeling apathetic will be pleased to learn that the site provides names and contact information for the corporate executives who oversee the Center's efforts. Since the phone list isn't labeled "confidential," we're assuming that Auto-ID Center Board members are open to calls and mail that might help them better understand public opinion on this important subject.

Anyone interested in speaking with Dick Cantwell, the Gillette VP who heads the Center's Board of Overseers, for example, can find his direct office number listed on the Auto-ID Center's website here:

http://cryptome.org/rfid/226691160-list_board_of_o verseers.pdf

To experience the Auto-ID Center's security holes firsthand, simply visit the web site at http://www.autoidcenter.org and type "confidential" in the site search box. The Center encourages such site exploration: "Our website has Research Papers and other information that anyone can download for free. There is also a Sponsors Only area of the site, which includes information and materials not available to the public at large. We encourage you to visit our site frequently to stay up to date with the Center's many activities."

Hopefully, the psyche will be turned-around...

[Pig Hogger (10379)]

Hopefully, the collective mindset that makes americans fear their government will be turned-around, and they will realize that they have far more to fear from the croporations who rule than from their pet minion government...

And MAYBE they will take back democracy from those who have stolen it.

Re:Hopefully, the psyche will be turned-around...

[Arandir (19206)]

A corporation has no power but that which a government has given it.

This is not the fault of corporations, but of governments, which have decided to offer up portions of their power to the highest bidder. One way they have done this is to charter corporations. This allows the ownership of companies to be diluted to the point of meaninglessness, so that the owners' accountability for their companies' actions are zero.

p.s. This is not a US problem, but a world problem. The two richest women in the world are European heads of state with nationalized petroleum corporations.

Amish Folk == Textile Pirates! Run for the hills!

[Tackhead (54550)]

> I can hear Orrin Hatch now: "I really think that these textile pirates have to understand that RFID tags subsidize their clothing purchases. Disabling these tags should be punishable by death."

Well, the original article did say that...

78% of surveyed consumers feel RFID is negative for privacy and 61% fear its health consequences.

Now, I was just about to post something to the effect that while it may well be a privacy negative, anyone who thinks it's a health hazard has probably caught Alzheimers from the aluminum in their tinfoil hat. (Which would be pretty hard, considering the Aluminum-Alzheimer's link has been largely debunked, but never underestimate the power of the placebo effect on a dedicated conspiracy theorist!)

But reading your post... I just realized... who are the real clothing pirates? Who's the greatest threat to WalMart and Chinese Hegemony? Who's the biggest threat the CIAA (Cotton Industry Association of America, oh what an appropriate acronym!)

My God! The friggin' Amish! Of course! The Amish are engaged in the rampant PIRATING of TEXTILES, and they're doing it RIGHT UNDER OUR NOSES, RIGHT HERE IN AMERICA!

So yeah, if the research company did the polling in Pennsylvania, you can bet your ass that 61% would fear the health consequences of RFID tags. Hatch! Utah! Mormons! It's a MORMON CONSPIRACY to ERADICATE the AMISH! Gotta get the word out on Slashdot! Hey, check out that horse and buggy across the street, but that's weird, it's got two clean-shaven young drivers in white shirts, damn nice buggy, but the drivers sure don't look Ami{$4[[4][NO CARRIER

disabling?

[Azghoul (25786)]

Not really knowing all that much about the technology RFIDs use, this might be a stupid question (or I might be a stupid person :))...

Is it possible for end-users to easily disable an RFID? It seems to me some well-placed magnets, or hell, even the business end of a stable gun, should be able to knock out the RFID. How hard would it really be?

And yeah yeah, the evil government will make it illegal for us to do that. I'm honestly curious, not interested in conspiracy theory.

Microwave oven.

[molo (94384)]

Try a microwave oven. That will induce enough current in the device to melt/short its circuits.

Hopefully the thing the device is embedded in won't be harmed by the microwave.

Re:Microwave oven.

[Pompatus (642396)]

The problem with microwaving clothing would be the shorts I have on right now, for example. They have a metal zipper. We all know what happens to AOL cd's when microwaved (if you don't know, try it. 5 seconds does wonders).

Be careful what you nuke.

Re:Microwave oven.

[number11 (129686)]

The problem with microwaving clothing would be the shorts I have on right now, for example. They have a metal zipper.

WARNING: Do NOT microwave shorts before removing them from body. Side effects could include actually reading those spams that offer to help you grow larger body parts.

Re:Microwave oven.

[aethera (248722)]

Not only that, but you have to be aware that the device even exists, or plan on microwaving every single one of your purchases. The Caspian site shows RFID tags they have found embedded in the rubber soles of sneakers, in between layers of paperboard, you name it.

I view this technology much like the use of genetically modified foodstuffs, the technology itself has tremendous potential to make life better/easier, but I think that before we start intorducing these things to the market (a little late on the GM foods for that) we need a serious public awareness / education program. I simply don't trust corporations to use this sort of technology responsibly. Until there are serious and meaningful checks in place to prevent abuse, I strongly oppose the use of these technologies.

Are you kidding?

[aliens (90441)]

Disabling an RFID will be tantamount to tampering with a product in a way it was not meant to be. Whether using the DCMA or some future bill it will become illegal to disable the RFID. You think I'm kidding, but I would not be surprised at all to hear this in the future.

Maybe though, the courts will recognize how utterly detremental the DCMA (and the like) are to this free society. Yes we give up a certain amount of privacy living in a free society(apologies for the American-Centric) but this does not mean that corporations have the right to track us or our products.

Bite me to any business that thinks I'll buy RFID products, I'll make my clothes out of hemp and be the nut in uncomfortable clothes if I have to be.

Re:disabling?

[drayzel (626716)]

Disable?

Nah... too easy.

What I want to do is reprogram the suckers so when they scan my clothing I will be wearing a alarm clock on my head, have a 12 pack of Gillete Razors hidden in my shoes, answer to the name of Rover, have my shots for distemper, but due for a booster on rabies.

~Z

Re:disabling?

[by Anonymous Coward]

A typical cordless phone is about 1/2 watt.(500mW).
With your logic, a 2 watt cellphone would have a range of about 4 feet.

Just to put things into further perspective, radio enthusiasts have contests to see how far around the /WORLD/ they can communicate with only a watt or less of power to work with.

You've fallen victim to some of the strategies outlined in the articles this whole story is about. You've been pacified into believing radio waves are severely limited in range. And you believed it. Even going so far as to try to convince other people that a half watt of power is insignificant for distances greater than a meter, which is completely absurd.

You're repeating a meme. You have been "pacified" according to the gameplan set forth in the memos.

umm

[greg987123 (677841)]

"Who needs conspiracy theories, when you can hear it from the horses mouth?"
Well, I can't now, thanks to Slashdot. Good job Slashdot, covering up RFID tag conspiracies. :)

Exactly!

[Mr. Sketch (111112)]

Who needs conspiracy theories when we have conspiracy facts!

They forgot something

[gooberguy (453295)]

From communications.pdf:
- Identify potential consumer road blocks/fears.
- Construct a proactive framework to minimise negatives arising.
- Assess consumer reaction if press develop scare stories and develop best messages to pacify.

Sounds like they forgot one step: PROFIT!

Re:They forgot something

[Stiletto (12066)]

Assess consumer reaction if press develop scare stories and develop best messages to pacify.

This may have been modded "Funny" but it's actually quite informative. Of course us anti-corporatists have known this all along, but it's interesting to see these guys being so open and honest about their intent to "PACIFY" the "CONSUMERS". Look at any and all marketing today. It's all designed to pacify us in one way or another... to stun us, blind us, or numb our minds to what is really going on. The goal is to get us to be a bunch of nice passive cows, buying and believing everything we are fed.

When someone brings up a concern, or protests the action of a large corporation or government, the powers that be go into spin mode, "developing the best message to pacify" the people.

I'd love to see these Adolf Hitler try to run for president today. I imagine he'd hire these very same people to "construct a proactive framework to minimise negatives arising" and try to best pacify the pesky human rights folks...

Not so bad

[sweatyboatman (457800)]

Other than some lingo, these memos (judging by the highlites) don't seem particularly bad. People are afraid of the health risks of RFID tags? Well, people are stupid. They're bombarded by radio waves every second of every day.

Some people will happily ignore reasonable explanations and cling desperately to their paranoid delusion. These people cannot be convinced otherwise. Rather they need to be brain-washed to get that stupid idea out of their head.

The "green tag" idea sounds like genius.

But an RFID conspiracy seems a little far to jump. The technology is in its infancy. It's not in everything, the opposite is true. But rest assured that an RFID Tag Canceler is in the works to milk money from the privacy obsessed.

I may get one myself...

I wonder if there's a patent.

-tom

Yeah, like cigarettes...

[VValdo (10446)]

Some people will happily ignore reasonable explanations and cling desperately to their paranoid delusion. These people cannot be convinced otherwise. Rather they need to be brain-washed to get that stupid idea out of their head.

That's why I fully place my trust in governments and corporations to tell me what's healthy and what's not.

After all, everyone knows that smoking is good for you [worlded.org]. And there's no danger in mining uranium [canadiancontent.ca] or genetically modified food [purefood.org] or syphillis treatments [virginia.edu] or the drinking water [erinbrockovich.com], etc.

Yep, if a big organization says it's safe, that's good enough for me.

W

Re:Not so bad

[Farmer Jimbo (515393)]

I dont give a fuck about radio waves. I care about data being collected about me without my consent.

Grocery stores give dicounts for those willing to have there purchasing patterns tracked.

Re:Not so bad

[by Anonymous Coward]

But an RFID conspiracy seems a little far to jump.

According to their own memos, the RFID has learned people do not want RFID. And their plans are to bludgeon people into accepting them until they become to prevailant to resist.

In this task, they've assembled a long list of people, including government officials.

Also, they mention specifically the usefulness of leveraging apathetic people, such as yourself, in forwarding the acceptance tags. They know the kinds of personalities in this game, and have a strategy for each of them. Personalities like yours are a piece of cake. Some people are just born to wear the brown shirt.

Re:Not so bad

[Analysis Paralysis (175834)]

When trying to assess privacy threats, you need to not only consider current uses, but also future ones. Now - RFID tags are being promoted for supply chain management (as if stores do not already know what is going where) and much has been made of the limited (2 metre or so) range that a reader can pick them up at. So what could happen?

• A store installs RFID readers at all entrances/exits ("to detect and deter shoplifters") .
• This scheme is expanded to cover all branches of that chain ("if a shoplifter enters another of our branches, we'll get 'em!") - data is then used to track repeat visitors and note their spend per visit.
• Data is shared with other stores ("if anyone shoplifts, we'll all get 'em!") - data collected can then applied to calculate shoppers' movements. This can be linked with credit/store card information to tie movements to individuals - providing past shopping habits, a customer's complaints record (return too many items as faulty and you may no longer be served) and giving stores important information on how to increase impulse purchases.
• This data is then passed on to third party marketing firms to collate with other personal information. Your shopping movements are now sold with details of your credit history, employment record and medical information. "Shopaholics" can be identified and either have their credit cut or offered incentives to patronise particular stores (depending on who uses this information). Police are provided with access in order to "cut crime" but are also able to track people for other purposes (e.g. automatic parking fines - "Sorry ma'am, according to your RFID record you spent 40 minutes in the town centre while only paying for 30 minutes of parking").
• Crime prevention stepped up - RFID readers placed at strategic public locations (street corners, crossings) to allow for easier tracking of reported criminals. Activated tags included in Internet/mail order purchases in order to gain subsidies from third party marketeers who now have a substantial stake in "growing" the RFID database. Businesses pay for real-time access (funding the network's expansion) in order to be able to flash special offers to selected customers' mobile phones when they get close to a branch.
• Microsoft introduce an OS for RFID chips - mass chip failures and security breaches then cause the whole scheme to fall apart and RFID is abandoned as an ignominious failure (OK, I'm making this bit up).

Re:Not so bad

[homer_ca (144738)]

Yes, supply chain tracking would be the honest, non-intrusive way to use RFID tags. I have no problem tagging pallets or even tagging retail packages because the packaging gets thrown out. But why are they worried about privacy advocates and scare stories in the news if they're only tagging pallets. The only reason to tag the product and not the packaging is to track the consumer after the sale just like an animal on those nature shows.

Warm and toasty

[Y2K is bogus (7647)]

That's what my new cloths will be after I microwave them to ensure that no RFID devices remain functional.

Don't forget to put a cup of water in there too, to prevent mucking up the magnatron.

Mirror

[metatruk (315048)]

I was able to grab the html only. None of the PDFs or PPTs linked to it:
The mirror is here:
http://krypton.mnsu.edu/~workmj/cryptome.org/rfid- docs.htm [mnsu.edu]

More from the horse's mouth...wheeee

[GillBates0 (664202)]

"To experience the Auto-ID Center's security holes firsthand, simply visit the web site at http://www.autoidcenter.org and type "confidential" in the site search box. The Center encourages such site exploration.

Well I went a-exploring:
Search for "1.Earn Trust 2. Collect Info 3.??? 4. Profit"
1 to 5 of 100 results for: "1.Earn Trust 2. Collect Info 3.??? 4. Profit"

Search for "We think we absolutely rock"
1 to 5 of 92 results for: "We think we absolutely rock"

Search for "You can't trust us with your personal data"
1 to 5 of 100 results for: "You can't trust us with your personal data"

God this is awesome...

[VValdo (10446)]

For those of you who have trouble finding the info at cryptome...

To experience the Auto-ID Center's security holes firsthand, simply visit the web site at http://www.autoidcenter.org [autoidcenter.org] and type "confidential" in the site search box.

This actually works!

Color me convinced-- I sure can trust these masters of technology with embedding "green tags" in my clothing! I'm sure the info will never be abused or fall into the wrong hands...

W

Current contents don't show stupidity

[RDFozz (73761)]

When I searched (minutes ago), and skimmed through the first half of the results, none of the documents was still confidential (newest one to expire ran through May 2003).

Admittedly, I'm too lazy to explore further, but it certainly appears that, at present, the "confidential" documents to be found aren't considered confidential any more.

That said, as I noted, I got 59 results; does anyone who hit it earlier recall more?

You didn't look at the pages closely...

[Svartalf (2997)]

Nobody that's on about the "Confidential" pages apparently did.

From the website search engine:

"Summary: pml research update june 4, 2002 christian floerkemeier robin koh Confidential until september 2002. Confidential until September 2002 in re
"

(Bold emphasis mine...)

Notice that this sample says "Confidential until September 2002". Now, unless you know for a fact that they were available for reading prior to September of last year, then there's really no problem unless they're talking about some sort of big-brother-esque system.

Now, this isn't saying that they're not. But, as seeing that Cryptome's /.'ed off the face of the 'net right at the moment and I've yet to see much of any proof thereof, I'm going to err on the side of caution- partly because I know what the capabilities of the RFID systems are these days and there's not currently anything that could do what the alarmists keep saying is possible. Now, that doesn't mean that it couldn't happen- but it's not going to be an RF system at that point because the little tags don't have enough antenna, etc. to be able to radiate more than a few picowatts of power at any frequency that they've used to date (or in the future...).

Re:You didn't look at the pages closely...

[heli0 (659560)]

"I know what the capabilities of the RFID systems are these days and there's not currently anything that could do what the alarmists keep saying is possible"

According to this article [com.com] the 500million tags that Gillette purchased "Alien Technology says its RFID tags can be read up to 15 feet away". And that is with the LEGAL readers the store is using. How far away can they be read with my illegal jiggawatt reader and directional antenna? How long will it take people to decode the 64-bit codes to determine which bits are brand/model/size/etc. and read the codes from great distances?

They do not plan on disabling the tags when you leave the store either since one of Wal-Mart's listed benefits for RFID tags is "hassle-free returns".

How long until I can point a directional antenna at your home and fire up my jiggawatt reader to determine if you have anything worth taking?

Spoofing/Jamming?

[HermanAB (661181)]

How hard would it be to build a RFID spoofing tool that emits gazillions of random RFID numbers whenever it is polled?

Good RFID Article

[heli0 (659560)]

RFID Chips Are Here [securityfocus.com]

RFID chips are being embedded in everything from jeans to paper money, and your privacy is at stake.

By Scott Granneman Jun 26 2003 09:15AM PT

Bar codes are something most of us never think about. We go to the grocery store to buy dog food, the checkout person runs our selection over the scanner, there's an audible beep or boop, and then we're told how much money we owe. Bar codes in that sense are an invisible technology that we see all the time, but without thinking about what's in front of our eyes.

Bar codes have been with us so long, and they're so ubiquitous, that its hard to remember that they're a relatively new technology that took a while to catch on. The patent for bar codes was issued in 1952. It took twenty years before a standard for bar codes was approved, but they still didn't catch on. Ten years later, only 15,000 suppliers were using bar codes. That changed in 1984. By 1987 - only three years later! - 75,000 suppliers were using bar codes. That's one heck of a growth curve.

So what changed in 1984? Who, or what, caused the change?

Wal-Mart.

When Wal-Mart talks, suppliers listen. So when Wal-Mart said that it wanted to use bar codes as a better way to manage inventory, bar codes became de rigeur. If you didn't use bar codes, you lost Wal-Mart's business. That's a death knell for most of their suppliers.

The same thing is happening today. I'm here to tell you that the bar code's days are numbered. There's a new technology in town, one that at first blush might seem insignificant to security professionals, but it's a technology that is going to be a big part of our future. And how do I know this? Pin it on Wal-Mart again; they're the big push behind this new technology.
Right now, you can buy a hammer, a pair of jeans, or a razor blade with anonymity. With RFID tags, that may be a thing of the past.
So what is it? RFID tags.

RFID 101

Invented in 1969 and patented in 1973, but only now becoming commercially and technologically viable, RFID tags are essentially microchips, the tinier the better. Some are only 1/3 of a millimeter across. These chips act as transponders (transmitters/responders), always listening for a radio signal sent by transceivers, or RFID readers. When a transponder receives a certain radio query, it responds by transmitting its unique ID code, perhaps a 128-bit number, back to the transceiver. Most RFID tags don't have batteries (How could they? They're 1/3 of a millimeter!). Instead, they are powered by the radio signal that wakes them up and requests an answer.

Most of these "broadcasts" are designed to be read between a few inches and several feet away, depending on the size of the antenna and the power driving the RFID tags (some are in fact powered by batteries, but due to the increased size and cost, they are not as common as the passive, non-battery-powered models). However, it is possible to increase that distance if you build a more sensitive RFID receiver.

RFID chips cost up to 50 cents, but prices are dropping. Once they get to 5 cents each, it will be cost-efficient to put RFID tags in almost anything that costs more than a dollar.

Who's using RFID?

RFID is already in use all around us. Ever chipped your pet dog or cat with an ID tag? Or used an EZPass through a toll booth? Or paid for gas using ExxonMobils' SpeedPass? Then you've used RFID.

Some uses, especially those related to security, seem like a great idea. For instance, Delta is testing RFID on some flights, tagging 40,000 customer bags in order to reduce baggage loss and make it easier to route bags if customers change their flight plans.

Three seaport operators - who account for 70% of the world's port operations - agreed to deploy RFID tags to track the 17,000 containers that arrive each day at US ports. Currently, less than 2% are inspected. RFID tags will be used to track the cont

Let 'em know how you feel

[jdreed1024 (443938)]

OK, we've had our conspiracy theory jokes, and enough has been said about microwaving the RFID tags.

Now, if you're actually upset about this, take 5 minutes and drop them an e-mail, or better yet, send them a letter (like, on real paper). Or call them. There's several feedback addresses and mailing addresses. That's what I'm going to do. Don't think "oh, 50 other people are writing, I don't need to", because those 50 other people are thinking the same thing.

Politicians don't read slashdot. Hundreds of +1, Insightful posts don't mean anything in the long run, but if a politician receives several hundred letters telling him why this is a bad idea, he might just give it a second thought. Heck, call your local news program if you want. If it's a slow day, (or if it's FOX News) I bet they might be interested...

Problem solved.

[DuckDuckBOOM! (535473)]

http://home.europa.com/~ruralite/energy%20topics/l aundry.html [europa.com]
Scroll to the bottom of the page.

Simple enough solution to problem....

[Brian_Ellenberger (308720)]

Just require that manufacturers only use the RFID tags on things that can be removed from the product, such as an easily identified sticker or a common cardboard tag. This would make it RFID tags pretty much the same as the common Barcodes we use now.

Brian Ellenberger

With that kind of attitude...

[Brian_Ellenberger (308720)]

Let's see...who's got more lobbying money/access? Us (as individuals), or Walmart/Sears/Kmart/Target/Asda/Tesco?

Who do you think will win?

I guess you haven't heard of the ACLU, NRA, NAACP, AARP, or the various other special interest groups in this country. Special interest groups represent a group of people gathering their resources to fight for a particular cause. They can wield power as great or greater than any corporation. I'm not aware of any single organization that can completely turn an election like the NRA or AARP can. Corporations can only give money, but special interests can directly give VOTES.

You personally will not stop Walmart or Sears from implementing the tags directly in items but the EFF may! So donate and get involved!

Brian Ellenberger

Renaming strategy

[by Anonymous Coward]

That renaming bit works wonders. A (major) company I used to work for renamed a component of their data mining technology from "key" to "link", because what they were doing was illegal if the unique identifier for multisource consumer data was used as a key into a database table. Call it a "link", though, and you've bypassed the problem altogether.

The corporate legalists knew full well that anyone opposing a "key" would only know to refer to it by that particular name. If you change the name, the problem vanishes because now no one knows to object to it.

Torn

[Orne (144925)]

As we say at work, "You know you're doing something right when both sides are mad at you."

This technology has so much potential. I want to be able to remotely pay and walk right out of the store without waiting 15 minutes to check out two items; but I know that they're just going to use my purchases to send me more advertisements. RFIDs can give us information on our environment and we give it to them.

And that's the problem, exchange of information. After reading that article, these RFID manufacturers are already showing their lack of concern and ignorance how to secure their networks -- it's like a company that installs IIS and never patches, they're that clueless. And this technology needs to be secured right the first time; the last thing I need is yet another report of a bungling tech company leaking credit cards. It's not an MMORPG, where you get 8 months to fix, rollback and patch. This time it's worse, because a crack will not only expose financial data, but expose your personal location.

Now I don't do much to attract the ire of governments or corporations; I pay my bills, buy my music, and live my life in security. I don't worry about the gov collecting my info, because the government isn't coordinated enough to figure out what to do with it even if they had it. As a small potato, I worry more about the honesty of my fellow citizens. Store employees get caught scamming credit cards, and now, do we get to look forward to the future criminal "warscanning" around the neighborhood with his radio sensor, instantly detecting what valuables you have inside your house...

Somehow, we the community need to express our concern that the proper precautions are taken. This technology is coming, and the market potential is great. As end users, we need to demand an open access system, so that we might provide the checks and balances to keep the system honest. What else can I say, but whether we need to demand the government regulates an open system, or we use market forces to drive it into oblivion, the public can't let this slide.

Sun Microsystems

[AtariDatacenter (31657)]

I think it is evident that Sun Microsystems likes this because they see it as a way to sell servers. They appear to have put their rubber stamp [autoidcenter.org] on this. Of course, wasn't it McNealy who said words to the effect of privacy is dead?

Sounds more like privacy stands in the way of profit.

RFID -- good and bad

[Ian Bicking (980)]

I can understand how an RFID tag could be really cool -- it certainly isn't hard to imagine all the neat things you could do with it. But it's easy to imagine how it can be dangerous. People who think about advertising or purchase tracking are aiming low on the danger level -- if that was the only problem, I'd say get over it, RFID is too cool, we can figure out a way to fix the other problems later. Really, how bad is targeted advertising?

It's all the other tracking. We're talking about a potential record of everyplace a person goes. The government is clearly willing to abuse such information -- organizations like the FBI have abused just about every other piece of information they are given, and have never made any attempt at reform. And there's a resurgence of suppression and punishment of dissidents, including arrests and who knows what else.

I wonder if there is a way that we could safely use this, though. Off the top of my head, here's the laws I might propose:

First, all items with RFID tags must be prominently marked. I don't care if it's a "green tag" or whatever -- so long as there's no variety, and it's directly on the item (not on a label somewhere). Second, all RFID reading machines must be in plain site of any place that they can read, and must be prominently marked. Maybe a blinking green light too, or something -- make it a little obnoxious, and make the reader's intent very clear.

Violation should result in heavy fines, but more importantly, a revokation of the RFID license -- the license to tag things with RFID sensors, to use readers, and all of that. You should not be able to simply risk it with not labeling the items properly -- because in doing it you risk being shut out of the game entirely. And obviously creating these tags should be carefully monitored, as should be fairly easy to do, since RFIDs are all about monitoring -- unauthorized ID numbers should be easy to track. The readers, though, would be harder to track... I imagine it won't be too long before you could rig up your own reader if you wanted.

So... destruction of the RFID tag should also be fairly easy. All of these would be fairly reasonable, I think.

Of course, this doesn't keep the government from breaking these rules on its own. And any law the government makes against itself will be ignored and grossly violated, because that's what the Justice Department does. So maybe this wouldn't work.

"Confidential until" dates on Auto-ID site are new

[Katherine_Albrecht (684415)]

There were 68 documents available under a "confidential" search of the Auto-ID Center's website this morning. They did NOT say "confidential until [fill in date]" like they do now. The Auto-ID Center's first response this morning was to pull nearly all the documents with "confidential" in their descriptions off the site, then slowly replace them one by one, with new "confidential until" designations tacked on. Many other documents vanished and have not yet reappeared (nor are they likely to, considering their content). We have not yet had a chance to verify if the documents have changed in other ways than the new "sell by" dates they now carry. Cryptome has listed the original 68 "confidential" search results, as they appeared this weekend. As soon as the Cryptome site recovers, you can verify that there were few or no expiration dates on any confidential documents until well after the story broke today. You've got to hand it to the Auto-ID Center, though, for working overtime on damage control. The "confidential until" thing was a nice touch. p.s. Until it crashed, Cryptome had all 68 original documents available for downloading on its website.

Re:Weeee!

[TopShelf (92521)]

was that the sound of their server getting /.-ed?

Re:Interesting stuff

[by Anonymous Coward]

With Walmart backing it -- it appears unstoppable.

Whoo hoo! Now I'll have an easy means to do my thesis!

My topic: Tracking the migratory patterns of trailer-park-dwelling white trash with radio signals.

The meteorology people are probably thrilled as well... no more trying to put instrument packages in a tornado's path, just zero in on the RFID tag in Cletus S. Yokel's sneaker, and track it when the tornado sucks him out of his double-wide.

Or

[TheOnlyCoolTim (264997)]

Considering that the slides are not complete without the presentation:

"For privacy, we can make the RFID chips annihilate themselves."

The word "auto-destruct" leads me to this interpretation... It doesn't make sense to talk about the "auto-destruction" of privacy but it makes perfect sense to talk about RIF chips destroying themselves.

Tim