The Trouble with RFID 424
wintermute42 writes "Simson Garfinkel, author of Practical Unix & Internet Security along with Gene Spafford and Alan Schwartz,
has an article in The Nation on RFID tags. They're not just for tracking stuff. They can track you too."
I'm always unsurprised... (Score:5, Insightful)
No kidding. Life takes on a similarity to the chessboard. There are no surprises in chess, just players not quite working out all of the move combinations.
Re:Only if... (Score:4, Insightful)
Tracking? No, more like targetting! (Score:5, Insightful)
Now, what companies will really be salivating over is the opportunity to market to you. If they can track all of the RFID tags on and around you, they can know so much about you that they can tailor advertising to you specifically. Just like Minority Report, only not so cool.
Just think of it as value adding. You're adding so much value to the coffers of manufacturers and advertisers!
Well, duh. (and other fun uses for RFID tags) (Score:3, Insightful)
Now, I on the other hand, have a want for them. I think they could be fun to hack around with. That is, I want my PDA to be able to read tags, and then I'll get a bunch of them. I'll tag my house up, so that I can get location-based alerts. The kind of thing GPS would be too big and clunky- and not accurate enough- to do. I can come up with all sorts of fun things to use RFID tags for in my own life that have nothing to do with being "targeted" better.
Slippery slope... (Score:5, Insightful)
What is that quote? Man is born free yet everywhere he is in chains
I do not like the idea of having every last bit of privacy removed. Between the new camera's my state is installing on highways, with radar guns, that send you a ticket in the mail, to having banks sell personal information to thrid parties so they can call me at dinner to offer me a great price on a satelite dish, this is getting out of control.
While some may say that government will never, ever use any technology in an illegal way, I would just say they have done it in the past. Nixon broke into the dem's headquarters. Other presidents have bugged the phones of political groups like the black panthers. And this current president has the "Patriot Act".
It scares me to think what government could do. 1984 is looking less like fiction and more like a prediction.
Re:Anyone with two feet and perhaps access to a ca (Score:2, Insightful)
Not quite ready for prime time (Score:5, Insightful)
Happy Trails,
Erick
This subject already covered millions of times! (Score:4, Insightful)
Chicken little? (Score:2, Insightful)
Hell, I look forward to the day I can just load up my cart with groceries and head out of the store without bothering to stop at a cash register. My purchases are already matched to my credit card account in their internal inventory anyhow, and I'm openly 'opting in' by using the system.
I wonder what Slashdot would have been like if it had started on an FTP site and not port 80:
"Coming dangers of the World Wide Web! Cookies! Server Logs! URLs! Protest now while there's still time!!!!!!!"
Get a clue (Score:5, Insightful)
The problem is (as always was and always will be) how people use a technology.
RFID (or any other technology) is not necessary for a police state as demonstrated by many examples in the past.
You privacy can be (or most probably: was) violated without RFID too.
To protect your privacy you need a society that values privacy and have laws that express this. If you do not have that then you are swimming against the flow and your are doomed to failure, no matter if RFID is used or not.
I would like to point out Europe: there are privacy laws that basically say the following:
If you have such laws (and have them enforced) then there is no need to fear RFIDs - but if you don't have them, RFIDs should be the least of your worries.
Missing the obvious (Score:2, Insightful)
Re:Only if... (Score:3, Insightful)
Re:Battery life & short range makes it impract (Score:2, Insightful)
The RFID tags that we're talking about DON'T have batteries. Only active RFID tags do, and those are an extremely small percentage. Do you really think they would place an expensive battery powered RFID tag in every shoe?
-------
Re:rip off the tags (Score:1, Insightful)
Re:This subject already covered millions of times! (Score:2, Insightful)
Do you recall a story fairly recently about one guy who using a great deal of very public infrastructure information, managed to put together a map that had the US government worried because it revealed information that was supposed to be classified?
It is the same thing, if you track the movements, with all the other tracking that is going on, it will be much easier to put together that information to get a complete dossier on a person if you want to. The real worry is not the data being collected about movement, but the fact that if such data was available, it could be put together with other information that would be a breach of privacy that we do not want. Start doing this, and you will have people putting together 'maps' of publically available information that can show personal details about specific people that we take for granted our right to keep private.
So ease of use makes it dangerous? (Score:1, Insightful)
If RFIDs are not acceptable, how can the use of P2P networks for 'sharing' music be acceptable?
Can you justify it because in the first case it is specifically *you* who is losing freedom and in the second case it is *someone else* who is being affected adversely by your actions?
Paint me a real picture (Score:3, Insightful)
All I usually get is "Stores will build a database, and then Homeland Security will do, um, something." Followed by handwaving and dubious slippery slope arguments that usually imply a continent spanning sensor net that sounds like a cross between Tom Clancy and Vernor Vinge.
Someone connect the dots here. The article didn't do a very good job.
Or is this just modern mythology, like people hiding in their homes worrying about wererwolves and vampires and witches in centuries past?
Re:Anyone with two feet and perhaps access to a ca (Score:5, Insightful)
Here's an idea for a new community project: Mega RFID Vest Library
Go to the dump where multiple people are throwing away RFID-laden products. Snag the lil suckers off discarded food products, garments, appliances, liquor bottles, baby food.
Sew them onto a vest.
Lots of `em.
When you walk through the scanner you'll be ...... 246 different people.
Then, trade vests with others in other cities, other countries!
I must ask why. (Score:3, Insightful)
RFID isn't a household word today, but within the next few years manufacturers hope to put it into many household products.
Why would these be needed in 'household products'? I understand they want to track merchandise, but this could be accomplished by putting an RFID sticker on the bottom of the product. That way, you take it home and tear the sticker off when you take it out of the box.
Perhaps, for clothing, just put an RFID on the main tag. I've worked for a clothing store who used the locking pin security devices found in most stores. They work wonderfully, as you have to destroy the garment to steal it and it only costs a couple of thousand to enough of those things to last a lifetime. I do not see the flaw that needs a new product, not in regards to clothing.
Both Wal-Mart and the US military have already told their hundred largest suppliers that cartons and pallets must be equipped with unique RFID tags by January 2005.
This is what I would like to see RFID used for. This will really speed things up at distribution centers, as a forklift coming off a trailer will simple have to drive through the dock doors (assuming the sensor would be there) to put an entry in the company's database saying "this pallet entered the building", meanwhile the operator keys into the computer on his forklift the actual product count.
For people who will "bite" and say something about computers on forklifts, they have been around for over a decade. I know, I fabricated a prototype mounting platform for a small, wireless computer back in 92. They had blueish LED displays, and were shaped similar to an old RS Model 100 portable, but housed in a sturdy black metal case. I made a nice adapter for Crowne forklifts that allowed the operator to swivel, tilt, and adjust it to his/her most comfortable viewing position. Too bad I didn't know anything about patents back then. They started using this design at all their distribution centers, which equates to thousands of lift trucks.
I do not miss working for Kraft foods. We had weekly 'rallies' where the managers would have a guest speaker. The most memorable one was Penske (wealthy bastard) came to tell us what a great job we were doing, then proceeded to talk about efficiency for the next 45 minutes. More often than not, everyone left with a broken sense of pride due to wealthy investors talking to us like we were children. It seemed that after every meeting, new poop would appear on the bathroom walls.
Re:Privacy invasion OK as long as it's for sales? (Score:2, Insightful)
As for government oppression...I dunno. If they CIA/NSA/FBI say they won't try to abuse to the technology, I won't believe them for a second. But at the end of the day, they don't have a financial incentive to make our lives miserable, and I think what they'll end up with is Terabytes upon Terabytes of almost entirely useless information. I suppose blackmail opportunities are a real threat (So, senator...in light of our recent discovery that you do in fact frequent adult book stores, do you still want to cut our funding?) but even those kinds of activities would have to be tempered by the consequences. Yes Nixon sent his boyz to break into Watergate...and look how it turned out.
Re:tin foil hat (Score:3, Insightful)
Some great new product opportunities (Score:5, Insightful)
RFID Super Scanner - Scan your surroundings and your stuff for RFID tags. Pinpoints the location exactly.
RFID Mega Zapper - A high energy directed radio energy impulse designed to fry the electronics in your RFID tags. Great fun for vandals in stores! Smack your enemy's wallet!
RFID Spoofer - A programmable device that returns the RFID code of your choice. Great for making a copy of you luxury car key! Or your neighbours. Have fun in stores after Zapping (TM) a RFID tag and replacing it with a Spoof(TM)!
RFID Data Miner - Build your own database of RFID tasks. Now you can do your own surveillance and track people. Also good in parking lots when you want to know what RFID code to feed into your spoofer for easy access to that nice car.
RFID Jammer - A fun little DOS device that emits radio frequences to blind RFID readers.
RFID Database Feeder - This device emits thousands of new random RFID codes every second. Great for filling the databases of those eager RFID code collectors.
I think most of these tools can be built easily and are not science fiction. If they can be built, they will.
Seriously, do you think RFID techniques makes the society more or less vulnerable for attacks?
every last bit of privacy removed (Score:5, Insightful)
But IMHO, the US Constitution embodies the 1793 State-of-the-Art of distrust of Government and other concentrations of power. That's the whole reason that there are three branches with checks and balances - mistrust of the institution of government. No matter how trustworthy those in power may be today, there's no guarantee that the next batch will be so. Checks and balances were put in place to provide trust - through mistrust.
Had the Founding Fathers been able to foresee the capabilities of electronic surveillance, they would have codified Privacy into the Bill of Rights. Instead, they did what they could, focusing on late-18th century concerns.
Had the Founding Fathers known of the potential concentrations of power known as multinational corporations, they would have codified some sort of separation of Business and State. Instead, they focused on what they knew, separation of Church and State.
Re:Anyone with two feet and perhaps access to a ca (Score:2, Insightful)
Moronic criminals? Not as much as you would think. They figured out very quickly that a shopping bag lined with duct tape would foil at least the early RFID readers. Car thieves in my area can break in & steal a car in a tenth the time a skilled mechanic can. Hell, they'll be the *ONLY* ones getting around this.
Long lines at checkout: Okay, throw away some more jobs. While we're at it, I see a pricing discrepancy at least every other time I'm at a grocery store...if you're just shoving a cart through the door, it's pretty hard to tell that you accidentally paid $22.47 for the Black cherry kool-aid (one of 39 packs in your cart).
Privacy is somewhat of an illusion, but that doesn't mean it's not worth TRYING to hang on to little bits here & there.
And think about just how far this can go. Eventually, there could be embedded RFID in every food we eat. As you're driving along, a roadside detector finds that the Big Mac & large fries have moved from the stomach to the small intestine, and changes a billboard ahead of you to advertise Wendy's, while activating a 1/4 watt FM transmitter to transmit ONLY to your car 'Getting hungry, Jim Farnagle? Wendy's is just half a mile ahead on the left! Make it in the next five minutes, get a free apple pie!
The issue is WHERE the line should be drawn. RFID is here to stay, and has some excellent uses. Pallets & tracking inventory - great use of 'em. But once I've purchased a product, the company that made the item, the company that distributed the item, the company that retailed the item, all of their 'business partners', and anyone else can (should) bugger off & mind their own business...go buy a congressman or something.
Re:question (Score:3, Insightful)
The problem with this article (Score:3, Insightful)
RFID Journal Editor on privacy (Score:2, Insightful)
Also of note, one of the leading critics of RFID, Katherine Albrecht [nocards.org], issued this press release today:
February 5, 2004
German RFID Scandal: Hidden devices, unkillable tags found in Metro Future Store Germans say, "Nein! We wont be your versuchskaninchen"
"We won't be your versuchskaninchen." That's the message German privacy advocates are sending to executives at the Metro Future Store in Rheinberg, Germany after discovering RFID devices hidden in the store's loyalty cards. They also found that RFID tags on products sold at the store cannot be completely deactivated after purchase, despite Metro's claims.
"Versuchskaninchen" is the German word for guinea pig, which is how German consumers feel Metro and its partners have treated them since opening the Future Store last year to test experimental RFID applications on live shoppers.
The revelations came just one day after Katherine Albrecht, founder and director of CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) toured the Future Store with a delegation of privacy experts from German advocacy group FoeBud, who sponsored her visit.
"We were shocked to find RFID tags in Metro's 'Payback' loyalty card," said Albrecht, after FoeBuD tested the cards with an RFID reader and discovered the tag. "The card application form, brochures, and signage at the store made no mention of the embedded technology and Metro executives spent several hours showing us the store without telling us about it."
"In retrospect, it's no wonder store employees appeared nervous when we asked to take a few of the cards with us," she added.
Vendors of RFID-enabled loyalty cards promote them as a way for supermarkets to identify shoppers remotely as they enter the store, using details of their identity and purchase history to pitch products to them and to track their movements and activities within the store. Prior to the Metro discovery, no major retailer had publicly admitted to using such cards.
In addition to the cards, Albrecht discovered that Metro cannot deactivate the unique identification number contained in RFID tags in products it sells. The use of unique, item-level ID numbers is one of the key privacy concerns surrounding the use of RFID tags on consumer goods.
"Customers are misled into believing that the tags can be killed at a special deactivation kiosk, but the kiosk only rewrites a portion of the tag, while leaving the unique ID number intact," she said.
Outraged German citizens are calling on Metro to put an immediate end to the trials.
"We are deeply disappointed at the Metro executives. They talked of an open dialog while hiding important facts from us," said Rena Tangens of FoeBuD. "We are calling for an immediate moratorium on further RFID testing as it is clear that Metro is not handling the technology responsibly."
Evidence of the RFID tag in Metro's "Payback" loyalty card, along with evidence of the incomplete deactivation of product tags, can be found on FoeBuD's website at http://www.foebud.org/rfid/.
Re:Only a problem if you never change clothes (Score:1, Insightful)
Something's a little fishy here... (Score:3, Insightful)
I have a question: how long before this system becomes unwieldy. If we're going to track every product sold worldwide, how big will the string have to be? Furthermore, at what point will a database of said string's become unwieldy, and at what point will it become worthless to maintain all that data?
The retail RFID plans I've seen don't have a unique serial number for every item. They have a unique serial number for every type of item, kind of like a barcode. Granted, that may pose some minor privacy issues of its own. But those problems are minor, and no worse than paying with a credit card.
More to the point, RFIDs have the potential to save businesses billions -- kind of like barcodes did. And, like with barcodes, those savings will most probably be passed to the consumer.
Re:Only a problem if you never change clothes (Score:3, Insightful)
I don't have a problem saying no to sales people. I do take exception to being harangued, by name, from the moment I enter a store. My shopping day will be a lot more stressful if I have to say "Get the f*** away from me, I'm just looking" in every store I walk into. And if that sales person has been picked based on the type of salesperson you are most receptive to, it gets harder - I'm not talking the high schooler at radio shack here, but a well chosen personable salesperson, based on your previous buying habits (e.g. last sales were only with X, blew off salesmen Y, Z).
And it's the data sale that's not nice either. Bulk mail, UCE, will become more invasive, personalised to you, so you won't know off hand if it is spam.
Security
airline profiling - general purchase patterns (look, he bought fertiliser and gasoline), purchase locational patterns (look, he was in the area when these demonstrations took place). Don't accept luggage as gifts (traveller has bag that he didn't buy) -- I'm sure the Feds can come up with a few more.
Security reasons - bought "anti-american books" (anything by Michael Moore, Al Franken, etc), don't let into particular areas if the president is in town (such as his entire travel route for the day) - all they have to do is match you with any known RFID tags, and pull up a "book list" check (note that may include library books - thanks patriot act).
The list is endless
And it probably won't be intentional. The trouble is, these are generic patterns that a good agent will use to guide them. But you won't be dealing with a good agent. You will be arguing this with the minimum wage security guard who will follow directives blindly. You know it doesn't matter what you say or do, or whether it's obvious that the computer is wrong - they do what the computer says or lose their job, so you lose.
Re:Tracking? No, more like targetting! (Score:5, Insightful)
You're confused - addressing national security concerns is good. Unless you remove constitutionally guaranteed freedoms and move closer to a police state in the process. No, do not take citizens' freedoms away or introduce processes that ease potential abuse.
You're confused - national security is not being served, and our reserves are being wasted. Your tax dollars and mine pal. Our borders are not any safer than they were pre September 11 - the Homeland Security department is doing a bad job. Even networks like Fox News are pointing this out. If you've ever travelled through Israel you'd realize American "security" is a joke.
Which part of September 11 did you like? All of it?
There is a part of your brain telling you that having the Patriot Act in its current incarnation is going to prevent another September 11. America's policies toward the Muslim world for years are what finally led up to our September 11. George W. Bush's alienation of practically every other country on this planet may eventually lead to another September 11.
Since I knew people who died in those towers, and since some of my best friends happened to make it out alive, from where I stand your question there is pretty stupid.
A lot of people don't like our freedom and way of life.
We didn't achieve this way of life by looking the other way when legislation like the Patriot Act appears. This is exactly the kind of shit the first Americans rejected the Crown for. Fucking wake up.