Labelling RFID Products

John3 writes "Following Wal-Mart's recent announcement that they plan to push RFID in their stores, CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) has posted proposed legislation that would require a product to be labeled if it contained an RFID tag. Beyond the label requirement, the proposed legislation also sets up some strict restrictions on the use of RFID data. Even though RFID is not in widespread use, it's probably best to start working on these types of protections before the products are on the shelves."

My god...

[xtermz]

...maybe I don't get it, but how are RFID tags a violation of your privacy. They have an effective range of a few feet. They are the next logical evolution up from barcodes. Are we that paranoid and afraid of technology? Somebody please enlighten me...

Not just for tagging consumers' clothes

[Anonymous Coward]

These RF tags are perfect for tagging clothes, as the blurb pointed out. But an even more sinister use than tagging clothes is tagging the people who wear the clothes. And I'm especially referring to a certain kind of person:

Slavery is alive and well in this country, and I'm not referring merely to rhetorical or political slavery, but actual slavery. Women from foreign countries, particularly southeast-Asian countries are flown to America and promised low-paying but normal jobs performing menial labor or housecleaning services, but when they arrive, they discover to their horror that the real purpose is to prostitute themselves for the financial benefit of their masters. These women (and even children) are trapped, since they don't speak English, don't have the money to fly home, and don't have the physical or mental stamina to escape their tormentors after so much abuse.

How is this relevant to RF tags? Think of how much easier it would be to kidnap people from airports if all you needed to do was wander around with a small device, picking up the signals from the tags embedded in clothing given to the erstwhile immigrants back in their home countries. No longer would there have to be complicated networks of international communication -- they'd just have to agree on a certain range of serial numbers (of which there are trillions, as the article points out), hand out "free" clothes to people boarding the plane at departure, and sit back while agents at the US airports haul in the "goods".

This never would've been possible if we'd stuck to normal barcodes -- it's simply impossible to read barcodes surreptitiously. And since criminals are always the first to adopt new technologies for these devious purposes, it's only a matter of time before it comes to an airport near you, Thirteenth Amendment be damned.

Was it Ellison? or Joy? Whomever it was they said

[Anonymous Coward]

it right...

Privacy? You don't have any privacy. Get over it!

Re:My god...

[John3]

Watch Minority Report for an example of what can happen if RFID tags are used by stores to market based on your personal buying habits or the items you are wearing. Tom Hanks walks into a store after getting an eye transplant, and the kiosk at the entrance scans his iris and asks if he enjoyed the pants he purchased on his last visit.

Imagine if an RFID kiosk at the entrance identified that you were wearing stain blocker Dockers and announced "I see you are wearing stain blocker pants...we stock a complete selection in your size, and today they are on sale".

Best post-purchase RFID kill method

[burgburgburg]

http://www.stoprfid.org/faqs.html [stoprfid.org] says that disconnecting from the antenna and then puncturing/crushing/pulverizing is the suggested kill methodology. They warn that microwaves, though in theory effective, cause the RFID tag to burst into flames, which tends to be a bad thing.

But earlier and later in the FAQ, they mention tags placed into the soles of shoes. Since this is done during the manufacturing process and would require slicing open the sole to find/destroy the tag (if you even knew where specifically it was), it doesn't seem there is an effective tag killer in this instance (and any other where the tags are deeply embedded).

So, anybody else know of an effective tag killer that doesn't involve destroying the item and/or setting it on fire?

RFID isn't exactly perfect in itself...

[TWX]

Remember. RFID isn't perfect. It's operation usually falls under Part 15 of the FCC rules, which is the whole "may not emit interference" and "must accept interference, even if it causes undesirable operation". RFID also uses 900MHz, 2.4GHz, 5GHz, and other public use frequencies, some of which are even also HAM bands. Amateur Radio isn't governed by part 15, so if a ham operator decides to operate on the frequency that RFID transceivers use, and if the HAM radio operator is operating legitimately, it's the RFID tranceiver's owner's problem, not the HAM's. Specific jamming is prohibited by the rules that amateur radio operators follow, but consumer use, nonlincensed devices are secondary users where both licensed and unlicensed spectrum overlap.

so, what happens when someone is checking out, and the computer fails to record all of the RFID tags because of interference, but the person has legitimately purchased something? When they go to return it, the computer could possibly say that it wasn't purchased, and then the individual is left with more headaches.

I think that the FCC should require that business-use devices like this be licensed, and each one individually identified in a publicly searchable database. I also believe that reissues of identification should be prohibited. This would work quite strongly to curtail use of RFID for tracking mechanisms.

Re:Best post-purchase RFID kill method

[Surak]

What about a serious dose of static electricity? vandegraaff generators [amasci.com] anyone?

RFID hackers

[gouldtj]

Now that's what I'm interested in. I want to be able to grab the numbers, and then change them. I want to be able to walk into a store and instead of "How did you like those pants?" I want it to say "How did you like those extra-large elephant sized condoms you bought last week?" :)

There are just so many possibilities to hack these things and have tons of fun with retail stores if they use them for anything useful. Maybe I should start my own organization: The Anti-Datamine (TAD). And we'll go around trying to screw with all the data mining techniques out there.

you can take this seriously

[alizard]

If and only if this bill finds a Congressional sponsor to introduce this. Which is extremely unlikely, but possible, I suppose.

However, business from WalMart on down will unite to fight any restriction or product labeling requirements.

Remember, there are people who want a Minority Report style future. There are others who simply see it as a way to make money... there are people who see "You wear adult diapers? We have Depends on sale" as simply an opportunity to make money.

It is the job of your Congressperson to make sure that his consituents are served. His constituents are the people who send him checks and only those people.

And if your RFID tag gets missed at checkout, it'll be your word against the store's that it's their fault. Enjoy your stay in jail.

build an RFID killer

[puzzled]

Those are tiny little radios - find out the frequency they use, rig up $10 worth of Radio Shack parts, hook it up to a 9v battery, and go for a walk in the offending store.

If you feed them an order of magnitude more energy than they're designed to take in exactly the band they're using .... *POW* ... and they won't catch fire, you'll just toast the chip.

Yes, you can know the operating frequency without a fancy spectrum analyzer - the data sheets on those things are pretty much public knowledge ... you don't have to hit it dead on, just get close with more juice than they can take and you've done the job.

Re:My god...

[I don't want to spen]

Writable RFID tags could be interesting. There could be a competition for creative re-writing what items you have apparently bought - or trying to take back a shirt which is relabelled as a six pack of albino tigers. (Okay, so the store probably reads a serial number not a text description, but its a nice thought!)

I also recall that one of the pros for this technology was that your fridge or garbage bin could read the tags and know if you ran out of an item - dosn't sound like they'll be disabled on leaving the store to me!)

How about an electronic wardrobe that reads your clothing tags and tells you what goes with what (and cross-references it to the weather)? Patent anyone?

Why this will never succeed

[release7]

I'm not knocking the legislation itself, but this bill's political viability is next to zero.

First, there is perhaps .01% of the population who even know what these RFID devices are, never mind the alleged societal dangers that lurk within them. Very few politicians are going to fight very hard to pass a piece of legislation that has so little public spotlight. Most politicians, especially the powerful ones who can sway votes, are media whores. No one is going to get on a network Sunday morning political program talking about RFID tags.

Second, the political winds are blowing gale force in the anti-regulation direction. Any piece of legislation that isn't privatizing workers or loosening government oversight is pretty much dead in the water without some kind of immediate crisis (like the recent corporate scandals). The best that could be hoped for is that congressional folks would say, "let's see what the free market does with these devices first and then regulate them if need be."

Third, Wal-Mart & Co., if there was a miraculous surge in support for this legislation, would easily lobby to defeat the bill or get it placed into committee for further study which would effectively kill the bill. A grassroots campaign would be too disorganized, too broke, and too unsophisticated to ever hope to win such a battle.

I'm not recommending whoever is sponsoring this bill to give up. I'm a firm believer that even losing battles are important to fight because they do raise awareness and keep alive the chance for change sometime in the future.

What's the problem?

[homer_ca]

I'm as concerned about privacy as the next /.er, but count me in on the "what's the big deal?" side. These tags are meant for inventory control up to the point of retail sale. They'll most likely be attached to the packaging which gets thrown away, not the product itself. If you walked through a mall in clothes full of active RFID tags, you'd be setting off all kinds of inventory scanners, cash register scanners, shoplifting sensors, etc. Assuming they didn't zap the tags at the cash register when you paid, there would be some small privacy leak between the time you bought the stuff and threw away the packaging at home if someone wanted to stalk you at short range with an RFID scanner to see what you bought. Someone could also theoretically dumpster dive through your garbage without getting their hands dirty if they wanted to find out your shopping habits.

Re:Better stop them before they arrive...

[Mikeytsi]

RF stands for radio frequency.
ID stands for identification. In this case, a UNIQUE ID.

So, you're carrying a radio transmitter around, that sends this ID to whatever happens to be listening. If you don't understand where this can be a bad idea, watch "Minority Report", and mentally replace all of the eyeball scanners with radio recievers.

Re:What's the problem?

[TopShelf]

Companies do not plan on generating and tracking unique numbers for each individual item in their store - can you imagine the mind boggling difficulty of tracking which specific items have been sold and which should be considered part of inventory at a company like WalMart? They'd have to have a centralized database storing a record for each individual tagged item either stored or sold at any WalMart store anywhere, and have that information available instantly to every POS device in every store. While the paranoid may exclaim, "yeah, that's exactly what they'll do!" it makes absolutely no sense.

What does make sense is to tag items using existing numbering schemes (i.e. UCC, ISBN, SCC-14, etc.), allowing RFID sensors at each step in the supply/demand chain to recognize material quickly and accurately without the need for someone to walk up and scan a barcode.

Bottom line is that we're still a few years from seeing these things in use. Currently, tags cost anywhere from 30 to 50 cents apiece, and to make commercial sense, they need to get the price down to the 5 cent level.

why assume the worst?

[Archon-X]

Why is it that people always inherently love assuming the worst about technology? I was in the annual meeting for the australian packaging group, and i know their main concern was to get RFID implemented to prevent situations of poisonings and extortion - ie, once an item is sold, the RFID is set as sold. Alarm bells can start to ring if this already purchased item is returned to the shelf - automatically.

How do these things with a passive range of a few feet compare to say a mobile phone's tracking ability. ah well.

Re:So how does she know?

[Orne]

Why does metal arc in a microwave oven? [gallawa.com]

A microwave oven creates an electrical field within the oven cavity. Metal in the field creates a low resistance "preferred path", which channels the current to a point. When the electron potential is high enough, it can break permitivity of air, and arc to another metal contact point. Moving electrons is current, with losses as heat, which can melt the metal & other objects in the microwave.

So yes, the RFID will spark, but not for the reason you thought it would.

As for using RFIDs to begin with, I think Albrecht is a little too luddite for my taste, and doesn't have the foresight to see the benefits. I would rather see regulations on what kind of personal information can be tracked, rather than outright banning. But then again, a collection transparency policy should apply to all companies and governments, not just those that opt to use RFIDs...

Re:My god...

[phthisic]

Here's how you increase public consciousness about RFID and make people desire a change. Place a number or RFID scanners in public places, e.g. the Mall in D.C., Times Square. Then send emails like the following. "Dear Mr. Arron Jones. We hope you had a lovely time in D.C. We see that you passed the RFID scanners at the Smithsonian and the Air and Space Museum. At each scanner, you were recorded as being in close proximity to Miss Emily Smith, so we assume that she is an aquaintance of yours. Miss Smith was wearing a Victoria's Secret (TM) thong. You had about your person a package of Lifestyles (TM) condoms. We hope that on your next trip to D.C., your wife Mrs. Marry Jones will be able to accompany you. If you are interested in RFID technology or concerned about privacy, please contact your Congressman. Through the convienance of RFID technology, we know where you live and are able to provide a link to your congressman's homepage."

Re:What's the problem?

[stomv]

They'll most likely be attached to the packaging which gets thrown away, not the product itself.

Really? I work weekends at The Home Depot for some extra cash and a chance to play with "toys" I like. HD is working with its vendors to get the sensormatic tags (the white alarm tags) manufactured inside the merchandise, not on the packaging.

Why? So when you take the paper packaging off of a measuring tape and put it on your beltloop, the alarm still goes off when you try to leave the store with your stolen good. Shoplifters try these tactics all of the time. It's far harder to take a product apart in a store and pull out its inventory device than to simply pull off the packaging and pretend you walked into the store with the item.

My point: your statement I highlighted is bunk. You're talking out of your arse. I seriously doubt you have any working connection with retail whatsoever... you're likely just pulling a standard slashdot make shit up maneuver.

I am not a spokesman for Home Depot. I don't like RFID tags. I do like thieves.