Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security Privacy Your Rights Online

RFID Industry Confidential Memos 617

An anonymous reader writes "Cryptome has learned www.autoidcenter.org (RFID flak) has made internal memos available for perusal at their site. Those RFID people sure have some interesting plans for the future. Who needs conspiracy theories, when you can hear it from the horses mouth? Weeeeee!"
This discussion has been archived. No new comments can be posted.

RFID Industry Confidential Memos

Comments Filter:
  • by hashish ( 62254 ) on Monday July 07, 2003 @09:51PM (#6387959)
    Will the clerk know what you aready are wearing down to your jocks size. I can see lots of good things with these tags but I can see lots of missuses too.

    I wonder if govts will legislate to make it possible for us to op-out with these tags? Some tags maybe built into the products that it would be impossible for us to remove them. I think we need protection too.
    • by ArsonPanda ( 647069 ) on Monday July 07, 2003 @09:55PM (#6387987)
      Some tags maybe built into the products that it would be impossible for us to remove them

      So just dont buy anything you're not willing to throw in the microwave for 10 seconds.
      • by agentZ ( 210674 ) on Monday July 07, 2003 @10:13PM (#6388101)
        Which creates an interesting problem when buying a tin-foil hat, I suppose.
        • by mrmez ( 585359 ) on Monday July 07, 2003 @11:37PM (#6388513)
          Oh, man, what are you thinking?!?!?! Never purchase a tin-foil hat! It could secretly be rigged with a mind-control device or fake foil which transfers the rays unfettered! You can't trust a tin-foil hat unless you've assembled it yourself. It's best if you can mine and smelt the ore and roll the foil yourself. Remember, you need to get it thin enough that it won't develop metal fatigue and crack along the bends - otherwise the microwaves and mind-control rays can seep in. ***grumble*** store-bought tin-foil hats... what next?
          • by Anonymous Coward on Tuesday July 08, 2003 @12:06AM (#6388646)
            Never purchase a tin-foil hat! It could secretly be rigged with a mind-control device or fake foil which transfers the rays unfettered!

            Just turn the tin-foil hat inside out after you buy it. That way the mind-control device is on the outside and you can control the world.

      • by pyrote ( 151588 ) on Monday July 07, 2003 @11:50PM (#6388564) Journal
        So just dont buy anything you're not willing to throw in the microwave for 10 seconds.
        that rules out pet shops...

        'sorry timmy, poor lassie didn't make it through the deactivation procedure'
      • Pulsed EMF (Score:5, Interesting)

        by quinkin ( 601839 ) on Tuesday July 08, 2003 @03:50AM (#6389264)
        OK,

        Do we have any engineers in the house??

        Three standard frequency bands (approx. 13MHz appears to be the longest range band) and a physically accessible antenna.

        This sounds like a perfect opportunity for any engineers out there to create a tri-band transceiver with a "snort" function to cycle through the used bands, detect the feedback/absorbtion from the RFID antenna and then give it a very localised, high powered pulse or thousand at the appropriate frequency.

        If you don't manage to fry the tiny componentry in a tag, it ain't turned on.

        Any and all defensive mechanisms (micro-faraday cages, zener diodes, gas chambers, etc.) should either prohibitively raise the price per RFID or be easily overcome with a minor modification (slow ramp up times, gaussian (white noise) frequency distributions).

        A far more interesting concept is surely the use of "throw-away" RF interference devices that could interfere with the use of RFID tags to such an extent that it is not viable for it's users (Walmart, I'm looking at you).

        Perhaps you could even use their electrical wiring as your antenna (c.f. electronic vermin repellers).

        Time to break out the soldering iron.

        Quinkin.

        • by Asprin ( 545477 ) <gsarnold@nosPAm.yahoo.com> on Tuesday July 08, 2003 @09:50AM (#6390703) Homepage Journal


          What stops me from walking through Wal-Mart wearing one of these things zotting tags left and right?

          ....I mean, other than cancer? [grin](***)





          (***) [I am kidding and fully aware that the E/M waves radiated by this thing would be difficult to absorb in sufficient quantity at frequencies that would pose much of a health risk, so please, no flaming the cancer ref.]
          • Re:Pulsed EMF (Score:4, Insightful)

            by Rich0 ( 548339 ) on Tuesday July 08, 2003 @11:29AM (#6391890) Homepage
            This could be a big problem for companies that want to have automated checkout. Ie - you carry an RFID credit card into the store, and just walk out with anything you want and you will be charged for it automatically. If you blasted the store from your car you could walk in, pick up a bunch of expensive items near the door which are likely to be zapped, and walk out before anybody realizes what has happened. If one or two items were charged just return them later.
      • by AftanGustur ( 7715 ) on Tuesday July 08, 2003 @07:57AM (#6389819) Homepage


        So just dont buy anything you're not willing to throw in the microwave for 10 seconds.

        I can assure you that soon they wil starting putting metal strings in clothes to render them 'damaged' if you try to expose them to microvaves ...

        And if the practice becomes common thw US will pass a law forbidding the act of damaging RFID tags (To fight crimes and terrorism, you understand ...)

    • It should be opt-in, not opt-out. Problem solved.

      -vp
      • by pbox ( 146337 ) on Monday July 07, 2003 @10:08PM (#6388066) Journal
        Yeah, but what if opt-in is walking into the store? See MS EULA for this type of license.

        And what if there is not opt-out?

        Or you actually need to walk into the store to opt-out. But by walking in you opt-in?
      • by Anonymous Coward on Monday July 07, 2003 @10:09PM (#6388076)
        It should be opt-in, not opt-out. Problem solved.

        The problem with opt-in is that nobody would ever opt-in. Even if you don't they will just say you did. Take all the opt-in spam I get. I never opted in for penis enlargement e-mail yet it says I did. Who are they to believe? The spammer said I opted in so I must've right? Yes, yes, I know, that's the point. Nobody would opt-in so the thing dies, but tell that to businesses. That's why opt-in will never be accepted by THEM.

    • by retto ( 668183 ) on Monday July 07, 2003 @10:06PM (#6388059)

      We as consumers probably would have the best luck getting congress to require a RFID tag to be clearly marked or in some way removable, like most bar codes are now. I myself wouldn't have any problem with them while inside the store, but they should be disabled like the security tags are now when I check out.

      I can see a lot of 'urban myths' popping up about this technology. It'll take rational (read non-paranoid crackpots) citizens contacting their congressmen or anything to get done tho.

      I've been wondering if there would be HIPPA problems if this kind of technology ever is applied to healthcare.

      • Seems to me that it would be possible to make a 3rd-party RFID "bug scanner" for $20-40 that could scan for the devices, and optionally burn them out if found.

        N.
        • by Nucleon500 ( 628631 ) <tcfelker@example.com> on Tuesday July 08, 2003 @12:40AM (#6388792) Homepage
          Seems to me that it would be possible to make a 3rd-party RFID "bug scanner" for $20-40 that could scan for the devices, and optionally burn them out if found.

          Such a device would be illegal under the DMCA. After all, a RFID tag is a technological measure that effectively controls access to a work, and burning them would be circumvention. Your "bug scanner" doesn't even have substantial non-infringing uses.

          • by ebuck ( 585470 ) on Tuesday July 08, 2003 @10:57AM (#6391441)
            Why are these posts even considered interesting / insightful?

            As broken as the DMCA is, it only discusses circumventing controled access to copyrighted works. Last time I checked you couldn't really copyright a bottle of laundry detergent. And another thing, the RFID tag couldn't possibly provide controlled access to anything it was attached to, it's embedded into the item, not surrounding it, so there's nothing to circumvent.

            Destroying the tags would be a simple case of property rights. If you own it, you can destroy it, and although I would expect a bit of "you didn't really buy the tag, but you are leasing it forever" slipperyness here, that won't hold up in the courts for long.

            Seems like the new "a Beowulf cluster of these" tagline is becoming "would be illegal under the DMCA"
      • by stinky wizzleteats ( 552063 ) on Tuesday July 08, 2003 @01:30AM (#6388947) Homepage Journal

        I've been wondering if there would be HIPPA problems if this kind of technology ever is applied to healthcare.

        That is a damned good point. The HIPAA regs require encryption of electronic patient information. This would mean that if RFID tags are used for normal hospital operations, the data must be encrypted or the hospital is criminally liable.

  • Fulltext of post (Score:5, Informative)

    by Anonymous Coward on Monday July 07, 2003 @09:52PM (#6387962)
    FOR IMMEDIATE RELEASE

    July 7, 2003
    RFID Site Security Gaffe Uncovered by Consumer Group

    CASPIAN asks, "How can we trust these people with our personal data?"

    CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) says anyone can download revealing documents labeled "confidential" from the home page of the MIT Auto-ID Center web site in two mouse clicks.

    The Auto-ID Center is the organization entrusted with developing a global Internet infrastructure for radio frequency identification (RFID). Their plans are to tag all the objects manufactured on the planet with RFID chips and track them via the Internet.

    Privacy advocates are alarmed about the Center's plans because RFID technology could enable businesses to collect an unprecedented amount of information about consumers' possessions and physical movements. They point out that consumers might not even know they're being surveilled since tiny RFID chips can be embedded in plastic, sewn into the seams of garments, or otherwise hidden.

    "How can we trust these people with securing sensitive consumer information if they can't even secure their own web site?" asks CASPIAN Founder and Director Katherine Albrecht.

    "It's ironic that the same people who assure us that our private data will be safe because 'Internet security is very good, and it offers a strong layer of protection'

    http://cryptome.org/rfid/questions_answers.pdf

    would provide such a compelling demonstration to the contrary," she added.

    Among the "confidential" documents available on the web site are slide shows discussing the need to "pacify" citizens who might question the wisdom of the Center's stated goal to tag and track every item on the planet,

    http://cryptome.org/rfid/communications.pdf

    along with findings that 78% of surveyed consumers feel RFID is negative for privacy and 61% fear its health consequences.

    http://cryptome.org/rfid/pk-fh.pdf

    PR firm Fleischman-Hillard's confidential "Managing External Communications" suggests a variety of strategies to help the Auto-ID Center "drive adoption" and "neutralize opposition," including the possibility of renaming the tracking devices "green tags." It also lists by name several key lawmakers, privacy advocates, and others whom it hopes to "bring into the Center's 'inner circle'".

    http://cryptome.org/rfid/external_comm.pdf

    Despite the overwhelming evidence of negative consumer attitudes toward RFID technology revealed in its internal documents, the Auto-ID Center hopes that consumers will be "apathetic" and "resign themselves to the inevitability of it" instead of acting on their concerns.

    http://cryptome.org/rfid/cam-autoid-eb002.pdf

    Consumer citizens who are not feeling apathetic will be pleased to learn that the site provides names and contact information for the corporate executives who oversee the Center's efforts. Since the phone list isn't labeled "confidential," we're assuming that Auto-ID Center Board members are open to calls and mail that might help them better understand public opinion on this important subject.

    Anyone interested in speaking with Dick Cantwell, the Gillette VP who heads the Center's Board of Overseers, for example, can find his direct office number listed on the Auto-ID Center's website here:

    http://cryptome.org/rfid/226691160-list_board_of_o verseers.pdf

    To experience the Auto-ID Center's security holes firsthand, simply visit the web site at http://www.autoidcenter.org and type "confidential" in the site search box. The Center encourages such site exploration: "Our website has Research Papers and other information that anyone can download for free. There is also a Sponsors Only area of the site, which includes information and materials not available to the public at large. We encourage you to visit our site frequently to stay up to date with the Center's many activities."
  • Hopefully, the collective mindset that makes americans fear their government will be turned-around, and they will realize that they have far more to fear from the croporations who rule than from their pet minion government...

    And MAYBE they will take back democracy from those who have stolen it.

    • "and they will realize that they have far more to fear from the croporations who rule"

      Yes, those damned croporations will be the downfall of us all.

    • by Arandir ( 19206 ) on Monday July 07, 2003 @11:03PM (#6388362) Homepage Journal
      A corporation has no power but that which a government has given it.

      This is not the fault of corporations, but of governments, which have decided to offer up portions of their power to the highest bidder. One way they have done this is to charter corporations. This allows the ownership of companies to be diluted to the point of meaninglessness, so that the owners' accountability for their companies' actions are zero.

      p.s. This is not a US problem, but a world problem. The two richest women in the world are European heads of state with nationalized petroleum corporations.
  • disabling? (Score:5, Interesting)

    by Azghoul ( 25786 ) on Monday July 07, 2003 @09:54PM (#6387979) Homepage
    Not really knowing all that much about the technology RFIDs use, this might be a stupid question (or I might be a stupid person :))...

    Is it possible for end-users to easily disable an RFID? It seems to me some well-placed magnets, or hell, even the business end of a stable gun, should be able to knock out the RFID. How hard would it really be?

    And yeah yeah, the evil government will make it illegal for us to do that. I'm honestly curious, not interested in conspiracy theory.
    • Microwave oven. (Score:5, Informative)

      by molo ( 94384 ) on Monday July 07, 2003 @09:58PM (#6388010) Journal
      Try a microwave oven. That will induce enough current in the device to melt/short its circuits.

      Hopefully the thing the device is embedded in won't be harmed by the microwave.
      • Re:Microwave oven. (Score:5, Insightful)

        by Pompatus ( 642396 ) on Monday July 07, 2003 @10:08PM (#6388067) Journal
        The problem with microwaving clothing would be the shorts I have on right now, for example. They have a metal zipper. We all know what happens to AOL cd's when microwaved (if you don't know, try it. 5 seconds does wonders).

        Be careful what you nuke.
        • by number11 ( 129686 ) on Monday July 07, 2003 @10:46PM (#6388277)
          The problem with microwaving clothing would be the shorts I have on right now, for example. They have a metal zipper.

          WARNING: Do NOT microwave shorts before removing them from body. Side effects could include actually reading those spams that offer to help you grow larger body parts.
        • Re:Microwave oven. (Score:4, Informative)

          by G-funk ( 22712 ) <josh@gfunk007.com> on Tuesday July 08, 2003 @12:11AM (#6388673) Homepage Journal
          Metal doesn't hurt the microwave, neither does your microwave hurt the metal. The reason people think microwaves are damaged by metal is they microwave a spoon, and nothing else... Metal reflects the microwaves, the magnatron overheats. Same thing happens if you run your microwave with nothing in it. Place a glass of water in the oven to absorb excess microwaves and you'll have no worries.
        • by xixax ( 44677 ) on Tuesday July 08, 2003 @02:55AM (#6389174)
          "Hi, I notice that you are attempting to place a pair of shorts in your microwave, would you like me to help by:

          - recommending other nutritious meals from our corporation
          - Retrieve the warranty text for your microwave and shorts from the corporate web site
          - Call the authorities to help educate you about the benefits of the RFID EULA you agreed to.
          - Retrieve information about the penalties for violating the DMCA
          - Suggest other apparel made from al-foil worn by kooks like yourself"

          Xix.
      • Re:Microwave oven. (Score:5, Interesting)

        by aethera ( 248722 ) on Monday July 07, 2003 @10:20PM (#6388133)
        Not only that, but you have to be aware that the device even exists, or plan on microwaving every single one of your purchases. The Caspian site shows RFID tags they have found embedded in the rubber soles of sneakers, in between layers of paperboard, you name it.

        I view this technology much like the use of genetically modified foodstuffs, the technology itself has tremendous potential to make life better/easier, but I think that before we start intorducing these things to the market (a little late on the GM foods for that) we need a serious public awareness / education program. I simply don't trust corporations to use this sort of technology responsibly. Until there are serious and meaningful checks in place to prevent abuse, I strongly oppose the use of these technologies.

    • Are you kidding? (Score:5, Interesting)

      by aliens ( 90441 ) on Monday July 07, 2003 @10:11PM (#6388083) Homepage Journal
      Disabling an RFID will be tantamount to tampering with a product in a way it was not meant to be. Whether using the DCMA or some future bill it will become illegal to disable the RFID. You think I'm kidding, but I would not be surprised at all to hear this in the future.

      Maybe though, the courts will recognize how utterly detremental the DCMA (and the like) are to this free society. Yes we give up a certain amount of privacy living in a free society(apologies for the American-Centric) but this does not mean that corporations have the right to track us or our products.

      Bite me to any business that thinks I'll buy RFID products, I'll make my clothes out of hemp and be the nut in uncomfortable clothes if I have to be.
    • Re:disabling? (Score:3, Interesting)

      by Piquan ( 49943 )
      My main concern is detecting RFID. My understanding is that there is talk about self-destructing RFID chips, so once I pay for my purchase, I'm no longer being tracked.

      If Wal-Mart implements self-destructing RFID tags, and Target doesn't, where am I shopping? But how can I know? The clerk certainly can't tell me, and managers are often misinformed about technology issues. (He may think I'm a tinfoil hat guy when I ask.)

      So is it feasible for consumers to purchase RFID scanners? Can I tell if my own (o

    • by drayzel ( 626716 ) on Monday July 07, 2003 @11:34PM (#6388501)
      Disable?

      Nah... too easy.

      What I want to do is reprogram the suckers so when they scan my clothing I will be wearing a alarm clock on my head, have a 12 pack of Gillete Razors hidden in my shoes, answer to the name of Rover, have my shots for distemper, but due for a booster on rabies.

      ~Z
    • 1) Scanners are not too expensive (as long as you know which standard... small cheap tags == small cheap scanners). So you can scan and then sanitize your own goods

      2) Scanners only work at personal-space encroaching range unless the RFID has a power source (which becomes easy to find). So at most you can be scanned in situations where you might find a metal detector.

      3) Won't work from the outside of your car reliably, so toll booths are probably safe. ("Smart Tag" uses a battery and is on your windshield.
  • umm (Score:5, Funny)

    by greg987123 ( 677841 ) on Monday July 07, 2003 @09:54PM (#6387980)
    "Who needs conspiracy theories, when you can hear it from the horses mouth?"
    Well, I can't now, thanks to Slashdot. Good job Slashdot, covering up RFID tag conspiracies. :)
  • Exactly! (Score:5, Funny)

    by Mr. Sketch ( 111112 ) * <mister.sketchNO@SPAMgmail.com> on Monday July 07, 2003 @09:54PM (#6387981)
    Who needs conspiracy theories when we have conspiracy facts!
  • by gooberguy ( 453295 ) <gooberguy@gmail.com> on Monday July 07, 2003 @09:56PM (#6387992)
    From communications.pdf:
    - Identify potential consumer road blocks/fears.
    - Construct a proactive framework to minimise negatives arising.
    - Assess consumer reaction if press develop scare stories and develop best messages to pacify.


    Sounds like they forgot one step: PROFIT!
    • by Stiletto ( 12066 ) on Monday July 07, 2003 @10:32PM (#6388205)
      Assess consumer reaction if press develop scare stories and develop best messages to pacify.

      This may have been modded "Funny" but it's actually quite informative. Of course us anti-corporatists have known this all along, but it's interesting to see these guys being so open and honest about their intent to "PACIFY" the "CONSUMERS". Look at any and all marketing today. It's all designed to pacify us in one way or another... to stun us, blind us, or numb our minds to what is really going on. The goal is to get us to be a bunch of nice passive cows, buying and believing everything we are fed.

      When someone brings up a concern, or protests the action of a large corporation or government, the powers that be go into spin mode, "developing the best message to pacify" the people.

      I'd love to see these Adolf Hitler try to run for president today. I imagine he'd hire these very same people to "construct a proactive framework to minimise negatives arising" and try to best pacify the pesky human rights folks...
  • Not so bad (Score:5, Insightful)

    by sweatyboatman ( 457800 ) <sweatyboatman@hotmai l . com> on Monday July 07, 2003 @09:57PM (#6388001) Homepage Journal
    Other than some lingo, these memos (judging by the highlites) don't seem particularly bad. People are afraid of the health risks of RFID tags? Well, people are stupid. They're bombarded by radio waves every second of every day.

    Some people will happily ignore reasonable explanations and cling desperately to their paranoid delusion. These people cannot be convinced otherwise. Rather they need to be brain-washed to get that stupid idea out of their head.

    The "green tag" idea sounds like genius.

    But an RFID conspiracy seems a little far to jump. The technology is in its infancy. It's not in everything, the opposite is true. But rest assured that an RFID Tag Canceler is in the works to milk money from the privacy obsessed.

    I may get one myself...

    I wonder if there's a patent.

    -tom
    • by VValdo ( 10446 ) on Monday July 07, 2003 @10:18PM (#6388124)
      Some people will happily ignore reasonable explanations and cling desperately to their paranoid delusion. These people cannot be convinced otherwise. Rather they need to be brain-washed to get that stupid idea out of their head.

      That's why I fully place my trust in governments and corporations to tell me what's healthy and what's not.

      After all, everyone knows that smoking is good for you [worlded.org]. And there's no danger in mining uranium [canadiancontent.ca] or genetically modified food [purefood.org] or syphillis treatments [virginia.edu] or the drinking water [erinbrockovich.com], etc.

      Yep, if a big organization says it's safe, that's good enough for me.

      W
    • Re:Not so bad (Score:5, Insightful)

      by Farmer Jimbo ( 515393 ) on Monday July 07, 2003 @10:24PM (#6388160)
      I dont give a fuck about radio waves. I care about data being collected about me without my consent.

      Grocery stores give dicounts for those willing to have there purchasing patterns tracked.
      • Re:Not so bad (Score:3, Interesting)

        by superyooser ( 100462 )
        I used to go to Bi-Lo and use their Bonus Card, thinking I was getting good savings.

        Then I discovered Wal-Mart's groceries. Most products that I buy are 20% to 40% cheaper than Bi-Lo's with the special discounts. And you don't have to join a tracking program.

        Alas, Wal-Mart will probably be the first to use RFIDs wide-scale, so be ready to don the tin foil hat when pass by a store.

    • Re:Not so bad (Score:5, Insightful)

      by Anonymous Coward on Monday July 07, 2003 @10:25PM (#6388166)
      But an RFID conspiracy seems a little far to jump.

      According to their own memos, the RFID has learned people do not want RFID. And their plans are to bludgeon people into accepting them until they become to prevailant to resist.

      In this task, they've assembled a long list of people, including government officials.

      Also, they mention specifically the usefulness of leveraging apathetic people, such as yourself, in forwarding the acceptance tags. They know the kinds of personalities in this game, and have a strategy for each of them. Personalities like yours are a piece of cake. Some people are just born to wear the brown shirt.
    • Re:Not so bad (Score:5, Insightful)

      by Analysis Paralysis ( 175834 ) on Tuesday July 08, 2003 @01:16AM (#6388907)
      When trying to assess privacy threats, you need to not only consider current uses, but also future ones. Now - RFID tags are being promoted for supply chain management (as if stores do not already know what is going where) and much has been made of the limited (2 metre or so) range that a reader can pick them up at. So what could happen?

      • A store installs RFID readers at all entrances/exits ("to detect and deter shoplifters") .
      • This scheme is expanded to cover all branches of that chain ("if a shoplifter enters another of our branches, we'll get 'em!") - data is then used to track repeat visitors and note their spend per visit.
      • Data is shared with other stores ("if anyone shoplifts, we'll all get 'em!") - data collected can then applied to calculate shoppers' movements. This can be linked with credit/store card information to tie movements to individuals - providing past shopping habits, a customer's complaints record (return too many items as faulty and you may no longer be served) and giving stores important information on how to increase impulse purchases.
      • This data is then passed on to third party marketing firms to collate with other personal information. Your shopping movements are now sold with details of your credit history, employment record and medical information. "Shopaholics" can be identified and either have their credit cut or offered incentives to patronise particular stores (depending on who uses this information). Police are provided with access in order to "cut crime" but are also able to track people for other purposes (e.g. automatic parking fines - "Sorry ma'am, according to your RFID record you spent 40 minutes in the town centre while only paying for 30 minutes of parking").
      • Crime prevention stepped up - RFID readers placed at strategic public locations (street corners, crossings) to allow for easier tracking of reported criminals. Activated tags included in Internet/mail order purchases in order to gain subsidies from third party marketeers who now have a substantial stake in "growing" the RFID database. Businesses pay for real-time access (funding the network's expansion) in order to be able to flash special offers to selected customers' mobile phones when they get close to a branch.
      • Microsoft introduce an OS for RFID chips - mass chip failures and security breaches then cause the whole scheme to fall apart and RFID is abandoned as an ignominious failure (OK, I'm making this bit up).
      • Re:Not so bad (Score:4, Insightful)

        by gessel ( 310103 ) on Tuesday July 08, 2003 @03:07AM (#6389196) Homepage
        More applications:

        Prospective employers like to do background checks, current employers often cut employees, stores can collect information that is not personally identifying individually, but aggregators can tie identifications together to high probability hits.

        For example:
        You go to the gap and buy new clothes, pay for them with a credit card. You could be buying them as a gift, or not, the purchaser info and RFIDs are linked and sold to direct marketers and credit aggregators like Equifax.

        Equifax (we'll make them the bad guys just for point of argument) binds the sale and the ID in your record.

        A few days later someone walks into Wallgreens wearing the clothes and buys a pregnancy test. The person pays cash, say, but the purchase ID enters a data cloud with the clothing ID's, and the batch lot are reported - no personally identifying information is, just a temporally connected cloud of RFID points.

        Equifax does a fuzzy search and ties the cloud of clothing points to your SSN, and flags the pregnancy test.

        An prospective employer calls for a background check and decides you're a high risk, and rescinds their offer. Too bad you already quit your last job.

        Maybe the pregnancy test is for a friend, maybe the clothes were a gift, who cares? You're a risk. Sorry.

        Say you buy a 1.5L of JD at the local supermarket. Two of them in a month.

        Say you go out to see a band on a Thursday and show up late for work on Friday, sniffling.

        Say your company is having a strategic workforce realignment and looking for potentially career limited individuals to pare from the workforce.

        Say the alcohol wasn't for you, or the late night out was a one time thing, or the clothes that went past the RFID reader at the bar were on your roommate. Does it matter? Should it matter any way? America is a meritocracy - right? We're all judged on our abilities, not our religion/morals... Can a company dumping 3000 employees out of 30,000 in a week bother with each employees personal story?

        I see, Mr. Johnson, that you wear that overcoat on the job and off. I note that you were carrying a Workers Daily on your way home in that coat. Mr. Johnson, this is a conservative company and we have no place for troublemakers like you. These men will escort you out of the building....

        In every historical case where records were kept of information that revealed individual's private lives and proclivities, that information has been abused, from the Stasi, to the Nazis, to Hoover.

        "Fascism should rightly be called Corporatism as it is a merge of state and corporate power." - Benito Mussolini
  • Warm and toasty (Score:5, Informative)

    by Y2K is bogus ( 7647 ) on Monday July 07, 2003 @09:58PM (#6388005)
    That's what my new cloths will be after I microwave them to ensure that no RFID devices remain functional.

    Don't forget to put a cup of water in there too, to prevent mucking up the magnatron.
    • Re:Warm and toasty (Score:3, Interesting)

      by cornjones ( 33009 )
      if you do put in the cup of water, make sure you put a coffee stirrer or something in it. If you nuke water under the right conditions you can super-heat it and it will violently explode when you put something in it.

      for those of you that are ready to go try this, don't (ok, now I am not liable for any stupidity)
      http://www.amasci.com/weird/microexp.h tml#coffee
  • More info (Score:3, Informative)

    by Anonymous Coward on Monday July 07, 2003 @09:58PM (#6388006)
    Damn, cryptome doesn't seem to be responding. The www.autoidcenter.org is an RFID promotion site and their web site search engine had a scope that included documents marked "confidential".

    If you want to see them, go to www.autoidcenter.org
    and type "confidential" into their site search engine.
    Not sure if they're still up but that's the condensed version of the cryptome story.
  • Mirror (Score:5, Informative)

    by metatruk ( 315048 ) on Monday July 07, 2003 @09:59PM (#6388014)
    I was able to grab the html only. None of the PDFs or PPTs linked to it:
    The mirror is here:
    http://krypton.mnsu.edu/~workmj/cryptome.org/rfid- docs.htm [mnsu.edu]
  • by GillBates0 ( 664202 ) on Monday July 07, 2003 @10:00PM (#6388022) Homepage Journal
    "To experience the Auto-ID Center's security holes firsthand, simply visit the web site at http://www.autoidcenter.org and type "confidential" in the site search box. The Center encourages such site exploration.

    Well I went a-exploring:
    Search for "1.Earn Trust 2. Collect Info 3.??? 4. Profit"
    1 to 5 of 100 results for: "1.Earn Trust 2. Collect Info 3.??? 4. Profit"

    Search for "We think we absolutely rock"
    1 to 5 of 92 results for: "We think we absolutely rock"

    Search for "You can't trust us with your personal data"
    1 to 5 of 100 results for: "You can't trust us with your personal data"

  • by VValdo ( 10446 ) on Monday July 07, 2003 @10:02PM (#6388029)
    For those of you who have trouble finding the info at cryptome...

    To experience the Auto-ID Center's security holes firsthand, simply visit the web site at http://www.autoidcenter.org [autoidcenter.org] and type "confidential" in the site search box.

    This actually works!

    Color me convinced-- I sure can trust these masters of technology with embedding "green tags" in my clothing! I'm sure the info will never be abused or fall into the wrong hands...

    W
    • by RDFozz ( 73761 ) on Monday July 07, 2003 @10:15PM (#6388109) Journal
      When I searched (minutes ago), and skimmed through the first half of the results, none of the documents was still confidential (newest one to expire ran through May 2003).

      Admittedly, I'm too lazy to explore further, but it certainly appears that, at present, the "confidential" documents to be found aren't considered confidential any more.

      That said, as I noted, I got 59 results; does anyone who hit it earlier recall more?
      • I've posted this elsewhere tonight, but I'll post it here, too.

        The "expiration dates" on the files were hastily added TODAY as a bit of damage control.

        No expiration dates were included on any of the Auto-ID Center's confidential documents before this afternoon.

        To verify this, you can find a mirror of the original search done this morning (before we went public with this) at:
        http://krypton.mnsu.edu/~workmj/cryptome.org/ rfid- docs.htm
    • by Svartalf ( 2997 ) on Monday July 07, 2003 @10:22PM (#6388144) Homepage
      Nobody that's on about the "Confidential" pages apparently did.

      From the website search engine:


      "Summary: pml research update june 4, 2002 christian floerkemeier robin koh Confidential until september 2002. Confidential until September 2002 in re
      "

      (Bold emphasis mine...)

      Notice that this sample says "Confidential until September 2002". Now, unless you know for a fact that they were available for reading prior to September of last year, then there's really no problem unless they're talking about some sort of big-brother-esque system.

      Now, this isn't saying that they're not. But, as seeing that Cryptome's /.'ed off the face of the 'net right at the moment and I've yet to see much of any proof thereof, I'm going to err on the side of caution- partly because I know what the capabilities of the RFID systems are these days and there's not currently anything that could do what the alarmists keep saying is possible. Now, that doesn't mean that it couldn't happen- but it's not going to be an RF system at that point because the little tags don't have enough antenna, etc. to be able to radiate more than a few picowatts of power at any frequency that they've used to date (or in the future...).
      • by heli0 ( 659560 ) on Monday July 07, 2003 @11:39PM (#6388518)
        "I know what the capabilities of the RFID systems are these days and there's not currently anything that could do what the alarmists keep saying is possible"

        According to this article [com.com] the 500million tags that Gillette purchased "Alien Technology says its RFID tags can be read up to 15 feet away". And that is with the LEGAL readers the store is using. How far away can they be read with my illegal jiggawatt reader and directional antenna? How long will it take people to decode the 64-bit codes to determine which bits are brand/model/size/etc. and read the codes from great distances?

        They do not plan on disabling the tags when you leave the store either since one of Wal-Mart's listed benefits for RFID tags is "hassle-free returns".

        How long until I can point a directional antenna at your home and fire up my jiggawatt reader to determine if you have anything worth taking?

        • Yeah, what a great idea for hi-tech burglars..
          Drive down a street with an RFID exiter and case every house of the street all the way down to brand name and model of every tagged item in the home.

          Of course the taxman will love this also, just wait till you get your itemized property tax bill and any attempt to damage or remove the RFIDs is punishable as tax-evasion.
  • Old trick (Score:3, Interesting)

    by tarquin_fim_bim ( 649994 ) on Monday July 07, 2003 @10:05PM (#6388050)
    Pretend you're going to do something that's really, really, extreme then when you do something that is merely really extreme no one seems to mind because it's better what was going to happen before big brother became our friend and stopped the really, really bad stuff from happening.

    I'm not paranoid I know they're after me.
  • by Anonymous Coward on Monday July 07, 2003 @10:16PM (#6388116)
    I picked a PDF at semi-random, and found a fairly damning one (not that thats hard to do on their site).

    Try http://www.autoidcenter.org/media/sarma.pdf

    Look at page 21 (its a slide presentation).

    The slide says:
    ---------
    For privacy:One word

    * Annihilate
    * (obliterate, destroy, auto-destruct, kill ...)

    ---------

    I guess that neatly sums up their feelings on the privacy matter. :-)

    The rest of the presentation similarly outlines more of their evil plans for "World Domination".

    Take it easy.
  • Spoofing/Jamming? (Score:5, Interesting)

    by HermanAB ( 661181 ) on Monday July 07, 2003 @10:27PM (#6388176)
    How hard would it be to build a RFID spoofing tool that emits gazillions of random RFID numbers whenever it is polled?
  • data flood defense (Score:3, Interesting)

    by Snowgen ( 586732 ) on Monday July 07, 2003 @10:32PM (#6388204) Homepage

    If we can't avoid these silly things, is there a way to protect our privacy by flooding the receivers with data?

    I mean data is only useful if it's correct. So if we could build little transmitters that operate on the same frequency and constantly sent out incorrect data. So I have a tag in my underwear saying I wear a size 32. The transmitter in my pocket will send out data that I'm wearing 172 pairs of underwear in every manufacturer, style and size. Not only men's underwear, but women's too.

    They want data? Give to them! No one says it has to be right!

    Is this technically feasible?

    • You'd have to catch and broadcast each style of RFID tag radio signal.

      Inductive
      Pulsed
      Backscatter
      Rebroadcast (differing frequencies for transmit and recieve...)
      Etc.

      Each one's completely different from the other in it's operation. And that just covers the RADIO portion of the systems. It doesn't cover the modulation or the encoding. There's a bazillion of those out there.

      Yes, you could come up with a system that could jam/confuse each and every RFID reader nearby. But, it'd end up being something like
  • Good RFID Article (Score:5, Informative)

    by heli0 ( 659560 ) on Monday July 07, 2003 @10:33PM (#6388211)
    RFID Chips Are Here [securityfocus.com]

    RFID chips are being embedded in everything from jeans to paper money, and your privacy is at stake.

    By Scott Granneman Jun 26 2003 09:15AM PT

    Bar codes are something most of us never think about. We go to the grocery store to buy dog food, the checkout person runs our selection over the scanner, there's an audible beep or boop, and then we're told how much money we owe. Bar codes in that sense are an invisible technology that we see all the time, but without thinking about what's in front of our eyes.

    Bar codes have been with us so long, and they're so ubiquitous, that its hard to remember that they're a relatively new technology that took a while to catch on. The patent for bar codes was issued in 1952. It took twenty years before a standard for bar codes was approved, but they still didn't catch on. Ten years later, only 15,000 suppliers were using bar codes. That changed in 1984. By 1987 - only three years later! - 75,000 suppliers were using bar codes. That's one heck of a growth curve.

    So what changed in 1984? Who, or what, caused the change?

    Wal-Mart.

    When Wal-Mart talks, suppliers listen. So when Wal-Mart said that it wanted to use bar codes as a better way to manage inventory, bar codes became de rigeur. If you didn't use bar codes, you lost Wal-Mart's business. That's a death knell for most of their suppliers.

    The same thing is happening today. I'm here to tell you that the bar code's days are numbered. There's a new technology in town, one that at first blush might seem insignificant to security professionals, but it's a technology that is going to be a big part of our future. And how do I know this? Pin it on Wal-Mart again; they're the big push behind this new technology.
    Right now, you can buy a hammer, a pair of jeans, or a razor blade with anonymity. With RFID tags, that may be a thing of the past.
    So what is it? RFID tags.

    RFID 101

    Invented in 1969 and patented in 1973, but only now becoming commercially and technologically viable, RFID tags are essentially microchips, the tinier the better. Some are only 1/3 of a millimeter across. These chips act as transponders (transmitters/responders), always listening for a radio signal sent by transceivers, or RFID readers. When a transponder receives a certain radio query, it responds by transmitting its unique ID code, perhaps a 128-bit number, back to the transceiver. Most RFID tags don't have batteries (How could they? They're 1/3 of a millimeter!). Instead, they are powered by the radio signal that wakes them up and requests an answer.

    Most of these "broadcasts" are designed to be read between a few inches and several feet away, depending on the size of the antenna and the power driving the RFID tags (some are in fact powered by batteries, but due to the increased size and cost, they are not as common as the passive, non-battery-powered models). However, it is possible to increase that distance if you build a more sensitive RFID receiver.

    RFID chips cost up to 50 cents, but prices are dropping. Once they get to 5 cents each, it will be cost-efficient to put RFID tags in almost anything that costs more than a dollar.

    Who's using RFID?

    RFID is already in use all around us. Ever chipped your pet dog or cat with an ID tag? Or used an EZPass through a toll booth? Or paid for gas using ExxonMobils' SpeedPass? Then you've used RFID.

    Some uses, especially those related to security, seem like a great idea. For instance, Delta is testing RFID on some flights, tagging 40,000 customer bags in order to reduce baggage loss and make it easier to route bags if customers change their flight plans.

    Three seaport operators - who account for 70% of the world's port operations - agreed to deploy RFID tags to track the 17,000 containers that arrive each day at US ports. Currently, less than 2% are inspected. RFID tags will be used to track the cont
  • by jdreed1024 ( 443938 ) on Monday July 07, 2003 @10:33PM (#6388212)
    OK, we've had our conspiracy theory jokes, and enough has been said about microwaving the RFID tags.

    Now, if you're actually upset about this, take 5 minutes and drop them an e-mail, or better yet, send them a letter (like, on real paper). Or call them. There's several feedback addresses and mailing addresses. That's what I'm going to do. Don't think "oh, 50 other people are writing, I don't need to", because those 50 other people are thinking the same thing.

    Politicians don't read slashdot. Hundreds of +1, Insightful posts don't mean anything in the long run, but if a politician receives several hundred letters telling him why this is a bad idea, he might just give it a second thought. Heck, call your local news program if you want. If it's a slow day, (or if it's FOX News) I bet they might be interested...

  • by Sir Holo ( 531007 ) * on Monday July 07, 2003 @10:36PM (#6388227)
    but the CONFIDENTIAL documents are all marked "CONFIDENTIAL until xxx 2002" or "CONFIDENTIAL until xxx 2001." Not such a gaping security hole, it seems.

    Yes, the potential implications of RFID are creepy, but their planning for a marketing campaign sounds pretty much par for the course.
    • by Katherine_Albrecht ( 684415 ) on Tuesday July 08, 2003 @02:20AM (#6389079) Homepage
      There were 68 documents available under a "confidential" search of the Auto-ID Center's website this morning.

      They did NOT say "confidential until [fill in date]" like they do now.

      The Auto-ID Center's first response this morning was to pull nearly all the documents with "confidential" in their descriptions off the site, then slowly replace them one by one, with new "confidential until" designations tacked on. We have not yet had a chance to verify if the documents have changed in other ways than the new "sell by" dates they now carry.

      Many other documents vanished and have not yet reappeared (nor are they likely to, considering their content).

      Cryptome has listed the original 68 "confidential" search results, as they appeared this weekend. As soon as the Cryptome site recovers, you can verify that there were few or no expiration dates on any confidential documents until well after the story broke today.

      You've got to hand it to the Auto-ID Center for working overtime on damage control. The "confidential until" thing was a nice touch.

      p.s. Until it crashed, Cryptome had all 68 original documents available for downloading on its website.
  • Problem solved. (Score:5, Interesting)

    by DuckDuckBOOM! ( 535473 ) * on Monday July 07, 2003 @10:41PM (#6388254)
    http://home.europa.com/~ruralite/energy%20topics/l aundry.html [europa.com]
    Scroll to the bottom of the page.
  • by Brian_Ellenberger ( 308720 ) on Monday July 07, 2003 @10:48PM (#6388285)
    Just require that manufacturers only use the RFID tags on things that can be removed from the product, such as an easily identified sticker or a common cardboard tag. This would make it RFID tags pretty much the same as the common Barcodes we use now.

    Brian Ellenberger
    • any pretty useless for theft prevention, one of the publicly stated reasons for its use.
    • Just require that manufacturers only use the RFID tags on things that can be removed from the product, such as an easily identified sticker or a common cardboard tag.

      Let's see...who's got more lobbying money/access? Us (as individuals), or Walmart/Sears/Kmart/Target/Asda/Tesco?

      Who do you think will win?
      • by Brian_Ellenberger ( 308720 ) on Monday July 07, 2003 @11:30PM (#6388475)
        Let's see...who's got more lobbying money/access? Us (as individuals), or Walmart/Sears/Kmart/Target/Asda/Tesco?

        Who do you think will win?


        I guess you haven't heard of the ACLU, NRA, NAACP, AARP, or the various other special interest groups in this country. Special interest groups represent a group of people gathering their resources to fight for a particular cause. They can wield power as great or greater than any corporation. I'm not aware of any single organization that can completely turn an election like the NRA or AARP can. Corporations can only give money, but special interests can directly give VOTES.

        You personally will not stop Walmart or Sears from implementing the tags directly in items but the EFF may! So donate and get involved!

        Brian Ellenberger
  • Renaming strategy (Score:5, Interesting)

    by Anonymous Coward on Monday July 07, 2003 @10:49PM (#6388291)
    That renaming bit works wonders. A (major) company I used to work for renamed a component of their data mining technology from "key" to "link", because what they were doing was illegal if the unique identifier for multisource consumer data was used as a key into a database table. Call it a "link", though, and you've bypassed the problem altogether.

    The corporate legalists knew full well that anyone opposing a "key" would only know to refer to it by that particular name. If you change the name, the problem vanishes because now no one knows to object to it.

  • by phillymjs ( 234426 ) <slashdot.stango@org> on Monday July 07, 2003 @10:50PM (#6388297) Homepage Journal
    It's going to take much more than just a tinfoil beanie to counteract this. I'm talking full-body coverage [hollywood-costumes.com] here, people!

    ~Philly
  • by FunWithHeadlines ( 644929 ) on Monday July 07, 2003 @10:52PM (#6388314) Homepage
    As shocking as it may seem the first time you come face-to-face with PR techniques designed to further a corporate agenda over a public's objection, this kind of stuff is quite typical of today's PR machine. Just read this book on the PR industry [prwatch.org] to get one side of the story.

    Now PR can be used for good reasons, to be sure. So I'm not knocking PR as such. It's a tool, and it can be used for good purposes and bad purposes. But when a company wants to push something that nobody wants, all they have to do is change the wording, create some planted stories, cook some polls, infiltrate opposed organizations, buy people off, uh well, use your imagination. When "...3. PROFIT!!" is your goal, PR can be a very effective tool at the hands of the unscrupulous. This story? Business as usual for PR.

  • Torn (Score:5, Interesting)

    by Orne ( 144925 ) on Monday July 07, 2003 @11:01PM (#6388351) Homepage
    As we say at work, "You know you're doing something right when both sides are mad at you."

    This technology has so much potential. I want to be able to remotely pay and walk right out of the store without waiting 15 minutes to check out two items; but I know that they're just going to use my purchases to send me more advertisements. RFIDs can give us information on our environment and we give it to them.

    And that's the problem, exchange of information. After reading that article, these RFID manufacturers are already showing their lack of concern and ignorance how to secure their networks -- it's like a company that installs IIS and never patches, they're that clueless. And this technology needs to be secured right the first time; the last thing I need is yet another report of a bungling tech company leaking credit cards. It's not an MMORPG, where you get 8 months to fix, rollback and patch. This time it's worse, because a crack will not only expose financial data, but expose your personal location.

    Now I don't do much to attract the ire of governments or corporations; I pay my bills, buy my music, and live my life in security. I don't worry about the gov collecting my info, because the government isn't coordinated enough to figure out what to do with it even if they had it. As a small potato, I worry more about the honesty of my fellow citizens. Store employees get caught scamming credit cards, and now, do we get to look forward to the future criminal "warscanning" around the neighborhood with his radio sensor, instantly detecting what valuables you have inside your house...

    Somehow, we the community need to express our concern that the proper precautions are taken. This technology is coming, and the market potential is great. As end users, we need to demand an open access system, so that we might provide the checks and balances to keep the system honest. What else can I say, but whether we need to demand the government regulates an open system, or we use market forces to drive it into oblivion, the public can't let this slide.
  • Sun Microsystems (Score:5, Interesting)

    by AtariDatacenter ( 31657 ) on Monday July 07, 2003 @11:08PM (#6388376)
    I think it is evident that Sun Microsystems likes this because they see it as a way to sell servers. They appear to have put their rubber stamp [autoidcenter.org] on this. Of course, wasn't it McNealy who said words to the effect of privacy is dead?

    Sounds more like privacy stands in the way of profit.
  • Letter to these guys (Score:3, Interesting)

    by zakkie ( 170306 ) on Monday July 07, 2003 @11:14PM (#6388401) Homepage
    Here is the text of a letter I wrote to them. Feel free to improve on the text if you're a lawyer so that it may actually work as a contract, and also to suggest any other changes that may force them to rethink their business strategy on the basis of our privacy not actually being free for them to use. .........

    I hereby note my wholehearted objection to your complete and total disregard for
    my privacy. Furthermore, should you plan to derive profit at the expense of my
    privacy, I expect compensation. After all, the privacy is *mine*, not yours to
    profit off.

    Should I find that an RFID tag has compromised my privacy, I shall bill you at
    an amount I feel is acceptable. Your issuing of RFID tags or the technology to
    implement them to any company that will indiscriminately embed it in any kind of
    product that I might purchase, through choice or otherwise, or be issued with,
    by choice or otherwise, will indicate your acceptance of these terms.
  • by Chad E Dirks ( 681955 ) on Monday July 07, 2003 @11:32PM (#6388486)
    Now, the first worry that probably comes to mind is, "What if they assign unique identification numbers to each piece of clothing?"

    Most of the devices I have read about have sufficient storage to uniquely identify every single item of clothing ever sold (which really doesn't require many bits at all). Current devices such as those we heard about with Benneton [boycottbenetton.org] are not visible unless you either know where to look or have special equipment.

    The devices seem to have a rane of 1-10m, and probably on the lower end of that for clothing items, but certainly that range will be improved with time.

    While I trust that there would be sufficient public backlash to prevent this level of tracking and identification, we shouldn't feel comfortable even once we have stopped this precise level of unique identification.

    Consider instead that each item of clothing you wear: shirt, slacks, briefs, and socks do not have an identifier unique across all items of clothing or even acorss all items of clothing of that type, but have only a unique identifier for the brand and 'model' (e.g. "Dockers Fall 2003 tan polo shirt") of the item.

    It is still quite trivial to track you even in this case. Where in the past law enforcement agents might issue an alert for a man wearing "blue jeans, white t-shirt, orange cap", now they can issue an alert for a man wearing "slacks brand/model 3000023153, shirt brand/model 2000893912, cap brand/model 42330000251".

    How many people do you suppose there are in an average large U.S. city wearing the same brand/model of 4-6 items of clothing? A lot fewer that we might think, I suspect. Probably few enough that it would be trivial to track all such individuals if necessary.

    The more unique you dress, the more you stand out in a crowd (and not necessarily to the naked eye), the easier it is to track you.

    There is no need to trust our privacy to legislation, although that would be a valuable step.

    Simply encourage individuals opposed to these measures first to destroy these tags in their own clothing and to make a market for clothing without such tags.
  • by Halo- ( 175936 ) on Monday July 07, 2003 @11:33PM (#6388492)
    While the shower of sparks and smell of melting plastic in the microwave is fun, I'm much rather swap as many RFID tags as possible with my friends, neighbors, and random objects around the house.

    I suspect you could quickly mask your "signature" by carrying a wide swath of tags with you when you go shopping. I'd love to see the database which has a customer walking in wearing a woman's left shoe, hiking boot, 14 boxes of oatmeal, a child's tanktop and four library books.
  • by Halo- ( 175936 ) on Monday July 07, 2003 @11:36PM (#6388507)
    Here in the US, it's illegal (I think) to do things like use a hidden camera to peek up your customer's skirts because there is a "reasonable expectaction of privacy". So where does that end? If I don't choose to advertise my waistsize, or brand of underwear, does I have a legal right not to have that infomation active "read" off me?
  • by Ian Bicking ( 980 ) <ianbNO@SPAMcolorstudy.com> on Tuesday July 08, 2003 @12:31AM (#6388749) Homepage
    I can understand how an RFID tag could be really cool -- it certainly isn't hard to imagine all the neat things you could do with it. But it's easy to imagine how it can be dangerous. People who think about advertising or purchase tracking are aiming low on the danger level -- if that was the only problem, I'd say get over it, RFID is too cool, we can figure out a way to fix the other problems later. Really, how bad is targeted advertising?

    It's all the other tracking. We're talking about a potential record of everyplace a person goes. The government is clearly willing to abuse such information -- organizations like the FBI have abused just about every other piece of information they are given, and have never made any attempt at reform. And there's a resurgence of suppression and punishment of dissidents, including arrests and who knows what else.

    I wonder if there is a way that we could safely use this, though. Off the top of my head, here's the laws I might propose:

    First, all items with RFID tags must be prominently marked. I don't care if it's a "green tag" or whatever -- so long as there's no variety, and it's directly on the item (not on a label somewhere). Second, all RFID reading machines must be in plain site of any place that they can read, and must be prominently marked. Maybe a blinking green light too, or something -- make it a little obnoxious, and make the reader's intent very clear.

    Violation should result in heavy fines, but more importantly, a revokation of the RFID license -- the license to tag things with RFID sensors, to use readers, and all of that. You should not be able to simply risk it with not labeling the items properly -- because in doing it you risk being shut out of the game entirely. And obviously creating these tags should be carefully monitored, as should be fairly easy to do, since RFIDs are all about monitoring -- unauthorized ID numbers should be easy to track. The readers, though, would be harder to track... I imagine it won't be too long before you could rig up your own reader if you wanted.

    So... destruction of the RFID tag should also be fairly easy. All of these would be fairly reasonable, I think.

    Of course, this doesn't keep the government from breaking these rules on its own. And any law the government makes against itself will be ignored and grossly violated, because that's what the Justice Department does. So maybe this wouldn't work.

  • by Katherine_Albrecht ( 684415 ) on Tuesday July 08, 2003 @01:11AM (#6388887) Homepage
    There were 68 documents available under a "confidential" search of the Auto-ID Center's website this morning. They did NOT say "confidential until [fill in date]" like they do now. The Auto-ID Center's first response this morning was to pull nearly all the documents with "confidential" in their descriptions off the site, then slowly replace them one by one, with new "confidential until" designations tacked on. Many other documents vanished and have not yet reappeared (nor are they likely to, considering their content). We have not yet had a chance to verify if the documents have changed in other ways than the new "sell by" dates they now carry. Cryptome has listed the original 68 "confidential" search results, as they appeared this weekend. As soon as the Cryptome site recovers, you can verify that there were few or no expiration dates on any confidential documents until well after the story broke today. You've got to hand it to the Auto-ID Center, though, for working overtime on damage control. The "confidential until" thing was a nice touch. p.s. Until it crashed, Cryptome had all 68 original documents available for downloading on its website.
  • by achilstone ( 671328 ) on Tuesday July 08, 2003 @06:46AM (#6389604)
    When will it become government policy to rountinely RFID tag people?

    It's a common procedure for tagging dogs here in the UK especially if you wish to take your dog abroad. It's been used successfully in finding the owners of strays for some years now.

    Perhaps the tag will be embedded under your skin, as part of a passport application, or maybe embedded into a hip bone or the skull at birth.

    We already externally tag offenders on home curfew, why not go the whole hog and attach a RFID tag to the stem of the brain, try removing or microwaving that you sucker!
  • War pickpocketing... (Score:4, Interesting)

    by leibnitz27 ( 180388 ) on Tuesday July 08, 2003 @08:16AM (#6389873)
    Someone in the office just opined that if cash (notes) had RFID tags in them, then there would be a good hole in the market for a "how much cash is person X carrying?" scanner - pickpockets would be able to pre-select you for their services!
  • by gone.fishing ( 213219 ) on Tuesday July 08, 2003 @08:59AM (#6390153) Journal
    RFID is a tool. Tools can be used, tools can be abused. We can legislate controls that law abiding retailers will have to follow.

    But each RFID tag is a disposable piece of electonics. To manufacture this product, a wide variety of chemicals (including powerful acids and so on) have to be used. By employing them in such a ubiquitious manner aren't we polluting the environment needlessly? I have to imagine if 50% of all products sold had RFID tags in them that we would add hundreds of tons of dangerous chemicals into the environment every year!

    Perhaps the RFID tags should be obvious and recoverable so that they can be recycled! Maybe a deposit could be put on them so that the consumer can return them and get a few cents per unit back.

  • My big worry (Score:4, Insightful)

    by LWATCDR ( 28044 ) on Tuesday July 08, 2003 @09:25AM (#6390405) Homepage Journal
    What happens when the put RFID tags in your credit cards and other ID.
    I really do not care if a store knows that I was one of fifty people that came in wearing size 38 briefs. The big worry is when the can track me just about anywear I go. I would not even have to buy anything in a store for them to know I was there.
    The commercial apps are really big. Lets say I go to Sears and look at fridges three or four times because I might need a new one. Sears will know it and start sending me fridge adds.
    Don't worry about the products so much. Worry about your credit cards.
  • by Phreakiture ( 547094 ) on Tuesday July 08, 2003 @10:08AM (#6390871) Homepage

    Any operation that takes place with RFID tags takes place under Part 15 of the FCC rules and regs. That is the same part that gives us permission to use 802.11${version} wireless networking, but requires that the general public take a back seat on these frequencies to ham radio operators (because we have licenses for these frequencies, and the general public doesn't)

    Part 15 comes with two provisions:

    • Use of any device must not cause harmful interference (to licensed users of the spectrum)
    • Any device must accept any interference, including that which may cause undesired operation

    In other words, by using the unlicensed section of the spectrum, the users of these devices are setting themselves up for interference from other users of the spectrum.

    What I personally would like to do then is construct a set of 13MHz walkie talkies. Not really very practical devices on the whole, but they should work well enough at short range. You and a friend go shopping and just happen to key up the radio each time you pass through the door. You have the legal privilidge to do this, as long as you don't mind the interference to your signal from theirs. They must accept the interference to their signal from yours.

    Technical note: The modulation on your walkie talkies should be something that is guaranteed to take up the entire 14 kHz width of the band specified under Part 15. Perhaps some form of digital voice. You need to occupy 13.560MHz +/-0.007MHz inclusive.

If I have not seen so far it is because I stood in giant's footsteps.

Working...