Follow Slashdot stories on Twitter


Forgot your password?
Privacy Your Rights Online

Errant E-Mail Shames RFID Backer 60

An anonymous reader writes "An article appearing in Wired today describes how the The Grocery Manufacturers of America inadvertently sent an embarrassing internal email to anti-RFID consumer group CASPIAN"
This discussion has been archived. No new comments can be posted.

Errant E-Mail Shames RFID Backer

Comments Filter:
  • It... (Score:1, Interesting)

    by OneFix at Work ( 684397 ) on Monday January 12, 2004 @02:29PM (#7954313)
    I still don't get it...Why all the concern about RFID?

    These aren't much useful after you purchase the product...

    You can be certain that if anyone has something to hide they will either find a way to disable the chip or simply buy products that don't contain an RFID chip...

    The batteries don't last forever either...

    So, I have to ask, why the concern? A specific person can be tracked much easier by the location of their cell phone, on-star equiped car, bank/credit card purchases, etc than by tracking the location of a pair of shoes they bought.

    Not only that, most of the products with RFID tags will only have them in the packaging...once you take it out and throw away the packing material, it no longer provides any useful information.

    I'm sorry, but I just don't see the need for concern...
  • Re:It... (Score:4, Interesting)

    by OneFix at Work ( 684397 ) on Monday January 12, 2004 @02:56PM (#7954616)
    Yes, that's true...I know a good bit of RFID tags use radio waves to operate, but if I remember correctly some of these actually power themselves...

    Anyhow exactly does my boss know it's MY underware? For instance, if you use a badge reader, what keeps me from going in behind a co-worker? What about the tire would be much easier to simply track you with a <gasp> license plate...

    The truth is, you can already be tracked, it's just that most of us are so boring it isn't worth the effort.
  • Re:It... (Score:2, Interesting)

    by Anonymous Coward on Monday January 12, 2004 @03:25PM (#7954902)
    Imagine this scenario.

    You buy a gift for someone from a store. The RFID scanner at the register identifies you by your previous purchases (that you're wearing/are on you/etc) while you slide your debit card in the reader. Then you give that gift to someone else.

    That person goes shopping anywhere (because RFID data would surely be shared through some clearinghouse) and they use their debit card to make a purchase. If they're wearing your gift, the clearinghouse has now identified a relationship between you two.

    They could develop a very comprehensive database of who is associated with who. Then the government gets their hands on the database, and finds out that you bought something for the future wife of some terrorist, and now you're in jail indefinitely without charges.
  • Re:It... (Score:5, Interesting)

    by Alsee ( 515537 ) on Monday January 12, 2004 @05:46PM (#7956248) Homepage
    Anyhow exactly does my boss know it's MY underware?

    Assuming your company set up an RFID reader at the entrance for any of a number of reasons, every RFID tag on your body would activate and broadcast it's serial number. That code would most likely contain a manufacturer code, a product code, and potentially a unique serial number.

    At the end of teh day you walk back up through the scanner. Maybe they are checking to make sure you aren't trying to sneek out with tagged company property. Rountine proceedure would be to subtract the list of ID's you entered with from the list of ID's you are trying to leave with.

    So, one day the computer alerts the security guard that you are trying to leave with an ID code taht you didn't have when you came in. The code number pops up and an automatic search is done on it. The computer comes back with two hits on the search. The first hit is a match on it's internal database - that ID came in this morning whith Sue from accounting. The external database hit reveals that manufacturer code code is for Victoria's Secret, product code Lowrise V-string panties, black, size 5.

    Security Guard shouts out in front of everyone: "Hey Bob! Whatchya doing with Sue's panties? Are they in your pocket or are you wearing them?"

    He could quite easily pull up your history of ID tags for the year and see what brand(s) of under wear you wear, how many different pair you have worn, and yes, he could easily see how often you wear the exact same pair two or more days in a row.

    RFID tags are already being embetted in the fabric of some peices of clothing. As RFID becomes common situations like I described above can become quite common. That daily RFID scan can be analized for any number of reasons, and the data can be extensive and invasive.

    Every single store you walk into could preform such a scan. Obviously the "intended" purpose is to make sure that you don't walk out with unpaid merchandise, but once they've done that done that then all of the data is already in the computer it can trivially be used for any purpose at all.

  • Re:It... (Score:3, Interesting)

    by jc42 ( 318812 ) on Monday January 12, 2004 @06:06PM (#7956489) Homepage Journal
    These aren't much useful after you purchase the product.

    Oh, I dunno about that. I'm imagining that I'm in charge of the software that collects the RFID data. What I do is have the software note not only the articles that are placed on the counter at checkout, but also the tag number in the clothing that you're wearing as you leave the store. If any of those "extra" tags agree with articles that the store sells, with some low probability (1% or 5% maybe), the software adds it to your bill.

    What I'm betting on is that you wouldn't even notice this. Even if you get a detailed statement that shows all your purchases, the fact is that you did buy that particular article. So it doesn't register, you skip over it, and I've just extracted a small amount of cash from your account. If you happen to notice it, our people are instructed to be very apologetic, and remove the charge without arguing.

    Over a year, this could add a lot of money to the store's coffers.

    It doesn't even matter if such charges are discovered an publicised. The news stories would just add to your image of the unreliability of all things computerish, while the store's cheerfully helpful staff would reassure you that all you have to do is bring it to their attention to get it fixed.

    Unless you could get the source code subpoenaed, there's little chance you could ever fight this sort of larceny.

  • by reinard ( 105934 ) on Tuesday January 13, 2004 @05:44PM (#7966495)
    You obviously know a lot about this issue. I never did or even tried to dispute that.

    I never claimed I knew all the ins and outs of this technology either. And as far as the technical aspects go, I don't have a problem admitting that I'm in a little over my head.

    I've done my share of reading on it however, more so the social implications than the technical implementations. I'm not an electrical engineer, and didn't claim to be one. The statement I made seemed plausible conclusions to me, given what I see is available right now - from what I've read.

    Now to your questions:

    """What makes you so sure "it's not so hard to scan a few frequencies and try a few protocols"?"""
    If there are individual readers for each one, build a device that incorporates all of them try one at a time until you get an expected result. I'm not saying that's quickly done, or with little resources, but I bet you'd agree it's likely possible, and a large entitity (corporation/government etc) could bring up the resources. I'm saying it's not hard because it doesn't require inventing anything or depends on unproven technology. It's just a matter of combining existing technology.

    """Have you ever implemented an anti-collision search for any of those standards you mention?"""
    No (although you already knew that). But what makes you think anti-collision is even necessary for my argument? Your examples ("Mobil Speedpass", keyless entry pass, garage entry pass) are probably all systems that would not function under collision situations, nor do they need to. There is a collision and you get bad data? Ignore it. Fully acceptable for those situations. The same would be true for RFID tags in tires. You get two in the reader area? - Ignore it, you'll get a good read at the next intersection.

    """Do you have any idea what the hardware and software requirements of doing a multi-protocol reader are?"""
    No. Neither does anybody that doesn't have the resources to seriously consider and spec out such a project. And it's not really relevant to this discussion anyway. However, I doubt that they would be much larger than the combined requirements for each individual device - since at least some software and hardware parts will be usable for several of the individual readers.

    """The protocol is nothing like a simple 'ping-pong', whatever that is."""
    With ping-pong i only meant transmit request (ping) and receive response (pong). I've never actually looked at the protocols in detail.

    """The tough part is the "anti-collision" part. What happens when there are two tags in the field? How do you ensure that only one tag responds so you can read it without RF interference?"""
    Again, I'm no electrical engineer, but I would imagine something like a signal that causes random short delays in sending the response, and then repeat until you get a clear response from each tag. Or maybe each tag can be on one of X number of channels, that get scanned sequentially, greatly reducing the potential of collisions etc... Anyways, I know several devices on the market can do this, so this problem has already been solved, ie is technically feasible, so the argument about it is mute - it can be (and has been) done.

    """You're talking out of your ass. Admit it and either accept that you're scared of technology you don't understand, or learn about it then comment."""
    Well I'll respond to that with a quote "Obscenity is the last refuge of the inarticulate motherfucker."

    You're trying to say that I can't argue/discuss these things unless I'm an expert in the field and know every little technical implementation detail. If you don't see a flaw in that, please don't respond. I know you read this anyway.

    This discussion was origianlly about the social effects of RFID tags, and whether concern about widespread implementation was justified. You picked up on a line that may have been technically a bit of a stretch (or even plain incorrect), but rea
  • Dumb. (Score:3, Interesting)

    by Fnkmaster ( 89084 ) * on Tuesday January 13, 2004 @07:38PM (#7967803)
    If you want to get your interns to collect dirt on somebody, you are supposed to have them conceal their identity. What the hell good is it to use an intern for this kind of sniffing around unless you tell them to send the email from their college email account and request information "for a paper they are righting on consumer rights organizations"? If they come out and say "Hi, I work for the industry association that you oppose, can you send me your biographical information?" it's not going to get you very far.

    Which leads me to believe this (dumb) kid may have been acting on his own. Or his boss is REALLY fucking stupid.

The last thing one knows in constructing a work is what to put first. -- Blaise Pascal