RFIDbuzz.com

New York Times Review Privacy Concerns over Contactless Cards

The New York Times investigates privacy concerns about contactless cards.

New York Time: Privacy and Contactless

Book Review: ''RFID Applications, Security, and Privacy''

Thanks again to all RFIDbuzz editors for giving me the opportunity to read through this exciting book on RFID and Privacy. Overall, I liked this book very much.

[ Simson Garfinkel & Beth Rosenberg (Eds.) RFID : Applications, Security, and Privacy, Addison-Wesley Professional, July 6, 2005, 608 pages, ISBN: 0321290968. ]

This is a very rich collection of articles contributed by people with diverse backgrounds, viewpoints, and stances. It was just published from Addison-Wesley this summer and includes a number of fresh topics that are highly relevant to the ongoing debates on RFID technology and its implications for all facets of our lives. There are overlaps and discrepancies between some chapters, which actually made my reading experience exciting and fun rather than confusing and frustrating. This book may not be for people who are looking for predigested information about how to build RFID applications, how to address RFID privacy issues, etc. However, anyone who actively thinks about the issues around RFID technology would find this book highly valuable: I believe this is the best book published so far for this reader population.

I myself have been following relevant topics for several years and am currently a contributer at RFIDbuzz and elsewhere. Also, organized with my colleagues workshops in Tokyo last year, partly inspired by the workshop held at MIT in 2003, chaired by Simson Garfinkel, one of the editors of this book (he says the idea for this book came about because of that workshop). Before reading, I wasn't expecting to find something new in the book. But, I was luckily wrong. For example, articles on interaction design (Chapter 9) and cross-cultural perspectives (Chapter 31 and 32) were new to me. Again, the quality (and the quantity) of each article may vary; however, it matters less when many articles are contributed by people who are now playing key roles in shaping the co-evolution of RFID technology and the society.

The book has 608 pages consisting of 32 chapters and 6 appendixes.

The first part of the book includes 9 chapters that covers basics in broad areas: the technology, standardization, privacy, authentication of goods, philosophy and interaction design. Chapter 2, contributed by Simson Garfinkel and Henry Holzman, gives a very good overview of RFID technology and, in Chapter 3, Sanjay Sarma, a professor at MIT and a co-founder of the Auto-ID Center talks about the history of the Auto-ID Center and EPCglobal. Chapter 4 discusses data protection law and fair information practices (FIP) in relation to RFID.

The second part of the book includes 6 chapters that covers different application areas: wireless payment, military logistics, pharmacy, healthcare, library, and livestock management. Chapters 10 and 12 include interviews with key men who led major RFID projects at Exxon Mobile and CVS/Pharmacy Corporation. Chapter 14, contributed by Lori Bowen Ayre, discusses opportunities and risks of using RFID in libraries – one of the unique issues raised here is the cost and time for manually attaching RFID tags to hundreds of thousands of library books.

The third part of the book is titled "Threats" and begins with the contribution by Katherine Albrecht, a prominent consumer privacy activist. The 6 chapters in this part cover social risks and technological weaknesses related to RFID. I liked the way how Chapters 16 and 17 discussed privacy by introducing different system architecture types and potential scenarios of technology adoption. In Chapter 19, Jonathan Westhues, an undergrad student in Canada, shares his experience of hacking a proximity card system.

The fourth part of the book includes 3 chapters that discuss technological approached to RFID privacy and security. In Chapter 21, Ari Juels discusses different approached to the RFID privacy problem, including Blocker Tags and Soft Blocking. The following chapters discuss randomization, killing, recoding, etc. without getting into too much technical details.

The fifth (and the last) part of the book is titled "Stakeholder Perspectives" and includes 9 chapters discussing varieties of topics. I found some of the chapters in this part very interesting. In Chater 30, Peter de Jager discusses RFID privacy in relation to Y2K: "In some ways, I was to Y2K what Katherine Albrecht is to RFID and privacy." Chapter 31 and 32 discuss privacy issues in Asia and Latin America. I was most excited to read these chapters and I do think these contributions are valuable. However, I also felt that they may only have scratched the surface.

Most articles in Appendixes seems to be already published elsewhere. However, they are all good articles and reading them together creates a different opportunity for thinking.

Overall, I would highly recommend this book. It's an essential book for anyone who actively thinks about the issues around the use of RFID technology.

PDFs are available for the following chapters (courtesy of Addison-Wesley/Prentice Hall PTR):

• Chapter 2: Understanding RFID Technology (Simson Garfinkel, Henry Holzman)
  
• Chapter 3: A History of the EPC (Sanjay Sarma)
  
• Chapter 17: Multiple Scenarios for Private-Sector Use of RFID (Ari Schwartz, Paula Bruening)
  

Rest in peace

Vandalism of graveyards is a sad but common phenomenon in Scandinavia. These actions are typically performed by bored teenagers in the silence of the night. A lack of resources makes it hard for the churches to protect their graveyards.

Now the Danish software developer Lyngsoe Systems has come up with a solution to prevent desecration of the graves. Gravestones as well as valuable artefacts inside the church are tagged with RFID. When someone tries to move a gravestone, a nearby RFID reader triggers an alarm. The same thing happens if someone tries to steal the tagged chandelier inside the church.

The churches are particularly plagued by vandalism, and the available theft prevention measures are inadequate. Some churches have made experiments with video surveillance, but it doesn’t really work at night, and the churches do not want their visitors to feel like they’re under surveillance. The RFID-based solution doesn’t create that feeling. Lyngsoe Systems’ solution could ensure that the dead could rest in peace – at a low cost for churches.

U.S. Considering Wireless Passport Protection

Freedom to Tinker reports:

The U.S. government is 'taking a very serious look' at improving privacy protection for the new wireless-readable passports, according to an official quoted in a great article by Kim Zetter at Wired News. [...]

The previously proposed system would transmit all of the information stored on the inside cover of the passport -- name, date and place of birth, (digitzed) photo, etc. -- to any device that is close enough to beam a signal to the passport and receive the passport's return signal.

The improved system, which is called "Basic Access Control" in the specification, would use a cryptographic protocol between the passport and a reader device. The protocol would require the reader device to prove that it knew the contents of the machine-readable text on the inside cover of the passport (the bottom two lines of textish stuff on a U.S. passport), before the passport would release any information. The released information would also be encrypted so that an eavesdropper could not capture it.

Depending on who you trust, you might still want to travel with your passport wrapped in aluminium foil...

The buzz is on the US RFID passports

A lot of buzz surrounding the RFID-enabled new passports coming soon in the US:

USA Today (via SmartMobs, Picturephoning) writes:

Blue-jacketed tourist passports, as well as the maroon-and-black-covered ones used by diplomats and others on government business, are being redesigned and going electronic. The goal is to make it harder to copy or tamper with them, just as currency has been redesigned to fight counterfeiting.[...]

What's generating controversy is a computer chip that will be in a passport's back cover. It will contain all the information now printed on the first page of the passport, including name, date of birth, place of birth, nationality, passport number and a digitized photo.

[...] Bill Scannell, who has a Web site called RFIDkills.com says a terrorist could use a high-powered machine to scan a cafe and determine how many Americans were inside.

Wired reports: Passport Chip Criticism Grows:

Business travel groups, security experts and privacy advocates are looking to derail a government plan to insert remotely readable chips in American passports, calling the chips homing devices for high-tech muggers, identity thieves and even terrorists. [...]

The State Department is also adding technical features to prevent the radio-frequency identification devices, or RFID chips, in new passports from being "skimmed" by unauthorized readers, according to Frank Moss, the deputy assistant secretary for passport services at the State Department.

"We will not issue passports to the American public without mitigating the risk of skimming," Moss said, calling the issue both a technical and a political problem.

The 64-KB chips will include the information from the photo page of the passport, including name, date of birth and a digitized form of the passport picture. The chips include enough space so that fingerprints or iris prints can be added later.

Border agents, using special readers, will be able to call up all the passport information included on the chips on a computer screen. They will also use facial-identification software and a digital camera to verify that the person presenting the passport is the person who was issued the passport.

See also Wired: RFID Cards Get Spin Treatment

West End Laboratories TagZapper(TM)

West End Laboratories, a division of LDC Security, has also developed a RFID tag zapper designed to disable RFID chips. By killing the radio frequency identification tag, the zapper prevents the unwanted scanning and tracking of people or goods. The company reports that RFID poses a privacy threat because anyone with an RFID reader could retrieve sensitive information on myriad topics. The TagZapper™is both lightweight and handheld. According to Whynot.net:

“In a naive, RFID-enabled world without technical forethought, there is risk that sensitive information could be visible in secret to anyone with an RFID reader,” said Le Derec Caden, director and chief scientist with West End Laboratories in the US.

Read more: RFID Jammer and Disabler

From RFID Times

Johns Hopkins University and RSA Labs demonstrate RFID token cracking and cloning with cheap FPGA hardware.

Spy Blog:

A low cost spoofing and cloning attack has been demonstrated by researchers from Johns Hopkins University and RSA Laboratories on some Texas Instruments RFID tag based tokens, used for transport road tolling and the purchase of fuel at petrol stations, and as part of a car key vehicle immobiliser system.

The researchers created a cheap code cracking device from off the shelf Field Programmable Gate Array hardware, to brute force attack the 40 bit keyspace. They wrote software to simulate the radio protocols of the RFID tokens on a laptop computer connected to radio equipment.

These tokens do not use modern strong cryptography, such as the AES algorithm, but the attack demonstration (including online videos) should be seen as a dire warning for the likes of Tesco, WalMart or the US Department of Defense who seem to be set to use billions of far less sophisticated yet still re-programmable RFID tags e.g. EPC Class 1 Generation 1 or Generation 2 tags, which do not use any encryption at all !

It also has implications for the privacy and security of new USA Biometric Passport for which it is also planned to use unencrypted RFID chips.

Cross posted from Spy Blog

Chipping a CIO

Roland Piquepaille reports on "The world's first RFID-enabled CIO" (via engadget and jdb). As we have mentioned earlier, VeriChips are already in use in both Barcelona and Glasgow.

John Halamka's stunt seems to be more for publicity than anything else, or am I missing something crucial here?

VeriChip RFID implant evil spreads to Glasgow

Spy Blog:

Both the The Observer and the The Telegraph report that a night club in Glasgow is following similar night clubs in Barcelona and Rotterdam by offering to implant VeriChip RFID chips under their loyal customers' skin.

This has many advantages for the bar or night club, by allowing them to extract money from customers who have decided that even credit cards are too bulky or inconvenient to carry, or who cannot even remember their own names whilst high on drugs or drink.

They are treating their loyal customers like animals such as cattle or pet cats or dogs, where identical technology is used.

The same hype tactics of promoting the VeriChips as a status symbol "allowing" a customer easier access to the "VIP" lounge/party/promoted event are evident in Glasgow as in the other European trials of the technology. Almost all of these VeriChip "trials" involve free or subsidised equipment and/or implants, and are publicity stunts aimed at supporting the share price of the chip manufacturer.

The bar/night club owner/promoter also benefits from the media hype and publicity that VericChip implants in humans always generates ("no such thing as bad publicity")

We agree with notags.co.uk in condemning the attempted introduction of VeriChips into the UK. Implanting sub-dermal tracking devices in humans is wrong, and should be illegal.

VeriChips are too electronically unsophisticated to contain any encryption technology, and they can therefore be read and abused remotely by radio, using the 125KHz ISM licence free frequency band, by malicious third parties. This is not being made clear to the "customers" in Glasgow.

Unlike a bracelet or badge with an optical barcode or even an embedded RFID chip, a VeriChip involves minor surgery to implant it, and more serious surgery to remove it.

Any British doctor who performs such unethical "unecessary surgery" or mutilation, to implant VeriChips should be struck off by the General Medical Council.

Where is the approval from the UK medical authorities permitting the use of such implants in humans ?

Cross posted from Spy Blog

RFID Marauders Map

As predicted in The Register's BOFH column, RFID-powered "Maurauder's maps" (as seen in Harry Potter, a magical map that shows people's whereabouts as dots moving around on an enchanted piece of pergament) aren't far away.

An article in today's digi.no has an interview with Jon Atle Tigerstedt of new Norwegian outfit Wavedancer. Wavedancer is developing an RFID security system based on RFID-enabled keycards/asset tags and a floor plan map (hence the Marauders' link).

Not unlike the Wifi-based Ekahau-system, but based on tracking entrance/exit from rooms, Wavedancer's marketing buzz focuses on security and safety: in the event of a fire; know how many people were in each room, how many have gotten out etc...

Marks & Spencer RFID tags - Marble Arch store, London, November 2004

Some impressions and photos of the second Marks & Spencer "Intelligent Label" item level RFID tag trial:

Marks & Spencer
Intelligent Label RFID tag trial
Menswear department
Marble Arch store, Oxford Street, London, November 2004.

Apparently there are six Marks & Spencer stores participating in this latest RFID tag trial until December 2004. This press release from March 2004 implies that that the six stores are probably Aylesbury, Camberley, Ealing Broadway, High Wycombe, Kingston and Marble Arch"

N.B. There are no warnings to Customers that they are being experimented on, or that the RFID tags are not being "killed" or removed at the checkout till.

Cross posted from Spy Blog

Ubicomp Ethical Guidelines

Adam Greenfield of the Boxes and Arrows weblog writes: All watched over by machines of loving grace: Some ethical guidelines for user experience in ubiquitous-computing settings:

If ubicomp applications are rushed to market and allowed to appear as have so many technological artifacts in the last thirty years - i.e. without compassionate attention to the needs and abilities of all sorts of human users, without many painstaking rounds of iterative testing and improvement in realistic settings - then they will present those users with a truly unprecedented level of badness.

Imagine the feeling of being stuck in voice-mail limbo, or fighting unwanted auto-formatting in a word processing program, or trying to quickly silence an unexpectedly ringing phone by touch, amid the hissing of fellow moviegoers - except all the time, and everywhere, and in the most intimate circumstances of our lives. Levels of discomfort we accept as routine (even, despite everything we know, inevitable!) in the reasonably delimited scenarios presented by our other artifacts will have redoubled impact in a ubicomp world.

It's a long, interesting article. Do read it if you're interested in the future development of ubiquitous computing (ubicomp), whis may be closely related to the RFID privacy discussions frequently referred to in this blog.

Is that Viagra® in your pocket, or are you just happy to see me?

The story about tagging of containers of high-value, frequently counterfeited pharmaceutical products is all over the place (NY Times, Slashdot):

The New York Times reports that the FDA and drug makers are going to begin using RFID tags on drugs, especially often-counterfitted (sic) drugs such as Viagra. Currently, the plan is to only tag the large bottles that pharmacists count out pills from, but the system could be expanded to cover individual retail containers of drugs once prices drop.

The Farkleberries blog raises a valid point:

One obvious way of circumventing the "is that Viagra® in your pocket, or are you just happy to see me?" problem would be to transfer the medication after purchase into a non-tagged bottle, and to discard the empty "bugged" container in the pharmacy's trashcan. However, I seem to recall that many prescription medications are unlawful to possess outside of their original pharmacy packaging - as it's then difficult to prove the drugs are legitimately prescribed - and I wouldn't be the least bit surprised if a new Federal law eventually appears, making possession of "tagged"-class drugs outside of radio-labeled containers a crime.

Annotated Location-feeds

Nokia über-tweaker Chris has implemented an interesting invention. Although the idea is not new as such, it's a working prototype using items you don't have to be a researcher or Bill Gates to afford: tracking & online publishing of his location (see annotated graph here) using a Pretec BluetoothGPS, GSM Tracker, a Nokia 6600, and a custom written server program on his webserver.

This being an application Chris controls himself and can switch on and off at will, there is no reason why something similar could be done with a large network of RFID-readers and e.g. RFID-tagged conference tags for visitors to an exhibition etc. "Journey Path Analysis" all of a sudden takes on a completely new meaning.

Secure RFID

Computerworld: Securing RFID information:

The banking and payment card industry has much more experience in protecting personally identifiable information stored on RFID cards, said Ken Ayer, vice president of access controls at Visa International Inc. Visa and the payment card industry prefer the term EMV cards because of the Europay, MasterCard and Visa standards consortium that established standards for smart credit and payment cards beginning in 1996.

Personally identifiable data elements subject to privacy regulations are Triple-DES encrypted on EMV cards. The latest contactless EMV cards are based on the ISO 14443 standard card, which can be read from only within 10 cm. They are configurable based on privacy and security standards followed by each issuing bank in each host country.

EMV cards support both symmetrical and asymmetrical key encryption, Ayer said. The only actual encrypting done on the card is in a challenge-response process to identify an authorized card reader to the card. The rest of the encryption is handled on back-end systems.

"This is a worldwide system that works in all countries around the globe," he said. "It's entirely up to the bank to use one type of encryption or the other, as well as what type of data to encrypt."

Religious RFID?

RFID has a long way to go to convince everyone: "The people say no"

News.com recently ran a report on companies with technologies that involve implanting RFID chips under people's skin or inside a bracelet. The issue has united people with fairly strong religious beliefs and libertarian privacy advocates. [...] Nearly every reader who wrote News.com about the story expressed outrage and disdain.[...]

A large number of letters [...] asserted that human RFID tags are a demonic tool. Several pointed out that in the Bible, Revelations 13:16-17 read: "And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads: And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name."

It's hard to argue against fundamentalists of any belief, but interestingly, in the 1990ies' European Union debate in Norway, religious politicians labelled the European Union "The Beast"... I guess there's symbolism everywhere you look, if you want to find it.

(via commerce.net and eric)

Computer chips in uniforms: tracking inventory or wearers?

USA Today: Computer chips in uniforms: tracking inventory or wearers?:

A uniform-supply company says it uses microchips to better track the garments, but privacy watchdogs are concerned the tiny electronic devices also could be used to track the people wearing the clothing.

Grantex is a pioneer in the field of Radio Frequency Identification (RFID), sewing microchips into the uniforms it rents to clients including Steelcase Inc. and General Motors Corp.

Grantex uses the low-frequency "smart tags" to automatically track and sort its thousands of uniforms. After the chips are programmed, a computer scans the garment to tally how many times it has been laundered or if it needs to be mended or undergo special cleaning. [...]

RFDump

German security consultant Lukas Grunwald has released a tool he names RFDump, that can be used to read, and apparently in some contexts, change the contents of an RFID tag. Handy for discounting your purchases, you'd think, but as far as I can see, this would only apply to read/writable tags (and here possibly actually containing the price information), as opposed to read-only "serial number"-style tags. Serial number / product code tags would generally be used by a business to identify the item; the price would then be looked up from a pricing database; changing this price would require more traditional hacking, unrelated to RFID. Furthermore, generally one would also assume full scale consumer implementations to have a certain level of encryption in place.

Still, his point is proven, and businesses implementing RFID in their supply chain should not ignore the abilities of black hat hackers.

Related links:

• Slashdot: RFID More Hackable Than Retailers Think?
• Forbes.com: A Hacker's Guide To RFID
• Tom's Hardware: The world's first RFID hacking tool released at Black Hat
• Some blogs: The Future Blog: RFID and store security & RFID Gazette: RFDump & Hugh's Sour Grapes: Hacking RFID & Claire Wolfe: RFDump
• CNET News: RFID tags become hacker target
• BlackHat.Com & DefCon(via Tech Goes Boom)
• Additional links: ITVibe.com, Techimo.com

Walking Internet Cookies

Researcher Joe McCarthy blogs the probably best internet analogy to the Baja Beach club implants yet:

VeriChip-Implanted People (VIPs): Walking Internet Cookies

- Ian Brown, director of the Foundation for Information Policy Research

See also:

• Would you implant chips in your body?
• Joe McCarthy: The price of privacy
• RFIDbuzz: Chip the VIP!
• WWInfo: Why (Internet) Cookies are bad
• Jonathan Angel: Too Many Cookies Are Bad for You

Privacy advocates ask FTC for RFID technical review

Computerworld: Privacy advocates ask FTC for RFID technical review

The FTC or other agencies could conduct an "impartial" assessment of RFID and its potential effects on privacy, said Beth Givens, director of the Privacy Rights Clearinghouse. Some advocates who trumpeted RFID's potential to reduce supply chain costs called for a public education campaign to teach the public about the potential positive uses of RFID, but Givens said a public campaign should also include privacy concerns.

"It's very important to distinguish between a true consumer education campaign and a public relations campaign," she said.

''Maybe it'll be Little Brother watching you''

Columnist Lenore Skenazy discusses her future plastic fantastic RFID world's downsides in this article from the New York Daily News: Maybe it'll be Little Brother watching you:

Think of it as a bar code on steroids, broadcasting heaps of info:

"I am a pair of Hanes bikini briefs, size 8, shipped to the Poughkeepsie, N.Y., Wal-Mart on Sept. 9, and purchased the day before Halloween by Lenore [last name deleted], who also bought a whopping mountain of fun-size Snickers that day. Waaaay more than she needed for the kids in her building at [address deleted]. Let's see how long she fits in these briefs!"

Well, it's not quite as snippy as that. But all that info could well be there. And Wal-Mart is planning to implement RFID throughout its stores by 2005.

For unencrypted active tags (as opposed to the passive tags currently widespread), maybe, but still a bit far fetched. Eiter way, her conclusion is still valid:

Is there any way to stop this tracking in its tracks? Maybe. Consumers must insist that RFID tags be easily visible, removable and turned off at checkout.

Otherwise, it won't be only your underpants Big Brother can see. It will be everything about you.

And that stinks.

(via RFID Log)

RFID Privacy Gap?

InternetNews.com: RFID Privacy Gap?

Where does consumer privacy fit into a world where every product has a unique IP address? It's a question that consumer goods companies and Federal regulators are only beginning to tackle. The issue was discussed Thursday during "Privacy Futures," a conference sponsored by the International Association of Privacy Professionals and online security software company, TRUSTe.

[...]

EPCglobal Public Policy Committee chair Sandy Hughes, who is also Procter & Gamble's global privacy executive, said the committee is getting input to help with policy decisions. "At least we have a body now that's actually looking at it," she told the audience.

FoeBuD presents RFID-DataPrivatizer

FoeBuD, a German group of RFID and privary activists has presented the alpha version of their DataPrivatizer. The DataPrivatizer can detect RFID chips and scanners.

Earlier this year FoeBuD activities have forced the retailer giant METRO to call back RFID enabled loyalty cards.

Source: heise(in German).

Japanese RFID Privacy Guideline Released

Japanese Ministry of Public Management, Home Affairs, Posts and Telecommunications (Soumu-Sho) and Ministory of Economy, Trade and Industry (Keizai-Sahgo Sho aka METI) jointly released an RFID Privacy Guideline today.

The ministries made their own guidelines in March. Since then, they have been discussing to integrate the two guidelines.

The guideline articulates the following points:
(1) Indication that RFID tags exist
(2) Consumers right of choice regarding reading tags
(3) Sharing information about social benefits of RFID, etc.
(4) Issues on linking information on tags and databases that store privacy information.
(5) Restrictions of information gathering and uses when private information is stored on tags
(6) Assuring accuracy of information when private information is stored on tags
(7) Information administrators
(8) Information sharing and explanation for consumers

In relation to (2), the guideline says that it is necessary to show consumers how to prevent their tags from being read. It also introduces a few sample methods like "covering tags with aluminum foil," "deleting information on tags using an electro-magnetic method," and "physically removing tags."

via Nikkei BP (in Japanese)

Cross-posted from RFID in Japan

On RFID in Library books

Cameron Sturdevant: No RFID for Library Books:

The chief librarian of the San Francisco Public Library is considering spending almost $1 million over two years to replace bar codes and magnetic strips with RFID tags on books, videos and other library materials. Although I appreciate City Librarian Susan Hildreth's desire to streamline the check-in/check-out process, I think using RFID tags is a bad idea.

Related:

• RFIDbuzz: We know what you read
• via RFID Privacy.org

IBM on RFID privacy activists

Via RFID Privacy: ZDNet Australia reports: IBM hits back at RFID critics:

Dr Cheryl Shearer, Big Blue's global leader, business development for emerging markets, told ZDNet Australia in an interview this week "I think the RFID privacy movement is primarily an anti-retail movement, because no one is discussing this at all in manufacturing process control or its use in libraries".

Shearer added that much of the confusion was generated because individuals mistook the capabilities of RFID for those of location-based services.

"The crux of the argument about privacy is that it's all very well to have an item marked and to be able to read it but it's quite another thing to be able to do some push-based marketing on the basis of it," said Shearer, arguing "that’s what people are afraid of, location-based services, but that’s not RFID."

Even short range RFID readers can be used to track consumers if widely used in the retail sector. Yes, RFID has lots of positive usages from supply chain management to Legoland kid-tracking but if the industry doesn't listen to the grassroot movements, the backlash will be certain. People don't want their panties tracked, end of story. It's not an anti-retail movement, it's a power-struggle about control of that scarcer and scarcer resource called "personal information"...

RFID for Munich Toll System?

Members of the Green Party in Munich have proposed an RFID-based toll system for the central area of the Bavarian Capital. The traffic experts of the party want to establish a Pay-per-use-system: When citizens try to pass into the centre of the city, their RFID-chips are billed by contactless readers. Photos of the licence plate number shall be taken, if the available credit sum of RFID chip is not sufficient.

The German Government currently tries to establish a Motorway toll system for trucks,, based on GPS satellite technologies.

Sources: The Register and heise (in German)

Chip the VIP!

Baja Beach Club in Barcelona has hit the headlines after starting a VIP area which customers can access by having an RFID chip implanted. The chip is made by US based Applied Digital Solutions (ADS), and can apparently have multiple applications:

Ananova reports:

The 'VeriChip', a Radio Frequency Identification chip made by a US company, will mean regular clubbers at the Baja Beach Club in Barcelona will no longer have to wait in queue to pay to get in.

And it doesn't even have to be implanted into the hand - clubbers can have the chip injected into any part of their body, as long as they are able to flash it in front of the scanner.

The nightclub has now turned Tuesday nights into Implant Night where guests can be chipped in between drinking and dancing.

PrisonPlanet.com has more information:

[...] Alex has spoken many times over the years about how the making the chip "fun" and how by giving it an elite status soon an entire of young teenagers will be arguing with their parents demanding that they let them be implanted so that they can be in the "in" crowd. The Baja Beach Club and Chase have proved that the trend has started.
[...]

[Baja Beach Club owner Conrad Chase] also told me that he had been in touch with the VeriChip Corporation and that there were several new developments with their implant system including the Belgian subsidiary of firearm company, FN Herstal, which manufactures Browning and Smith and Wesson firearms, launching a implant-firearm system which would make a firearm functional only to the individual implanted with its corresponding microchip.

The obvious privacy-related downsides here are many many times larger than e.g. RFID chips in products / clothes / cards / etc: Shielding the chip from rouge RFID chip readers outside the scope of the original use (here, a nightclub) will be a lot more difficult when the chip is under your skin...

RFID in Chinese ID cards

Peter Winer reports from the RFID World conference:

[...] Rocky Shih represented the government of China's RFID initiative. [...]

Rocky did voice enthusiasm for government-issued RFID identity cards. He indicated that China would issue over a billion cards - one for each citizen. He expects that further annual consumption will be between 50 million and 100 million cards as damaged cards are replaced and new cards are issued for newborns.

Going further, he said that 3 million handheld RFID readers would be issued, one for each police officer in China. When asked if this would provoke privacy concerns, he clearly stated that the government does not need to respond to such concerns and that in China, the government does what it wants regardless of the opinions of its citizens.

These comments offer a crystal clear case against RFID in government-issued identity cards. Unless their usage is very carefully restricted - and the restrictions are very difficult to monitor - such cards have no place in a democracy.

This should definitely be a wakeup call to citizens of the world as the US is continuing to work on implementing next generation machine readable passports.

Tesco CEO Rejects RFID Privacy Worries

Tesco CEO Sir Terry Leahy has reportedly dismissed concerns over the privacy implications of RFID tagging.

He said that ''RFID tracks products, not people'' and likened RFID tags to barcoding.

He's right that RFID tags track products. However he misses the fundamental point that an RFID tag can be read from a distance without the bearer being aware it has happened. In this way RFID tags are very different from barcodes.

RFID tracks products - and in doing so it enables the tracking of people.

Cross-posted from The RFID Scanner

''One billion people to get biometrics and RFID tracking by 2015''

No, that's not some sick April Fool joke. In fact it's a headline from the respected silicon.com

The article reports that civil liberties groups worldwide are objecting to plans by the International Civil Aviation Organisation (ICAO) to incorporate biometrics and RFID chips in all passports. This would be linked to a global identity database.

The plans, to be discussed by the ICAO next week, would make biometrics and tagging compulsory by 2015.

The ICAO's preferred biometric is facial recognition, which was recently described by the Economist Intelligence Unit as having the potential to ensure that "privacy, as it has existed in the public sphere, will in effect be wiped out".

Cross-posted from The RFID Scanner

RFID and data privacy: hype vs reality today

Jay Cline, data privacy manager at Carlson Companies Inc. writes in Computerworld about the hype and realities of RFID today:

The privacy scare surrounding radio frequency identification tags is greatly overblown. No company or government agency will be secretly scanning your house to find out what products you've purchased, because there's no feasible way to do so. But if RFID chip makers don't soon allay these fears, the escalating public emotion about this issue may effectively ban the most valuable implementations of this remarkable technology.

Utah: No Right to Know

Utah's trail-blazing "right to know" Bill has been defeated, despite having been passed previously by Utah's House of Representatives.

Time ran out for the Bill in the Senate. The reason? Retailers demanded changes to the Bill. They were especially worried at clauses that insisted RFID tags be disabled or removed at point of sale.

Such clauses are the heart of any privacy legislation. Simply informing customers that their purchases are RFID tagged without doing anything about it would serve merely to legitimise the practice.

Full Bill details here

Cross-posted from The RFID Scanner

Ubiquitous Sensor Network

To those who say that the privacy fears about RFID are unfounded, look at Korea.

The Korea Times reports that in an effort to catch up with the RFID bandwagon the Korean government will be spending huge amounts of money to develop a "Ubiquitous Sensor Network" (USN).

The name itself is chilling. Add to that the list of applications:

''The RFID technology has ample growth potential since it can be applied to practically all areas, ranging from retail and logistics sectors to livestock management home network systems, traffic control and hospital patient management''

Ubiquitous tags, ubiquitous sensors. It seems that everything will be tagged, scanned and monitored as a matter of course.

Of course, that's Korea. It couldn't happen here.

Could it?

Cross-posted from The RFID Scanner

RFID and Privacy: market or legal regulation?

RFID Journal editor Mark Roberti has published an editorial saying that companies/the market will self-regulate their use of RFID to maintain acceptable levels of consumer privacy. Any company using RFID in a way customers don't approve of will suffer loss of revenue as customers go elsewhere:

Right or wrong, companies that use RFID are assumed by the public to be guilty of wanting to invade their customers' privacy and must prove to their customers that they are acting responsibly. I believe most companies will. In the end, no businessperson wants to lose a customer. No CEO wants to see the company’s brand tarnished or its stock price take a hit over bad publicity.

John Wehr of RFIDnews.org comments:

There are no new rules. Corporations regularly commit appalling abuses of consumer privacy to little or no resistance. The RFID industry is not being treated unfairly, rather as every industry should be. The scrutiny vendors, integrators, and retailers face is too uncommon in a day when video cameras and microphones are widely used to study individual consumers. While welcoming such criticism is difficult, it will leave the industry robust and aware of intangible consumer needs in a time when both characteristics are in short supply.

Peter Winer adds:

[Mark Roberti's] argument works well for companies, but not for governments who can deploy RFID at will without fear of alienating the public.

Surely, the conclusion must be: yes, please: RFID holds great promise for supply chain management and a host of other areas. Inherent in the technology, however, is the possibility of more detailed suveillance and tracking of individuals that needs to be discussed out in the open, but at the same time not preventing the industry from progressing and exploring the possibilities RFID has for reducing cost in supply chain (as well as helping individuals). Legislation may not universally eliminate the shadier uses of RFID, nor will the existense of CASPIAN alone.

Open debate will educate the public to both the benefits and the dangers of RFID over the coming months and years, legislation and market pressure (potentially caused by whistleblowers and/or consumer organizations) will address privacy issues as they arise...

Where to concentrate RFID privacy efforts

Peter Winer writes a very good article about trust in RFID applications and advises industry as well as RFID privacy campaigners on where to concentrate their efforts:

• We need to resist broad and general statements that RFID degrades privacy.
• Applications from governments that force people to relinquish privacy should be resisted strongly.
• Enterprises can collect information from consumers if they earn the consumers’ trust and this can be earned with both technology and trustworthy behavior.
• Applications that deliver extreme and compelling value to consumers are more likely to succeed.

On a related note, SANS PrivacyBits states (linking to this article about RFID vs Privacy):

Certainly the reports that we have cited here substantiate the view that the privacy advocate's hysteria is out of proportion to the risk.

Who's right?

The debate is open in the RFIDbuzz discussion forum!

Smart Possessions

Pete Winer writes about his visions on "Smart Possessions" in a recent blog entry:

A couple of years ago, I bought a shirt from Lands End. It's a nice shirt and I wear it a lot. Now, I'd like to buy a couple more just like it. I'm not about to go into Sears (who now owns Lands End) and go hunting for the shirt. I don't have one of their paper catalogs lying around, so I’m going to go online.

I want to be sure I get exactly the same style shirt I got last time. How can I be sure?

Until recently, I was hoping that someday my Lands End shirt would have an RFID tag in it and I would have a desktop RFID reader. I could just introduce the tag to the reader and the Lands End Web site would pop up on the screen of my home computer. And then, just like that I could buy another. Or I could buy two more. And I could buy one for my friend Mitch while I’m at it. [...]

Read the whole article for more thoughts on the "Internet of things"

Benign by Design?

More on the San Fransisco book tracking row from The Marin Independent Journal.

The Journal quotes chief librarian Kathy Lawhun describing the proposed RFID technology as "benign by design". She then goes on to describe it as "simply a chip with an antenna". The fact that she seems unable to see the contradiction between those two statements is worrying.

The article also quotes library officials as stressing that the information on the RFID chip will be the same as on the current barcode system.

Now, I don't know what that information is. But I'm prepared to bet it includes some sort of unique stock identifier that with access to the library database can be used to identify the book.

Combine that with a "chip with an antenna" that is capable of being read without anyone knowing it and you have a technology that is far from benign.

Such a system should not be allowed to go ahead until there is a legally enforcable requirement for the chip to be disabled at check-out.

Cross-posted from The RFID Scanner

We Know What You Read

Infoshop.org reports that San Francisco public libraries are preparing to embed RFID into their books. This would help them to find books, speed check-out and save money.

It would also mean that anyone with an RFID scanner could potentially know what you're reading.

How would you like to be given "special treatment" at the airport because you've borrowed a book that some government official has deemed "suspect"?

One of the really worrying things about this development is that there is no chance of these tags being disabled or removed at check-out. The whole point of them is that they will be there for the lifetime of the book.

Katherine Albrecht of CASPIAN said:

I don't believe there are library people rubbing their hands waiting to use this technology to spy on patrons, but if they create the RFID infrastructure in these books, I think someone else will come along and co-opt that information.

Cross-posted from The RFID Scanner

Background research on the ''burning US 20 dollar bills'' story

As mentioned, someone was microwaving their US 20 dollar bills and claimed that "RFID tags" in the bills caught fire when doing so. Several websites have picked up the news and provided commentary - conspiratorial as well as sceptical; below are some extracts of the current theory(/ies):

BoingBoing reports:

[JC] The same thing happens if you take a stack of copy paper and microwave it. A central point in the stack heats and eventually ignites and burns up and down the stack from that point.

[Alex Q] Also of interest (besides JC's comment) is that they say they are messing with the NEW twenties, but in fact those are the old ones. you can tell because the portrait of Jackson has the circle around it, which is absent in the new twenties.

Frank from the famous German Chaos Computer Club does some more extensive research:

It is rather obvious that this is nonsense. A bit of knowledge on how microwaves, RFIDs and anti-theft-systems work comes useful here. Lets begin with the anti-theft systems.

The simplest class of anti-theft systems works by measuring the drain on a HF field generator that is caused by introducing a resonant antenna into the field. The antenna is in the small tag thats placed on the protected products. There are various other kind of anti-theft systems, but these are quite frequent. The alarm goes invariably on if something suffiently resonant is in the field. Resonance can also be caused by a simple strip of metal, wire, metallized foil or pattern of conductive ink that has the right measurements.

The new $20 bills apparently does not contain a metal strip like the Euro bills. At least thats what I gather from the US Bureau of Engraving and Printing . The thread on Slashdot suggests that the metal components in the ink of the new bills cause a sufficiently good antenna when stacked. Single bills got no burnmarks.

Providing some experimental background, Frank continues:

For research purposes I microwaved a 5 Euro note and got the expected effect. Within a few seconds little sparks where visible on the metal stripe and on the metal printing on the right side and caused the expected burnmarks. From analyzing the note under a microscope it is clear that no RFID is in the Euro note. So much for debunking the "when microwaving makes burnmarks, it must be RFID" myth.

Further reading:

• RFIDbuzz.com: "RFID" tags in new US notes explode when you try to microwave them
• RFIDbuzz.com: RFID in US Postage stamps? Dollar bills? - about US plans to tag dollar bills and other things in the future
• RFIDbuzz.com wiki entry on the US Internal Revenue Service

More on the Metro RFID consumer loyalty cards

Reported in the weekend, German retailer group Metro has pulled their RFID-enabled consumer loyalty cards.

This article in Infoworld (via rfidprivacy) gives more background on the decision:

At the Rheinberg supermarket, Metro had embedded RFID chips in loyalty cards for the sole purpose of identifying the age of shoppers wanting to view DVD trailers, according to Truchsess. German law, he said, prevents anyone under the age of 16 from viewing certain movies, so stores like Metro need to have an identification system if they want to provide a viewing service.

The ID chip on the loyalty card, which shoppers use to activate the monitor for viewing DVD trailers, contains the customer number only, according to Truchsess. Data about the individual shopper, such as age, is stored in a database linked via wireless LAN technology to an RFID reader in the DVD section. "We wanted to test RFID technology for this application instead of bar codes, but because of protests by some groups, we have decided to use bar codes," he said.

Regarding the future, however, they continue:

None of the other areas where Metro is testing RFID technology, however, are affected by the company's decision to abandon RFID chips in loyalty cards, according to the spokesman. "We remain totally committed to using RFID in the area of supply chain management," he said. "A top priority is the use of this technology for tracking pallets and cases. And although we're still interested in testing the technology at the item level, this isn't a priority at the present."

and "going WalMart":

From November onward, Metro will require 100 key suppliers to affix smart tags to their pallets and transport packages, according to Truchsess.

''RFID Tags'' in New US Notes Explode When You Try to Microwave Them

I'm not sure whether this is for real, but maybe some of our US readers would care to test and leave us a comment?

"Dave and Denise" report (there's a photo and all):

Dave had over $1000 dollars in his back pocket (in his wallet). New twenties were the lion share of the bills in his wallet. We walked into a truck stop/travel plaza and they have those new electronic monitors that are supposed to say if you are stealing something. But through every monitor, Dave set it off. [...]

We could have left it at that, but we have also paid attention to the European Union and the 'rfid' tracking devices placed in their money, and the blatant bragging of Walmart and many corporations of using 'rfid' electronics on every marketable item by the year 2005.[...]

So we chose to 'microwave' our cash, over $1000 in twenties in a stack, not spread out on a carasoul. Do you know what exploded on American money?? The right eye of Andrew Jackson on the new twenty, every bill was uniform in it's burning... Isnt that interesting?

We've previously mentioned that the IRS has been playing with the idea of RFID'ing money; is this already in place in the new US twenties, or is it just a (non-RFID) metallic component of the bills that explode in the above mentioned experiment?

All comments that can shed some light on the phenomenon are welcome!

Fried RFID tags, anyone?

The UK Privacy activist and "creative scientist" Richard Osborne reports on how RFID tags behave when exposed to a microwave oven:

Luckily, for those of us who value some vestige of privacy, and don't want governments, companies, or eventually, even some nosy local councillor, knowing every time we get up from our chairs and go into our toilets, through the excessively intrusive use of RFID, the Laws of Physics come to our rescue [...]

(via Flutterby.com)

California Senator introduces bill to regulate the use of RFID

California state Senator Debra Bowen has introduced a bill to regulate the use of radio frequency identification (RFID) systems.

A PDF file of the bill can be found here.

The bill would require individuals' consent before "attaching or storing personally identifiable information with data collected via an RFID tag or before any personally identifiable information collected via an RFID system is shared with a third party."

Says MIT blogger Simson Garfinkel:

One of the big problems with this bill: it doesn’t define what RFID is. I think that it’s talking about Electronic Product Code tags, but it’s hard to know for sure. Perhaps its talking about Mobil Speed Pass. Perhaps it is talking about your building entry proximity card.

(Source: MIT Technology Review blog & the RFID Privacy blog

Ross Stapleton-Gray comments:

There are some knotty problems of inference left untouched here as well. For example, "Collecting information through an RFID system that is aggregate in nature and that does not personally identify an individual is not a violation of this chapter" means that I could use RFID to compile an exhaustive record of tag comings & goings that might be of use to some other party... I could, say, record all the RFID tags entering/exiting a hundred monitored points in my mall/office building/business district, then sell the resulting data set to an out-of-state data aggregator which could cross-reference tags seen with other known information. So I've got 200 instantiations of Tag #123456 with dates/times/places; BigSibling Corp., it turns out, happens to know that Tag #123456 happens to correspond to Jane Q. Public's attache case, and pays me handsomely for the raw transactional data I provide.

RFID To Track Heathrow Taxis

silicon.com reports that RFID tags will be fitted to taxis using Heathrow airport. This will allow better fleet management to ensure that taxis are where they are needed.

This is an excellent application of RFID to provide real benefit to the customer. However there's a worrying little piece of detail:

''The chips in the taxis will identify the car and the driver''

and again:

''automatic vehicle and driver identification RFID technology''

Vehicle and driver? Presumably the idea is to distinguish manned cabs from empty ones. Even so, if this plan really does involve tagging of drivers it's setting a seriously bad precedent.

Let's hope the report is simply misleading.

Cross-posted from The RFID Scanner

RSA Security to unveil a ''Blocker tag''

eweek.com: RSA Keeps RFID Private:

RSA Security Inc. will unveil a finished version of its RFID "Blocker Tag" technology that prevents radio-frequency identification tags from being read.

The technology, which RSA plans to demonstrate at its namesake conference this week in San Francisco, is one of the industry's first attempts to secure the anticipated oceans of consumer tracking data to be gathered by the tiny radio-powered tags. [...]

The Spy blog explains how such a device could work:

How does the reader distinguish one RFID tag from its neighbours within range ? The reader interrogates the RFID tags to ask "whose serial number starts with a 1 in the first position ?" Those RFID tags which do not meet this test then remain silent, and ignore the rest of the interrogation sequence, whilst the rest of them transmit a "yes that is correct" answer back to the reader and then await a similar question about the next digit in their binary serial number. The process is repeated until the reader has identified each of the RFID tags in range.

The idea of RSA Labs RFID blocker device is to essentially construct an RFID tag (or more probably something somewhat larger and more expensive at this stage) which mimics the "yes" answers transmitted by the RFID tags when the reader asks about a particular digit of the RFID tag's serial number.

If the RFID tag blocker device always answers "yes", or answers "yes" in a random manner, then the RFID reader believes that there are thousands or millions of RFID tags within range and cannot reliably distinguish between any real RFID tags that you are carrying and the false RFID tag serial numbers it is apparently reading.

There is a paper published at the RSA Labs' homepage explaining the process in more detail:

The Blocker Tag:
Selective Blocking of RFID Tags for Consumer Privacy:

Authors: Ari Juels, Ronald L. Rivest and Michael Szydlo

Abstract: We propose the use of "selective blocking" by "blocker tags" as a way of protecting consumers from unwanted scanning of RFID tags attached to items they may be carrying or wearing. While an ordinary RFID tag is a simple, cheap (e.g. five-cent) passive device intended as an "electronic bar-code" for use in supply-chain management, a blocker tag is a cheap passive RFID device that can simulate many ordinary RFID tags simultaneously. When carried by a consumer, a blocker tag thus "blocks" RFID readers. It can do so universally by simulating all possible RFID tags. Or a blocker tag can block selectively by simulating only selected subsets of ID codes, such as those by a particular manufacturer, or those in a designated "privacy zone."

We believe that this approach, when used with appropriate care, provides a very attractive alternative for addressing privacy concerns raised by the potential (and likely) widespread use of RFID tags in consumer products.
We also discuss possible abuses arising from blocker tags, and means for detecting and dealing with them.

Jeffrey R. Harrow on RFID

Jeffrey R. Harrow, visionary technologist and publisher of the Harrow Technology Report writes about RFID in this piece for FutureBrief.com: Jeff Harrow - Commentary at Future Brief:

As is so often the case these days, it seems that this technology is coming; in fact is already here at the crate and pallet level. And because of its benefits, it seems likely that tagging technology will, eventually, make that final leap to uniquely defining just about everything. But the dark side is there as well, demanding very careful, thoughtful, study. As we implement these technologies, we should take care to implement them in a way that will preserve, or at least knowingly and deliberately give up a minimum of the "privacy" that we have always taken for granted. We don't want to allow such potentially far-reaching changes to happen invisibly, "by accident," as a result of technological innovation.

RFID in the London Transport "Oyster" cards

The UK based Spy Blog writes: Foiling the Oyster Card:

The season ticket versions of the card have name and address and credit card details associated with them. Even the new pre-pay cards, which are more anonymous, unless you use a credit card or choose to register the card, still have a unique tracking serial number which can be tied to the omnipresent CCTV Surveillance on London Underground, and increasingly even on London Buses. [...]

The MIFARE system uses one of the Industrial Scientific Medical licence free frequencies at 13.56 MHz, so it is not illegal for other people to have or to use their own reader equipment.

Clearly, regulations must address potential abuse of such a widespread identification system as the Oyster card (which most of London's frequent users of public transport already carry with them).

In the mean time, the Spy blog recommends aluminium foil-lined wallets...

The Oyster system uses the MIFARE product line by Philips.

RFID privacy report in Canada

Ann Cavoukian, Information and Privacy Commissioner for Ontario, has created a comprehensive report on RFID privacy implications:

Tag, You’re It: Privacy Implications of Radio Frequency Identification (RFID) Technology

[...] Now imagine if tiny and ubiquitous radio emitting tags that cost just pennies apiece were placed in every product or article we consume. In our jeans and sweaters. Inside all consumer good packages, including groceries and shaving foam. In the tires of our cars. In our pets and livestock. Even embedded in our currency. Unique tags that are able to communicate with scanning “reader” devices herald the prospect of information being compiled about individuals in unprecedented detail as well as give rise to the prospect of being tracked by our personal possessions.

Futuristic? Perhaps, but this brave new world is closer than we think, thanks to the emerging technology of Radio Frequency Identification – dubbed RFID.[...]

(via RFIDprivacy.org)

2006 FIFA Soccer World Cup tickets to be RFID enabled?

Anyone attending the 2006 FIFA Soccer World Cup in Germany may be carrying an RFID tag, as the organizers plan to embed one in the tickets themselves. The tag will include information such as game and seating.

IDG News Service reports:

The executive committee of the soccer tournament, which is organized by the Fédération Internationale de Football Association, has decided to include RFID tags on tickets to expedite ticketing and prevent fraud, said Jürgen Domberg, director of the committee's ticketing unit in Frankfurt, Germany. "We view these tags as quick and secure -- far more effective than a manual check process at the gates," he said.

Information on the chip will include data about the game and seating, according to Domberg. Whether it will also include personal information, such as name and home address of the ticket holder, is still undecided, he said. "We don't intend to make public exactly what information we will embed in the chip but all information will be in line with data privacy rules adopted by regulators," he said.

FIFA has no plans to track the movement of spectators, especially soccer hooligans, Domberg said. Hooligans caused several riots during the European tournament in Belgium two years ago.

The project is currently a cooperation between Philips Electronics and FIFA, but it's not yet clear who, if any, will be implementing the final solution, according to IDG. (via The RFID Scanner)

German Metro group under privacy pressure

German supermarket operator Metro group has apparently been trialling RFID chips in loyalty cards at one of its stores:

German watchdog FoeBuD unveils: Hidden spychips in Metro-Group's "Future Store Payback" customer cards:

It is technically possible that customers of the "Extra" supermarket in Rheinberg, Germany, be spied upon without them noticing it. Whoever enters the supermarket has to pass a gate with two huge antennas, and a computer can keep track of who has entered the store and bought what at which time. The technical prerequisites are there. That the Metro Group won't use these data is a question of believing them - but trust has been shattered after they tried to cover up this scandal in the past few days. Among others, the chains Galeria Kaufhof, real, Praktiker, MediaMarkt and Saturn belong to Metro. The Future Store in Rheinberg is a pilot project for the introduction of RFID in retail sales.

(via just-food.com)