Slashdot Mirror
Sun Joins RFID Program
per unit analyzer writes: "C|Net is running an interesting article on Sun's recent affiliation with MIT's Auto-ID initiative. The article is a layman's intoduction to passive RF tag technology. The concept is to replace the ubiquitous UPC bar code with a 5-cent RF-tag. When hit with the right excitation signal, the tag emits its own RF signal encoded with a 96-bit number. The privacy concerns are obvious; items people buy could be tracked anywhere they happen to go. How would you like the security scanners at airports or even the local high school be able to generate a complete inventory of the consumer products carried by each person coming through the door? (OK Johnny, hand over that pr0n magazine in your backpack...) The Auto-ID ilk includes many of the major consumer product manufacturers and retailers. Incidently, the American Radio Relay League is also currently fighting an uphill battle to keep the RF-tag technology of Audo-ID Technology Board member Savi Technology out of the 70cm Amateur Radio band in the US." We have a couple of earlier stories about RFID tags.
Couldn't the retailer be required to disable the RF-Tags at the point of purchase? I would think that would help alleviate privacy concerns. I'm still not thrilled about this technology, either the privacy concerns or taking bandwith from the radio amateurs, but perhaps it can be done in a way that is less intrusive.
Ray Benjamin
-All that is gold does not glitter - Tolkien
www.ra
Sure its a total bastard of an idea from a privacy standpoint, but just think of the fun hackers can have with this once the stores go automated. Just pick off the signal for a product, and rebroadcast using a stronger signal whenever folks go through the scanner. If every single person leaving the store on a given day gets charged for 5 boxes of extra-small condoms and a snickers bar, I'd imagine they'll just go back to barcodes. Or maybe a small personal jammer, so that you can walk through with your heaping cart of geekfuel, and only get charged for a small jar of peanut butter. A cheap 5-cent tag just can't incorporate many security features, and any wireless system is an open invitation to hackers.
The folks who are really concerned about this as a privacy issue need to go visit and abuse all of the test sites they can identify. Drop the confidence level far enough, and the tech won't be adopted.
-reemul
You're just jealous 'cuz the voices talk to *me*
The issue of the cost of the tags is looked at heavily in the article, but that's a long run consideration. In order for the cost of the tags to really be applicable the stores have to have the readers installed in the checkouts. Readers which are likely to be horribly expensive - and management drones are notoriously tight when it comes to spending money on "new" (to them) technology.
Warning: you suc
that 5 cent tag is 50 times more expensive than the barcode. so if the manufacturer is happy with increasing the manufacturuing costs as they now also have to buy a machine to apply these (or hire a person) that 5 cent tage just became a 10 cent tag and is now 10 times more expensive than just including a 1 inch by 1 inch graphic in the printing process for the box already.
sorry, it might help retailers but it doesnt help a manufacturer at all.
Do not look at laser with remaining good eye.
I wonder if its possible to buy these tags in bulk. Carry a bag of 10,000 into the store with you. Something like that would have to overload the system. You would be in your car before the computer could process all the tags at once.
And same in reverse. What if it's a laundry day and you have to go commando? Do you really want people to know?
Nawh. A fine wire mesh should do the job. Size of the holes should be half the size of the RF.
III.IIVIVIXIIVIVIIIVVIIIIXVIIIXIIIIIIIIVIIIIVVIII
Just buy a mag tape eraser or any powerful electormagnet.
RF ID tags are not a big problem for those who don't want to participate. It's like Internet browser cookies. You can let anyone put cookies on your hard drive. But, you didn't sign a contract with web site owners to give back the same cookies that they recorded. You could have software that gave back, not the correct cookies, but something subtly different.
Similarly, you can allow them to irradiate your possessions with radio frequency signals. But you don't have to give back the signals they expect. If they ping your possessions, your own electronics can respond that you are carrying three large elephants from the zoo. If anyone questions you about this, you can confess that you have never stolen anything before, but that you carried the elephants away in an unusual moment of weakness.
--
Links to respected news sources show that U.S. government policy contributed to terrorism: What should be the Response to Violence?
Bush's education improvements were
If this goes on credit cards and drivers licenses then I can scan you and get everything but your signature and (perhaps) the expiration dates. I can check that you're not carrying cards or IDs in more than one name (useful for airport security). I can scan you as you walk in the door of my rug store and check whether your cards are gold or platinum, and have my systems check whether a purchase of a certain amount can be covered. This means in many situations it won't matter if you dress up or dress down, because there will be a more accurate metric of your worth available - presuming you aren't carrying someone else's stolen wallet. Clothing would be an obvious use for this since many stores already have bar code plus security tag on each item - this would replace both. Serve 'em right if the introduction of the technology drives down sales by subtracting from the semiotic value of rags as wealth indicators.
"with their freedom lost all virtue lose" - Milton
Ever see that IBM commercial where the guy grabs all this stuff, hides it under the jacket, and starts to walk out of the store? The security gruard grabs him, and you're supposed to think he's going to arrest him, but he really just says something stupid. Then the guy keeps walking, and these scanners pick up all the stuff he bought, and he just pays for the stuff. He's out of the store in like 15 seconds, none of this waiting in line for 15 mins.
Now, I know I may be speaking to the wrong crowd here (who in slashdot actually COOKS stuff???) but I HATE grocery store lineups (Can I have a pricecheck on canned tomatores????) and the delays they cause.
If these tags were somehow keyed to a specific store (with something like a public encryption key?), so that once you exited the premises they became disabled and/or useless, I can see no real privicy concerns. After all, they are just tags or stickers, if you're really paranoid just trash em when you get home. But the benefits to shopping would be immense. Not only would it speed up checkouts, it would be a very effective shoplifting deterrant (alot like existing systems that have a magnetic tag, but these ones you cant "sneak" around the scanners, cause they run on RF.)
This would create a market for 5-cent bags that screen out the tagged signals from the 5-cent tags.
Spy vs. spy ==> tag vs. bag
Duh, hammer is the best
..........FULL STOP.
Well, if they are trying to get the 70cm amatuer band, they most likely won't get it.
Isn't that what the amateurs said about the 1.25 meter (220 MHz) band before part of it was taken away?
Beta sux! Join the Slashcott! http://hardware.slashdot.org/comments.pl?sid=4760465&cid=46173047
An excellent source of information on RFID basics (quite technical, actually) is Microchip, Inc.
RFID Design Guides
NB, they're in PDF format.
Ken
An OPEN mind is a beautiful thing...
I can't see why it would go on credit cards. Credit card companies aren't stupid, they know that anything that can provide information about the card to anyone other than the retailer is a bad thing. Why? Because they're the ones who have to eat the cost of credit card fraud. In part, this is why modern cash registers don't print the full card number on customers' receipts.
There's no problem to be solved here the way there is with replacing bar codes/EAS tags. Credit card swiping is already a perfectly serviceable way of paying.
Driver's licenses, OTOH...well, as much as they're "national ID card"ifying these, I could see it happening. I could see a cop checking your license plate and reading your driver's license (to be sure it's not suspended or out of date and matches to the list of people authorized to drive the car) at the same time he hits you with a radar gun...
Editor Emeritus and Senior Writer, TeleRead.org
I am an engineer with a systems integrator, and I can say I have used these sorts of things many times. Many manufacturing plants use an rf tag that transmits a signal when excited with a certain frequency. They also have the ability to write to the tags as well. These tags generally have to be real close to the transmitter/receiver in order to work, and they don't work quite right if more than one tag is in range. Since all the transponders will most likely resond on the same frequency, there is going to have to be some tricky decoding going on to capture all the transponders within range.
As for privacy, I don't see the problem. Like has been pointed out before, you just remove the transponder when you get home. Heck they could even have a transpoder return program similar to the can/bottle return in some states. Then the transponders can be reused and cut costs even more.
...uh, maybe, um, *remove* the RF tags after you've purchased the items?
Is that not possible with these tags, or is this whole discussion one big retardathon?
Washington, DC: It's like Hollywood for ugly people.
Man, some of you guys get way too paranoid. These things have a range of a few feet at best. They're "passive", meaning that the electricity they have is generated from the signal sent to them. That's not a whole lot of energy, so the range is very limited. It would be like walking through those things they have at stores to detect shoplifters.
It would be just as obvious, so you'd be able to choose whether or not you wanted to be scanned.
Have you ever put some weird things in other peoples shopping carts when they're not looking?
"WTF! - pickled pigs feet!?"...So I can imagine that people might wind up paying for stuff that they didn't want (Little kid chucks stuff into the cart, etc..)
..........FULL STOP.
You don't have privacy anyway, so get over it.
___
If you think big enough, you'll never have to do it.
So if a person in a mall walks up to an item with a homebrew pocket RFID transceiver which accepts payments (into /dev/null), that person is then free to leave the store with goods in hand?
To avoid suspicion, it wouldn't even have to be carried out of the store on the same day or even by the same person.
Even video camera surveillance could be defeated as long as people trust such a system - for example, to remove a sweater from the store, wear modest clothing, just pick up two already-paid-for sweaters off the rack (a little slight-of-hand to make it look like you're just taking one helps), go into the changing room, put one of the sweaters underneath what you were wearing, return the other one to the shelf, perhaps buy something else, and walk out the store wearing the paid-for sweater.
Your idea has already been legislated. In many U.S. states, it's illegal to carry a device known as a "passive radiator," which is a non-powered electronic device that can modify a radar signal and re-generate it (but not amplify it) with slightly different characteristics, which would indicated a speed on a cop's radar gun different from what you are actually traveling.
Give it time: Legislation will no doubt be passed which will prohibit you from carrying on your person RFIDs with the intent of bypassing or otherwise interfering with RFID detection systems.
Because these loopy RFID tags are on different frequencies- you're going to have to hit a lot of different frequencies. Spark-gap oscillators will effectively jam anything up into the microwave domain. The catch is that it jams everything and you'll eventually draw attention to yourself.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Interesting. But causing confusion could be simpler than this. Little boys could switch tags on things that you already own and were around the house.
Bush's education improvements were
Not really. Even the Self-Checkout lanes need an attendant, and even with the attendant, many customers feel they're too impersonal and just don't want to use them. Cashiers will still be required to process checks (since the computer hasn't yet been invented that can economically recognize all handwriting and verify that the check is written in the right amounts and to the right entity), to correct prices that aren't in the computer properly or manually enter the UPC for items whose bar codes are unreadable, to deactivate security tags (especially the ones that need to be physically removed), and, last but not least, to give the customer a smile and a have-a-nice-day-please-come-back.
Editor Emeritus and Senior Writer, TeleRead.org
"Sir, we know you have a trash compactor. You will have to come with us..."
If all your clothing had rf tags then with an internet enabled washing machine you can be informed that you have left a red sock in with your washing. Correct washing of all the items and if you buy new stuff the washing instructions can be downloaded over the net from the clothing manufactures web sight. This also means that they can tell how often you wash what cloths but would still be very cool
I want a protocol that looks something like this:
- BigStoreCo RF tags all its products, programming in a unique id, product info, and an unlock code [per item].
- When I check out, the store's computer sends the unlock codes, along with useful information like product info and price I paid, for all the stuff I bought to my wallet's embedded computer (via RF, protected from evesdroppers by my public key).
- My wallet (or when I get home, my house) reprograms all the tags with new unique ids and unlock codes, and stores them in my personal database.
Now my fridge tracks my food inventory. My trash can lets my house know when I'm down to the last pack of toilet paper. My wallet keeps an up-to-date shopping list in its tiny brain all the time, so when I'm out I know what I need.Just a thought,
At 5 cents a chip, they're mass-producing them for that cheap.
They're usually capable of withstanding some 200-500 or so watts of RF power before blowing out the chip's circuitry. The only way to really discombobulate these things is to detatch the chip from the antenna or remove the whole affair from the thing you're wanting it to no longer be tagged.
As for detecting them, unless you're knowing how they make the chip's transponder work, you're going to have a FUN time catching all of them.
There's very few tags out there that are like bugs that can be immediately detected with common stuff.
There's inductive loop tags (a' la Mobil Speedpass)- they will only respond when powered by a magic frequency and when triggered by the right modulation/data sequence.
There's the dual frequency units, where you send one signal and then the chip responds at a different frequency. These will usually only work in the same manner as the Speedpass type of tag.
Then there's the backscatter type of tags, commonly used by the toll tag systems. They act as a special mirror to the RF signal, re-radiating what they're recieving with a modulation carrier on it. If you don't have the right frequency, they don't work at all- and some of the more sophisticated tags (like the ones we're talking about here...) do handshaking with the RFID base system before re-radiating.
There's several other schemes out there, to be sure- I'm just naming the few I've had to work with in the past. (I worked for a division of Intermec (now owned by TransCore) that did RFID systems for parking, ground transportation management, railcar identification, and these little things they called "gamma" tags that they licensed the technology from IBM that are used for this very thing we're discussing- so I know a little something about it...).
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
It would be in the LABEL of the underwear.
They're wanting to track for logistics the item from the factory to the store. They're just talking about using the same tag for replacing the sensormatic stuff (Since it's RFID, it could be ticked off reliably when they "scan" it for pricing) and the UPC code.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
2^96 (2 to the 96th power), or
79 octillion, or
79,228,162,514,264,337 trillion, or
79,228,162,514,264,337,593,543,950,336
unique identifiers.
According to the Population Reference Bureau there are 6.137 billion people on earth, 1.193 billion of those in "more developed countries".
Doing a little quick math:
Each human can be equally assigned
12,909,917,307,196,405,017 IDs, or
12 quintillion ID's, or
12,909,917 trillion ID's per person, equally distributed among all humans.
I don't think I have that much stuff in my house, even if you break down every item into its simplest parts. And I have 6 PC's!
So my question is, can someone drive by in a van, by my house, and get an entire inventory of what I have in my house? Or does it only work within a few feet?
Could the Gas Man (natural gas) with a little wand walk around my house and get a good idea of what I have? Yikes!
TossableDigits.com: Temporary Phone Numb
Disabling a Sensormatic tag like the ones Wal-Mart and others use would work with that. A true RFID tag won't work that way- you'd have to generate an EM pulse that would take out the electronics in your house or the store to do what you're suggesting.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
So that company wants this on 70cm? I'm prettys sure the FCC won't remove that band, it's about second in usage to 2m. Now, when one gets an amateur radio license, he signs a document saying that the FCC can revoke any frequency privleges he previously had. That doesn't mean that if I've got some old radios hanging around I'm going to ditch 'em. Now, let's just say that they make the 70cm band shared. Let's say that I'm also having a nice conversation and sign off as I walk in to a store. I clip my HT on my belt and walk around picking up all the stuff I want to get. When I walk up to the counter, what if I, not thihnking of course, decide to key up on 440. I doubt that the readers are more powerful than a few hundred mW. If I've got an HT that can do 6W, every passive device for a couple of isles next to me will be transmitting their ID code.
;-)
Actually, that sounds like fun, 440 has a tendency to mess with stuff anyways. I wonder what product it would report if I decided to say "kc8qrm* monitering" on the right frequency with a good amount of power? I'm thinking it might just report back by giving some nice Magic Smoke.
Ok, granted that's all a bit tongue-in-cheak, but the truth is that just because some company can't figure out how to get this to work on another band (2.4Ghz? 900MHz?) correctly, we shouldn't be allocating them new frequencies. Radio Amateurs perform public service and are there in case of emergencies. Take a look at amateur radio everyone, it's really pretty easy to get involved these days. There is no morse code requirement now for a Tech. license, and the highest requirement is only 5wpm. It's a fun hobby, and it'll help you get a higher geek rating on your score card
--Josh
*kc8qrm isn't my callsign. It's in a different regon than I live, and they'll never give those 3 letters in a call, QRM is a Q-code that means interferiance.
There are exactly 42,935,718 letter sized sheets in a square mile.
I work for a systems integrator and I have evaluated and used RFID in a couple of systems. There are only a handful of scenarios where using the RFIDs makes sense right now.
One scenario where RFIDs do make sense is in large warehouses and storage systems. With barcodes, the fork truck operator must be fairly accurate in his aim to get a proper ID back. With the RFIDs, he has a lot more room for error. A single RFID can identify what is in a skid of product, so the cost is relatively small.
A situation where RFIDs don't work well is in the consumer market. Currently, beverage makers are able to print the barcode directly onto the container (case, can, bottle). With RFIDs, the manufacturing must add an extra step in order to apply the ID. The additional cost of the ID, plus the cost of modifying the packaging system is far too great right now to justify using RFIDs. Add to this the fact that most supermarkets will need to install new equipment at the checkout for identifying the products. It is a change that is not worth making when the current barcode system works very well.
For those concerned about someone scanning all of your products in a single sweep, don't be (at least not with today's version of RFID). You have to be within a couple of feet of the ID to get it to respond. Also, several brands of the RFIDs are reprogrammable, so you could simply reset all of the IDs when you got home. Most likely, the ID is applied to the packaging, and not the product itself, so you could just throw out the box as well. I have found in my testing that if more than one ID is within the activation range of the reader, the reader will not get the right value. So you can rest your fears (at least until a better RFID tag is created).
I can scan you as you walk in the door of my rug store
A simple farady cage (card sleeve) takes care of the snoops. Not a problem, just a new line of security products for the business traveler.
The truth shall set you free!
I did a paper in college on various methods used by stores to prevent shoplifting. Most of the systems use some sort of RFID. Perhaps not as elaborate as the one they are proposing, but similar. They all have the common charactaristic of being able to be disabled by a short high intensity burst of RF waves. Basically they work from a capacitor and antenna, the high power burst burns out the capacitor and theyre usless. I suspect that if this ever comes to pass, some enterprising geek will come up with a high intensity RF machine that can disable any tag.
You can make passive radio frequency, RF, tags with diode arrays. Semiconductor diodes fluoresce in RF when illuminated by microwaves. The fluorescence wavelength is determined by the energy band gap of the diode. Combinations of diodes with different energy gaps fluoresce in different combinations of radio frequencies.
There is a technique for making microscopic (tens to hundreds of nanometers) dust from the surface of a silicon wafer. I forget who invented it but it's years old... you use hydrofluoric acid, hydrogen peroxide, and ultrasound. I think Science News did a piece on it.
Here's the part I thought of:
A very diffuse cloud of this diode dust has interesting properties. You can illuminate it from one direction with a microwave beam and you can observe the cloud with a RF receiver. Now, any sound waves in the cloud cause the RF signal from the suspended diode particles to oscillate (Doppler effect)... it's straight frequency modulation.
You can hear everything within the cloud and only sounds passing through the cloud. You just have to demodulate the RF coming from the dust.
Spread the dust through a building and you can listen anywhere in the building by controlling the volume of overlap between the microwave emitter field and the RF receiver antenna field.
I don't have the money to do this but I'll bet any one $5 that it would work.
Now contrast this with how the same drama would play itself out in computer-land:
Anyhow, I respect the ARRL for understanding the rules of engagement and for not waiting until the enemy brings the fight to them. Whether they win or lose this specific battle is not as important - the important thing is that they have preserved the right of ordinary citizens to operate radios. Looks like that right may outlast the right of ordinary citizens to operate computers.
What would it take for the computer world to grow an ARRL?
I don't understand. If they caught shoplifters, that means they had some evidence of shoplifting other than aluminum attire. Therefore it is not true that they "could do nothing to stop it." They (the malls) could arrest the shoplifters and charge them with theft. They did not need an additional law against aluminum attire.
If, as I suspect, there was no evidence that the aluminum-clad were shoplifting, then it is wrong to refer to them as shoplifters.
The tags in question are made by Sensormatic. They're designed to be deactivated with a short intense magnetic pulse. Also of note is that they're not RFID tags, but rather simple passive magnetic/inductive transponders- absolutely nothing like the tags we're talking about here.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
They're just slightly more pricey- something on the order of $.10 or so per tag chip/antenna...
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
One word: Speedpass. It's nothing other than a keyfob RFID tag that you carry around and use in lieu of a credit card. For all intents and purposes it is your credit card to a Speedpass reader.
Mobil and Exxon use these things at their pumps. McDonalds is testing them in the Chicago area. If it catches on I expect to see the readers in more places.
And, I expect someone to devise a little portable interrogator for these suckers. Stand in line next to your target, interrogate his Speedpass tag to get its ID, then use the ID yourself to make your own purchase. Hopefully some sort of challenge/response protocol is used to prevent this sort of abuse, but I haven't come across any sort of information about it.
Chelloveck
I give up on debugging. From now on, SIGSEGV is a feature.