RFID Kill Command Proposed To Ease Privacy Concerns

morcheeba writes "In the ongoing RFID benefits vs. privacy concerns saga, backlash has prompted manufacturers to include a password-protected "kill" command into new RFID protocols. Will this eliminate too many of the benefits for manufacturers?"

How would you know

[epsalon]

OK, they implement the "kill" feature. But - How can the customer know they RFID tag was in fact killed? They can just say they killed it, and the customer has to believe.

Re:How would you know

[shdragon]

From a business standpoint what's to stop a shoplifter from just doing a kill command on desired merchandise?

Re:How would you know

[sporty]

Analogous to opt-out, eh? :)

Re:How would you know

[morcheeba]

hopefully it's the "password protection". If they implemented it correctly, it wouldn't be static or easily derived from an algorithm; otherwise eavesdropping on the kill message traffic would allow an attacker to kill all the tags in a store. A crypto engine in the tags themselves would work (the best solution), or terminals would need to be connected to a kill-password-database. Or, the password scheme may just suck. I'll be on the lookout for the implementation details...

Re:How would you know

[Krelnik]

I forsee a nice market for user-carried RFID zappers. Over on the halfbakery (a site for discussing ideas and inventions) I posted some thoughts on the features someone would want in such a device.

Anyone want to start a company around it? (Only half serious).

Re:How would you know

How can the customer know they RFID tag was in fact killed?

The same way you know they aren't using RFID's right now.

Re:How would you know

[SagSaw]

From a business standpoint what's to stop a shoplifter from just doing a kill command on desired merchandise?

Yes, a kill command would weaken the ability for RFID tags to be used to prevent shoplifiting. But you know what? Determined thieves would find a way to disable the tags with or without the kill command. The issue is whether the ability to stop casual shoplifters is more important than the ability for typical consumers to choose to inactivate tags in items they own.

Gooood

[Loosewire]

Well its a start, we need more of thease stories these days

Sorry, not good enough

[Jahf]

This doesn't work for me ... sorry, but RFID as-is is just potentially too invasive. It will be like wearing hardware cookies on your body or in your tires. I like cookies in my browser, but I still place some restrictions on them.

The only viable option to preserve consumer privacy while enhancing retail usability would be legistlation that requires the RFID tag to be put on a removable label. Buy a shirt with an RFID tag? No worries, just tear off the removable tag. Put a recycling bin at the store exit or cash register and the company can even put the tags back into use (a well done RFID database should allow the store to deactivate an RFID upon purchase and reactivate upon recycling).

Worried about shoplifters removing the RFID tag before purchase? Too bad. A smart shoplifter will find a way around this system, too (heck, RFID tags may in theory make it -easier- to do the old price tag switching maneuver, too). To make it a bit nastier, make it illegal to remove the tag before purchase. Embedding the tag in an unremovable place is bound to be attractive to companies that want to be sure nothing walks out the door, but sorry, I'm willing to pay a bit more for merchandise and have my privacy secure.

Otherwise I'll wait until some bright folks invent a nice little RFID jammer before I buy from a store that has these implemented or a proven device that can fry RFIDs.

A jammer should not be that hard to do. It could sense when an RF signal was going out to read the tags and then respond back with tons of nonsense tags (like the 802.11b project that broadcasts thousands of fake SSIDs). Or it could sense when your RFID tag was -responding- and send stuff out then. You could make it illegal to use the scanner in a retail chain, but once out the door turn it on so that your car's tires can't be scanned at McDonald's.

A truly intelligent scanner could be made that figured out your RFID signatures, uploaded them to other people with a jamming device, then you can help foil the inevitable scanners by carrying around random RFIDs of other people in the system.

Seriously, if people could read the bar tags off whatever box you were carrying around, even when it was in a bag, do you think people wouldn't carry big fat black magic markers around to disable the bar codes after purchase (or simply rebel against the concept of bar codes)?

I seriously don't want to have to expand my concept of a "personal firewall" to this level. Privacy has been nearly destroyed as-is, but at least I can still buy a shirt, tires, etc with cash and not have it logged with my name. But RFID enables complete tracking of individuals who carry the tags around. A quick example for closing (since I'm sure someone is going to say this is bogus):

* I buy tires for my Jeep that have embedded RFID tags so that the local tire shop can easily track their inventory.

* I drive to McDonald's for a burger with those tags installed.

* McDonald's doesn't know what the RFID was for originally, but they really don't care, they can just assign the RFID to me.

* McDonald's doesn't know who I am though ... and at that point I wouldn't mind them giving me targetted ads or coupons at the drive through based on my anonymous RFID in their database ... BUT ... I forget to grab cash and stumble upon a McD's that takes credit (I think they either do now in some places or are planning to) so I fork over my card. *BANG* they know my name and some of my habits (as well as locations I've been if I tend to stop at McD's on those long road trips). It doesn't matter if I pay for everything after this point with cash as long as I drive my car there.

* Every store owned by McDonald's (did you know they own Chipotle for instance?) now knows about me. Better yet, some genious can now decide to sell my information to other marketing organizations.

* Add to this an RFID in your cellphone, you carry that everywhere, and the

Re:Sorry, not good enough

[Alsee]

device that can fry RFIDs.

I'm pretty sure a microwave oven will thoroughly fry an RFID. I don't think the wife is going to like seeing you roll a set of car tires into the kitchen though, and I'm not quite sure how you're going to fit them in the oven.

-

Re:Sorry, not good enough

[Icculus]

did you know they own Chipotle for instance?

If you find a Chipotle with a drive-thru, I'd love a map

Re:Sorry, not good enough

[BitterOak]

McDonald's doesn't know what the RFID was for originally, but they really don't care, they can just assign the RFID to me.

What's to stop McDonald's from taking a digital snapshot of your license plate. Ever driven across the border lately? Customs booths all take snapshots of your license plates as you drive up. Nothing to stop McDonald's from doing the same thing. The question is, why would they want to?

But my point is, if you have license plates on your car, which all states require, you have no anonymity when driving anyway. RFID tags in tires may make it marginally cheaper to ID cars, but digital cameras are dirt cheap nowadays, so it probably isn't that much cheaper.

Re:Sorry, not good enough

[pair-a-noyd]

I do not have any bank accounts of any type, anywhere.
I do not use banks at all. I live purely by cash and cash alone. Everything I own is paid for in full. I owe no one.
I make all my payments either in cash or money orders in person or through the mail.
[rant]
When they do away with cash and force people to live by electronic transaction I will leave this country and move to another country, possibly a third world country where you can trade a pound of nails for 3 fish and a coil of rope for a case of bullets, where carrying a firearm openly in public is SOP.. Where you can openly carry a firearm in public is where you have TRUE freedom.. Only slaves are forbidden to own firearms..[/rant]

I turn my cell phone off until I need to use it.

I'll fry the RFID's or remove them. I won't own anything that has an RFID in it.

1984 is upon us.

Re:Sorry, not good enough

[pair-a-noyd]

People throw old microwaves away at the curb all the time. Stop one day and pick one up and do an autopsy on it.

The microwave unit inside is a little metal canister with an antenna protruding from it. It rather resembles an LNB on a E* satellite dish Examine the power supply system and you will see that it's easy to gut one down to the minimal components needed to build a nukem ray gun...

Care though, it WILL cook you if you point it at yourself or others! Make sure to use a metal tube to sheild and direct the beam away from you!!

Read the article

[epsalon]

The kill command is password-protected.

Wait a second!!!

[Dr.+Bent]

How do we know that this 'kill' command kills the RFID tag and not...say... the user ?! Next thing you know, they'll be putting these things in your teeth! And when I say "they" I mean the Martians...right after the anal probe.

No, I will not take off my tin foil hat....

I agree completely

[zogger]

This rush to a totally surveilled, cashless society, bugged, videoed, tracked, data mined, rush to the new world order big brother stuff is just plain disgusting. I think if we can't stop it now it will make a borg-like society look like a libertarian convention in the woods.

Some technology is good, other technology can be *not so good*. You give big brother unlimited funds, the ability to semi collapse economies so they can get all the techs they need lining up for "work", paying off the research universities, and the judge dredd "I am DE LAWWW!" mindset, that's just asking for it.

And sensor nets?? Nanotech cameras that can be so small you can't hardly find them? Mega terrabyte storage and smart AI? And people want THIS government to have all that stuff??? Microwave beam weapons, sonic nausea generators? Big bro having the ability to enter a few commands and your entire credit, medical, education, police record, whatever "history" can be altered or deleted? Little one meter across hover drones with cameras and weapons mounted in them? DNA databases? Biometric microchips with radios in them? Huh? Huh? Say WHUT? And this is supposed to be COOL?

Nuts. It ain't paranoia when you can read about it and verify it. These are legit concerns that are not being addressed, government is just DOING it and there's no stopping them now, too many will take the blood money it appears. Enough was enough like 10 years ago. I can remember getting razzed seriously then when I told people it weas coming, they said "naww, never happen". Well here it is, in your face, real. Now we got hacked closed source "official voting", so that option has poofed.

Double phooie.

I love this quotation

[Old+Uncle+Bill]

Opponents of RFID tagging say the tags make it theoretically possible to "profile" a consumer remotely... But that scenario is unlikely "unless you live in a totalitarian state with a perfect information architecture"

Umm, does this cover countries other than the US? I don't know about perfect, but it's definitely totalitarian.

RFID not as great as you may think.

[Nathan+Ramella]

Kind of interesting, but.. I think people are much more concerned about RFID than they should be.
Passive low frequency RFID's which are generally what people are 'scared' of are just little reflectors for radio frequency. They emit their serial number. Whoopty doo. The cheapest ones, which we are likely to see used in retail situations transmit on 30Khz to 500Khz.

What's to stop someone from bringing a jammer into the store? Or broadcasting fake ID numbers at the antenna? The possibilities of destroying the credibility of collected data by jamming legitimate traffic or spamming with bogus traffic seem to be fairly obvious?

The great thing is, because each manufacturer will have it's own numbering scheme, the IDs probably won't even be encrypted.

Re:RFID not as great as you may think.

[Jahf]

Another interesting option ... if a company uses these to inventory high-dollar items and someone figures out how to get them out the door while leaving the RFID behind, how long might it take for the company to figure out they've been heisted?

My point being 2-fold:

1) RFID can't be made theftproof (or at least reasonably so) without making the tags a permanent part of the product (see my other post for why I don't consider this acceptable)

2) If it is not theftproofed, then the company still has to rely on manual inventory tracking ... which negates much of the value of RFID to the company.

Just because a technology is cheap and convenient doesn't mean it is a good thing. I know that alot of this sounds like the same arguments that were made against machines during the Industrial Revolution, but unlike that revolution, I can't see RFID being beneficial to the consumer, only the seller.

"RFID kill" won't work

[falsification]

"RFID kill" is obviously not the solution. Not sure of how this "kill" technology would be implemented, but it's easy to imagine one type. If it's convenient for a privacy-concerned consumer to hold a small gadget or wand above an RFID-impregnated good like a shirt or a pair of pants to "kill" the RFID in the comfort of home, it will also be convenient for a shoplifter in a store.

This is one of those fundamental dilemmas. RFIDs or privacy: pick one.

The winner of this will be decided by power. Whoever has more power will win. Privacy advocates versus the money men. Don't bet against money. The problem that RFIDs are (poorly) designed to solve is shoplifting. Privacy advocates should figure out a better way to reduce shoplifting, and then argue their case by saying that that is better than RFIDs.

The obvious alternative to RFIDs is, of course, e-commerce. In e-commerce, there is no shoplifting. One could argue that "RFIDs are basically a pathetic attempt by dinosaur retailing to keep their obsolete business model alive."

Another alternative way to reduce shoplifting is to issue a store identity card. You could still enter a store and look at all the things they have for sale. Display items would still be out in the open. But to get to the inventory, you'd have to swipe your store identity card, which would allow you to pop open a little clear plastic door. Then, you take out the shirt or can of soup that you want. A sensor like that in hotel minibars determines whether you take anything from the cubby hole, and if so, how much. Then you go pay for what you took out. When you pay, you flash your store ID card. If you don't pay for it or put it in the "return bin" again swiping your card, the cops will hunt you down. The privacy concerns with this plan are the same as for e-commerce.

Store ID cards would still work for small retail outlets, even those with one store. Instead of having their own unique store ID card, they would join a clearinghouse system. This would be analogous to Visa or Mastercard, but would be different. (Identiy kept separate from funds.) Once a consumer got a clearinghouse card, they could shop at one of, let's say, thousands of participating stores.

E-commerce is cheaper than RFIDs, and not just because of all the negative PR from RFIDs that stores will avoid. The store ID card idea is also cheaper than RFIDs. Both e-commerce and the store ID card idea would significantly reduce shoplifting.

"password protected" quip

[falsification]

Before anyone quips about the RFID "kill" feature being password-protected, please tell me how that is going to be implemented securely. What are they going to use, PGP? Are they going to generate unique keys for every RFID? I thought there were going to be billions of RFIDs. I thought RFIDs were too small to have a CPU capable of doing high-end encryption.

Oh, they're going to use an uncrackable password protection system? Like one time pad? Don't make me laugh. There's no way to keep the secret keys secret.

Oh, they're going to use one generic password for entire product lines, or entire stores? Let's see. How hard would it be to manufacture a small handheld device that brute force checks every possible password and broadcasts a kill command for each within a few seconds' time? Oh, would that be too difficult? Okay. Shoplifters go down to the store, buy a box of cereal flakes legitimately, then take the box out to their car, where they then brute force the RFID for the whole product line or the whole store. They program their handheld RFID killer appropriately. Then they reenter the store and take whatever they want.

How are consumers supposed to get the password? If the consumer can't get the password, the kill feature is useless. If the consumer can get the password, so can shoplifters.

This is the same basic encryption problem that Schneier talks about in Secrets and Lies. Security is hard. There's no magic bullet that will keep you safe in the world. There's always risk.

Re:"password protected" quip

kill_password = md5("upc:secret_key");

Though it still doesn't prevent a device from just broadcasting random kill passwords. Better if you can hide it in the store and let it run for years.

Re:"password protected" quip

[ces]

If you use other technology for anti-shoplifting applications RFID still has it's uses in a retail environment. Think of it as barcode on steroids.

You can still track items and parts through the supply chain. You can still take inventory without needing someone to go physically count every item. You can still use it to speed up checkout. You can still use it to rotate perishable stock. There are still some downsides to the technology, but as long as the chips can be killed once they leave the store the danger is much less.

Re:"password protected" quip

[GnarlyNome]

Sometimes a little Anarchy is a good thing.

EMP?

[m0rph3us0]

From what I understand RFID's run on the power they recieve from the transmitter. What if you use a microwave or other kilowatt transmitter to power the RFID? I think that if a microwave can make a fork arc it should make short work of an RFID.

I'd live with RFID...

[Millennium]

...under one condition. Namely, that anyone selling merchandise with RFID tags is required by law to physically remove those tags at the time of purchase. As a corollary, any manufacturer which puts RFID tags into merchandise would be required to do so in such a way that this could be done.

All the benefits of RFID, but minus the privacy concerns, since any legitimately-purchased merchandise would be de-tagged before it left the store.

A little story

[Annoying]

"since any legitimately-purchased merchandise would be de-tagged before it left the store. "

Mistakes happen, little magnetic tags currently used occasionally get left in things. Last time I purchased a wallet for example, the clerk flipped it open looked through it, and didn't find a little magnetic tag in it. Took me a few months to figure out why I was beeping intermittenly at the scanners everywhere. Thats not likely to happen too often, or be a major concern though, it's not institutionalized tracking tags after all.

Kill feature deals with privacy threat.

[peacefinder]

If the RFID is used for inventory management, then a killable (or removable) RFID is entirely sufficient for industry needs, and limits the privacy threat dramatically.

(If it's intended to prevent shoplifting, or for various after-purchase marketing purposes, then any RFID that can be reliably killed or removed is obviously not sufficient for industry needs.)

Personally, I won't mind RFID tags if they can be reliably killed. Or at least, I don't think it's a big privacy issue...

It exacerbates some economic issues, though. The benefits of RFID inventory control would mostly come from reduced overhead (read: employment) at the stores that could afford to deploy it. Sadly, RFID is more likely to be deployed at Wal-Mart than at Joe's Hardware. Wide deployment of RFID will probably put local retailers in an even worse competitive position than they have now.

Re:RFID jammer...

Ow! My pacemaker!

Stop You are Scaring Me

[GnarlyNome]

The potential for abuse here is enormous. Do you think that the alphabet agencys not just of the US but of the entire world will fail to take advantage of this WASS (we are soo screwed)