Slashdot Mirror
RFID Explained
SecurityFocus has a nice column summarizing the last year's worth of stories about RFID. Of course, you, diligent Slashdot reader, have read about many of these already. But for your slacker friends that need an RFID education in one easy-to-digest article, here you go.
Isn't Wal-Mart adopting it?
ok, so in the first part of this article the guy says
"When a transponder receives a certain radio query, it responds by transmitting its unique ID code, perhaps a 128-bit number, back to the transceiver. Most RFID tags don't have batteries (How could they? They're 1/3 of a millimeter!). Instead, they are powered by the radio signal that wakes them up and requests an answer."
Later he throws in this little paranoia bit about "Do you really want your car's tires broadcasting your every move?" What's that about? He knows they don't "broadcast" and that you'd have to be within several feet to monitor. You already have a frickin license plate on your car, so who cares? The good side of that is that you could prove that your tires were now living on someone else's car when they were stolen...
And in that line of thinking, how long will it take for commercial "scanners" to come around, so you can locate the chip and neutralize it? It just seems that people are freaking out about security when in reality, people can already track everywhere you go anyway. How many people out there use cash exclusively? No one I know. I can't WAIT for the day when I just walk out the door with a cart full of stuff and it's automatically taken out of my checking account. that would well be worth someone being able to count how many hammers I buy in a month.
You missed something. They are not exactly like bar code tags. Here you go:
They are like bar code tags, except that they are scanned by electromagnetic sensors through your clothing/belongings possibly without you knowing, and carry enough bit-depth to uniquely identify your specific item (serial number), rather than visible lasers at checkout counters, which can only identify the type of item it is, not exactly which specific item it is.
As you can see, it's a bit more complicated than you would have us believe.
What happens when someone gets a list of everyone who's had an abortion and posts it somewhere so that others can go and shoot them all, or (this is less of an issue now, but would have been) a list of people taking AZT, so the gay bashers can go beat them up.
The ability to access and share information to help the world would be great, it if wasn't for selfish people who will use that information to their own advantage and the disadvantage of the people who the information is about.
Or how about the government monitoring everyone who reads 'Leaving the 21st Century' (not the book about music), 'The Anarchists Cookbook', '2600' or any number of other books.
Here's the thing about privacy, it's yours to give up. You are or will be a responsible adult who can make desicions about how your personal information is distributed and used. You can publish all the facts if you like.
You do need someone to protect your privacy, because you can't get it back once the cat is out of the bag, therefore you need to make the responsible choice about it's use. You can't do that if it's not protected, the desicion is made for you.
What happens when someone who takes Catherine McKinnon's thinking a little to far and decides to shoot people who look at porn (I don't think Catherine would ever do or suguest that).
We all have things to hide. Sure, we would all like to work somewhere were we are wanted for what we can do and not who we are, but the reality of the situation is some of us need to have jobs and we can't pick and choose. In Florida your employer could fire you for the fact that you look at porn in the privacy of your own home. Some companies have fired everyone in the company who was gay or lesbian. Even with protected status clauses often times you get fired for one reason, but they wanted you gone for another. Privacy protects that.
People say your information wants to be free, but I'm still waiting for them to free their credit card numbers and enough bank details to give me access to them.
Darthtuttle
Thought Architect
I'm no expert on RFID tags, but it seems that the signal they emit must be fairly faint if it is only a modified echo of the transmitted query. For passive tags, this means their emission can be no stronger (and in reality must be far weaker) than the strength of the query signal when it reached the tag. Transmitted through three dimensions, my college physics course tells me that these signals drop off proportionally to the inverse square of their distance -- and for RFID, whose query signal must be bounced back without additional power, the distance would have to be double that from interrogator to tag. And then we'd have to factor in the unavoidable inefficiency in the tag itself.
So the signal is going to be faint. Why can't we carry around a jammer? It wouldn't have to be very complicated to function quite elegantly -- it could passively monitor RFID query broadcasts and automatically reply with misleading noise. Since it can measure the signal strength of the query, it could use its own power source to magnify its response by, say, 20%. It seems that should be enough to drown the response from any tag in one's clothing, driver's license, or other effects. A switch could allow the user to disable it when he wants RFID signals to get through -- to have the cashier ring up his purchase, for example.
I can't imagine that the power requirement for extended usage would be that steep -- active (powered) RFID tags theoretically function for 10 years or longer. The circuitry, too, seems like it would be fairly trivial. I'd guess that they wouldn't be significantly more costly to produce than regular AA battery cases. Maybe they could even function for years on the juice of a button battery, and fit the form factor of a credit card.
So why doesn't CASPIAN or anyone else against RFID privacy violations mass-produce these things and sell them online for a couple bucks? I'd grab one just for the coolness factor, and I'm sure lots of privacy advocates would use them too. It'd certainly protect the privacy of anyone using one, and by making the collected data less reliable, even those without would indirectly benefit.
It wouldn't interfere with non-retail uses of RFID tags, since there is a specific spectrum range reserved for retail use -- something like 1.25-8.64mHz. And by introducing a degree of randomness into marketers' data, general trends (governed by the Central Limit Theorem) could still be deduced, whereas individual data points would be significantly less reliable. Hence, the data would be quite useful for tailoring goods to what most people want (a good thing) without allowing individual-level violation of privacy.