Slashdot Mirror
RFID Industry Confidential Memos
An anonymous reader writes "Cryptome has learned www.autoidcenter.org (RFID flak) has made internal memos available for perusal at their site. Those RFID people sure have some interesting plans for the future. Who needs conspiracy theories, when you can hear it from the horses mouth? Weeeeee!"
FOR IMMEDIATE RELEASE
o verseers.pdf
July 7, 2003
RFID Site Security Gaffe Uncovered by Consumer Group
CASPIAN asks, "How can we trust these people with our personal data?"
CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) says anyone can download revealing documents labeled "confidential" from the home page of the MIT Auto-ID Center web site in two mouse clicks.
The Auto-ID Center is the organization entrusted with developing a global Internet infrastructure for radio frequency identification (RFID). Their plans are to tag all the objects manufactured on the planet with RFID chips and track them via the Internet.
Privacy advocates are alarmed about the Center's plans because RFID technology could enable businesses to collect an unprecedented amount of information about consumers' possessions and physical movements. They point out that consumers might not even know they're being surveilled since tiny RFID chips can be embedded in plastic, sewn into the seams of garments, or otherwise hidden.
"How can we trust these people with securing sensitive consumer information if they can't even secure their own web site?" asks CASPIAN Founder and Director Katherine Albrecht.
"It's ironic that the same people who assure us that our private data will be safe because 'Internet security is very good, and it offers a strong layer of protection'
http://cryptome.org/rfid/questions_answers.pdf
would provide such a compelling demonstration to the contrary," she added.
Among the "confidential" documents available on the web site are slide shows discussing the need to "pacify" citizens who might question the wisdom of the Center's stated goal to tag and track every item on the planet,
http://cryptome.org/rfid/communications.pdf
along with findings that 78% of surveyed consumers feel RFID is negative for privacy and 61% fear its health consequences.
http://cryptome.org/rfid/pk-fh.pdf
PR firm Fleischman-Hillard's confidential "Managing External Communications" suggests a variety of strategies to help the Auto-ID Center "drive adoption" and "neutralize opposition," including the possibility of renaming the tracking devices "green tags." It also lists by name several key lawmakers, privacy advocates, and others whom it hopes to "bring into the Center's 'inner circle'".
http://cryptome.org/rfid/external_comm.pdf
Despite the overwhelming evidence of negative consumer attitudes toward RFID technology revealed in its internal documents, the Auto-ID Center hopes that consumers will be "apathetic" and "resign themselves to the inevitability of it" instead of acting on their concerns.
http://cryptome.org/rfid/cam-autoid-eb002.pdf
Consumer citizens who are not feeling apathetic will be pleased to learn that the site provides names and contact information for the corporate executives who oversee the Center's efforts. Since the phone list isn't labeled "confidential," we're assuming that Auto-ID Center Board members are open to calls and mail that might help them better understand public opinion on this important subject.
Anyone interested in speaking with Dick Cantwell, the Gillette VP who heads the Center's Board of Overseers, for example, can find his direct office number listed on the Auto-ID Center's website here:
http://cryptome.org/rfid/226691160-list_board_of_
To experience the Auto-ID Center's security holes firsthand, simply visit the web site at http://www.autoidcenter.org and type "confidential" in the site search box. The Center encourages such site exploration: "Our website has Research Papers and other information that anyone can download for free. There is also a Sponsors Only area of the site, which includes information and materials not available to the public at large. We encourage you to visit our site frequently to stay up to date with the Center's many activities."
That's what my new cloths will be after I microwave them to ensure that no RFID devices remain functional.
Don't forget to put a cup of water in there too, to prevent mucking up the magnatron.
Damn, cryptome doesn't seem to be responding. The www.autoidcenter.org is an RFID promotion site and their web site search engine had a scope that included documents marked "confidential".
If you want to see them, go to www.autoidcenter.org
and type "confidential" into their site search engine.
Not sure if they're still up but that's the condensed version of the cryptome story.
Try a microwave oven. That will induce enough current in the device to melt/short its circuits.
Hopefully the thing the device is embedded in won't be harmed by the microwave.
Using your sig line to advertise for friends is lame.
I was able to grab the html only. None of the PDFs or PPTs linked to it:- docs.htm
The mirror is here:
http://krypton.mnsu.edu/~workmj/cryptome.org/rfid
I picked a PDF at semi-random, and found a fairly damning one (not that thats hard to do on their site).
...)
:-)
Try http://www.autoidcenter.org/media/sarma.pdf
Look at page 21 (its a slide presentation).
The slide says:
---------
For privacy:One word
* Annihilate
* (obliterate, destroy, auto-destruct, kill
---------
I guess that neatly sums up their feelings on the privacy matter.
The rest of the presentation similarly outlines more of their evil plans for "World Domination".
Take it easy.
From the website search engine:
(Bold emphasis mine...)
Notice that this sample says "Confidential until September 2002". Now, unless you know for a fact that they were available for reading prior to September of last year, then there's really no problem unless they're talking about some sort of big-brother-esque system.
Now, this isn't saying that they're not. But, as seeing that Cryptome's
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
RFID Chips Are Here
RFID chips are being embedded in everything from jeans to paper money, and your privacy is at stake.
By Scott Granneman Jun 26 2003 09:15AM PT
Bar codes are something most of us never think about. We go to the grocery store to buy dog food, the checkout person runs our selection over the scanner, there's an audible beep or boop, and then we're told how much money we owe. Bar codes in that sense are an invisible technology that we see all the time, but without thinking about what's in front of our eyes.
Bar codes have been with us so long, and they're so ubiquitous, that its hard to remember that they're a relatively new technology that took a while to catch on. The patent for bar codes was issued in 1952. It took twenty years before a standard for bar codes was approved, but they still didn't catch on. Ten years later, only 15,000 suppliers were using bar codes. That changed in 1984. By 1987 - only three years later! - 75,000 suppliers were using bar codes. That's one heck of a growth curve.
So what changed in 1984? Who, or what, caused the change?
Wal-Mart.
When Wal-Mart talks, suppliers listen. So when Wal-Mart said that it wanted to use bar codes as a better way to manage inventory, bar codes became de rigeur. If you didn't use bar codes, you lost Wal-Mart's business. That's a death knell for most of their suppliers.
The same thing is happening today. I'm here to tell you that the bar code's days are numbered. There's a new technology in town, one that at first blush might seem insignificant to security professionals, but it's a technology that is going to be a big part of our future. And how do I know this? Pin it on Wal-Mart again; they're the big push behind this new technology.
Right now, you can buy a hammer, a pair of jeans, or a razor blade with anonymity. With RFID tags, that may be a thing of the past.
So what is it? RFID tags.
RFID 101
Invented in 1969 and patented in 1973, but only now becoming commercially and technologically viable, RFID tags are essentially microchips, the tinier the better. Some are only 1/3 of a millimeter across. These chips act as transponders (transmitters/responders), always listening for a radio signal sent by transceivers, or RFID readers. When a transponder receives a certain radio query, it responds by transmitting its unique ID code, perhaps a 128-bit number, back to the transceiver. Most RFID tags don't have batteries (How could they? They're 1/3 of a millimeter!). Instead, they are powered by the radio signal that wakes them up and requests an answer.
Most of these "broadcasts" are designed to be read between a few inches and several feet away, depending on the size of the antenna and the power driving the RFID tags (some are in fact powered by batteries, but due to the increased size and cost, they are not as common as the passive, non-battery-powered models). However, it is possible to increase that distance if you build a more sensitive RFID receiver.
RFID chips cost up to 50 cents, but prices are dropping. Once they get to 5 cents each, it will be cost-efficient to put RFID tags in almost anything that costs more than a dollar.
Who's using RFID?
RFID is already in use all around us. Ever chipped your pet dog or cat with an ID tag? Or used an EZPass through a toll booth? Or paid for gas using ExxonMobils' SpeedPass? Then you've used RFID.
Some uses, especially those related to security, seem like a great idea. For instance, Delta is testing RFID on some flights, tagging 40,000 customer bags in order to reduce baggage loss and make it easier to route bags if customers change their flight plans.
Three seaport operators - who account for 70% of the world's port operations - agreed to deploy RFID tags to track the 17,000 containers that arrive each day at US ports. Currently, less than 2% are inspected. RFID tags will be used to track the cont
Whenever the offence inspires less horror than the punishment, the rigour of penal law is obliged to give way...
but the CONFIDENTIAL documents are all marked "CONFIDENTIAL until xxx 2002" or "CONFIDENTIAL until xxx 2001." Not such a gaping security hole, it seems.
Yes, the potential implications of RFID are creepy, but their planning for a marketing campaign sounds pretty much par for the course.
A typical cordless phone is about 1/2 watt.(500mW).
/WORLD/ they can communicate with only a watt or less of power to work with.
With your logic, a 2 watt cellphone would have a range of about 4 feet.
Just to put things into further perspective, radio enthusiasts have contests to see how far around the
You've fallen victim to some of the strategies outlined in the articles this whole story is about. You've been pacified into believing radio waves are severely limited in range. And you believed it. Even going so far as to try to convince other people that a half watt of power is insignificant for distances greater than a meter, which is completely absurd.
You're repeating a meme. You have been "pacified" according to the gameplan set forth in the memos.
Let's see...who's got more lobbying money/access? Us (as individuals), or Walmart/Sears/Kmart/Target/Asda/Tesco?
Who do you think will win?
I guess you haven't heard of the ACLU, NRA, NAACP, AARP, or the various other special interest groups in this country. Special interest groups represent a group of people gathering their resources to fight for a particular cause. They can wield power as great or greater than any corporation. I'm not aware of any single organization that can completely turn an election like the NRA or AARP can. Corporations can only give money, but special interests can directly give VOTES.
You personally will not stop Walmart or Sears from implementing the tags directly in items but the EFF may! So donate and get involved!
Brian Ellenberger
There is a difference. With that cellphone the entire 2W is being used BY THE CELLPHONE. With an RFID reader a 0.5W signal is being transmitted FROM ANOTHER SOURCE and REFLECTED by the tag. Big difference there.
There were 68 documents available under a "confidential" search of the Auto-ID Center's website this morning. They did NOT say "confidential until [fill in date]" like they do now. The Auto-ID Center's first response this morning was to pull nearly all the documents with "confidential" in their descriptions off the site, then slowly replace them one by one, with new "confidential until" designations tacked on. Many other documents vanished and have not yet reappeared (nor are they likely to, considering their content). We have not yet had a chance to verify if the documents have changed in other ways than the new "sell by" dates they now carry. Cryptome has listed the original 68 "confidential" search results, as they appeared this weekend. As soon as the Cryptome site recovers, you can verify that there were few or no expiration dates on any confidential documents until well after the story broke today. You've got to hand it to the Auto-ID Center, though, for working overtime on damage control. The "confidential until" thing was a nice touch. p.s. Until it crashed, Cryptome had all 68 original documents available for downloading on its website.
There is nothing tiny about 100 watts, dolt. That's a lot of power.
;))
Granted that in realtive comparison to a regular FM station (anything from 5k up to 50k Max ERP, usually) it may not seem like a lot; but in fact, 100 watts is quite a bit of juice to be throwing around. Besides, the FCC watches the broadcast band more closely than any other.
The amount of energy emitted by RFID tags is in the milliwatts, if that. Depending on what band they are in, they could easily go unregulated. For example, most 900MHz cordless telephones operate in the middle of the amateur 900 MHz band. The amateur 900 MHz band is not regulated below 2 watts, therefore this is perfectly legal. (If I recall all this correctly.) For another example, most of those remote temperature sensors operate dead smack in the center of the amateur UHF band (~450MHz), also unregulated below a certain wattage. Hell, some of them dive straight in the middle of the UHF broadcast band without worries. (Don't quote me on any of this - it's been a while since I've studied my rules
There were 68 documents available under a "confidential" search of the Auto-ID Center's website this morning.
They did NOT say "confidential until [fill in date]" like they do now.
The Auto-ID Center's first response this morning was to pull nearly all the documents with "confidential" in their descriptions off the site, then slowly replace them one by one, with new "confidential until" designations tacked on. We have not yet had a chance to verify if the documents have changed in other ways than the new "sell by" dates they now carry.
Many other documents vanished and have not yet reappeared (nor are they likely to, considering their content).
Cryptome has listed the original 68 "confidential" search results, as they appeared this weekend. As soon as the Cryptome site recovers, you can verify that there were few or no expiration dates on any confidential documents until well after the story broke today.
You've got to hand it to the Auto-ID Center for working overtime on damage control. The "confidential until" thing was a nice touch.
p.s. Until it crashed, Cryptome had all 68 original documents available for downloading on its website.
Here is the index of all the research papers on their site. If you click the PDF links, it will ask you to log in first. The trick is to click on the "View Abstract" link and then there you click on the PDF link and voila, there you go!
Any operation that takes place with RFID tags takes place under Part 15 of the FCC rules and regs. That is the same part that gives us permission to use 802.11${version} wireless networking, but requires that the general public take a back seat on these frequencies to ham radio operators (because we have licenses for these frequencies, and the general public doesn't)
Part 15 comes with two provisions:
In other words, by using the unlicensed section of the spectrum, the users of these devices are setting themselves up for interference from other users of the spectrum.
What I personally would like to do then is construct a set of 13MHz walkie talkies. Not really very practical devices on the whole, but they should work well enough at short range. You and a friend go shopping and just happen to key up the radio each time you pass through the door. You have the legal privilidge to do this, as long as you don't mind the interference to your signal from theirs. They must accept the interference to their signal from yours.
Technical note: The modulation on your walkie talkies should be something that is guaranteed to take up the entire 14 kHz width of the band specified under Part 15. Perhaps some form of digital voice. You need to occupy 13.560MHz +/-0.007MHz inclusive.
www.wavefront-av.com