RFID Privacy Workshop At MIT

← Back to Stories (view on slashdot.org)

Posted by simoniker on Wednesday September 10, 2003 @02:01PM from the rtfm-on-rfid dept.

Steve Weis writes "MIT is hosting a workshop on Radio Frequency Identification (RFID) Privacy on November 15th, 2003. Representatives from industry, academia and privacy advocate groups will discuss the privacy issues associated with a widely deployed consumer RFID system. Pre-registered university students may attend the conference for free. The workshop website includes a RFID Privacy Blog."

25 comments

Min score:

Reason:

Sort:

I must be tired by Anonvmous+Coward · 2003-09-10 14:27 · Score: 4, Funny

I tried to translate RFID like one would with RTFA. When I read "RFID Privacy Workshop At MIT" I thought it meant "Read the F'ing Information Dumbass Privacy Workshop at MIT".

I need more coffee.
is it not? by falsification · 2003-09-10 14:59 · Score: 1

a workshop on Radio Frequency Identification (RFID) Privacy
Excellent. See you there. I'll be the one all in black.
I goes nobody's replying.. by Anonvmous+Coward · 2003-09-10 15:53 · Score: 1

... because they're worried about their privacy.
Note from MIT by Anonymous Coward · 2003-09-10 17:18 · Score: 3, Funny

Please note: if you have recently bought clothing from Wal-Mart and are planning on attending the workshop wearing this clothing, please DO NOT pay the $40 entrance or sign up before the event.

Your name and contact details will be entered into our system and your credit card charged the fee automatically as you pass through the entrance.

Thanks,

S. Garfinkel
Workshop Chair
It's coming..... by Anonymous Coward · 2003-09-10 22:06 · Score: 3, Insightful

Let me begin with this: I am a privacy zealot. I value my privacy. I enjoy my privacy.

That said, when I had a case of severe testerone poisoning back when I was in my 20's, I probably would have crashed this event with signs rallying against oppression, etc...

Now that I'm somewhat older, and a few degrees under my belt, I can see the benefits of RFID enabled systems from a business standpoint.

And I've done the math. And guess what? So have about a zillion other business people, and they're chomping at the bit to integrate RFID as soon as it gets just a bit cheaper to implement.

So it's going to happen. What all of us privacy-loving people need to do RIGHT NOW is figure out how we're going to deal with it. What is an appropriate balance that we can strike with people who want to use RFID and those of us who value our privacy?

I fully understand that there are a variety of uses for RFID within an enterprise or retail environment. But once I LEAVE that environment, I would prefer to have all the RFID's deactivated, and unable to be reactivated - ever.

I am absolutely not so paranoid about there being a sensor in every doorway in the next 10 or 20 years, but rather some techno-crook teaming up with a buddy who's been laid off from the radio industry who builds a powerful RFID transciever that can scan my home from the sidewalk... They have someone else who breaks into a system to learn what RFID ties into what item, and discover that I have a nice stereo that they'd like to acquire... Or that my wife has a mink coat... Or that I just bought a new watch... Best of all, they correlate all those records and discover when I typically bought them so they know when I'll be out of the house... THAT'S what I'm worried about.

The rest of it - the government knowing where I am, what I bought, blah blah blah - they've got that shit if they want it right now. They abuse it to be sure, but thus far not too badly (from what I can tell), and while I'm not happy with that, neither is the EFF or ACLU and they're working with a bunch of other people to restrict things... WE THE PEOPLE can have an effect on government - eventually - because of our Constitution.

But WE THE PEOPLE have a tougher time with corporations. So WE THE PEOPLE need to talk about this BEFORE it becomes a problem, come up with some reasonable ideas that most of us (people and corps) can live with, and implement it.

If we don't - the risks will be unbelievable. The damage done to people's privacy will be incalculable. People will be robbed, and killed. Corporations will use the technology to squeeze even more money out of the people, and they will use it to 'prove' that you did something - even when you did not - because we all know the system could never be wrong! Right?

That said - the MIT Workshop is a good start.
1. Re:It's coming..... by ajs318 · 2003-09-11 03:03 · Score: 1
  
  Hear, hear. We need damage limitation measures as soon as possible. RFID technology potentially enables a previously-unimaginable level of control-freakery, with the location of not just every person, but every article in the world trackable on some sort of database.
  
  The argument that they can never usefully distill that data down holds less and less water with each day that passes, as computing power gets faster and cheaper. We in the UK are already under the microscope pretty much all the time we are outside of our homes, with CCTV cameras in the streets now losing some of their former power to displace crime to the blind spots as the thugs stop being bothered about getting caught.
  
  Which brings up another question. If we can't stop people from finding stuff out about us, would it be possible to prevent them from making any use of the information?
  
  The UK Wireless telegraphy act says that it is not an offence just to listen to other people's duly-licenced radio transmissions {listening to unlicenced transmissions constitutes Aiding and Abetting}, but it is an offence to act upon information received by doing so. The meaning of this in the context of radar detectors is that it's perfectly OK to use one, but you mustn't slow down when it beeps {because that would be acting upon information received} ..... of course, if you don't slow down you'll get nicked anyway for speeding.
  
  I think UK law already would make it an offence to misuse information gathered from RFID tag, since the data is transmitted back by RF carrier wave and the reader contains a transmitter {which presumably would have to be licenced} ..... so there are two WTA offences already.
  
  Thing is, it would be damn nigh impossible to prove that someone obtained the information they know about you by illegally reading RFID tags in your possession. There are a lot of ways they could have found it out ..... you have to be careful not to create a guilty-until-proven-innocent situation {OK, I know we already have that in this country for some offences, but I'm not saying it's a good thing}.
  
  If there is a legitimate application for RFID devices in retail stores, then so be it; but for the sake of everyone's privacy, the tags must be removed or, at the very least, deactivated before leaving the premises. {The idea of simply deactivating the tag may conflict with recent European waste laws which encourage reduction, reuse and recycling. And can you really be sure it's dead?} But what's to stop a shoplifter from taking an AJS318 Model 100 {tm} Universal RFID Tag Deactivator {patent pending} into a store, deactivating a bunch of RFID tags in various goods, and walking out with them?
  
  --
  Je fume. Tu fumes. Nous fûmes!
2. Re:It's coming..... by domninus.DDR · 2003-09-11 11:15 · Score: 1
  
  Ok how big are these things? Why not just rip them out? I rip the tags off my clothing anyway because they are annoying. I can see this being trouble for getting it out of your new HDTV or iPod though...
3. Re:It's coming..... by OldLady · 2003-09-11 12:45 · Score: 0, Troll
  
  I'd have to say that your concern is ... well valid, but ignorant. RFID tags are planted in the packaging, not in the product. So - unless your wife leaves the tags on her mink, and you have a taking-out-the-trash phobia (to dispose of wrappers and packaging), a thief should not be able to determine your possessions. Besides which, any thief with .05 brain (which is about .001% of the thieving population), is gong to "case" your abode, and pick your house based on where you live, what kind of car you drive, how extensive your security is, and if you have a dog or not.
4. Re:It's coming..... by Anonymous Coward · 2003-09-11 21:05 · Score: 0
  
  Sorry, but it's not ignorant. RFID tags *can* be planted in the packaging, on the pallet holding multiple packages, or IN/ON the product.
  
  They are the size of a grain of rice. They have a very small antenna attached. And they are already being used by commercial laundries to track their garments - they are, in fact, embedded in the product label and sewn onto it. There have also been discussions of simply sewing the RFID pieces into the hems of the garments to prevent loss of the tag during washing (or forced removal by irritated human...).
  
  Also, crooks don't case abodes in some areas due to neighborhood watches... What if the crook wears a reader, and takes his dog for a walk, scanning all the houses along the way... No one notices. Back at home, he dumps the reader, correlates the data and then makes his move...
  
  Corrolaries exist - people getting film developed used their real names/addresses/phone #'s. Photo Tech says "gee, they have some nice stuff..." - notes the name/address/phone. Robs the house later.
  
  So casing by RFID isn't too far off the mark.
  
  And just off the bat, I can think of about 15 methods for why one would want to embed an RFID chip in a product... No wait, make that 16 - add VEHICLE TIRES to the mix - the friggin chips are already in new tires - and they are not removable w/o damaging the tire...
5. Re:It's coming..... by AllUsernamesAreGone · 2003-09-12 00:58 · Score: 1
  
  "RFID tags are planted in the packaging, not in the product."
  
  Not necessarily - there is nothing stopping manufacturers implating them in, for example, the hems on clothing, inside the soles of shoes and so on. The minute someone realises that doing so makes it harder to rip off the tag and just walk out of the shop carrying your now de-tagged and invisible to the security system loot, someone will do it. And once one does it, the rest will follow.
6. Re:It's coming..... by OldLady · 2003-09-12 01:50 · Score: 1
  
  Why would they want to do that when there are security devices out there (those heavy tags with ink in them, that need the special thingy to remove) already? I do not think that a merchant would want to alienate their shoppers that much - which would happen if RFID were implemented in the way you describe.
  The reason why manufacturers are so hot over RFID is because it makes counting things easy. Using RFID, they don't have to pull open a box, and count all the items inside to do an inventory - they just have to run a scanner over it to verify and count the contents.
  RFID has security uses sure - but I think they are secondary to the man hours that would be saved over doing an inventory. I don't know if you've ever worked somewhere where things need to be counted, but it is a pain the buttocks.
  Could I be wrong? Of course. Could there be some huge conspiracy to keep track of all your purchases and goods - of course (but if you are really worried about that, I hope you use cash and money order only).
7. Re:It's coming..... by AllUsernamesAreGone · 2003-09-12 02:20 · Score: 1
  
  "I do not think that a merchant would want to alienate their shoppers that much - which would happen if RFID were implemented in the way you describe."
  
  Now it may. But how long before they start arguing that placing it inside the item rather than on tags or packaging ensures it can't be damaged, that it is cheaper and more reliable and so on?
  
  "but if you are really worried about that, I hope you use cash and money order only"
  
  For mos things I use cash, but I also play the game my way: I buy things online, but I make sure that it is not just for me - I order things for friends and family too. Any information anyone tries to get on me through my debit (not credit BTW) card way will be utterly, hilariously wrong.
8. Re:It's coming..... by Skater · 2003-09-12 06:17 · Score: 1
  
  You do know using a debit card isn't a good idea, right? They don't offer some of the same protections credit cards do, like a limit of liability of the card number is stolen.
  
  FYI.
  
  --RJ
Very interesting here in Spain by RinzeWind · 2003-09-11 22:47 · Score: 1

The government passed a law allowing an electronic Identity Card that finished its development not long ago.

As you might know, in Spain it's obligatory to carry your ID card with you if you're older than 18. Besides having a chip with all your data in it, it's said that the card also contains a RFID tag so, as you can imagine, privacy concerns are arising.
1. Re:Very interesting here in Spain by Anonymous Coward · 2003-09-11 23:28 · Score: 0
  
  I will NEVER carry an identity card on general principle. One of my human rights is for them not to know about me without a mutually-acceptable reason. I do not regard prison as a deterrent in this respect. If I had to carry an ID card all the time I might just as well be in f***ing prison.
2. Re:Very interesting here in Spain by Anonymous Coward · 2003-09-12 02:47 · Score: 0
  
  Having a little piece of plastic in your pocket like being locked in a cell all day? Yeah sounds like a reasonable comparison to me.
3. Re:Very interesting here in Spain by WTFmonkey · 2003-09-12 07:11 · Score: 1
  
  How do you buy beer? Smokes? Open a bank account? Just curious.
4. Re:Very interesting here in Spain by Anonymous Coward · 2003-09-12 20:44 · Score: 0
  
  Questions:
  
  * What if you *lost* it? And don't have it with you... But didn't notice until just then...
  
  * What if you *forgot* it? What's the penalty
  
  * What if it happens to get, ahem..., damaged somehow... Like it gets smashed with a hammer and the RFID chip no longer works... Or the smart chip doesn't work... What then?
  
  * Is it required that you carry it in a wallet? What if it's bare in your pocket and it gets bent, and the chip, ahem..., gets damaged?
  
  * What if the card is illegible? Or the picture is virtually useless because it got run over by vehicles? I've seen something similar happen - guy had his ID's in a FiloFax... Guy gets bumped into by someone on the sidewalk, stuff shoots out of the FiloFax into traffic... Stuff gets run over about, oh 3000 times, before traffic stops for a light and he can pick it up...
  
  * Just what happens if the chip is unreadable, and the card is illegible... Do you HAVE to get a new one? Are they free? Do you have to pay for one (other than the obvious standing in line and wasting time thing...)?
5. Re:Very interesting here in Spain by Anonymous Coward · 2003-09-13 08:55 · Score: 0
  
  With round, shiny, metal coins. No serial numbers, and conductive so there can't be any RFID device embedded in them either. Bank account? Thou kiddest!
6. Re:Very interesting here in Spain by RinzeWind · 2003-09-14 03:08 · Score: 1
  
  Ok, let's answer wan I know:
  
  What if you *lost* it? And don't have it with you... But didn't notice until just then...
  
  You can always claim that you've lost it, plain simple. You'll have to go to a police station as soon as you can to get a new one. It costs something like 4 .
  
  What if you *forgot* it? What's the penalty
  
  A police officer may request your ID card at any time. I know there's some kind of fine, but I can't tell you 100% sure as I've never been requested for it.
  
  That answers above apply to the normal ID card, as the electronic one is not yet being distributed among the people. The process will start around Q1 2004, and you have to bear in mind that normal ID cards don't need to be replaced until they expire (5 years after you make them).
7. Re:Very interesting here in Spain by puppet10 · 2003-09-14 14:24 · Score: 1
  
  Sounds like an opportunity to market metal pocket card carriers.
  
  --
  -------- This space intentionally left blank --------
8. Re:Very interesting here in Spain by RinzeWind · 2003-09-15 03:13 · Score: 1
  
  I'd rather use a tin foil wallet :-)
Re:I must be tired by wiggys · 2003-09-11 23:29 · Score: 1

Never mind RTFA, what about this one:

RFTA = Really Fucked That Acronym!

--
Sorry, but my karma just ran over your dogma.
Re:I must be tired by Anonymous Coward · 2003-09-12 07:05 · Score: 0

Thanks for pouring out that nice mug of fr0sty p1ss and ruining it for everybody. Somewhere, a troll is hating you right now.
Dead grandmother....uh huh... by Anonymous Coward · 2003-09-12 20:39 · Score: 0

Just do what my parents do... Use my grandmother's "loyalty" card... Unfortunately, she did pass away some time ago...

I wonder where all that advertising is going to...