And They Shall Know You By Your Books

Val42K writes "People have been concerned about provisions of the Patriot Act that would grant law enforcement access to your library records. Now libraries are considering placing RFID tags into books instead of barcodes. The RFID tags will (supposedly) be turned off when you check out of the library, but could they be turned back on? What about the possibility of you being located and tracked by the books that you carry?"

Complete nonsense

The idea that your RFID tag can be tracked and monitored over a great distance is complete nonsense. The guy who submitted this needs to get a refund on that tinfoil hat of his.

Nothing like a really dumb conspiracy theory to hold back progress. People, these tags are readable up to a few inches. Maybe a foot at most. They are nothing but glorified bar codes. Good for tracking inventory at most.

Do you use credit? Do you have a license? SIN? Bank card? Trust me, you have more things to worry about being tracked by than your stupid library purchases.

Re: Complete nonsense

[gidds]

Which gives the power-curve law a whole new spin; power doesn't drop as the square of the distance, but as the square of double the distance

I hate to spoil such a powerful bit of writing with some mundane maths, but there's no difference between the two. If one quantity is inversely proportional to the square of another, then it's also inversely proportional to the square of any multiple of that other; the only effect is to change the constant of proportionality.

Of course, neither is terribly friendly to a technological implementation, but the wide spread of mobile phones (especially here in the UK) shows that such problems aren't insurmountable.

Re:Complete nonsense

[drinkypoo]

So you want visible radar dishes, hmm? Oh yeah, the public is really not going to wonder whats going on then.

The last time I checked, the usual microwave antennas used for high speed point to point links don't look like dishes, they look like drums. That's just a weather seal but it underlines the fact that it is possible to cover them and still have them work. You could disguise them as, say, speakers. Then you don't even need anything but cloth over them - but there are plastics which do not significantly get in the way of receiving such signals.

There are many things you can do to improve the quality of your signal which will not be commonly used in commercial RFID applications because they are simply unnecessary, which will be done in order to do both legitimate and illicit tracking of RFID tags.

All of which require time, energy, money, a place to set it up outside the public's eye, things that are not simply practical. CCTV cameras work much better for tracking the general public.

The costs of producing this type of hardware are falling all the time, and are not really that much in any case. By the time we have widespread distribution of RFID tags, to the point where it's really worth doing this, people will be building robots out of legos that do the very same thing I'm talking about.

Also, cameras have to transmit a lot of data, and that means wires, or expensive high-speed wireless connections. Not to mention, if they are exposed, they are easy to defeat with a laser, by simply pointing it at the lens, and overloading the CCD. So if we're talking about the concealment aspect, the very same issue is present with cameras, but however they are concealed, they must receive light. It's actually going to be harder to hide a camera capable of delivering much of an image (which implies both lens and CCD of a certain size) than it is to hide the antenna for a RFID scanner.

Also let's not forget that not only is RFID not a lot of data, it's a tiny amount of data. Even if you have enough intelligence on the camera to send just a few face shots and dimension information, say, for anyone who strays into reach, it's still a shitload more information than some small (just a few bytes) unique values. And let us not forget that face recognition software apparently has a long way to go before it's useful, so that's no method for reducing the amount of data to send.

Cameras are nice but the cost of this radio shit is coming down faster than the cost of cameras. Sure, you can now buy a $50 CCD camera the size of a mini box of nerds, but the video quality is craptacular so unless you're moving it around and doing a lot of processing, you can't get much out of it. Video is reactive, you come back to it later if you think it might have seen something. RFID will be proactive, it will let you know where an ID is right now and that is precisely why we should be concerned.

Range

[CaptBubba]

The range of RFID tags is not long enough to make tracking you by them possible.

This will just make checking out books a bit easier. Walk through the RFID scanner, swipe you library card, and walk out. The "man" can track your book useage by your library card anyway.

Also, every library I've been in has had those theft prevention devices that beep like crazy if you pass one of the books through them. This could make it a bit easier for the library to figure out just what book got taken.

This seems like an actual good use for RFID. It should be carefully eyed, but not just dismissed because RFID is somehow involved.

Re:Range

[7*6]

In fact, most library tags have very early generation RFID tags in them. basically there's only one switch inside them (one = not checked, zero = checked out).

You mentioned that there really isn't much of a range on RFID tags, and this is very true. the infrastructure that would be needed to effectively "track" someone using a library book tag would be MASSIVE. first of all, long range readers are hugely expensive, and often require active tags which can cost $5 to who knows what each (an probably only last a couple of years max). Second, these readers would have to be put EVERYWHERE in order to track you.

For now, people shouldn't worry about privacy invasion on a high level (yes - it's easy to track what books you take out, but that's been going on for years) for two reasons:

1) To tag an entire library would cost a fortune, as small tags still cost at minimum 20 cents each when bought in huge volume. Only the largest companies are investing in these things for their products (we all remember the announcement about Gilette).

2) It's rediculously easy to prevent an RFID tag from being read - just put it up against some metal. the clearance has to be something like 35 mm to be read.

Tinfoil

[motyl]

Simply pack the books you borrow into tinfoil, or an aluminium case. It is really very easy to cut radio waves around small objects.

You could just shield the inside of your bag with any metal foil.

Passive RFID has a small range

[mistermund]

I've been researching RFID quite a bit in the past few days - we're planning to use it for an application to greet visitors in our building. The problem is that so called "passsive" tags (without batteries, powered by RF from the antenna) have a maximum range of 1.5 to 2 meters - and that's with the big gate type antennas used for most store theft prevention.

Active RFID contains a battery and can be tracked much further away, from 6 to 100ft, but it's impractical b/c the tags are expensive ($10+) and somewhat large. Many automated toll collection systems use active RFID.

Also, not all RFID systems are compatible. So unless the guv'mnt decides to install those big gate antennas all over your local neighborhood, this whole passive RFID paranoia is mainly just FUD.

Re:RFID is inevitable

[H310iSe]

I'm pretty sure you're right, they can't be turned off, without, as one poster suggested, destroying the tag (not sure that's even possible in a real-world situation). I looked into them for a project but was dissapointed in the read range (which is good news for privacy concerns) and the readers are still pretty expensive. If anyone knows about turning rfid tags on and off please post? I'm sure many people would be interested.

Re:Depends on how they code them...

[Klaruz]

At least with serial numbers, you have some chance at privacy so long as the libary does the right thing in terms of protecting the database.

Thanks to the patriot act, it's easy for authorities to get your library records. It's also illegal for the librarians to tell you they took your records, or that the authorities were even asking for records in general.

Welcome to the new America.

We're already using them at UCONN

[akmolloy]

We've been using RFID tags at the University of Connecticut Library for the past year. It's more of a theft deterrent than anything else right now, but has the potential for much more.

At the exit station, patrons must walk through a barrier that reads the RFID tag, and looks up the tag in the database of all books currently checked out. If it fails the test, an alarm sounds (and the little exit bar locks)and the patron is asked if they might have something in their bag that they forgot to check out.

The greatest thing about these is the ability to do inventory of a huge amount of books at one using a portable wand/PDA type device. You can rpogram it to beep when a book is found, etc.

Anyway... the RFID tags are not "turned off" at all, and this is not even an option on the types of tags we buy to put in the books. It seems rather silly to me that anyone would even be worried about it. So what if someone "reads" the tag as you walk by on the street? It's just a sequence of numbers that means nothing to anyone but the Library.

RFID 101

[john.r.strohm]

Sometimes, people panic when there is no reason to do so.

Background: Texas Instruments invented RFID tags, as TIRIS (Texas Instruments RF Identification System, or some such). I was working at TI at the time, and TI is *VERY* good about blowing their own horn internally on new unclassified gadgets, in the hopes that other TIers will come up with interesting new applications for the new gadgets.

The RFID transponder is a fairly clever device. You put in a fairly strong low-frequency RF field, and it rectifies enough power from the field to power a very limited microcontroller and transmitter, just enough to transmit a unique serial number that is burned into the transponder at manufacture time.

The transponder has a VERY limited range, because of the power limitations.

The serial number is NOT customer-programmable, for very good reasons. This lets them guarantee that every transponder is UNIQUE, and makes it IMPOSSIBLE to confuse your car keys with someone's missing prize bull when you go to the rodeo.

The transponder has NO intelligence, beyond the ability to squeak out the burned-in serial number when it finds itself in a power field. That's it. The host computer has to convert that serial number into something useful.

The specific design goal was for something that could be read WITHOUT CONTACT, as it walked (or drove) past a sensing point. The original goal was an implantable device, for livestock ID. One of the early applications was a drive-by tolltag.

The only way you are going to be tracked in real-time by your RFID-equipped library books is if the government literally blankets the country in tolltag gates.

Re:RFID is inevitable

[jjshoe]

they key is it is powerd up by, not it is powerd on and actively transmitting.

Some myths that need exploding

[riptalon]

RFID tags only have a range of a few inches to a foot
In fact companies have announced passive RFID tags with advertised ranges of 9 meters or more. Active tags can have ranges of miles. The very first RFID tags had very short ranges but the technology has improved and will no doubt continue to improve. The greater the range the more useful tags are (and the fewer recievers you need), even if they are not being used for surveilence. It is therefore highly likely that RFIDs will become even more surveilence friendly as time goes by. Directional receivers specially constructed for surveilence (similar to parabolic microphones) could no doubt increase the range at which tags could be scanned by at least an order of magnitude.

RFID tags are fundamentally no different from barcodes
RFID tags can be invisible and impossible to remove from a product. Barcodes by definition have to be visible and even if they are integeral to a product can covered or scratched out. Barcodes need a clear line of sight to work whereas RFIDs can work though significant amounts of covering depending on the material. It is impossible to use barcodes to track people in any meaningfully way (unless you force everyone to have one tatooed on their forehead), but RFIDs can make such tracking trivially easy and totally invisible.

Surveilence using RFIDs will be too expensive and difficult
If RFIDs are widely deployed then the receivers will have to be cheap. If every shop is going to have may of them, like they now have barcode reader, then they are not going to be extortionally expensive. Economies of scale mean that the police will be able to afford large numbers of receivers. It is also the case that you do not need to cover even a small fraction of a country to make surveilence work. All you need to do is place receivers at strategic high volume choke points where large numbers people pass by (entrances to buildings, traffic intersections etc.). Also the usefulness of handheld receivers, especially in crowds, cannot be underplayed.

People exchanging tagged items will make surveilence impossible
This is only true if very few (presumably expensive) items are tagged and so the average person only carries one or two tags around with them. Once RFIDs are unbiquitous most people will have a dozen or more tags on them so it will not matter if you bought your PDA on ebay or your shoes were a gift from you cousin. The majority of the tags will be traceable to you. If fact at this point this effect becomes a positive advantage surveilencewise, since it will make it possible to track associations between people without seeing them meet. If you are carrying a cheap ball point pen that was bought by someone living twenty miles from you then there is a high probabilty that you know each other (or have a mutual friend).

Tags will really come into their own once they are are in a large fraction of products. At this point most people will have at least a dozen tags on them most of the time and the majority of these tags will be traceable to them through the initial purchase. In fact even if such purchase records were not kept (which they certainly will be) or the government didn't have access to them (which seems unlikely given the present climate) it wouldn't really matter.

RFIDs are like having a dozen or so unique ID numbers stamped on you as you walk around. The numbers may vary as you swap clothes, shoes, and items like pens, wallets, PDAs, keyrings etc., but all that is needed is one instance where they scan all your RFIDs and know who you are. Such situations might include security checks at airports, being stopped by the police or any number of other situations.

Once the govenment has a list of RFIDs you were carrying at one particular time it will be trivial to correlate that against previous scans of unknown individuals to work out all the RFIDs that you routinely carry arou

Re:RFID is inevitable

[seanadams.com]

"sane" and "legislation" in the same breath. Uyah.

I'm glad someone caught that, as it's exactly what I was "writing between the lines". Just consider how absolutely fscked our bank and credit card regulations are, and you'll understand why that statement was really just a little jab at the fact that there's honestly no way in hell we can expect good privacy protection.

Every US bank is required to report every transaction over $5K (maybe it's $10K these days) to the fed. You can't even move your money offshore privately - you're required to report it all and there's no way to access it without being tracked. My credit card company is allowed to sell my personal information and data about spending habits to anyone they want unless I take the time to opt out (just got the form from them today, in fact.) The IRS can get whatever information they want just by sending a letter. Shit, even cash transactions are recorded on video and linked to serial numbers embedded in the bills.

I mean really, if you value your privacy above systems like electronic banking and efficient trade, then you have no choice to buy a shack in Montana and sever all ties with civilization. RFID, however, is not the kind of thing you can stop society from adopting. And if you think our government will volutarily track valuable goods any less than than they track legal tender, you're in for a big surprise.