Errant E-Mail Shames RFID Backer

An anonymous reader writes "An article appearing in Wired today describes how the The Grocery Manufacturers of America inadvertently sent an embarrassing internal email to anti-RFID consumer group CASPIAN"

Don't overreact.

[Raven42rac]

Don't overreact. These are not the Diebold memos, it is just some woman who sent a non-funny joke back to the victim of the joke by accident. I don't see what the hubub is about. Granted, getting RFID awareness is good, but this story was a waste of time save for some of the info about RFID technology.

Re:Don't overreact.

[fuzzybunny]

Well, kind of depends.

If it's just a lame attempt at a joke, that's one thing. On the other hand, if the GMA guy's boss told him "find personal information on this Albrecht chick, she's being difficult", and the mail was a response to that, I'd be very concerned.

If the latter is the case, the Wired article was very very tame considering how much of an embarrassment this would be for GMA. Digging up personal dirt on your business opponents, although it's done all the time, is simply not kosher tactics, and if an industry lobby and interest group is publicly admitting that it engages in this sort of unsavory activity to get its points across, then the average slob should know about it.

Re:Don't overreact.

[Raven42rac]

I can see both sides of the equation. It is very difficult to convey emotion and literal meanings of the written word. We just plain do not know if there was any malicious intent, or if the intern was just kidding around. I would lean heavily toward the latter as well. I just can't see where there would be blackmail in the RFID field. That would be kind of lame. That would be like trying to blackmail a polka dancer IMHO.

Other coverage

[Malfourmed]

This story was covered in the Australian press a few days ago. Other sources report that the GMA has apologised, describing the acction as a "youthful indescretion".

Re:Other coverage

[allism]

Funny, though - the article doesn't make it clear as to which action was the indiscretion - the comment about digging up Albrecht's juicy past, or the mistake of replying instead of forwarding...

Not to mention, nothing that Molpus was quoted as saying in the article actually indicated that they weren't trying to dig up dirt...for instance:

"Her request for a copy of your bio was simply a part of a normal effort to obtain information about those who lead organisations with an interest in industry issues"

This could mean that they were only trying to get a bio, or it could mean that their normal effort is to find some ammunition in their target's current life. It's not terribly clear, to me, anyway, but I tend to wear a tinfoil hat...

Re:It...

[reinard]

Batteries? Have you ever even read anything about RFID technology? They don't have batteries, which is the only reason for their limited range. They get power directly from the radio waves.

RFID tags in the packaging? They are now weaving them into of clothing, they are inside your tires, and in the handle of your razor.

Disable them? Try microwaving your tire...

The concern is that they don't deactivate themselves. And almost any RFID tag can be read by almost any RFID reader. So your boss can start checking how often you change your underwear, and indirectly can track you around the building by the tags in your clothing. Your car could be tracked at every intersection.

It's not that there is an inherent problem, it's just ripe for abuse, and big step towards slipping into a police state.

Most of us just don't want to get anywhere near there. There is most definitely a need for concern.

Re:It...

[OneFix+at+Work]

Yes, that's true...I know a good bit of RFID tags use radio waves to operate, but if I remember correctly some of these actually power themselves...

Anyhow exactly does my boss know it's MY underware? For instance, if you use a badge reader, what keeps me from going in behind a co-worker? What about the tire thing...it would be much easier to simply track you with a <gasp> license plate...

The truth is, you can already be tracked, it's just that most of us are so boring it isn't worth the effort.

Re:It...

[reinard]

The connection between what is yours and what belongs to others is easily made when you pay for it with your credit card, or use your club card and pay cash. Sure some items like ties and underwear may be presents, but how often do you buy tires for someone else? Or conversely, this enables the interested parties, without effort to establish connections between people. Customer A bougth item I1 that is now being worn by Customer B. And suddenly people you have no relation to whatsoever know who bought you a tie as a present around Valentine's day.

Granted, your boss may not easily get access to this data if you are some small company, but the bigger that company is, the farther they can reach. And if you don't already know - you'd be surprised how willing large companies are to sell access to their customer databases.

The problem is that tracking license plates, cell phones etc, is - as you say - a huge effort that isn't worth it, not even for the government, unless you are a suspected murdere etc.

RFID tags make this much much easier - so much, that tracking the general public as a side effect is technically and financially plausible.

Re:It...

[Alsee]

Anyhow exactly does my boss know it's MY underware?

Assuming your company set up an RFID reader at the entrance for any of a number of reasons, every RFID tag on your body would activate and broadcast it's serial number. That code would most likely contain a manufacturer code, a product code, and potentially a unique serial number.

At the end of teh day you walk back up through the scanner. Maybe they are checking to make sure you aren't trying to sneek out with tagged company property. Rountine proceedure would be to subtract the list of ID's you entered with from the list of ID's you are trying to leave with.

So, one day the computer alerts the security guard that you are trying to leave with an ID code taht you didn't have when you came in. The code number pops up and an automatic search is done on it. The computer comes back with two hits on the search. The first hit is a match on it's internal database - that ID came in this morning whith Sue from accounting. The external database hit reveals that manufacturer code code is for Victoria's Secret, product code Lowrise V-string panties, black, size 5.

Security Guard shouts out in front of everyone: "Hey Bob! Whatchya doing with Sue's panties? Are they in your pocket or are you wearing them?"

He could quite easily pull up your history of ID tags for the year and see what brand(s) of under wear you wear, how many different pair you have worn, and yes, he could easily see how often you wear the exact same pair two or more days in a row.

RFID tags are already being embetted in the fabric of some peices of clothing. As RFID becomes common situations like I described above can become quite common. That daily RFID scan can be analized for any number of reasons, and the data can be extensive and invasive.

Every single store you walk into could preform such a scan. Obviously the "intended" purpose is to make sure that you don't walk out with unpaid merchandise, but once they've done that done that then all of the data is already in the computer it can trivially be used for any purpose at all.

-