Slashdot Mirror
The Trouble with RFID
wintermute42 writes "Simson Garfinkel, author of Practical Unix & Internet Security along with Gene Spafford and Alan Schwartz,
has an article in The Nation on RFID tags. They're not just for tracking stuff. They can track you too."
Beings aspergers AND pulling chicks... I enjoy the challenge!
Oh wait...
---- It puts the lotion on its skin or else it gets the hose again. It does this whenever it's told.
Someone standing within 2 feet of me can scan any RFID tags I might have acquired and might be able to determine that I am wearing khakis and have an ID card in my wallet.
Food not Bombs is a nice platitude but it breaks down when you notice that the Bombees are usually well fed
So how feasible is a "zapper" that will render RFID's useless? The idea is you come home and run your new purchases throught some sort of scanner...and poof! Normal merchandise again.
Any EE types that are familiar with what it would take to do something like this?
Anyone can track you. Really. All it takes is a notebook and pencil.
Get over yourselves. Jeez.
I have been pwned because my
Take a cue from Bean in Ender's Shadow.
Let's all become nudists !!
...as then everything will be tracked. People and transactions. :/
libertarianswag.com
No kidding. Life takes on a similarity to the chessboard. There are no surprises in chess, just players not quite working out all of the move combinations.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
In Soviet Russia RFID tracks you. Wait... that's not right is it?
Great. We'll have inboxes filled with "Track your neighbour" and "Generic RFID removal" in no time.
I can't wait until I get to check out what underwear a girl is wearing without looking, perv heaven!
What happens if you collect about 1000 RFID devices
and carry them around with you. Will the readers
be able to read that when you pass by a scanner?
You're thinking about this all wrong. Take off your tin-foil hats, nobody really wants to 'track' you.
Now, what companies will really be salivating over is the opportunity to market to you. If they can track all of the RFID tags on and around you, they can know so much about you that they can tailor advertising to you specifically. Just like Minority Report, only not so cool.
Just think of it as value adding. You're adding so much value to the coffers of manufacturers and advertisers!
...Big Brother Inside
Performing sanity checks on your own beliefs is vital in avoiding poisoned koolaid.
Rules of conduct like those in the previous slashdot story here?
People say I'm crazy, I got diamonds on the soles of my shoes...
Who didn't figure that RFID tags will be used to track us- the consumers? Hell, that may be even a better use for them than inventory tracking... They get about the perfect picture of what products we use, when and to an extent how. The marketers wet dream. And of course the definition of propriety will be stretched, bent and broken during the courtship of RFID tags.
:)
Now, I on the other hand, have a want for them. I think they could be fun to hack around with. That is, I want my PDA to be able to read tags, and then I'll get a bunch of them. I'll tag my house up, so that I can get location-based alerts. The kind of thing GPS would be too big and clunky- and not accurate enough- to do. I can come up with all sorts of fun things to use RFID tags for in my own life that have nothing to do with being "targeted" better.
Working toward a usable PDA environment in the spirit of Newton OS: Dynapad
What is that quote? Man is born free yet everywhere he is in chains
I do not like the idea of having every last bit of privacy removed. Between the new camera's my state is installing on highways, with radar guns, that send you a ticket in the mail, to having banks sell personal information to thrid parties so they can call me at dinner to offer me a great price on a satelite dish, this is getting out of control.
While some may say that government will never, ever use any technology in an illegal way, I would just say they have done it in the past. Nixon broke into the dem's headquarters. Other presidents have bugged the phones of political groups like the black panthers. And this current president has the "Patriot Act".
It scares me to think what government could do. 1984 is looking less like fiction and more like a prediction.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
Right, but nobody can track thousands of people simultaneously and find patterns and "alleged links with so-and-so" with a computer.
tasks(723) drafts(105) languages(484) examples(29106)
Happy Trails,
Erick
http://www.busyweather.com/
RFID on slashdot many times. Solution to this problem is simple. Avoid holding actual personal details on a central database. Yes, lets track what people buy and where they go, but only as an alias. IE, last month, 1287 people visited XYZ store in New York and purchased ABC jacket and then 376 of those people left the state. No need to log WHO they were. Simple really!
O'WONDERWe're working on it.
I'm a triathlete and runner, we've been using RFID to track athletes for years. The main company doing this is Champion Chip. It's a small plastic device that you attach to your shoe or put on an ankle strap.
The tracking lets them do severl things. First, they get accurate timing and immediate results. They can also track where you've been to make sure that people haven't cut parts off the course. Some people are too creative, a few years back a women hopped on the subway for part of the Boston marathon, but she went "too fast", they got suspicious and reviewed the surveillance cameras in the subway.
The latest cool thing was in Ironman Hawaii. They had video cameras setup on the course and the chip strapped to your ankle let them know your location all day. Then, you could order a personalized DVD with video of your race. Pretty cool idea, though I didn't personally buy one.
Some may see this as big brother, or a harbinger of things to come. Some of us, however, have been happily tracked by RFID for years - voluntarily! I wouldn't want this to be 7*24, without my permission.
Alan.
Saying that a database that keeps the data of every person that does window shopping on your shop and reading every tag can "be built easily" might be true in a sense, but making sense of so much crap data is not.
So really, is it a big deal? Getting the tag off my groceries when I get home compared to just being able to walk out the supermarket with my groceries in a bag and have the bill ready instantly is a pretty small price to pay. Yeah, they can track what I've bought, but honestly, what's that going to be useful for?
The only thing that worries me a bit is about digital identity theft, which basically means I don't trust this technology to be secure enough. So, I'll just keep paying cash at the supermarket.
---- Take the Space Quiz!
Now I need a tin foil jumpsuit, boots, gloves and helmet.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
Why is everyone so paranoid about being tracked with RFID? I've got nothing to hide, so I couldn't give a monkies if everyone knows where I am or if a store knows my purchase patterns. Heck, most of them already have this info thanks to my loyalty cards, and I don't see anyone making a big fuss about that!
biopowered.co.uk - catalytically cracking triglycerides for home automotive use since 2008. Just say no to big oil!
If you gents keep screeching about the profound dangers of RFID for every single article, interview or news tidbit that comes out, folks are going to start ignoring your input.
Hell, I look forward to the day I can just load up my cart with groceries and head out of the store without bothering to stop at a cash register. My purchases are already matched to my credit card account in their internal inventory anyhow, and I'm openly 'opting in' by using the system.
I wonder what Slashdot would have been like if it had started on an FTP site and not port 80:
"Coming dangers of the World Wide Web! Cookies! Server Logs! URLs! Protest now while there's still time!!!!!!!"
The problem is (as always was and always will be) how people use a technology.
RFID (or any other technology) is not necessary for a police state as demonstrated by many examples in the past.
You privacy can be (or most probably: was) violated without RFID too.
To protect your privacy you need a society that values privacy and have laws that express this. If you do not have that then you are swimming against the flow and your are doomed to failure, no matter if RFID is used or not.
I would like to point out Europe: there are privacy laws that basically say the following:
If you have such laws (and have them enforced) then there is no need to fear RFIDs - but if you don't have them, RFIDs should be the least of your worries.
Real life is overrated.
I've heard anecdotal stories about RFID asset tags and one immediately comes to mind - One warehouse had the polling interval set too high (read every few seconds) and drained the batteries on all the RFID asset tags and it pretty much foiled the test. I've read up at Transponder News. Maybe the technology on the batteries have improved, I'm seeing 5 years as battery life, but this "it can track you everywhere" doesn't take into consideration that most of the tags are designed for detection in 50-1000 feet range, and are powered accordingly. Can they track you everywhere? If you bring your stuff in range. Will they? Most likely not
What you fail to address is that takes a vehicle and one or two dedicated people per person being tracked. This is the way it should be.
... ) gone will be the days that people could walk into a large store, take something off the selves and return it to the sevice counter ( it was a gift and I don't have a recipt ).
With RFID we are now faced with situation where a simple globally unique tag is assigned to each RFID tag and can be tracked with simple electronics. A store can track your every movement with a dozen carefully placed receivers by tracking the RFID tag embedded in the soles of your shoes.
Malls could track walking patterns the same way, and by consolidating and minimg the data, they can probably match up anonymous tracking data with an individual by looking for things like credit card transactions.
This is not stuff of Sci-Fi or intregue novels, stores want this kind of information and they WILL be using it. Unfortunatly with my buisness hat on I know that RFID will never go away, it just has WAY WAY too many advangtages for stores ( inventory, shrink reduction, fraud protection,
like Simson Garfinkel. First of all, it's not exactly a common-sounding name to me. Maybe it is in other parts of the world.
Second, can I withstand the desire to crack a Simon & Garfunkel joke? I mean, almost all the letters are there...
Hello R-F my old friend,
I've come to talk with you again.
Because the data softly creeping
I am just lying here weeping
Because a hacker
Just stole my identity...
And now my bank account is silenced.
I'd continue, but this will be modded down just based on the title.
It would seem to me that all of the "take off your tin-foil hat" crowd are missing the obvious. Yes, I understand (and if you rtfa you'd see that the author does too) that the planned use of these tags are for very legitimate reasons, but hasn't anyone learned through history that abuse occurs? If some technology has the potential to be abused, then sooner or later, the government, spammers, advertisers or even Wal-Mart WILL abuse it and our privacy will be invaded. This isn't to say that laws governing the use of RFID tags will prevent abuse entirely, but lets at least TRY to prevent what we can before simply allowing these things to go into widespread use and abuse.
"Last March Benetton announced similar plans to weave RFID tags into its designer clothes..."
Put them in the tag. If you don't like the idea of an RFID rubbing your neck then cut it out.
I know, I know. You *have* to keep the tag; that's how you know it a [insert designer here]. Pfft.
sig
...right because human buying patterns are predictable.
I don't get all worked up in a paranoid fervor, but I don't see why we shouldn't be upset by this. I don't really think the technology is anywhere near where it needs to be, for security and reliability reasons.
I wouldn't even trust self checkout systems at retailers with rfid technology, but then again maybe I should, think of all the money we(they) will save(make).
It's a Simon & Garfunkel song... "The Sounds of Silence"...
---- It puts the lotion on its skin or else it gets the hose again. It does this whenever it's told.
And someone to carry these objects. At the cost of many man-hours. RFID has the potential to track on the cheap, anytime, any number of people, without having to devote one person to each subject.
Libertarian: label used by embarrassed Republicans, longing to be open about their greed, drug use and porn collections.
people do that when that want to give karma to someone who's made a funny joke...
---- It puts the lotion on its skin or else it gets the hose again. It does this whenever it's told.
RFID tags don't have batteries, they draw their power from the radio waves used to query them.
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
This is an insult! No-one has the right to infringe our privacy like this! I for one will be boycotting all stores/establishments that use RFID. I find the idea of a device that can be used to track my movements and habits utterly reprehensible. Now, if you'll excuse me, I'm off to town to go shopping using my credit card and many clubcards.
If they are going to track us, why not make it fun. We can all get together and swap RFID tags. Some mischevious shoppers in Britain do that with their Tesco loyalty cards, so why not do it with RFID to. And if one person carries multiple tags from different people, then they can make it look like an entire flock of people are at the door.
The alternative is to wrap ourselves in tin-foil. Hmmm.. I wonder is metallic clothing will soon be fashionable. Maybe that's why all those SciFi movies have people in shiny suits - they had to worry about RFID tracking.
Two wrongs don't make a right, but three lefts do.
... of these things ?
Could they be used for automatic purchase ? You have your RFID and the products RFID's and you leave the shop the items are automatically placed on you 'tab' . Pain free shopping and no cueing at the checkouts. Some super markets here allow you to tot up your shopping this would just be the next logical step.
You could have it such that there is a little reader on a shopping basket that tells you how much you are spending, nutrition information etc...
They could also be used at toll booths - automatic payments no stopping, no traffic.
Lots of methods to empower the consumer.
chris at darkrock dot co dot uk
http colon slash slash www dot darkrock dot co dot uk
The big question, which, it seems to me, gets deliberately fuzzed in all of these discussions, is this:
Is it acceptable to invade your privacy as long as it is for the purpose of selling you stuff?
Privacy advocates tend to emphasize the danger that systems put in place for the purpose of selling you stuff might later be used for purposes of political repression. This is a real concern, but a relatively remote one. It's a slippery-slope, speculative, "if this goes on" kind of argument. Yes, I know (mostly from reading Slashdot!) that there have already been instances of such usage creep.
Let's suppose--implausible, of course, but suppose--that you could somehow guarantee that RFID tags, and all the information that companies gather on you in all sorts of ways, could be freely exchanged by companies for the purposes of selling you stuff, but could be perfectly secured against any other kind of use whatsoever.
Would that be all right, or not?
"How to Do Nothing," kids activities, back in print!
Oh, come now. You really haven't read up on RFID, have you?
The RFID tags that we're talking about DON'T have batteries. Only active RFID tags do, and those are an extremely small percentage. Do you really think they would place an expensive battery powered RFID tag in every shoe?
-------
technomad
I'm guessing that barcode tatooed on my forehead might be a problem too...
I can just see the ladie's laughing as my condom wrapper's RF is read by them... Oh, wait - I'll just buy Magnums from now on!!!
So rip off the tags! I rip off tags from T-Shirts anyway as they itch at the back of my neck. Hmm I also bet that if you wrap them in tin foil nobody will be able to scan them. Electromagnetic fields cannot travel into a tin foil closed cavity.
Aww crap, you mean to tell me all these years I've been working for my money like a chump?
Am I the only one that read that as "Simon Garfunkel" ?
TK
In this case, you willingly put it on in order to operate and interact with your community of runners. Basically, to see who is the best among you and to see what your time is for personal reasons.
In the scary case, WalMart puts an RFID tag on my tighty-whities and then I go to Target and over the intercom comes a voice that says, "John Allman, Welcome to Target. We have tighty-whities for sale."
Personally, I am learning to sew.
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
I recognize the song. I don't get the joke. What does "The Sounds of Silence..." have to do with RFID tags?
you are forgetting much of the ways this can be used.
small rfid collectors can easily be installed all over an area and YES a rfid can be read from farther away if the reader is designed to do so. I did it with prox-cards that are rfid access cards at work.. I can get a 5 foot read range without any difficulty.
read EVERY rfid passing by point A and B searching for a specific number is easy (the rfid in the bvd's the target is wearing... wow he hasn't changed them in 3 days!) and we can digitally collect your habits.
and I can easily get almost EVERY rfid number you have by installing a reader near your home.
none of these need to transmit, just simply collect the data and I can download and parse at my leisure. the reader can be made as small as a kids' lunchbox and easily hidden to erad a 5 foot range, I'm beting that if I used more current electronics and DSP chips I can make one that will reade most every rfid in a 15 foot radius, taking multiple reads while you stand there for a couple of seconds.
It's easy to do, and only takes a moderate EE to do it.
My browser (Opera) has an option for deleting all cookies on exit so to prevent tracking across sessions. Similarly, as the RFID tags are implanted in your clothes, you can only be identified uniquely, and tracked, if you never change your clothes...
Ok, I forgot, this is Slashdot.
OK these things are tiny radio transmitters right ? So what's to stop people carrying some sort of jamming device?
This is a manual signature virus. Copy to your signiture file and help me spread.
But you wouldn't know unless you need to roll them all the way to the end.
--- Ban humanity.
My understanding, based on earlier articles that have been posted on this website, is that the RFID tags are specifically built to withstand these sorts of problems.
They disconnect their antenna if they sense a surge to protect their circuitry.
And it makes sense -- if you're using these for tracking merchandice, you wouldn't want some shoplifter taking the RFID equivalent to a tazer with them, shorting out the RFIDs, and then walking out with your product.
(personally, I didn't see anything new from this article than any of the other articles posted before on the subject. I don't think there have been particular suggestions of targeting window shoppers, but the general proximity issues have mentioned repeatedly before)
Build it, and they will come^Hplain.
Look who wrote the linked article...
What about how computers make media piracy much easier and convenient? Doesn't the point that RFIDs make tracking too easy because it becomes automatic through electronics also lead one to the conclusion that computers and more specifically ripping and sharing programs make it too easy to make copies of copyrighted material?
If RFIDs are not acceptable, how can the use of P2P networks for 'sharing' music be acceptable?
Can you justify it because in the first case it is specifically *you* who is losing freedom and in the second case it is *someone else* who is being affected adversely by your actions?
Anything can be used for good or bad. Guns, RFID, the Force. Doesn't matter. I work for a medical technology company and we are working on a project where RFID tags embedded in wrist straps are used to track patients. This allows us to automate medication charts, vital statistics, you name it. This will eliminate a lot of errors like missed medication doses.
Is it difficalt to build pocket-sized tag detector/jammer or jummer only, which wouldn't interfere with legitimate wireless communications ?
... what's the big fuckin' deal, bitch?
Does anyone have a plausible scenario for abuse of this technology, or is it just kneejerk defense of "privacy"?
Be sure to check out other stuff by the author: The Unix haters Handbook. Quite fun (but somewhat old)!
)9TSS
All I usually get is "Stores will build a database, and then Homeland Security will do, um, something." Followed by handwaving and dubious slippery slope arguments that usually imply a continent spanning sensor net that sounds like a cross between Tom Clancy and Vernor Vinge.
Someone connect the dots here. The article didn't do a very good job.
Or is this just modern mythology, like people hiding in their homes worrying about wererwolves and vampires and witches in centuries past?
--- Ban humanity.
It all started when someone was killed/severly injured (not sure which) when training on the roads and nothing could be done because an identity could not be resolved for a long time.
Well, if someone was killed, then it is safe to say that nothing could be done, although perhaps funeral arrangements were delayed until the person's identity was known.
In the case of an injury, heart attack, or whatever, emergency treatment will be started immediately, even if the person's identity is not known. I am a physician at a major trauma center, and the trauma patients are routinely admitted as "xxxx Doe" for initial management. If a patient has significant medical history, such as a drug allergy or coronary disease, then there is a bit of a problem, but I am not sure that a RFID tag would provide the relevant info in any event.
My main point is that if you require emergent medical attention, it will not be witheld simply because your identity is not known.
Here's an idea for a new community project: Mega RFID Vest Library
Go to the dump where multiple people are throwing away RFID-laden products. Snag the lil suckers off discarded food products, garments, appliances, liquor bottles, baby food.
Sew them onto a vest.
Lots of `em.
When you walk through the scanner you'll be ...... 246 different people.
Then, trade vests with others in other cities, other countries!
"Provided by the management for your protection."
The guy's name is Simson Garfinkel... you don't see a similarity?
---- It puts the lotion on its skin or else it gets the hose again. It does this whenever it's told.
I understand the Simon and Garfunkel reference, but why the Nirvana reference? Do you get that excited by RFID?
tags are designed for detection in 50-1000 feet range
RFID readers placed every 50-1000 feet will solve tracking problem. for example one building where all workers have id cards with built in RFID tags...
I am not worried about this at all. I say let the gap, eddie bauer,wal mart,sears, etc waste millions of dollars on this crap. Let them try to decode their consumers behavior. About 10 years from now- when all these companies have 200TB of crap- let them explain to their investors how good RFID is for marketing.
GO Spafford!!! Purdue's Man on Computer Security
www.purdue.edu
Does anyone know if rather than zapping the tags as discussed in other posts, there might be possible countermeasures? For example, how much shielding would be required to block the signal? i.e. would it be possible for an industry to grow up providing shielded wallets, backpacks, purses, briefcases etc.? Or even *chaff* belts to drown the system with false readings?
I've finally got around to changing my sig
I'm not 100% sure, but I'd say these are active (e.g. powered) rather than passive RFID (being discussed here).
This group, CASPIAN - Consumers Against Supermarket Privacy Invasion and Numbering has information on RFIDs including Auto-ID: Tracking everything, everywhere. The group is also against loyalty shopping cards for similar reasons.
One of the high street stores in the UK (Marks & Spencer) has just completed a pilot test at one of its stores. Worryingly the Department for Trade and Industry actually subsidised the scheme, even more worrying was of the 50 people who were intereview about RFID no one seemed to care or be aware of the technologies issues.5 5,39118147,00.htm
The scheme used intelligent tags that "hold just the number unique to each garment. When scanned against an M&S database, the tag would only give information related to the product's size, style or colour." Check out the full story at http://www.silicon.com/software/security/0,390246
There are things we know we don't know and things we don't know we don't know. - Donald Rumsfeld
Since RFID tags are passive, shouldn't it be possible to produce an RFID tag which would produce a jamming signal when activated by the external RF source?
"Can there be a Klein bottle that is an efficient and effective beer pitcher?"
is that like a fragrant simile?
I apologize for, maybe, missing the point but after looking at a few portions of the article, I am beginning to wonder why. For instance:
:O
RFID isn't a household word today, but within the next few years manufacturers hope to put it into many household products.
Why would these be needed in 'household products'? I understand they want to track merchandise, but this could be accomplished by putting an RFID sticker on the bottom of the product. That way, you take it home and tear the sticker off when you take it out of the box.
Perhaps, for clothing, just put an RFID on the main tag. I've worked for a clothing store who used the locking pin security devices found in most stores. They work wonderfully, as you have to destroy the garment to steal it and it only costs a couple of thousand to enough of those things to last a lifetime. I do not see the flaw that needs a new product, not in regards to clothing.
Both Wal-Mart and the US military have already told their hundred largest suppliers that cartons and pallets must be equipped with unique RFID tags by January 2005.
This is what I would like to see RFID used for. This will really speed things up at distribution centers, as a forklift coming off a trailer will simple have to drive through the dock doors (assuming the sensor would be there) to put an entry in the company's database saying "this pallet entered the building", meanwhile the operator keys into the computer on his forklift the actual product count.
For people who will "bite" and say something about computers on forklifts, they have been around for over a decade. I know, I fabricated a prototype mounting platform for a small, wireless computer back in 92. They had blueish LED displays, and were shaped similar to an old RS Model 100 portable, but housed in a sturdy black metal case. I made a nice adapter for Crowne forklifts that allowed the operator to swivel, tilt, and adjust it to his/her most comfortable viewing position. Too bad I didn't know anything about patents back then. They started using this design at all their distribution centers, which equates to thousands of lift trucks.
I do not miss working for Kraft foods. We had weekly 'rallies' where the managers would have a guest speaker. The most memorable one was Penske (wealthy bastard) came to tell us what a great job we were doing, then proceeded to talk about efficiency for the next 45 minutes. More often than not, everyone left with a broken sense of pride due to wealthy investors talking to us like we were children. It seemed that after every meeting, new poop would appear on the bathroom walls.
Most RFID tags do not use batteries but instead are powered by the polling transmitter. It broadcasts a pulse, a small capacitor in the tag accumulates energy from that pulse. The capacitor then discharges and powers the tag to transmit its response.
These beasties will remain functional until their chips fail.
Cut off all your RFID tags and keep them somewhere safe. On a weekly basis get together with all your friends and put all your collective tags in one bucket. Take, at random, your share and carry them with you for that coming week. Repeat process next week. This way any data gathered through these tags would be a random assortment of movements from you and your friends.
Correlate that, bitches!
There will be a market for chipset-free goods.
Most of these mechandise 'tags' only have a read range of less than 20 feet. The RFID that is used to track spouses, or outspoken members of a democracy, immobolized cars is already out - it's just not mass produced like 1mmx1mm tags will be and I think this is what is worrysome to us -- The ubiquity of tags in our 'stuff'. Lastly, there is now the human immobiliser with is far more troubling to me and should be to you as well -- diaper changes! -Andy
There are some great new product opportunities in the new RFID-enabled world.
RFID Super Scanner - Scan your surroundings and your stuff for RFID tags. Pinpoints the location exactly.
RFID Mega Zapper - A high energy directed radio energy impulse designed to fry the electronics in your RFID tags. Great fun for vandals in stores! Smack your enemy's wallet!
RFID Spoofer - A programmable device that returns the RFID code of your choice. Great for making a copy of you luxury car key! Or your neighbours. Have fun in stores after Zapping (TM) a RFID tag and replacing it with a Spoof(TM)!
RFID Data Miner - Build your own database of RFID tasks. Now you can do your own surveillance and track people. Also good in parking lots when you want to know what RFID code to feed into your spoofer for easy access to that nice car.
RFID Jammer - A fun little DOS device that emits radio frequences to blind RFID readers.
RFID Database Feeder - This device emits thousands of new random RFID codes every second. Great for filling the databases of those eager RFID code collectors.
I think most of these tools can be built easily and are not science fiction. If they can be built, they will.
Seriously, do you think RFID techniques makes the society more or less vulnerable for attacks?
)9TSS
Hey... where'd I leave my TV remote? Just scan the house for it.
Sure, maybe you can zap your cloths, or scan them and remove hidden tags, but what about other tags they are going to force you to carry? Store scanners can scan your car keys, credit cards, gas speedpass, security card for your office and then start linking all of this information together to track you. If corporations and the government get their way, RFID tags will be in many things we can't do without (maybe even driver's licences or national ID cards?). Add to that scanners at key locations and the last bits of our privacy are gone.
This is +5 Insightful? "Hm, a two-minute search on Google shows that this issue is controversial."
The 'myths' of RFID - from an industry group, but might be worth a read - even the people selling these things are only claiming ranges of 10-50cm.
I talked to one of the runners last year about it and we were laughing over the story. we also have a lot of ham radio operators in the city who broadcast results as they're anounced; i'm wondering what's next with RFID. Will hardcore athletes just have permanent chips in their bodies? Or will they be embedded in the sneakers?
"I'd say 'Have a good time,' but arson is still illegal.
So what youre really saying is you are afraid they will track you stopping in front of the tampax display? Or is it the preperation H? Regardless as much as I hate things like 'Club cards' etc they are something marketing types are slowly craming down our throats. If you dont like RFID's and Groc stores do, prepare to pay a premium for products that arent tagged.
On the flip side of things, think about the good they can do. The average moronic criminal wouldnt have a clue about removing one of these bad boys, now imagine that one passed by a rfid reader right before they kidnapped someone. Hmm might be a good thing to be able to track or locate them.
And how about those long lines at checkout? If every product had a RFID who would need a checker. Place each item one at a time on a belt. The RFID passes by a reader and get scanned (the equiv of a checker scanning your barcode for you). Then it gets bagged. Simple, neat, and probably as fast as you can load the belt and bag the groc.
I dont like getting finger printed to drive either but in most places its now manditory. Your privacy is an illusion, lets move forward.
Sick of stupidity? http://www.patentlystupid.com
RFID will go into mainstrean acceptance when it is used to find a missing child. Then we'll find a wave of "Let No Child Be Un-Lojacked".
Parents will have the ability to track their teens, and when kids find a technology that will subdue the signal, that technology will be derided as The Greatest Evil Threatening Our Children{tm}, surpassing Cough Medicine.
Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
Some are quick to say that the US Constitution guarantees no right to privacy.
But IMHO, the US Constitution embodies the 1793 State-of-the-Art of distrust of Government and other concentrations of power. That's the whole reason that there are three branches with checks and balances - mistrust of the institution of government. No matter how trustworthy those in power may be today, there's no guarantee that the next batch will be so. Checks and balances were put in place to provide trust - through mistrust.
Had the Founding Fathers been able to foresee the capabilities of electronic surveillance, they would have codified Privacy into the Bill of Rights. Instead, they did what they could, focusing on late-18th century concerns.
Had the Founding Fathers known of the potential concentrations of power known as multinational corporations, they would have codified some sort of separation of Business and State. Instead, they focused on what they knew, separation of Church and State.
The living have better things to do than to continue hating the dead.
The mistake most people make is assuming that we live in an ideal world, where everyone is good and corret. And surely only the checkout doors will read your credit card number. And surely only the government agencies (e.g., the police) will track you by RFID.
But it's ok, since you "don't have anything to hide" and don't intend to leave the shop without paying, either. Right? Wrong.
It's a nicely rose-coloured world, but Real Life isn't that simple. If everyone was that correct, we wouldn't have credit card fraud, identity theft, stalkers, etc. Heck, then we wouldn't even need a police at all.
The problem with these RFID tags is that _anyone_ can read them with a relatively cheap gizmo (and even cheaper once it starts to get mass-produced.) And by making the gizmo only slightly less cheap, it can replay them too, effectively impersonating an RFID tag.
So what can (and _will_) happen in practice? Here's a few examples:
1. As I've said, not only the supermarket can read your credit card data through 5 layers of clothes. Anyone can, and anyone can impersonate it. Identity theft, here we come. Anyone can just walk through the exact same supermarket doors with a big plasma TV, and have it billed to _your_ credit card. They didn't even have to sign anywhere. Doesn't it make you feel special?
2. Don't assume that only the police can (or wants to) track you via RFID. I'd bet that it'll more likely be a stalker's or mugger's dream come true.
3. Speaking of muggers and thieves, it's not only your credit card that can be read by more than the supermarket. Those products you bought can be identified by anyone too. It's not that hard to imagine someone hanging around the exit door, waiting for someone to exit with a small and expensive item, just begging to be stolen. Not only they'll know that you've bought that expensive gold watch, they'll even know in which bag or pocket it is. And they can follow you by the signal all day long, until oportunity presents itself.
4. Or if someone wants to rob your house? Heck, now they can know everything that's inside even before entering through the door. _And_ if _you_ are inside at the time.
5. Since anyone can get that data, even if they don't actually go on to rob you, he/she already has access to a _ton_ of information about you. From how much money do you have in your account, to the exact brand of underwear you're wearing, to god knows what else. Without even you knowing who or when gets that data.
And so on. That was a quick exercise.
That's the real problem: they're indiscriminate. While the government might not even care that you exist (and I'll bet that 99.99% of the people are in this category), the friendly thief next door might. And they can get the exact same data, without you even knowing it.
A polar bear is a cartesian bear after a coordinate transform.
Since RFID work by having a burst of energy at it and then reporting its number you could carry a couple of common item RFIDs in your purse/wallet and for all purposes be untrackable since anyone who tracked you would be flooded with signals back. Also I guess you will start to see a simple device that reports a powerfull random signle everything it get scanned.
Aaaah, but let's imagine RFID technology had been fully in place several years back.
"Well, Mr/Ms mwood, from data obtained from the RFID devices on your whitie tighties and those of Mohammed Atta, we see that on a regular basis you walked within talking range of him for a six month interval prior to the attacks. We'd like to talk to you about your potential conversations."
Never mind that your normal schedule and route to home/work/school just happened to bring you within range of his normal route to home/work/school/terrorist meetings. With all of this new data available, all sorts of new correlations can be drawn and investigated. With a whole raft of new data being mined, it will take intelligence agencies some time to sort out simple coincidence, especially when they're desperate for leads.
The living have better things to do than to continue hating the dead.
*eom*
I think the bigger question is why Simson and Garfinkle are wasting their time on RFID issues when they should be planning the comeback tour... I love their stuff... Cecilia, you're breakin' my heart...
It Is the Nature of Information to Transgress Artificial Boundaries
Do you think you are THAT important to the ruling class, worker unit?
I don't like big words..., does that make me anti-semantic?
I understand the privacy difficulties, but active RFIDs in the home could be great. Just think every thime you throw something away, the RFID on your trash can could note it and help you make your grocery list. But, then again maybe we need RFID readers as we exit our front doors to make sure we are not leaving a trail. Kind of an odd though
It seems like a paranoid fellow can't even buy alumunum foil anymore without being monitored.
Now what'll I use to line my Official Area 51 Ball Cap?
"A microprocessor... is a terrible thing to waste." --
GeneralEmergency
Nudity
How'sa 'bout a jammer you turn one while pushing a cart full of goods out through one of the RFID checkout systems?
It will happen. It will.
"A microprocessor... is a terrible thing to waste." --
GeneralEmergency
As well as RFID jamming technology being in development, the makers of the tags themselves want to find a decent compromise, such as a kill command.
OMG - even better off topic joke than my off topic joke... a vicious circle!
Clothes make the man. Naked people have little or no influence in society - M. Twain
Automatic 'In' Door Scan Results:
Customer #4323423432 Scan Results:
Product: Jams, Size Medium: M, Style: 11, Color: Blue, Purchased at Target
Product: OP Sunglasses, Style: 13, Color: Blue, Purchased at Target
Alert!: Customer Has No Shirt On!
Alert!: Customer Has No Shoes On!
Security Dispatched
Computed Customer Loyalty Discount: -10%
'Out' Door Scan Results:
Customer #4323423432 Scan Results:
Product: Jams, Size Medium: M, Style: 11, Color: Blue, SN:1232mdsfskd2, Purchased at Target
Product: OP Sunglasses, Style: 13, Color: Blue, Purchased at Target
Product: Mens Medium T-Shirt Style 1404A, Purchased at Walmart
Product: Mens Burkenstocks Size 10 Style 14A, Purchased at Walmart
Shipping Time: 1h 14m. Last visit (By Jams SN) Oct 11, 2003. Approximate customer weight 140lbs. Customer Type: 'Surfer Dude'
Customized 'sufer dude' email and circulars flagged for next mailing cycle.
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
Another trend to note is the use of RFID tags in public library items and in embedded in your library card. This allows for a very simple self-checkout and makes it quite simple to check items back into the library. Budgets are extremely tight for most libraries and this is viewed as an important way to reduce labor costs. A person would only have these tags for the short time that they have the item checked out, so its quite different than a tag that stays with you. Still there are privacy concerns as I see it. For instance, a hidden scanner just outside the door of the library could watch for particular items of interest and capture the card number of the person at the same time, all without the library's knowledge. Is this enough of a risk to be concerned with? I am still on the fence on this one.
We win together or suffer without.
All I thought of was Fat Bastard with the huge RFID implanted in his arse.
If Slashdot were chemistry it would look like this:Cadaverine
As a third-party public warehouse, my company is constantly looking at technologies to streamline the process of receiving, storing, and shipping material for our customers. Currently we receive inventory to our docks in two ways: 1. Material is received at the dock and put away in location by warehousemen. They record exactly what came in on a form and turn it in to the office staff who enter the information into the database. This relies on the warehouseman to count the material correctly, fill out the form correctly, then for the office staff to enter the data correctly. The system works, but there are many opportunities for data entry errors. One misread, miscount, mis-type and the data is bad. 2. Material arrives at the dock and barcodes are scanned. The data is uploaded to the system without any human interaction besides the original scan and a later check against the Bill of Lading that came with the load. Much better than the first method, but it comes with its own issues. For one, if the material is put into location, stacked high off the ground, reading barcodes for inventory purposes can be problematic. Also, it relies on a good quality barcode. A lot of our material arrives after long truck/train rides with the material rubbing and jostling against its neighbor resulting in many unreadable barcodes. RFID is the next logical step for us. For the material to cross from the truck/train to our dock and be read by an RFID reader without the warehouseman having to aim a laser at a possibly unreadable barcode would be nice. The customer would also be able to follow that particular RFID all the way from manufacturing through the distribution process. I understand privacy concerns, but in regard to the logistics industry I see RFID as a positive thing.
If it comes down to it, people can take to carrying their RFID-ware in shielded containers, only to un-shield them when necessary. Perhaps readers for these necessities will be in shielded enclosures themselves so that nobody can eavesdrop. I for one wouldn't dare leave an RFID-enabled credit card or ID card unshielded since eventually replication of RFID tags will certainly become standard practice for the shadier folks among us.
I can't decide which is funnier... the fact that this was the first thing I thought of when I saw the article summary, or the notion that we've got 8 messages posted in a follow-up thread.
LOL...
Tim
Interesting use cases you bring up. Personally I see great options for developing useful software that can streamline business processes. Grocery stores, for example, do a bit of research on what items should be strategically placed near each other. This technology could be helpful to determine that n number of customers pick up product x and then walk two aisles to pick up product y. Placing them adjacent to each other might product more sales.
I'm just speculating, but we all pretty much expect RFID to come anyhow, so we might as well put on our thinking caps and try to build software for it. While we are at it, we might be able to nudge the policies in favor of respecting individual privacy, but I doubt if anything can be done to ban RFID outright.
-- Solaris Central - http://w
Okay, when it's in the store, which the company owns, I can only say so much about it.
Moronic criminals? Not as much as you would think. They figured out very quickly that a shopping bag lined with duct tape would foil at least the early RFID readers. Car thieves in my area can break in & steal a car in a tenth the time a skilled mechanic can. Hell, they'll be the *ONLY* ones getting around this.
Long lines at checkout: Okay, throw away some more jobs. While we're at it, I see a pricing discrepancy at least every other time I'm at a grocery store...if you're just shoving a cart through the door, it's pretty hard to tell that you accidentally paid $22.47 for the Black cherry kool-aid (one of 39 packs in your cart).
Privacy is somewhat of an illusion, but that doesn't mean it's not worth TRYING to hang on to little bits here & there.
And think about just how far this can go. Eventually, there could be embedded RFID in every food we eat. As you're driving along, a roadside detector finds that the Big Mac & large fries have moved from the stomach to the small intestine, and changes a billboard ahead of you to advertise Wendy's, while activating a 1/4 watt FM transmitter to transmit ONLY to your car 'Getting hungry, Jim Farnagle? Wendy's is just half a mile ahead on the left! Make it in the next five minutes, get a free apple pie!
The issue is WHERE the line should be drawn. RFID is here to stay, and has some excellent uses. Pallets & tracking inventory - great use of 'em. But once I've purchased a product, the company that made the item, the company that distributed the item, the company that retailed the item, all of their 'business partners', and anyone else can (should) bugger off & mind their own business...go buy a congressman or something.
For most RFID tags all you need to do is place a thumb or finger on its antenna to change the attenuation enough so it cannot reflect the RF signal being thrown at it.
RFID scanner picks up the condom in his wallet
60inch Plasma Monitor: Greetings Mr. Smith, it's been 60 months since you last purchased that box of Troy Extra Super Ribbed, the one in your pocket has expired, would you like to purchase some more?
If you liked that item, you may find these appealing: Super Personal Lube 3000, Peanut Butter & Chicken Flavored body oil, Hustler Magazine, MIT:Technology Review, Kraft Macaroni & Cheese.
of course the only reason you came to the store in the firstplace, was to bring your grandma to get some fix-o-dent (of course she is seeing and hearing all of this as well, along with your local spiritual advisor, your wife(who never knew about the condoms), and who knows whom else.
Put your new shirt in the microwave.
Good point... pretty long thread for a silly joke...
---- It puts the lotion on its skin or else it gets the hose again. It does this whenever it's told.
Much like taking my picture in a public place and using it to market a product, taking my infometrics and using them to market a product should not be possible without my consent. That information has inherent value, and it *doesn't belong to them* regardless of any effort expended to gather it. Taking something of value that you don't own, is theft.
If you want to use my infometrics for business purposes, you negotiate a transaction for it - you don't just take it.
Want to bet? You bought cologne at the store. Hitler wore cologne. So, you're a Nazi.
Wow, this jumping to wild conclusions thing is fun. Now I know what all the trolls are raving about!
And in case you don't get it, it's a joke.
'Standards' in computing only impress those who are impressed by things like 'standards'.
But from what I have read (mostly in the comments on this story.) A homespun RFID scanner does not sound that difficult to make.
IANAL either but one questions is will it be a crime to war scan RFID's. Kind of like harassment or the stalking laws.
I am actually less concerned with the goverment tracking me than I am about being tracked be private groups and corporations. Or worse broadcasting my credit card info to any stranger that I pass on the street.
JACEM
DOC Disinformation Obfuscation and Confusion
The carrot to FUD's stick
It's scary how much misinformation and FUD is spread around concerning RFID. The company I work for deals in it among other things. Reading tags isn't that easy, proximity is important. You can't just walk around with a scanner and scan the tags at even 20 feet or so without major difficulties. Too many tags in one area and they don't work right either as multiple signals screw things up. People seem to hear about the concept and they remember articles like this from people who really don't understand the limits of the technology. I like my privacy as much as the next person, but with it's limitations I see RFID far less of a threat than just about anything else. As mentioned in another post, it's how the equipment is used that's a problem, not it's existance.
As a sidenote, nearly every system I've seen intended for sales related uses kills the tags at the register when the item is sold by design. It's intended to help with inventory and keep theft down. If you stop and think, stores don't want to piss off consumers, and nothing pisses people off more than invading privacy.
True, it's your stuff I want to track.
I want to be able to to walk up to your house, outside your living room, and scan for products inside. If there are enough high-ticket items, I will plan to steal them from you.
It takes the guesswork right out! Thank you, RFID industry.
OK, did anyone else read this as "Simon and Garfunkel"?
"simson garfinkel"... simon and garfunkel?
"gene spafford"... gene splicing -- afford?
and may the "schwartz" be with you!
thank you, thank you, I'll be logged in all week.
The way it *should be*?
Oh yes, a police state is fine, as long as they work for it! Darn kids now days get off without doin' any work. In my day, we had to hoof it to follow them terrorists around, and we liked it! And so did the terrorists!
- The Amazina Llama
For trying to ridicule the public!!
RFIDS are passive devices. A jammer is an active device and likely to be easily detectable. You'll never make it out the door.
They disconnect their antenna if they sense a surge to protect their circuitry.
While there might be a degree of truth to your statement, the fact is that any RFID device small enough to go undetected could not adequately insulate its antenna against a sufficiently large magnetic pulse. (An EMP from a thermonuclear blast could induce 1000 volts into a 1 mm long antenna. If a mechanical shock can produce such intense magnetic fields, how hard could it be to build an electromagnet which did the same for a very small location?)
Such a pulse could be easily created with an unshielded automotive ignition coil. Carrying a car battery and ignition coil is beyond the practical means of most shoplifters, but it is a rather trivial thing for a geek to build in his garage. So yes, they are protected against Billy Bob junior's science experiment, but not against a determined libertarian.
An RFID can easily be detected by something which detects changes in inductance, such as a metal detector. Once the general location is found, the aforementioned electromagnetic coil can be used to disable it. And even should the magnetic field fail to induce enough voltage into the antenna, the 80kV to 100kV from the coil would certainly do it.
The society for a thought-free internet welcomes you.
I think it was Hegel that wrote: "The only thing that man learns through reading history is that man learns nothing from reading history."
So they'll know when and where I go to the bathroom? Will they know when I leave my house to go to the grocery store or walk to the mailbox also? Oh my god! Say it isn't so! I feel sorry for the one chosen to watch my life, they'll get bored quickly.
For lying to the public!!
Given what a microwave does to a light bulb, I'd expect it would be pretty useful in destroying electronics. Note that a burnt-out lightbulb will still glow in a microwave, and for this reason I doubt that simply disconnecting the antenna from the RFID circuit will have any effect since the whole circuit will be getting irradiated. Also, don't forget to have the clothes in a pyrex pan full of water or something- unless you want there to be a burnt hole in the garment where the RFID tag was.
pi = 3.141592653589793helpimtrappedinauniversefactory7
RFID is such a potentially dangerous technology because RFID chips can be embedded into products and clothing and covertly read without our knowledge.
When you have an RFID scanner yourself, you always know exactly where the tags are, and what they say (until they're encrypted). Privacy advocates could just make those available to the public.
I don't expect the scanner demos will get people to accept the tags - I certainly wouldn't. I expect that it will creep most people out when they put on the xray goggles, and see the world of tags exposed around them, especially if the demos do a join across some public personal DBs against the tags, then point out the multitudes of private and covert DBs available.
Being tracked is the problem, being tracked in a datascape context is the abomination, being tracked by organized groups with the power to control you is anathema to liberty. Mere ignorance of the tracking is creepy to some, while it plays into the denial of others. Blowing the lid off this invisible empire now will keep the monster under the bed longer, until we're grownup enough to truly banish it.
--
make install -not war
The problem with this article is the simple fact that they start out by talking about passive rfids and then switch to ways they can be abused that would only work on ACTIVE rfids. The big difference? One has a battery and broadcasts its number a significant range.
-- botsex is {grep;touch;strip;unzip;head;mount}
Someone tracking your location? They can't if you scatter your stuff around the world. Pauli exclusion principle in reverse.
Know your pads. One time pad: good for cryptography. Two timing pad: where to take your mistress.
That happens when the good being tracked is a person?
I would think hospitals would be drooling all over this also. They could securely identify a patient so there would be no more mixed up procedures. Inject a tag in each patient, and have the a reader in each chart holder to id the person.
Better yet, inject one in each infant immediately after birth. No more baby swapping nightmares.
Many of the Founders were worried that enumerating rights in the constitution would lead people to believe that those were the only rights they possessed. Therefore these two amendments were added.
Pity that it didn't seem to do much good in the final analysis.
Also of note, one of the leading critics of RFID, Katherine Albrecht, issued this press release today:
February 5, 2004
German RFID Scandal: Hidden devices, unkillable tags found in Metro Future Store Germans say, "Nein! We wont be your versuchskaninchen"
"We won't be your versuchskaninchen." That's the message German privacy advocates are sending to executives at the Metro Future Store in Rheinberg, Germany after discovering RFID devices hidden in the store's loyalty cards. They also found that RFID tags on products sold at the store cannot be completely deactivated after purchase, despite Metro's claims.
"Versuchskaninchen" is the German word for guinea pig, which is how German consumers feel Metro and its partners have treated them since opening the Future Store last year to test experimental RFID applications on live shoppers.
The revelations came just one day after Katherine Albrecht, founder and director of CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) toured the Future Store with a delegation of privacy experts from German advocacy group FoeBud, who sponsored her visit.
"We were shocked to find RFID tags in Metro's 'Payback' loyalty card," said Albrecht, after FoeBuD tested the cards with an RFID reader and discovered the tag. "The card application form, brochures, and signage at the store made no mention of the embedded technology and Metro executives spent several hours showing us the store without telling us about it."
"In retrospect, it's no wonder store employees appeared nervous when we asked to take a few of the cards with us," she added.
Vendors of RFID-enabled loyalty cards promote them as a way for supermarkets to identify shoppers remotely as they enter the store, using details of their identity and purchase history to pitch products to them and to track their movements and activities within the store. Prior to the Metro discovery, no major retailer had publicly admitted to using such cards.
In addition to the cards, Albrecht discovered that Metro cannot deactivate the unique identification number contained in RFID tags in products it sells. The use of unique, item-level ID numbers is one of the key privacy concerns surrounding the use of RFID tags on consumer goods.
"Customers are misled into believing that the tags can be killed at a special deactivation kiosk, but the kiosk only rewrites a portion of the tag, while leaving the unique ID number intact," she said.
Outraged German citizens are calling on Metro to put an immediate end to the trials.
"We are deeply disappointed at the Metro executives. They talked of an open dialog while hiding important facts from us," said Rena Tangens of FoeBuD. "We are calling for an immediate moratorium on further RFID testing as it is clear that Metro is not handling the technology responsibly."
Evidence of the RFID tag in Metro's "Payback" loyalty card, along with evidence of the incomplete deactivation of product tags, can be found on FoeBuD's website at http://www.foebud.org/rfid/.
I microwaved it for 9 minutes just to be safe.
Think about this, your a clothing company, you put in the RFID tags for inventory management, or because Walmart says so.
Then one day somebody says, hey I'll pay you $10K if you tell me what ID's are in what color/style jeans.
Same company sets up sensors in the mall, and presto, you know what style of clothes kids are wearing. How valuable would that realtime information be to clothing manufacturers/fashion designers? Why would clothing manufacturers want consumers to be able to remove the tags? There making 100K just selling the tagging info! If customers remove the tags, they loose the revenue stream.
Obviously this is just one example, that could be duplicated in a number of different ways. I'm just trying to point out how it could start, and very quickly evolve into a tracking system for every individual in the World (One day).
The question you HAVE to ask is, "If the British had this technology when the Americas were British colonies, would there be an America or would the British have found out and put a stop to the revolt?" If that answer is ever no, then this technology should be defeated. This country was founded on basic rights, and privacy is definately one of them.
It's easy to say "Ah, it's no big deal." It's a lot harder to get a law passed 10 years from now outlawing such a mainstream technology.
Obviously if you get scanned you'd be able to find out on what frequency... small battery or capaciter, maybe a solar panel for recharge, make it into a tie or cuff pin or some piece of jewlery, whenever it recieves that frequency.. "BAM!" wastes all its energy blasting out random serial numbers on the proper frequency and leaves the database worthless...
~~ Please keep your arms, legs, and outright stupidity inside the ride at all times. Thank You ~~
In any case, to activate one of these tags, it has to be able to receive sufficient power to activate itself, meaning that the reader must be very close, or be using seriously illegal and hazardous RF power. Remember that an RF-powered device must receive at least one diode forward voltage drop, to be able to rectify its power, say 0.3V for a schottky diode, plus at least one base-emitter drop (0.7V) or MOSFET gate threshold voltage (probably more) before it can do anything anyway. The transmitter in the reader likely as not generates only an H-field, which will probably fall off with an inverse 4th power law. All of this works very much in your favour. Distance is the key thing. You will not be tracked in the middle of an open space, for example (they will use your cellphone instead, that can be tracked quite accurately any time it is visible to 3 base stations.)
Now that the writers from The Nation can't carp about the superiority of communist governments (due to the somewhat dramatic collapse of the USSR and subsequent run-to-capitalism by the eastern bloc), they needed something else to fear-monger about.
Apparently they've moved on to privacy and identity concerns.
Let's get things straight: nobody really cares about what you buy except for marketers. And right now marketers don't even understand the POS data from your club card, much less the random crud that'll come off of RFID.
Anyone writing about RFID and privacy is so far ahead of the technology that they're basically sci-fi writers who are pitching totally hypothetical, worst-case scenarios.
If the government wants to track you, they can already do it with those big-ass confinement anklets...or some other, smaller devices. Eveyone else can, too, including your cell phone provider.
Take a chill pill, and relax. At least in the US, you're safe. Wal-mart doesn't care if you're a man wearing womens' underwear - until it wants to offer you a discount on them.
I have a question: how long before this system becomes unwieldy. If we're going to track every product sold worldwide, how big will the string have to be? Furthermore, at what point will a database of said string's become unwieldy, and at what point will it become worthless to maintain all that data?
The retail RFID plans I've seen don't have a unique serial number for every item. They have a unique serial number for every type of item, kind of like a barcode. Granted, that may pose some minor privacy issues of its own. But those problems are minor, and no worse than paying with a credit card.
More to the point, RFIDs have the potential to save businesses billions -- kind of like barcodes did. And, like with barcodes, those savings will most probably be passed to the consumer.
Statistically speaking, there's a 99.998% chance that my IQ is higher than yours. Get over it.
The degree of tracking which privacy advocates envision is simply impossible from a technical standpoint. Even if Moore's law holds, computers will never catch up with the data growth.
Consider the case in which every person in the US is assigned a 16 byte (128 bit) key, and every RFID pass (128bit) is registered with a central server:
285,000,000 * 365 * 32 (record size) = 3,328,800,000,000
Or about 3.3 TB per year, assuming that a person visits on average 7 "tracking points" per week. To locate a given entry using a binary search would, on average, require 37 accesses. Such a tracking program would more than likely put entries into a database, which would be an utter waste of time.
The brute-force algorithm for finding pattern matches is (O) = (N*M), where N and M are the lengths of the pattern and the search field, respectively. Because the notion of profiling is to identify criminals, we would first have to establish a link between a pattern and criminality. With 285 million people tracked, there would be 104 billion activity records gathered per year. There are (N * (N/2)) possible patterns in an array of length N, thus, there would be 5.41 pentillion patterns in the aforementioned database. To locate all* of these, we would have to do the same 5.41 pentillion comparisons, and take up an additional 5.41 pentillion * 32 = 173.2 pentabytes of memory.
Furthermore, the fastest mainframes can only access about 100 records per second. At this rate, 85 billion records per year can be accessed. Thus, to profile every American would require 6.4 million years.
It just isn't feasible.
* - Yes, I realize that there are pattern matching algorithms which can find matches faster (against a known pattern), but the fundamental problem with profiling remains that law enforcement doesn't know for what they are looking. Thus, every pattern must be generated and correlated. But even given that they know what they are looking for, the sheer volume of data would render the system useless. To locate a non-trivial pattern of say 10 sequential significant events would require a lookup of at least ((365 logged events/person/year / 10 events = 36.5) * 285 million) = 10.4 billion record lookups. At .37s per lookup, that would take 3.848 billion seconds, or about 122 years in the theoretically best case!
The society for a thought-free internet welcomes you.
I love that song he does, 'Bridge Over Troubled Waters'.
You forgot the RFID ROMANCER ! No more getting to know what the likes and dislikes of the woman you are dating when you can catalog them!
I, for one, am hoping for early acceptance by all manufacturers, especially Victoria's Secret.
These are pretty low-watt transmitters since they have such a short range. It shouldn't be too tough to build a little box that jams the signals -- it probably wouldn't even violate *current* FCC rules since you could use very little power.
For a scant few bucks an hour, I will take your RFID tags out for a walk about the town. Spend a few more dollars, your RFID tags get to go to the opera, making you appear a very sophisticated gent. But skimp on the tip, and your tags spend a half hour in an alley known for prostitution and drugs.
This month's special - your RFID tags get a tour of the White House! And maybe even a chance to meet the president's RFID tags. Register soon as there are only a few openings available each year.
"And once every product in the store is equipped with an RFID tag, stores might even be able to have an automated checkout: Shoppers could just push their carts through a doorway and have all the items in the cart automatically totaled and charged to the RFID-enabled credit card in their pocket."
And what about all the cashiers who will then be out of work? Businesses save billions, but they lose billions because of all the people who are then unemployed and not putting money into them.
For every Wal-Mart, at least 10 people would lose their jobs.
And as the number of available jobs goes down, so do wages, because it is easier to fill positions with desperate people, and fewer people making money means less profit.
with a little dose of reality... You lend a pair of shoes to your friend, give a pair to charity, throw a pair out which a bum nicks from the trash. There is now 4 profiles of you walking around. Most marketers realise this and see it is useless. The arguments about home scanning are ridiculous - there are limits imposed by the laws of physics (not current technology) that mean the read range of a scanner with even remotely realistic emission levels can only read around 10-30 feet. (besides the fact that most homes have foil based insulation completely stuffing the signal) There is also the expectation here that stores are sharing what their RFID numbers are - this is not a barcode with a universally recognised number, it is unique (which is what is causing you the concerns remember?). Expecting Walmart, Sears etc to all get together in harmony and share their competitive advantages - Americans are so contrary ;-)
--*--*-- The Eagle sneers at the Peacock
...when, within five years, all state's driver's licenses and ID cards will have an RFID embedded in them (else they lose Federal Highway funds, etc., etc.) Think about it; the police will scan you without leaving their vehicle, reducing the threat to them by a large margin or at least helping to identify the level of threat. ID doesn't match the vehicle? Suspect car theft. Driver, but no RFID? Driving without a license (or worse). The safety it will bring the officers will trump individual rights to privacy. Now, once all DL's and ID's have RFID's, there will be positive tracking of every individual, by name in our "free" nation. Oh, don't forget the new plan to give all to-be-legal immigrants "special" ID cards also. Don't want to leave anyone out, you know...
http://www.aimglobal.org/technologies/rfid/resourc es/articles/jan04/0401-roispy.htm
And please take special note of the scanning of RFIDs on drivers licenses while you are still in your car....
--*--*-- The Eagle sneers at the Peacock
In the U.S. it is against the law to own/operate a device whose sole purpose is to interfere with communication across the radio spectrum. The obvious exceptions are the military and other govt. agencies. I think that the "jammer" would violate the law. However, if the jammer wasn't really a "jammer" but a device that would generate a localised EMP pulse, you could permanently disable the tag. That oddly wouldn't land you in jail, as they would have to prove that the tag wasn't "broken" and that you did it.
To know is to have knowledge....to understand is to be enlightened.
The solution could be quite simple. Create a business that will subject your clothing to an EMP pulse. Perhaps that would "kill" your tags without destroying your garments. This would be more of a problem with your electronic devices (Palm, etc...) and with credit cards that use the RFID to enact payment.
To know is to have knowledge....to understand is to be enlightened.
'Getting hungry, Jim Farnagle? Wendy's is just half a mile ahead on the left! Make it in the next five minutes, get a free apple pie!
Then when trying to get there in the next 5 minutes, you get a speeding ticket because the highway RFID reader found out you got there too quickly.
Just because it CAN be done, doesn't mean it should!
If you make purchases with your credit card, then the credit card companies have detailed spending records for you. They obviously sell that information to third parties. Same sort of event happens when you purchase a home. You receive "great offers" from mortgage companies who want you to refinance with them. There is already a large potential for tracking persons by their commerce in existence. With the creation of the software toolsets that allow for high quality data mining across the internet (MetaCarta), we may experience a similar loss of privacy without RFID tags.
To know is to have knowledge....to understand is to be enlightened.
Ooh, good one - mod that up, best argument I've heard yet!
Yeah, that RFID tag on your car keys to deter theft will be really cool, right up until the time someone builds an RFID jammer and leaves it sitting in a mall parking lot.
Consumers of high end automobiles will get really shaken up then. Then we will have legislation against something for sure... RFID jammers.
This has been discussed before. Not only is it not guaranteed to work, if it does work, it's a very good way to start a fire (hint: "fry").
--Mike
I hereby place the above post in the public domain.
As a previous poster noted the range for RFID tags is generally under 15" however range is limited only by the inverse square law.
f you can generate a RF field with sufficient energy to activate the RFID tag you can read it from almost any distance.
Example a small boat radar which costs less than 1500 US generates an X band pulse of 3.5 KW and the emitter is 8" in diameter by 3" high.
So with this in mind I do not buy the argument that one needs physical proximity to read RFID tags.
Technology is neutral it is the use of technology which determines whether an application is for good or evil. However the framers of the constitution realized that there is always a minority who lust for power and control and will use any means to achieve those goals hence the balance of power.
How about a device that will detect a RFID scanner and broadcast a stream of random ids allowing you "hide in the crowd"? Or possibly an RFID jammer that just prevents the RFID from activating in the first place?
I don't see why people woory about this, I no longer do.
Why? simple there is tech available that can passively scan you and once they figure out how to identify you via this passive scanning they wont need to "chip" you or whatever.
RFID is going to happen, I feel we here in America are powerless to stop it and even if we do how long till passive tech takes over and *they* get what they want, the ability to see where people are.
If you disagree with me then I would suggest this, figure out a way to disable the RFID and quit worrying about it affecting your privacy.
One other thing to consider is that a RFID tag by its self does not identify you, you would need to make a purchase using something like a credit card that tells them who you are so that the RFID number or signal can be matched with that, since cash is on the way out how about generic credit cards with no personal info.
"If any question why we died, Tell them because our fathers lied."
It's sad, how the language skills of young people has degenerated recently. I'd be ashamed were I unable or, worse, unwilling to know and apply the difference between 'your' and 'you're'. I see the same sort of thing happening with 'their', 'there', and 'they're'. Also truly simple things like 'to' and 'too', or 'use' and 'used'. I hope when you and the rest who don't care about good writing skills complete a job application, you at least try to do it right. I'm responsible for hiring a lot of people where I work, and those resumes displaying such pathetic English skills get trashed. Listen.... it's NOT 'cool;, or 'kewl', or 'k00l', however you want to put it, to write like you're (not 'your') ignorant. Schools aren't at all what they used to be, but I'm unwilling to believe the quality of American ENglish education is so bad that those who write so poorly actually believe they're doing it right. I'm not picking a fight, sincerely, but sometimes you have to piss someone off before they start thinking, so whatever works. The bottom line is, here, in THIS medium, where the words you use and how you present them are your sole avatar, you owe it to yourself to write well. You'll earn a great deal more respect from those whose respect matters, and the 'k3w1 d00dz' will still be able to read it too.
i've made the comment before, the ubiquitiousness of the surveilence with prohibit the individual from exempting themselves from monitoring, thus the only VIABLE option will be to overload the system with junk data. Like getting a new discount card profile every time you use it. If they can't link them all together you've compromised the system. If you have a random rfid tag generator and use it all the time, the system would become to expensive and constrictive to maintain.
errr....umm...*whooosh* *whoosh* Is this thing on ?
What was that? Something about revelations? Damn, time to start getting religious... Oh yeah, and RFID tags are already the size of a grain of rice...and getting smaller all the time. Once they're pervasive, who'll bother with destroying all of them?
Good call. As I'm in another timezone (or timewarp) you bet me to it. :-)
Look, they aren't tracking YOU - they're tracking your underpants.
Underpants have no Constitutional protection.
What about one of these bad boys for the well heeled paranoid?
Would 600Watts at 13.56MHz do the job?
Why do I have this? I don't smoke.
Simson Garfinkel?
;-P
Love their music!
( someone had to say it )
I have seen many of these "fear-mongering" articles now on Slashdot as well as other sites. Most oversimplify the matter without really considering the technical difficulties that make such tracking scenarios fairly impossible.
:)
During my internship the last 6 months, I was developing precisely such item-tracking software and RFID tags.
Firstly, the range on these tag readers is so low (~ 5-10 m) that tracking anyone or anything in the world outside the store/warehouse is not a trivial task. Neither are they very accurate in their sensing capabilities. This would require millions of these readers all interconnected and interfacing with the same database.
Secondly, in order for these stores to think of tracking customers (when they are in the store) based on the items they purchase, those items would have to be bought from the same store chain right? Obviously, Walmart does not have access to Sears' database!
Thirdly, and I think someone raised this point before, that current systems and pilots track on the pallet and case level. Item-level tagging raises the challenges of managing the huge amounts of data and network traffic. These concerns are so real and serious that many are raising doubts about the potential use of RFID tags in retail stores. Most of these tags do not work at all if they are in contact with some metal, as is the case in some shoes.
RFID tags have good application in warehouse scenarios, where the privacy concerns aren't that great.
I agree that RFID technology has some privacy issues, but most people seem content to object based on some imagined fears or paranoia. Look at the hard technical facts before bringing on the tin-foil hats
I, for one, welcome our new RFID tracking overloads.
I think this companion article is more thorough.
Here's a link to an article in the Harvard Law Review from 1890 that discusses the right to privacy.
and now the Algonquin? I'm a big Robert Benchley fan. I could imagine him doing an excellent short on RFID.
Now that is a really big call. Maybe true if the database is one from the store that sold the merchandise but if I'm standing in front of the store that I've never been in why would they be able to interrogate a remote database to ask who I am. For a start how will that help them and secondly why the hell would the store I did buy the stuff from let a competitor know my name let alone my buying habits.
for all you who dont want to be tracked, grab an rfid scanner (shouldnt be too hard to get one, or even build a detector that will ping rfid tags and beep if youre close, kinda like a metal detector only not) and once youve found the tag, fry it physically with a couple , or even tens of kilovolts if you so feel the need. this voltage will kill it (unless they have some crazy new way of fabricating these things) and should go thru any plastic tag the circutry is contained in. where would you get a couple kvolts? try building oneof those small jacob's ladders kits that runs off a twelve volt power supply. they produce ~10-15 kvolts at a very low ampage. frys a chip, but it *shouldnt* leave sorch marks or start a fire. i stress *shouldn't*. these kits are cheap and easy to build or can be built from scrach and use standard components, though you will need to get an automotive ignition coil (12v) or similar, depeding on the kit. be carful with these voltages though. i highly reccomend that you know what you are doing!
and if you dont care about rfid, dont bother!
(ps, jacobs ladders are fun to build just so you can have your own small display of high-voltage goodness!)
/me cries coz his is the only reply to this that got modded down :o( /me thinks fuck it and rolls a joint
bah!*@%!
a minature home-model GoldenEye?
:)
(Please refer to Bond movie of the same name)
.
(David Bowman, EVA near HUGE Monolithic Win-PC in orbit around Jupiter) "My God - its full of Malware!"
OK, If you're going to be so picky, you're going to have to be completely accurate in the way you write.
...
...
It's sad, how the language skills of young people has degenerated recently.
No need for a comma in that sentence.
I'd be ashamed were I unable or, worse, unwilling to know
I'd be ashamed were I unable, or worse, unwilling to know
Listen.... it's NOT 'cool;, or 'kewl', or 'k00l', however you want to put it, to write like you're (not 'your') ignorant.
Listen, it's not 'cool', 'kewl' or 'k00l', or however you want to put it, to write like you're (not 'your') ignorant.
It's also not cool to capitalise words unnecessarily write entirely CAPITIALISED words.
However, it is cool to write words in the British English way, as per capitalised above.
Greetings,
Regarding Mr. Garfinkel's "The Trouble with RFID's"
While I agree with his concern over the use of these tags for purposes beyond their initial design, I would suggest that if we don't trust the "system" to use them properly or control the databases into which they are registered, we are unlikely to trust it to kill or properly use these devices no matter what standards or legislation are put in place to prevent such abuse. I suspect that the answer will lie in the marketplace creating "chip killers" that we will sweep over our possessions ourselves, thus providing a "sure kill" to those so inclined.
Heh, exactly! Where did I leave my keys? My glasses, brain or condoms? It's all tagged, man. :)
I wonder if getting an RFID tag scanner is impossible for consumers...
Working toward a usable PDA environment in the spirit of Newton OS: Dynapad
So the F in RFID stands for "Flair."
Speaking of which, it would probably be more effective to embed the collected RFIDs into buttons. Then you can just trade buttons (and put them on a vest, if it so suits your sense of style, or lack thereof) and be a slightly different group of 246 different people.
Also, how many RFIDs would you have to have to make scanning ineffective due to the individual tags stepping on each other's signal?
Simple Machines in Higher Dimensions
Instead, they are actively trying to destroy the notion of marriage as a union between a man and woman. It isn't about rights anymore, its about forcing the homosexual lifestyle and viewpoint on the rest of society. The time is coming when a faithful marriage will be seen as old-fashioned, merely a formal indication that two people are sleeping together. Once sacredness has been stripped from marriage, the reason for conferring special priviledges and legal rights to spouses will likewise cease. This has nothing to do with being treated as human and everything to do with destroying marriage as a social institution.
Again, I'd have to take you to task for this. While a married couple may choose not to have children, the potential always exists. Homosexual unions, OTOH, explicitly deny the possibility of children being raised by both biological parent. Study after study has shown that children without both natural parents in the home are much more likely to become criminals. As the State is responsible for protecting the public at large, they have a vested interest in preventing the formation of criminals, and is hence justified in giving married couples special privileges as opposed to gay unions.
This is what people aren't getting. Marital status is afforded to the union of a man and a woman precisely because it is a relationship unlike homosexual unions, and even heterosexual dating. Marriage contains an element of committment and selfless service which is both beneficial to society and worthy of respect. Even if a couple never bears children, the experience of learning to live with someone fundamentally different contributes to a person's character and improves society in general. While men and women may marry out of lust, such is generally the exception. Homosexual unions, OTOH, are rooted not in self-sacrifice and community service, but rather in mutual selfishness; their sole aim is to secure the object of lust for their participants. This is neither commendable nor deserving of respect.
Unfortunately, most people don't make this distinction. It is as if gays want to have the legitimacy society affords married couples without making the corresponding sacrifices married couples make. It's not a matter of unfair discrimination, but rather recognizing merit. If you can't make a lifelong commitment to a person of the opposite sex, through richer or poorer, through sickness and health, for better or worse, your union is simply not worthy of the same respect as someone who has made such a promise. No amount of redefining marriage will ever change this fact.
The society for a thought-free internet welcomes you.