Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Trouble with RFID

Posted by michael on from the preaching-to-the-choir dept.

wintermute42 writes "Simson Garfinkel, author of Practical Unix & Internet Security along with Gene Spafford and Alan Schwartz, has an article in The Nation on RFID tags. They're not just for tracking stuff. They can track you too."

18 of 424 comments (clear)

  1. RFID Zapper? by flinxmeister · · Score: 5, Interesting

    So how feasible is a "zapper" that will render RFID's useless? The idea is you come home and run your new purchases throught some sort of scanner...and poof! Normal merchandise again.

    Any EE types that are familiar with what it would take to do something like this?

    1. Re:RFID Zapper? by imkonen · · Score: 3, Interesting
      What if it's embedded in something useful/hard to remove? How many people want to rip a button off their new shirt because that's where the RFID tag is?

      What about when you buy a new car...they're already using RFID for the keyless ignition. It's just a matter of time before they install EZPass/FastLane/WhateverItsCalledInYourArea in every new car without asking you. It won't be an obvious device in the corner of your windshield like it is now, it'll be hidden somewhere it's a pain to get to. Of course, the govt. will only track your whereabouts for free. You'll still have to pay the monthly fee if you want to zip through the toll-booths without stopping.

  2. question by Anonymous Coward · · Score: 5, Interesting

    What happens if you collect about 1000 RFID devices
    and carry them around with you. Will the readers
    be able to read that when you pass by a scanner?

  3. Rules of conduct? Yeah, right... by tuxette · · Score: 2, Interesting
    But companies that are pushing RFID tags into our lives should adopt rules of conduct: There should be an absolute ban on hidden tags and covert readers. Tags should be "killed" when products are sold to consumers. And this technology should never be used to secretly unmask the identity of people who wish to remain anonymous.

    Rules of conduct like those in the previous slashdot story here?

    --
    People say I'm crazy, I got diamonds on the soles of my shoes...
  4. I welcome my RFID tag by bunyip · · Score: 5, Interesting

    I'm a triathlete and runner, we've been using RFID to track athletes for years. The main company doing this is Champion Chip. It's a small plastic device that you attach to your shoe or put on an ankle strap.

    The tracking lets them do severl things. First, they get accurate timing and immediate results. They can also track where you've been to make sure that people haven't cut parts off the course. Some people are too creative, a few years back a women hopped on the subway for part of the Boston marathon, but she went "too fast", they got suspicious and reviewed the surveillance cameras in the subway.

    The latest cool thing was in Ironman Hawaii. They had video cameras setup on the course and the chip strapped to your ankle let them know your location all day. Then, you could order a personalized DVD with video of your race. Pretty cool idea, though I didn't personally buy one.

    Some may see this as big brother, or a harbinger of things to come. Some of us, however, have been happily tracked by RFID for years - voluntarily! I wouldn't want this to be 7*24, without my permission.

    Alan.

  5. Paranoia by tttonyyy · · Score: 2, Interesting

    Why is everyone so paranoid about being tracked with RFID? I've got nothing to hide, so I couldn't give a monkies if everyone knows where I am or if a store knows my purchase patterns. Heck, most of them already have this info thanks to my loyalty cards, and I don't see anyone making a big fuss about that!

    --
    biopowered.co.uk - catalytically cracking triglycerides for home automotive use since 2008. Just say no to big oil!
  6. Re:Anyone with two feet and perhaps access to a ca by _LORAX_ · · Score: 4, Interesting

    What you fail to address is that takes a vehicle and one or two dedicated people per person being tracked. This is the way it should be.

    With RFID we are now faced with situation where a simple globally unique tag is assigned to each RFID tag and can be tracked with simple electronics. A store can track your every movement with a dozen carefully placed receivers by tracking the RFID tag embedded in the soles of your shoes.

    Malls could track walking patterns the same way, and by consolidating and minimg the data, they can probably match up anonymous tracking data with an individual by looking for things like credit card transactions.

    This is not stuff of Sci-Fi or intregue novels, stores want this kind of information and they WILL be using it. Unfortunatly with my buisness hat on I know that RFID will never go away, it just has WAY WAY too many advangtages for stores ( inventory, shrink reduction, fraud protection, ... ) gone will be the days that people could walk into a large store, take something off the selves and return it to the sevice counter ( it was a gift and I don't have a recipt ).

  7. Re:It will be scary when they put it in money... by tommck · · Score: 3, Interesting

    Those little strips they put in US bills can be detected through walls... not too far of a stretch to go the next step...

    --
    ---- It puts the lotion on its skin or else it gets the hose again. It does this whenever it's told.
  8. Privacy invasion OK as long as it's for sales? by dpbsmith · · Score: 4, Interesting

    The big question, which, it seems to me, gets deliberately fuzzed in all of these discussions, is this:

    Is it acceptable to invade your privacy as long as it is for the purpose of selling you stuff?

    Privacy advocates tend to emphasize the danger that systems put in place for the purpose of selling you stuff might later be used for purposes of political repression. This is a real concern, but a relatively remote one. It's a slippery-slope, speculative, "if this goes on" kind of argument. Yes, I know (mostly from reading Slashdot!) that there have already been instances of such usage creep.

    Let's suppose--implausible, of course, but suppose--that you could somehow guarantee that RFID tags, and all the information that companies gather on you in all sorts of ways, could be freely exchanged by companies for the purposes of selling you stuff, but could be perfectly secured against any other kind of use whatsoever.

    Would that be all right, or not?

    --

    "How to Do Nothing," kids activities, back in print!

    1. Re:Privacy invasion OK as long as it's for sales? by ferreth · · Score: 3, Interesting

      Hmm, How about when your life insurance premium is jacked up because they find out that you have been eating at various fast food vendors > 5 days a month? Same justification smoking, which is hard to hide now. You'd have to be more accountable to get the lowest rate, no less free, just that your actions would have more consequences.

      Or, is it better that everyone remain anonymous, put their dollars in the pot, and the insurance rate is based on the average actions of the individuals grouped by the limited information the insurace company is allowed to collect on you?

      --

      W9x:Thanks for the make-work project Bill.

  9. It's like anything else by Anonymous Coward · · Score: 1, Interesting

    Anything can be used for good or bad. Guns, RFID, the Force. Doesn't matter. I work for a medical technology company and we are working on a project where RFID tags embedded in wrist straps are used to track patients. This allows us to automate medication charts, vital statistics, you name it. This will eliminate a lot of errors like missed medication doses.

  10. Distance too short for effective tracking? by blorg · · Score: 3, Interesting
    As far as I recall, the *maximum* distance for passive RFID, under ideal conditions, is 1 meter. Shorter in 'ordinary' conditions. This is one of the reasons passive RFID is not likely to work for 'walk out of the shop' automatic payment, but also why it is also unlikely to be much use for person tracking.

    The 'myths' of RFID - from an industry group, but might be worth a read - even the people selling these things are only claiming ranges of 10-50cm.

  11. Re:Only a problem if you never change clothes by fireweaver · · Score: 5, Interesting

    Has anybody ever thought of making a RFID tag detector? Something that simply emits whatever RF it takes to trigger the tag and listen for a response. (It is not necessary to decode the response, only to note that it is present.)

    With such a device you could scan your things and locate and remove the tags.

    It shouldn't be too hard for the hardware hackers out there to come up with something like this.

  12. RFID tags in Library Books by Wingit · · Score: 2, Interesting

    Another trend to note is the use of RFID tags in public library items and in embedded in your library card. This allows for a very simple self-checkout and makes it quite simple to check items back into the library. Budgets are extremely tight for most libraries and this is viewed as an important way to reduce labor costs. A person would only have these tags for the short time that they have the item checked out, so its quite different than a tag that stays with you. Still there are privacy concerns as I see it. For instance, a hidden scanner just outside the door of the library could watch for particular items of interest and capture the card number of the person at the same time, all without the library's knowledge. Is this enough of a risk to be concerned with? I am still on the fence on this one.

    --
    We win together or suffer without.
  13. Re:Only a problem if you never change clothes by ichimunki · · Score: 2, Interesting

    Oh no! Then they'll know I was wearing the clothes I bought! With my credit card! In a store filled with cameras! In a metro area under heavy surveillance! Being photographed via satellite! Where anybody with working eyeballs can see me! They'll get my social security number! And my SAT scores! They are going to STEAL MY IDENTITY!!111! My girlfriend will start dating someone else! (oh wait, that already happened)... My dog won't recognize me! I'll be deported to Cuba or France because I voted for a Democrat once by accident! I will disappear! It will be like in the Matrix where I won't know what's real ever again!

    Seriously, what's the problem here? Worried that someone will be able to detect that the red lace teddy you bought at Victoria's Secret wasn't really for your girlfriend?

    No, really. Is this going to cause an undue increase in the cost of these items? Am I going to be arrested because an RFID detector figures out that I've got on brown shoes and a blue suit? How is this actually going to make my life worse?

    A liberal from the Nation cries about how RFID tags might create a problem and we show no skepticism at all? He says all these things could happen-- if this and if that and only if something else. To me he sounds more like those kooks who say that all check R/T numbers secretly begin with the numbers '666' or that credit cards are a tool of the anti-christ than he sounds like a reasonable person worrying about reasonable things.

    --
    I do not have a signature
  14. Re:Tracking? No, more like targetting! by jacem · · Score: 2, Interesting

    Have you ever been to a nudie bar. How would like to have advertising targeted to the tastes of a nudie bar patron to pop up when you are out with your wife, mother, boss?

    Have you ever bought viagra (or a med for some other embarrassing medical condition.) How would you like to be inundated with ads offering to help you with whatever during a business lunch, or at the airport?

    The thing is we all have personal and private things in our lives that we do not want to be known by the people around us. The infastructure to direct ads that way is far off if it will ever be created. I am not worried about the government I am more worried about advertisers sending personalized intrusion into my life.

    JACEM

    --
    DOC Disinformation Obfuscation and Confusion
    The carrot to FUD's stick
  15. RFID range by MadHungarian1917 · · Score: 2, Interesting

    As a previous poster noted the range for RFID tags is generally under 15" however range is limited only by the inverse square law.

    f you can generate a RF field with sufficient energy to activate the RFID tag you can read it from almost any distance.

    Example a small boat radar which costs less than 1500 US generates an X band pulse of 3.5 KW and the emitter is 8" in diameter by 3" high.

    So with this in mind I do not buy the argument that one needs physical proximity to read RFID tags.

    Technology is neutral it is the use of technology which determines whether an application is for good or evil. However the framers of the constitution realized that there is always a minority who lust for power and control and will use any means to achieve those goals hence the balance of power.

  16. Article ignores technical problems! by unboring · · Score: 2, Interesting

    I have seen many of these "fear-mongering" articles now on Slashdot as well as other sites. Most oversimplify the matter without really considering the technical difficulties that make such tracking scenarios fairly impossible.

    During my internship the last 6 months, I was developing precisely such item-tracking software and RFID tags.

    Firstly, the range on these tag readers is so low (~ 5-10 m) that tracking anyone or anything in the world outside the store/warehouse is not a trivial task. Neither are they very accurate in their sensing capabilities. This would require millions of these readers all interconnected and interfacing with the same database.
    Secondly, in order for these stores to think of tracking customers (when they are in the store) based on the items they purchase, those items would have to be bought from the same store chain right? Obviously, Walmart does not have access to Sears' database!
    Thirdly, and I think someone raised this point before, that current systems and pilots track on the pallet and case level. Item-level tagging raises the challenges of managing the huge amounts of data and network traffic. These concerns are so real and serious that many are raising doubts about the potential use of RFID tags in retail stores. Most of these tags do not work at all if they are in contact with some metal, as is the case in some shoes.
    RFID tags have good application in warehouse scenarios, where the privacy concerns aren't that great.
    I agree that RFID technology has some privacy issues, but most people seem content to object based on some imagined fears or paranoia. Look at the hard technical facts before bringing on the tin-foil hats :)