The Trouble with RFID

wintermute42 writes "Simson Garfinkel, author of Practical Unix & Internet Security along with Gene Spafford and Alan Schwartz, has an article in The Nation on RFID tags. They're not just for tracking stuff. They can track you too."

RFID Zapper?

[flinxmeister]

So how feasible is a "zapper" that will render RFID's useless? The idea is you come home and run your new purchases throught some sort of scanner...and poof! Normal merchandise again.

Any EE types that are familiar with what it would take to do something like this?

Anyone with two feet and perhaps access to a car

[ObviousGuy]

Anyone can track you. Really. All it takes is a notebook and pencil.

Get over yourselves. Jeez.

I'm always unsurprised...

[smittyoneeach]

When people act surprised about information.

They're not just for tracking stuff. They can track you too.

No kidding. Life takes on a similarity to the chessboard. There are no surprises in chess, just players not quite working out all of the move combinations.

Obligatory

In Soviet Russia RFID tracks you. Wait... that's not right is it?

question

What happens if you collect about 1000 RFID devices
and carry them around with you. Will the readers
be able to read that when you pass by a scanner?

Tracking? No, more like targetting!

[31415926535897]

You're thinking about this all wrong. Take off your tin-foil hats, nobody really wants to 'track' you.

Now, what companies will really be salivating over is the opportunity to market to you. If they can track all of the RFID tags on and around you, they can know so much about you that they can tailor advertising to you specifically. Just like Minority Report, only not so cool.

Just think of it as value adding. You're adding so much value to the coffers of manufacturers and advertisers!

Re:Tracking? No, more like targetting!

[morelife]

The USA does have legitimate security concerns whether you believe so or not

You're confused - addressing national security concerns is good. Unless you remove constitutionally guaranteed freedoms and move closer to a police state in the process. No, do not take citizens' freedoms away or introduce processes that ease potential abuse.

You're confused - national security is not being served, and our reserves are being wasted. Your tax dollars and mine pal. Our borders are not any safer than they were pre September 11 - the Homeland Security department is doing a bad job. Even networks like Fox News are pointing this out. If you've ever travelled through Israel you'd realize American "security" is a joke.

Which part of September 11 did you like? All of it?

There is a part of your brain telling you that having the Patriot Act in its current incarnation is going to prevent another September 11. America's policies toward the Muslim world for years are what finally led up to our September 11. George W. Bush's alienation of practically every other country on this planet may eventually lead to another September 11.

Since I knew people who died in those towers, and since some of my best friends happened to make it out alive, from where I stand your question there is pretty stupid.

A lot of people don't like our freedom and way of life.
We didn't achieve this way of life by looking the other way when legislation like the Patriot Act appears. This is exactly the kind of shit the first Americans rejected the Crown for. Fucking wake up.

Slippery slope...

[John+Seminal]

Indeed, such warnings might once have been dismissed as mere fear-mongering. But in today's post-9/11 world, in which the US government has already announced its plans to fingerprint and photograph foreign visitors to our country, RFID sounds like a technology that could easily be seized upon by the Homeland Security Department in the so-called "war on terrorism." But such a system wouldn't just track suspected Al Qaeda terrorists: it would necessarily track everybody--at least potentially.

What is that quote? Man is born free yet everywhere he is in chains

I do not like the idea of having every last bit of privacy removed. Between the new camera's my state is installing on highways, with radar guns, that send you a ticket in the mail, to having banks sell personal information to thrid parties so they can call me at dinner to offer me a great price on a satelite dish, this is getting out of control.

While some may say that government will never, ever use any technology in an illegal way, I would just say they have done it in the past. Nixon broke into the dem's headquarters. Other presidents have bugged the phones of political groups like the black panthers. And this current president has the "Patriot Act".

It scares me to think what government could do. 1984 is looking less like fiction and more like a prediction.

Not quite ready for prime time

[erick99]

I did a search on google news and read some articles about RFID. It was interesting to read that retailers, at this point, can only wish they had the tracking capabilities that RFID might be able to provide. I also read that some retailers have canceled plans to deploy RFID after getting firestorms of negative feedback from their customers. It will be interesting to see how this turns out. It's sort of a sociological technological showdown.

Happy Trails,

Erick

I welcome my RFID tag

[bunyip]

I'm a triathlete and runner, we've been using RFID to track athletes for years. The main company doing this is Champion Chip. It's a small plastic device that you attach to your shoe or put on an ankle strap.

The tracking lets them do severl things. First, they get accurate timing and immediate results. They can also track where you've been to make sure that people haven't cut parts off the course. Some people are too creative, a few years back a women hopped on the subway for part of the Boston marathon, but she went "too fast", they got suspicious and reviewed the surveillance cameras in the subway.

The latest cool thing was in Ironman Hawaii. They had video cameras setup on the course and the chip strapped to your ankle let them know your location all day. Then, you could order a personalized DVD with video of your race. Pretty cool idea, though I didn't personally buy one.

Some may see this as big brother, or a harbinger of things to come. Some of us, however, have been happily tracked by RFID for years - voluntarily! I wouldn't want this to be 7*24, without my permission.

Alan.

Get a clue

[dabadab]

Technology is not the problem.
The problem is (as always was and always will be) how people use a technology.
RFID (or any other technology) is not necessary for a police state as demonstrated by many examples in the past.
You privacy can be (or most probably: was) violated without RFID too.
To protect your privacy you need a society that values privacy and have laws that express this. If you do not have that then you are swimming against the flow and your are doomed to failure, no matter if RFID is used or not.
I would like to point out Europe: there are privacy laws that basically say the following:

• Personal information can only be collected with your approval (or if mandated by a law)
• This information can only be gathered for specific purposes (of which you must be informed) and may only stored for a set period of time, which can not be unreasonably long.
• You can request access to the information about you and request correction or deletion
• Your info must be kept confidental and correct
• Your personal information can be given to a third party only if the above requirements are fulfilled

If you have such laws (and have them enforced) then there is no need to fear RFIDs - but if you don't have them, RFIDs should be the least of your worries.

Re:Anyone with two feet and perhaps access to a ca

[_LORAX_]

What you fail to address is that takes a vehicle and one or two dedicated people per person being tracked. This is the way it should be.

With RFID we are now faced with situation where a simple globally unique tag is assigned to each RFID tag and can be tracked with simple electronics. A store can track your every movement with a dozen carefully placed receivers by tracking the RFID tag embedded in the soles of your shoes.

Malls could track walking patterns the same way, and by consolidating and minimg the data, they can probably match up anonymous tracking data with an individual by looking for things like credit card transactions.

This is not stuff of Sci-Fi or intregue novels, stores want this kind of information and they WILL be using it. Unfortunatly with my buisness hat on I know that RFID will never go away, it just has WAY WAY too many advangtages for stores ( inventory, shrink reduction, fraud protection, ... ) gone will be the days that people could walk into a large store, take something off the selves and return it to the sevice counter ( it was a gift and I don't have a recipt ).

What's in a name...

[lukewarmfusion]

like Simson Garfinkel. First of all, it's not exactly a common-sounding name to me. Maybe it is in other parts of the world.

Second, can I withstand the desire to crack a Simon & Garfunkel joke? I mean, almost all the letters are there...

Hello R-F my old friend,
I've come to talk with you again.
Because the data softly creeping
I am just lying here weeping
Because a hacker
Just stole my identity...
And now my bank account is silenced.

Privacy invasion OK as long as it's for sales?

[dpbsmith]

The big question, which, it seems to me, gets deliberately fuzzed in all of these discussions, is this:

Is it acceptable to invade your privacy as long as it is for the purpose of selling you stuff?

Privacy advocates tend to emphasize the danger that systems put in place for the purpose of selling you stuff might later be used for purposes of political repression. This is a real concern, but a relatively remote one. It's a slippery-slope, speculative, "if this goes on" kind of argument. Yes, I know (mostly from reading Slashdot!) that there have already been instances of such usage creep.

Let's suppose--implausible, of course, but suppose--that you could somehow guarantee that RFID tags, and all the information that companies gather on you in all sorts of ways, could be freely exchanged by companies for the purposes of selling you stuff, but could be perfectly secured against any other kind of use whatsoever.

Would that be all right, or not?

Volition and benefit

[The+Ape+With+No+Name]

In this case, you willingly put it on in order to operate and interact with your community of runners. Basically, to see who is the best among you and to see what your time is for personal reasons.

In the scary case, WalMart puts an RFID tag on my tighty-whities and then I go to Target and over the intercom comes a voice that says, "John Allman, Welcome to Target. We have tighty-whities for sale."

Personally, I am learning to sew.

They're supposed to withstand it.

[oneiros27]

My understanding, based on earlier articles that have been posted on this website, is that the RFID tags are specifically built to withstand these sorts of problems.

They disconnect their antenna if they sense a surge to protect their circuitry.

And it makes sense -- if you're using these for tracking merchandice, you wouldn't want some shoplifter taking the RFID equivalent to a tazer with them, shorting out the RFIDs, and then walking out with your product.

(personally, I didn't see anything new from this article than any of the other articles posted before on the subject. I don't think there have been particular suggestions of targeting window shoppers, but the general proximity issues have mentioned repeatedly before)

Re:Anyone with two feet and perhaps access to a ca

[4of12]

Here's an idea for a new community project: Mega RFID Vest Library

Go to the dump where multiple people are throwing away RFID-laden products. Snag the lil suckers off discarded food products, garments, appliances, liquor bottles, baby food.

Sew them onto a vest.

Lots of `em.

When you walk through the scanner you'll be ...... 246 different people.

Then, trade vests with others in other cities, other countries!

Re:Only a problem if you never change clothes

[GoodNicsTken]

Maybe now, but think down the road a few years. You have an RFID tag in your jacket, shoes, pants, cellphone, carkeys, and wallet. You walk by a sensor, and it ties all thoes things together.

Sure, you change clothes, but what about your phone? What happens when you wear the same pair of shoes with different clotes? The data warehouse ties that serial number in with your profile and builds a profile of all the items you own. There's not an easy way to eacape that.

I work in datawarehousing. We have a system that processes about a billion transactions a day. Each record is far mor complex than than a simple RFID and station ID. We also tie multiple records together into transactions. The scenaro above could be very real.

Some great new product opportunities

[pesc]

There are some great new product opportunities in the new RFID-enabled world.

RFID Super Scanner - Scan your surroundings and your stuff for RFID tags. Pinpoints the location exactly.

RFID Mega Zapper - A high energy directed radio energy impulse designed to fry the electronics in your RFID tags. Great fun for vandals in stores! Smack your enemy's wallet!

RFID Spoofer - A programmable device that returns the RFID code of your choice. Great for making a copy of you luxury car key! Or your neighbours. Have fun in stores after Zapping (TM) a RFID tag and replacing it with a Spoof(TM)!

RFID Data Miner - Build your own database of RFID tasks. Now you can do your own surveillance and track people. Also good in parking lots when you want to know what RFID code to feed into your spoofer for easy access to that nice car.

RFID Jammer - A fun little DOS device that emits radio frequences to blind RFID readers.

RFID Database Feeder - This device emits thousands of new random RFID codes every second. Great for filling the databases of those eager RFID code collectors.

I think most of these tools can be built easily and are not science fiction. If they can be built, they will.

Seriously, do you think RFID techniques makes the society more or less vulnerable for attacks?

Re:Only if...

[dahamsta]

Just throw everything you buy from Wal-Mart in the bin, save yourself the worry.

every last bit of privacy removed

[dpilot]

Some are quick to say that the US Constitution guarantees no right to privacy.

But IMHO, the US Constitution embodies the 1793 State-of-the-Art of distrust of Government and other concentrations of power. That's the whole reason that there are three branches with checks and balances - mistrust of the institution of government. No matter how trustworthy those in power may be today, there's no guarantee that the next batch will be so. Checks and balances were put in place to provide trust - through mistrust.

Had the Founding Fathers been able to foresee the capabilities of electronic surveillance, they would have codified Privacy into the Bill of Rights. Instead, they did what they could, focusing on late-18th century concerns.

Had the Founding Fathers known of the potential concentrations of power known as multinational corporations, they would have codified some sort of separation of Business and State. Instead, they focused on what they knew, separation of Church and State.

NOW I'M WORRIED.

[GeneralEmergency]

It seems like a paranoid fellow can't even buy alumunum foil anymore without being monitored.

Now what'll I use to line my Official Area 51 Ball Cap?

Re:Only a problem if you never change clothes

[fireweaver]

Has anybody ever thought of making a RFID tag detector? Something that simply emits whatever RF it takes to trigger the tag and listen for a response. (It is not necessary to decode the response, only to note that it is present.)

With such a device you could scan your things and locate and remove the tags.

It shouldn't be too hard for the hardware hackers out there to come up with something like this.

A new business opportunity

[r_j_prahad]

For a scant few bucks an hour, I will take your RFID tags out for a walk about the town. Spend a few more dollars, your RFID tags get to go to the opera, making you appear a very sophisticated gent. But skimp on the tip, and your tags spend a half hour in an alley known for prostitution and drugs.

This month's special - your RFID tags get a tour of the White House! And maybe even a chance to meet the president's RFID tags. Register soon as there are only a few openings available each year.