RSA Creating RFID Blocker Tag

burgburgburg writes "RSA is introducing a new RFID cloaking system to guard secret data. The RSA Blocker Tag technology uses a jamming system designed to confuse RFID readers and prevent those devices from tracking data on individuals or goods outside certain boundaries. At its security conference, RSA demonstrated the blocking technology in a pharmacy setting. The pharmacist provides your prescription in a special bag with the Blocker tags. When the drugs are in the bag, RFID readers are blocked. Take them out, they're readable. The tags work by emitting radio frequencies that fool RFID readers into thinking they're receiving unwanted data, causing them to shun data from that source. RSA promises that this new technology will not interfere with the normal operation of RFID systems or allow hackers to use security technology to bypass theft-control systems or launch denial-of-service attacks." Maybe it's just me, but this seems to not address any of the important RFID issues at all.

It's Time...

[Captain+Large+Face]

OK paranoid people, now you've got something to line the inside of your tinfoil beanies!

Re:It's Time...

[SillySnake]

Or at least something that matches the rest of my outfit. This foil stuff just clashes with my attire.

Re:It's Time...

[Kenja]

I use the Trepan-A series of tools.

Re:It's Time...

[G-funk]

Am I the only one in here who's become conditioned to not click on any link with the word "goats" in it?

The EPA won't be happy...

[LurkerXXX]

I guess soon we will all want to start using lead paint again on our houses.

That's an improvement

[SillySnake]

Now I can stop wearing all this aluminum foil!

Re:That's an improvement

[Doesn't_Comment_Code]

That reminds me of a news special I saw on TV about professional shoplifters. Apparently they had devised a way to smuggle clothing and other goods with RFID tags past those little scanner gates. You wanna know how they did it?

Tin foil lined bags!

According to the show, some of these shoplifting rings take millions of dollars worth of merchanise a year. So this method must be pretty effective. I love when people go through a ton of work and invest billions of dollars while ignoring something simple/stupid like tin foil.

Re:That's an improvement

[stratjakt]

RFIDs arent meant to solely deter shoplifting. Hell, you can rip the security tags off.

They're more about inventory and process control. Store managers want to be able to walk down the aisle with their RFID-scanning laptop and instantly know how many of each item are there. Or, misplaced items can shout "hey, I'm on the wrong shelf!"

Or honest shoppers can take their stuff up to the self-checkout area, and the screen shows you whats in your bag and you sign off on it, rather than having to scan and rebag everything.

And, of course, the paranoid will tell you its so the CIA can scan you from a plain white van and know what kind of deoderant you use.

Shoplifters and thieves will always find a way around the system, so it doesn't matter.

Re:That's an improvement

[s4m7]

All we need now is for the courts to rule that tin foil is somehow a violation of the DMCA under the "circumvention" provision.

When tin foil is outlawed, only the outlaws will have tin foil!

In Soviet Russia, RFID Blocks you!

Re:That's an improvement

Myth, by the way. NASA used/uses mostly pencils and felt-tips, both of which work just fine in orbit. The 'space pen' was mainly marketing for whichever company it was that designed the silly thing.

This is from working at Kennedy.

Re:That's an improvement

[AnyNoMouse]

As mentioned above, this is a myth.. Snopes link to the real story

Re:That's an improvement

[zelphior]

Conceivably, RFID tags could be constantly tracked in store and raise a red flag to security if they disappear.

Not sure if that would do any good. Someone goes into a store and grabs something with an RFID, places it in their foil lined hidden inner pocket in their jacket, and walks out. When the item goes off the RFID master radar image, it maybe sets off an alert, so then someone has to physically walk to the shelf to see what happened. By then, the thief is long gone. Plus, they aren't exactly super high-power devices, I'm sure they occasionally don't hear the query or respond back in time, so you'd get lots of false alarms.

Work part time from parking lots.

[Godeke]

I see a new business opprotunity! Several states decided a while back to make a profit off of the backs of the citizens by selling government databases to spa^H^H^H marketers. One of those databases was the registration data from the DMV.

Combine that with RFIDs scanned as they leave the store, returning to the car, and I think we will have an incredible insight into the nature of those people's purchases. I'm sure some clever individuals will be able to build a portable scanner and have some underpaid kids key in the corresponding plates... won't this be wonderful!

Re:Work part time from parking lots.

[gnu-generation-one]

"Combine that with RFIDs scanned as they leave the store, returning to the car, and I think we will have an incredible insight into the nature of those people's purchases."

You think that's bad? Imagine a bomb which explodes when it detects the RFID tag in an American passport nearby.

Arms race

After this, of course, Wal-Mart comes up with the RFID-blocker-blocker. And then RSA develops the RFID-blocker-blocker-blocker. And so on.

Re:Arms race

[Alan+Cox]

And I claim my RFID tag is for rights management and you go to jail. Easily solved. Come to think of it if you look suspicious I'm sure something like "going equipped to steal" would do for the carrier or nonsense like "accessory to a crime" to the manufacturer 8)

Strange how DVD copying software is being ruled illegal as it might be used to commit a crime while high velocity rifle rounds that penetrate police armour and kill people are not.

I guess Mickey Mouse is worth more than a pile of dead fbi men.

Re:Arms race

[the_mad_poster]

Strange? No. The firearms industry has lots of money, the movie industry has lots of money, and politicians want lots of money. It makes perfect sense to me.

In the meantime, I'll continue buying both as I damn well see fit (although to date I've not seen fit to buy either).

Re:Arms race

[Richard_at_work]

The DVD copying software (DVD Xcopy i presume, as thats the one that was in the news recently) was ruled illegal because it circumvented copy protection measures, and under current statutes (DMCA) its an open-and-shut case, there isnt much else the Judge could have done. It didnt make 1:1 backup copies, because it did two things: transcoded the contents to make it fit, and allowed you to choose what you wanted copied. If it could make 1:1 copies, and that was all it did, then it would probably have passed ok, as it didnt surcumvent any acts. Dont blame me, dont blame the judge, blame the person who signed the law.

Re:Arms race

[zelphior]

And high powered rifle rounds pretty have one purpose: piercing armor and thick hides. Not may elephants here in america to hunt. Yet you can easily buy the rounds for guns whos only legitimate purpose could be to shoot large game. It has nothing to do with utility, and everything to do with which lobby has more money. The NRA has lots of money to lobby congress in favor of allowing guns, and the MPAA has lots of money to lobby congress to pass laws banning DVD copying software. The problem is that we don't really have much of a lobby with congress. All we have are our votes. Most people don't bother to use their votes, then complain when the idiots who are elected into office pass laws they don't like. If you don't like the system, change it. Don't just sit there and complain about it.

Re:Arms race

[GTRacer]

If it could make 1:1 copies...

IIRC, it *HAS* to be able to decrypt the DVD because standard burners can't write the CCA key. Kinda like how burning bit-perfect copies of PlayStation games is useless for an unmodded system.

I wish these people would get over themselves. They should be THRILLED I want to make backups of their crappy movies. Actually, I don't want backups. I'm looking for DVD-to-MP3 ripping so I can listen to my favorites at work like Office Space, the Simpsons, South Park, Princess Bride, etc.

GTRacer
- I do not think that law means what you think it means...

Re:Arms race

[brianosaurus]

Radiohead called. You're watching those movies improperly, and you should stop doing so immediately.

What I plan to do is backup all of my 300+DVDs (yes, the MPAA has made, and continues to make, a lot of money off me!) to a RAID, sans FBI warnings (which i've seen plenty of times already), trailers (which i've seen plenty of times already) and other stuff that doesn't work properly on my DVD player (ie. temporarily breaks the "next chapter" and "menu" buttons). Then I can watch any of the movies I have bought on any TV in my house without having to dig through shelves and shelves of discs, and without having to start it up 15 minutes before I actually want to watch (so the non-skip previews will be over by the time i sit down to watch).

I don't understand why the MPAA doesn't want me to enjoy watching the DVDs I buy.

Where can I get one of those bags?

[davidpfarrell]

So what keeps someone from sneaking DVD's out of a store in one of these magic bags?

Re:Where can I get one of those bags?

[gfxguy]

The same thing that keeps them from doing it now (hint: it's not RFID).

Re:Where can I get one of those bags?

[gfxguy]

The most important things that keeps the vast majority of shoppers from stealing DVDs, or anything else for that matter, are honesty and morals.

Re:Where can I get one of those bags?

[Inda]

The majority of people are greedy. Fear of getting caught stops them from stealing.

Re:Where can I get one of those bags?

[FuzzyShrimp]

Naw, what keeps me from stealing is the plastic wrap around the DVD and CDs. What good are they when you get them home? I have many at home that I cannot open yet after two years of trying.

Re:Where can I get one of those bags?

[Mr+Guy]

Actually they aren't as similiar as you'd think. Psychology studies, indeed even students in basic classes, have proven time and time again that given the option between a completely risk free theft and paying for something reasonably priced, people with "Western Morals" will chose to pay for it in most cases.

It isn't until you cross the price line where people think YOU are being unfair to them that they will prefer to steal it.

This is what allows unattended kiosks to function at all, or displays in front of stores, newspaper stands, and many other things.

Curiously, it seems that only good faith on the part of the seller invokes this response. The more responsibility you put directly on the buyer, the more likely they are to behave ethically. If you establish elaborate security and countermeasures, they are more likely to try and steal it.

Consider online music retailers that attempted to put elaborate restrictions onto the media. All it did was galvanize people to trying to break their format. iTunes, however, only requires you to burn it to a CD, which they'll do with a touch of a button, and then rip it back from the CD to counter their own protections. The big difference is, they don't pretend that it's a huge restriction, they charge what people are willing to pay, and they provided more than enough for the average user: 3 authorizations or 1 for work and 2 home computers. Did people break it? Yep. Did it hurt their bottom line that people broke it? Not at all. Many users are like me, we went and bought copies of the music we had "borrowed" before when the price was at a point we considered unreasonable.

abuse

[stonebeat.org]

RSA promises that this new technology will not interfere with the normal operation of RFID systems or allow hackers to use security technology to bypass theft-control systems.

I think this kind of technology is asking to be abused. Just like the cell fone signal jammers.

Re:abuse

[Temporal+Outcast]

I think this kind of technology is asking to be abused. Just like the cell fone signal jammers. That could be said of any and all kinds of technologies, for the most part.

goody bag

[Mordac+the+Preventer]

So once stores are using automated RFID-reading-Visa-charging tills instead of employing humans, you be able to get one of these bags, fill it with goodies, and walk out without paying?

Sounds good to me.

Think Geek

[WormholeFiend]

I hope they start selling a t-shirt with a giant version of those tags printed on the front.

If I'd tried it...

[robslimo]

I probably would wind up getting sued. I guess you have to have a business plan to be able to jam signals without fear of prosecution (mostly kidding here).

It does seem like a reasonable application but, as the story says, isn't intended to address the broad range of objections. Still, protecting privacy of medical information is a step in the right direction... and what's to prevent me from applying it elsewise?

Re:If I'd tried it...

[C10H14N2]

We have spent billions of dollars and centuries of research and development on a technology to prevent this kind of abuse. It can be embedded or layered onto another invention called "paper." Using a portable delivery device known as a "pen," pricing information can be recorded at the point of delivery. This technology can also be combined with device we call a "printer" to produce "bar-codes" that are machine readable. The resulting data-carrier, referred to as a "label," can be enclosed in another device known as a "bag" or "envelope," thus preventing any unwanted scanning by third-parties.

Seriously, why the hell does your medical information need to be transmitted by radio to a fscking cash register? We can't train people to fscking READ anymore? Christ.

Re:If I'd tried it...

[H3lldr0p]

"Seriously, why the hell does your medical information need to be transmitted by radio to a fscking cash register? We can't train people to fscking READ anymore?"

Well, think of it from a more profit-centric vein.

Once they get all of that in place, then it would be trivial to have what you need as your medication also on an RFID, which would be hooked up to a despensing machine of some sort, and *poof*! No humans needed in the process at all. Suddenly all of those millions of dollars being wasted on employing highly trained, well educated, people who do nothing but stand around all day to fill bottles (and destroy our profits), gone!

Low Tech Version

[lionchild]

Why not simply make the bag out of a material that simply dampens radio signals, opposed to sending out additional, confusing signals? It's a technique used to keep security sensors from detecting RFID security tags. And the substances that work are ..reasonably commonplace.

Re:Low Tech Version

[SpyPlane]

We have a stupid FastTrak system here in California for the carpool lanes where you can pay even if you are by yourself in the car. They give you a transmitter box and it debits your account when you get in the lane. Long story short, they give you a bag made out of silver to put your transmitter in if you actually do have a passenger with you, so your account won't get debited.

Seems like one of these silver bags would work perfect to put RFID enabled items in.

Re:Low Tech Version

[donutz]

Wired did an article on this: Is RFID Technology Easy to Foil?

Re:Low Tech Version

[KingKire64]

I believe those bags are called Booster Bags and the are a felony to possess, in PA at least. My sister works in a retail outlet and they have caught ppl using them. Throw clothing in bag walk out store no annoying alarms.

Simple Solution

[sunami]

Why not just pull out the RFID?

Re:Simple Solution

[YrWrstNtmr]

That might not be an option with all products. If it is sewn into the hem of a dress, or molded into the sole of a sneaker, removal might be a bit messy.

Next up- RFID blocker blockers

[wowbagger]

RSA's next annoucment will be tags that will block the operation of the tags that block the operation of the tags on the things you buy. This will be offered as a security enhancement to stores to prevent the RFID system from being jammed.

Re:Next up- RFID blocker blockers

[j-turkey]

RSA's next annoucment will be tags that will block the operation of the tags that block the operation of the tags on the things you buy. This will be offered as a security enhancement to stores to prevent the RFID system from being jammed.

Circumvention of circumvention technology.
ERROR: DMCA buffer overflow

Re:Next up- RFID blocker blockers

[j-turkey]

Why not? They make radar detector detectors... In those US States where they are illegal, the cops sometimes use them to nab people for using detectors.

Yeah, I was trying to make a joke. Just the same, I'll bite -- cause I happen to have some experience with this. Radar detectors are only illegal in VA and Washington DC (in the US, anyway). In these places they use VG2 (and other) detector detectors. However, it's illegal to scramble radar or (AFAIK) detector signals -- actually highly illegal. Now, the FCC doesn't make the radar detectors illegal -- in fact, they're only radios. They just listen into a given radio frequency and tell you if there's activity in that spectrum. Consequently, they broadcast a tiny amount of RF (the same as radar). This is why the guy in the lane next to you with a cheapo radar detector might set yours off -- his probably has crappy shielding. All the VG2 (and similar devices) do is listen for these very small signals. There is no jamming taking place at all. The police can't even jam radar detectors -- they can only change the spectrum (like using Lidar/Laser) or use technology like POP to fool the radar detectors. (BTW, there's all kinds of info here -- it's a review, but they talk about all the newest technology on all side of this). The new technology the the police use will eventually be countered by the radar detector manufacturers...it's nothing special, just a dumb cat-and-mouse game for an additional "driving tax".

Radio frequencies are governed by the FCC, and they tend to enforce the law as far as jamming signals goes. However, if their law doesn't apply to this, I'd bet this bag would count as some sort of circumvention device (what if the RFID tags were protecting IP like a book, CD, or software?). If it's a circumvention device, someone will make the stretch that it violates the DMCA. A circumvention device that circumvents the protections afforded by a circumvention device -- well, someone could probably invoke the DMCA against that too. I guess I'm not as funny as I thought...just the same, however, I don't think that your radar example applies to this.

I'll take one bag

About 6'2" tall, maybe... 2 feet wide... with a breathing hole if possible, and maybe some plastic towards the top to see out of.

Why Indeed

[ackthpt]

Maybe it's just me, but this seems to not address any of the important RFID issues at all.

Oh, I don't know about that. Seems this is just the thing to keep those guys wearing RayBans and black macks, lurking in an arcane sea-green Dodge Dart parked in the far corner of the drugstore parkinglot from discovering which medication you're on this week for your schizophrenia and irrational paranoia.

Re:Why Indeed

[CaptainPuppydog]

...discovering which medication you're on this week for your schizophrenia and irrational paranoia.,

Yah... thankfully I only suffer from rational paranoia... not like those poor unfortunates you mention...

hey, how did you know the Dart is green anyways?? ... you-you're one of THEM, aren't you ... NNNOOoooo...

Great

[FictionPimp]

Great, now I have to wear a body condom to block my RFID's... Actually, i'm glad to see companys looking at RFID in a responsible way. Hopefully between that and angry consumers, this can be a usefull technology without being a privacy hazard.

new restrictions

[theMerovingian]

The pharmacist provides your prescription in a special bag with the Blocker tags. When the drugs are in the bag, RFID readers are blocked.

"Excuse me sir, could you please leave your stack of empty Walgreen sacks here at the counter"
--Best Buy employee

Re:new restrictions

[ackthpt]

"Excuse me sir, could you please leave your stack of empty Walgreen sacks here at the counter"
--Best Buy employee

"Is it just me, or does that guy look like he's wearing a coat stiched together from shopping bags?"

RFID Blocker? No, RFID Nuker!

[MattT]

What I want is to be able to disable the damm tags on anything I've already purchased and taken home!

How about foil-lined bags?

[Bob+Cat+-+NYMPHS]

That's what shoplifters use right now to defeat the currently used radio tags. 60 minutes did a segment on professional shoplifters last Sunday. It's a $10 billion a year industry.

Who told the criminals about Faraday cages? Did they learn it on the Internet? We need to remove this dangerous physics information from places kids and robbers can get it!

Re:How about foil-lined bags?

[SanLouBlues]

What amazed me most about that segment (it all amazed me to varying degrees) was that RFID tags could probably stop those bastards cold. If a computer can track merchandise on the shelf it could say if the merchandise just disappeared from radio contact. Just put the tags in a removable part of the clothing (like the glass ink packs they use now) and they would beat they hell out of the magnetic systems.

Privacy concerns, yes. But I hate non-needy thieves, and if we can reduce the privacy worries this would be a phenomenal way to stop shoplifters.

Re:How about foil-lined bags?

[Ateryx]

Who told the criminals about Faraday cages?

What is a Faraday Cage?

A Faraday Cage is the phenomenon that occurs when you surround an object with a conductor (read: metal), basically stopping all charge from entering/exiting conductor.

Here is a simple decution of why:
Gauss's Law states when a conductor is charged the charge resides on the surface of the object--with a solid metal sphere, all the charge would be sitting on the outside surface.
Now imagine a hallow sphere: The charge can only be on the surface of an object, therefore this allows no charge 'inside' the sphere.

Examples in everyday life:
->Lightning strikes your car
-> Lightning strikes a plane. (Studies say by average, every plane in the US is hit by lightning once a year)
-> Your Cell phone gets poor reception in basements and lower floors of buildings because of the rebar in the concrete.

I found a cool app. of Faraday's Cage where you control the charge--really helpful if you still don't get it.

Re:How about foil-lined bags?

[chooks]

We need to remove this dangerous physics information from places kids and robbers can get it!

<sarcasm>

Absolutely! And those cesspools of scum and villainy where they are stored -- libraries! Not only are they breeding grounds for people to meet and discuss terrorist related activites (like how they feel about current politics!) but people can read books there free of charge. This is in clear violation of the copyright holder's rights!

Physics has destroyed more people's lives than we can count (ever heard of a place called Nagasaki?). We should outlaw all knowledge of it and persecute those who study this forbidden lore. Clearly this type of activity does not make people happy. Have you ever seen a physics graduate student? Probably not, b/c they never see the light of day. Ever.

People should just be good consumers and buy whatever they are told to buy.

Won't someone please think of the children!!!!

</sarcasm>

And yes, I know the parent was being sarcastic too.

Couldn't you just always carry a blocker tag?

[thesolo]

Essentially, the blocker tag system works by tricking readers that all the possible RFID tags are present at a given time. Because RFID readers can communicate with only one tag at a time, when multiple tags reply to a single query, the reader detects a collision.

When that happens, the reader tries to communicate with each tag individually, asking each for its next bit, which identifies the portion of a binary tree the tag resides on. However, when queried in the presence of a blocker tag, the blocker tag also responds, but with a "0" and a "1" bit, confusing the reader and preventing it from getting valid responses.

So couldn't you just always have a blocker tag with you at all times? Say you build one of these into your watch, for instance. Wouldn't that make a store's entire RFID system useless for the items you're carrying?

Also, blocker tags in bags don't do anything to protect your privacy once you take the item out of the bag; so if the RFID tag is on clothing, it would still be active while you're wearing it, but not while you're walking out of the store with it. Something about that definitely doesn't seem right.

Someone's trying too hard...

[Stone+Rhino]

You don't need a special chip to stop RFID tags from functioning. Look at the EZPass/FastPass/etc. systems in use on highway systems across the country. They come with a metallized plastic bag, similar to the antistatic ones that your hard drive came in, that blocks the signal from the EZPass so that you won't register when you don't want it to. All you need is your standard Anti-static bag. Drop your RFID tags in there and watch the readers try to find them. Signals won't penetrate: no chip necessary.

Re:Someone's trying too hard...

[jjshoe]

My rfid badge still works at work in an anti-static bag. I just tested it. Could have something to do with the fact that EZpass, etc. are ACTIVE rfid's and the rfid in my badge is PASSIVE much like the kind that will be used in stores.

this would probably require a legislative change

As described, what they've built is pretty much the embodiment of "harmful interference". It'll require an amedment to the FCC's Part 15 rules to be legal. Which seems fairly unlikely...

how powerful are RFID tags anyway?

[NumLk]

Seriously, they are very low power transmitters. Wouldn't a foil-lined bag (similar to those McDonald's uses to wrap burgers) produce the same results, at a much lower price, for the use described in the article? I'm really not trying to be a troll, it just seems like a very (comparatively) expensive solution to a problem with a cheap answer.

Or perhaps...

<conspiracy> It sounds to me like RSA actually has some other use in mind for these tags. </conspiracy>

Cloaktec(TM) EMI / RFI Shielding Material (fabric)

blocks from 10 MHz to 20 GHz mobilecloak

RFID on drugs?

[SuperBanana]

The pharmacist provides your prescription in a special bag with the Blocker tags. When the drugs are in the bag, RFID readers are blocked.

Uh...why would you need to put RFID tags on drugs or on drug containers in the first place?

If you're talking about prescription filling errors, that would be solved overnight by two things:

a)making doctors fill out prescriptions similarly to how most government forms are- one box per letter,capital letters(and when a prescription is rejected- the pharmacy makes it clear to the patient, AND the hospital, WHY. Doctors who can't be bothered to write clearly for the safety of their patient find themselves on the street).

b)training pharmacists better, holding them and their employers accountable for mistakes, and FDA(or state) conducted spot checks(we check health codes at restaurants to make sure Jenny the short order cook doesn't store that pot in the wrong place, but we can't be bothered to have someone fill a prescription a few times a month and check the results at a lab?)

If we're talking about theft(gillette's supposed reason for doing RFID), the major source of theft is armed(or claiming to be armed) robbers stealing powerful painkillers that have value on the black market.

RSA is grasping at straws here, finding a solution to the problems with a solution that was invented out of thin air(for a real problem). Say that 5 times fast.

Re:RFID on drugs?

[CrazyTalk]

RFID and/or barcodes on drugs can prevent errors in hospitals which cause many deaths per year in the US (dont have actual stats handy). In fact, it will soon be a requiremen that all drugs be barcoded in hospitals. If a drug is scanned before it is administered, and that scan is compared with a scan of the patients hospital wristband, incorrect drug and dosages can easily be caught. Prescription orders can be entered into the computer and verified by electronic signature, also eliminating mistakes due to sloppy handwriting.

Stupid example

[tomhudson]

Stupid example. Since when do pharmacists put rdif tags in your pill bottle? Sheesh.

Not to mention a whole host of other problems. Seems RSA is looking for a new business model, seeing as their compression patent expired.

Hang on a sec...

[metrazol]

...so I get RFID tags on my bottles of pills. Great. Then I put them in this bag and the tags are jammed. Ok.

SO WHAT THE HELL IS THE POINT OF THE TAGS IN THE FIRST PLACE!?!

If I have to take the bottle out of the bag to show it to the pharmacist or cashier or whoever when I want to get a refill or pay, why not just put a goddamn BAR CODE on the stupid bottle!?! There! Done! I show you the bottle, you do something with it. Bam! Just like what we have today! No extra cost! No upgrades! No new hardware! This is like inventing Caller ID so you can sell everyone Called ID Blocking! Why have BOTH? We can just live without the RFIDs in the first place!

you've already got a nuker

[TubeSteak]

we like to call it the microwave

Not necessary...

[Dimensio]

...I'm sure that they'll find some law, like the DMCA, to use against anyone who dares try to assert this bizarre "privacy right". If no law can currently be manipulated into supporting their agenda, they'll write a new one and pay Congress to enact it.

Re:Not necessary...

[wishus]

...I'm sure that they'll find some law, like the DMCA, to use against anyone who dares try to assert this bizarre "privacy right".

Probably the Patriot Act. That way they can just label the RFID blocker a Terrorist.

RFID nuking

[BritGeek]

One of the main complaints about RFID - that RSA's announcement doesn't address - is that consumers should have the right to have the tags "nuked" at point of sale. That implies that:

1. The tags themselves have to be designed with fusible links (so that they can be overloaded & die), and
2. The POS devices have the option of tag nuking, or maybe some area at the POS where tagged goods can be placed that will nuke them. (Many stores already have those pads that wipe out inventory control tags to prevent theft - same kind of notion.)

So, the question at a practical level is - is the industry actually responding to this, or is RSA's announcement just bandwagon hopping?

Re:RFID nuking

[ddavis539]

Yesterday the Utah House of Representatives passed a bill that would require stores to disable any RFID tag at the point of sale to a consumer (unless the consumer specifically requests that they don't). There was a lot of debate on the issue, but it seems like the legislator who presented the bill has done a lot of research and made a very compelling presentation. I'm not sure how the bill will fare in the Senate here, but the House passed it by a fairly large margin. There were several lobbyists in town from back east trying to kill this bill, but they obviously failed.

Interesting, but unlawful (in the U.S.)

[Eric+Smith]

FCC regulations prohibit deliberately interfering with radio communication. 47 CFR 15.5(b)

Re:Interesting, but unlawful (in the U.S.)

[GlassUser]

Because if you're a shoplifter, you're really going to worry about following every law out there.

Re:Interesting, but unlawful (in the U.S.)

[dstone]

FCC regulations prohibit deliberately interfering with radio communication. 47 CFR 15.5(b)

You're right, as far as actively transmitting goes. But something passive (like stuffing an RFID tag into an ESD bag or maybe even tinfoil) would not contravene this regulation.

Here's the text...

Title 47, CFR Section 15.5 General conditions of operation.

(b) Operation of an intentional, unintentional, or incidental radiator is subject to the conditions that no harmful interference is caused and that interference must be accepted that may be caused by the operation of an authorized radio station, by another intentional or unintentional radiator, by industrial, scientific and medical (ISM) equipment, or by an incidental radiator.

ESD bags?

[Laurion]

Odd. When I want to block an RFID tag, I put it an ESD bag. (Electrostatic bag, the kind that come with many computer components). When I ordered an RFID based automated toll-booth system, it came with an ESD bag, and in their FAQ they explicitly state that if you don't want your tag read and your account charged, just put the device in the bag, easy as that. Presumeably, an ESD bag (which has enough metal in it to accomodate a random static discharge) would create a Faraday cage around the tag, and keep the radio signals from getting in or out of the bag. Now all I have to do is make a shopping bag out of ESD bags.... or just line a backpack, and _bam_. Shoplifter's dream. just remember to close the bag first....

Why would it?

[TheCabal]

Maybe it's just me, but this seems to not address any of the important RFID issues at all.

Why would this address any of the important issues. The important issues are based in policy, not technology. Technology enforces policy.

IBM has this

[John+Harrison]

IBM in conjunction with a German supermarket chain has developed a way to disable tags en masse as you leave the store. This gives the store all the benefits of RFID without giving the customer any of the negatives.

I submitted an article on this to /. a few weeks ago but it was rejected. Typical of /. to print every anti-RFID piece of FUD they get but to ignore anything that might indicate that some companines get it.

Breaking News: SCO patents tinfoil bags

[Frennzy]

SCO has issued a 'cease and desist' letter to the RSA, claiming that their use of RFID blocking technology violates SCO's IP wherein they use 'patented processes' to block RFID tag scanning. Patent searches reveal that SCO has recently hired several convicted shoplifters and their associated technologies now belong to SCO.

Who said its supposed to?

[stratjakt]

Maybe it's just me, but this seems to not address any of the important RFID issues at all.

First, enlighten us and tell us what the "important RFID issues" are.

Then, tell us why this device was supposed to resolve them, and didnt.

*groan*

[MagicM]

Oh yes, I feel safer already!
</BLOCKER>

PACIFIER.

Merely a pacifier in the mouths of consumers. "Oh we are safe now, back to living/enjoying RFID as per the norm". Tell them whatever they want to hear, they will believe you and be happy.

A pack of Marlboros will do the same thing.

[akmolloy]

We've tested it here at the UCONN Library. We use RFID tags on our books, and if you know where the tag is and hold a pack of cigarettes in front of it when you leave, it will block the tag from being read. In this case, tinfoil really WILL protect you!

RFID Jammer

[Linus+Sixpack]

Should market a powerred belt buckle with enough strength of signal to jam everything in a reasonable area. I imagine a suitably rebelious buckle with a little battery.

I know people who would buy one just to be difficult, others because they are smart.

ls

Stupid example?

[circletimessquare]

1994: Since when do people want to visit other computers on a giant network?

1984: Since when do people want an entire television channel devoted to videos of musicians singing and dancing?

1974: Since when are terrorists going to attack airplanes?

Just because it isn't happening now, doesn't mean it's not right around the corner. C'mon dude, get your head out of the sand.

Just the thought of these tags gives every Walmart exec a permanent erection, from the distribution department to the ad department, and every department in between.

Like voting machines: why should I believe?

[dpbsmith]

The problem with all of this stuff is that I have no way to check any of it for myself. How do I know that the "blocker bag" they gave me works? How do I know that someone won't start a business of supplying cheap substitutes, for businesses that want to pacify their customers, that look like real blocker bags but don't do anything? What do I look for? The genuine RSA seal? What if the pharmacist hands me a bag that has some other company's seal on it? Do I trust it?

Will there be a TRUSTe seal on the bag to tell me that I can trust the company that made the bag... just like the TRUSTe seal that certified that eToys would never sell their customer list?

Suppose I have a genuine RSA-branded blocker bags with an authentic non-counterfeitable TRUSTe hologram on it. How do I know it's working properly? Will the pharmacy supply a "blocker bag scanner," like the price-checking guns in Walmart, that let me verify that the blocker bag is actually working? Will the blocker bag scanner have a Commonwealth of Massachusetts weights-and-measures sticker on it to assure me that it's working properly?

If the answer is that I should just trust the pharmacist to be telling the truth when he says it's a blocker bag... well, why shouldn't I just trust the pharmacy not to do anything bad with the data they are capturing from all the RFID tags I'm wearing?

Just because CVS/Pharmacy gave a marketing firm a list of diabetic customers to sell to companies marketing products for diabetics doesn't mean they'd ever do such a thing again. Heck, that was way way back in dark ages... 1998.

These companies are all like Lucy holding the football for Charlie Brown. Trust us, trust us, trust us... even though we've betrayed your trust over and over again in the past, we'll never do it again.

How about friendly RFID tags?

[Skavookie]

Perhaps I'm missing something here, but aren't the tags in question used for tracking inventory and such? It's not like this blocker is intended to be used against RFID tags that the makers explicitly don't want to have disabled, so why don't the RFID tags themselves have a "disable code" that turns them off?

Important problems?

[Syberghost]

What do you mean? This addresses the very most important problem with RFID, namely:

The fact that RSA can't make any money off it!

OT: cell-phone blocker

[peter303]

I wish I could have a gizmo that would disale cell-phones withing ten or so feet. It would be very useful in movie theaters, on the bus, in restaurants, etc.

Re:Actually it's not honesty and morals

[TheCarp]

I can't speak as to Best Buy Specifically, however, I did some contract work for another Big Dept store a few years back (about 2-3 years before they went out of buisness)... I wasn't doing security but I saw the security offices and whatnot (in fact, I stayed overnight in the store, sometimes with a security person, sometimes with just a manager - only once did we get a request by one of them to check our tool bags at the end of the night, but when we said ok immediatly, she just let us go - but she was just a biutchy manager that gave us an attitude all night long - she was also the only one that complained about me wanting to take a book and sit on one of the futons in the store when I had an hour of downtime waiting for data to copy... bitch)

Anyway... my point... ive seen the way their security operate and talked with them about it a bit.

From the moment you enter the store, you are on tape. They may or may not be watching you specifically... you just don't know. Rest assured they are watching somewhere in the store. They know what to look for, they know how to tell who to watch.

Who is the security guy? Well I will tell you, he is probably dressed well, but not like an employee. He/she wont wear the store colors, or a name tag, and he is watching the cash registers as much as anywhere else.

In fact, the store I saw had a very old system overall that hadn't been upgraed in years, not like all these new Best Buy stores. Yet still with that old system they could watch a cashier (what? you think the shoppers are the only people the security folks watch? notice the camera density by the checkout - those are for watching the clerks as much as you) and on a seprate terminal he could watch the transactions go by as the clerk scanned items and input stuff into he register to make sure the clerk wasn't putting through improper transactions or helping people steal from the store.

-Steve

Linky linky

[John+Harrison]

Try here. This isn't the original article that I found, but has some of the same info. Scroll down the page to the part about IBM and Metro Group.

Now that you've posted you can't mod me up though. :)

Time for a little reality check....

[jackalope]

After working for several months with the new EPC compliant tags (what WalMart has mandated) I can, with a great level of assurance, say that one does not need a chip to prevent reading of the chips, that is way overkill, and probably not really reliable.

There are a couple ways to easily defeat the chips:
1) put the product inside of a foil lined bag. Doesn't even have to be heavy foil, any slightly metalic foil will block the RF signal to the point that the tag cannot be read.
2) Hold the product close to your body. The water in your body absorbs the RF signal, silencing the backscatter RF signal.
3) Put two standard RFID chips close together and the antennas will 'shadow' each other, blocking the signal from both.

From my experience it is harder to read the tags than it is to not read the tags. (the fact that you can read a tag is almost a miracle in itself) To build an entire chip to defeat an RFID chip is just stupid.

RSA is just looking for something else to patent, like they did the RSA algorithm.

Nothing here...move along

Re:Arms race NOT FUNNY

[zelphior]

You can't really get around the fact that a foil bag blocks all electric fields passing through it. It would act as a Faraday cage. Now IANAP, but if I recall from Physics class, the foil bag, as a conductor, acts as a sort of ground for all electic fields attempting to pass through it, so the charge from the filed ends up on the surface of the bag, so none penetrates into the center of the bag. Now of course a tin foil bag isn't a perfect conductor, so it will let a little bit of the electric field through, but with a fairly highly conductive bag you could cut the electric field down significantly. Unless the readers use extremely high powered signals, they wouldn't get through. Plus, the tag doesn't transmit a very high power signal to begin with, so the signal will never get out.

Tagging Meds?

[severoon]

Excuse me, but why would they put RFID tags on items like medicines and then design bags to block them from the view of the RFID system? Why not, uh...just not tag them in the first place?

The more I read about this RFID thing, the more I'm thinking the idea just hasn't come along to the point where it has to be. Obviously, if these issues are getting discussed at a high level, we need to put something in place that's a bit more targetted to the problem: we want to be able to read items for a specific purpose, and no other purpose. Walk out of a store with items, get automatically charged to the credit card = good. Someone sitting in the parking lot with an RFID reader able to tell you just walked out with Preparation H, herpes medication, and a coffee enema kit = bad.

I'm betting that the propeller-heads among us have the capability to solve this problem, technologically I'm talking. Also, do we have to start out tagging everything? Why not just tag the non-controversial items? Let's not start with the Complete Homeopathic Colon Invasion Toolkit (TM), or people themselves. Let's start with something a bit more pedestrian and refine things from there...

sev

Open-content solution?

[ggwood]

Just let all information formats on RFID tags be public. Let anyone buy a reader. Obviously, going in to a store with a RFID tag re-writer would be a problem, but the checkout-register could doublecheck randomly.

Make storing customer personal information on such a tag a felony, even if the customer signs any forms indicating otherwise. Business can still use RFID for quick checkout, inventory management, etc.

Since we all have readers, we can doublecheck that the tags are, in fact, erased. I would suggest having readers all over the store, even on the way out. If they are not properly, totally erased, bring them back to the counter. Even 10% of customers doing it would provide major incentive to get the tags erased correctly, the first time.

In fact, why don't we walk around the store with RFID readers? That way we can check the real price of each item - no confusion or misleading shelf placement. If there is a rebate, that information should be on the tag.

Lastly, to achieve nirvana, all we have to do is require the wages of people who made the item on the RFID tags. That way the (now well informed) consumer can choose between shoes, clothing or other goods made in various countries - and actually be confronted with how little people earn in some places. Sure not everyone will care, but enough will.

Lets make it even more lame

[Teahouse]

It's bad enough that every corporate conglomo is going to be allowed to invade your privacy for their own records, but now there is going to be a second conglomo who is going to SELL you products to protect you from the first! Jesus H. Christo! We need to elect another political party because both current groups somehow think this is a good idea. They have both been sucking on the corporate teat too long.

Re:Arms race (Off topic, just like its parent)

[Tjp($)pjT]

Armor piercing rounds generally have steel cores. The main use of steel core ammunition in the US is for cheap surplus rounds sold and mainly used for target practice.The don't make good rounds for hunting (or assassination) as they tend to pass through the target without shedding much energy. Good rounds for hunting are soft-tipped or hollow core and expand and stay in the animal. That way they transmit the most energy and create a more lethal wound channel.

If you consider the size of a buck deer, moose, or elk it quickly becomes apparent that if you allow sportsmen to hunt these animals, then you must have appropriate ammunition available that will dispatch them with a high probability with one shot. If you look at the rounds used in the past to hunt elephants you'll see they are huge are in fact not very common, and the rifles that can fire them are quite expensive, and even more uncommon. And, if you disallow hunting, then you have to reintroduce natural predators for game animal population control; look at New Jersy's experiment with elimination of deer hunting. Famine in the deer population as it grew, increase in disease in the deer population and increase in related vectors that directly and adversly affect other animals and humans.

If you want to change the rights of gun ownership in the US have the courtesy to attack the problem head on. Make an attempt to change the 2d amendment. Legislation that violates the 2d Amendment is just an affront to the legal basis that supports all our laws. When you do, remember that over 50% of US housholds own guns, legally. Guns are _so_ easy to manufacture that a plant in NJ was set up by organized crime and operated for years creating blackmarket firearms. We dropped (in WWII) leaflets showing how with simple mechanics tools a reliable fully automatic weapon (the so called "grease guns") could be made my resistance fighters. Make sure you address all the potential avenues for criminal creation of firearms when you try to make a legal ban of them. And then consider what other rights you have to give up to allow enforcement of those provisions to assure crimminals don't have firearms. And consider those who legally use a firearm in self-defense and assure a way to protect all the citizens all the times. I see very large budget increases for the new police state you'll need to implement this.

Feel free to mode this down along with the parent. Now if only he'd have suggested RFIDs in bullets or handguns ...

Re:Is this secure?

[Xeger]

Given a sufficient amount of money and technical prowess, I'm sure one can build an RFID scanner to defeat this jamming technology. But this raises the bar somewhat, and gives a modicum of privacy assurance for the cost of a single RFID tag.

Think of it like the safety seal on over-the-counter medications. Is that plastic doohicky ironclad proof that some loony hasn't poisoned your NyQuil? Of course not -- there're always ways to tamper with a bottle. But at least the seal raises the bar, so that only persistent and resourceful loonies need apply.

As you say: for the truly paranoid, an active version of this device could do a much better job. Heck, if you're going to the trouble of carrying around a device with batteries, complicated logic and an RF transmitter, you might as well just jam the region of the spectrum that RFID tags like to use.

You can't have it both ways!

[El]

When the drugs are in the bag, RFID readers are blocked. Take them out, they're readable... RSA promises that this new technology will not interfere with the normal operation of RFID systems or allow hackers to use security technology to bypass theft-control systems..." What kind of double speak is this? Look, either the technology blocks reading of RFID tags, or it doesn't. If it does block reading, it enables people to bypass theft control systems. If it does not, it does not protect privacy. It's as simple as that! RSA is trying to convince us their technology is smart enough to tell the difference between an honest drug consumer and a shoplifter?!? WTF?!?

Anti-XRay Specs

[serutan]

Seems to me we are about to be dragged into a consumer privacy Cold War that will make SPAM and computer viruses look like idle fun. How do you want to live?

a) Get used to having your every move recorded in a giant marketing/antiterrorism/conformity database. Ignore little annoyances like being IRS audited every year because you checked the wrong books out of the library.

b) Buy and continuously upgrade your array of privacy-protection technology.

c) Live in a shack in the hills and deal only through barter.

d) Armed revolt.

I don't personally find any of these attractive.