Utah Leads the Way Toward RFID Privacy Legislation
An anonymous reader writes "Wired News reports that Utah's House of Representatives passed the first-ever RFID privacy bill this week, 47-23. Utah state Rep. David Hogue said that without laws to ensure consumer privacy, retailers will be tempted to match the data gathered by RFID readers with consumers' personal information. 'The RFID industry will carry the technology as far as they can,' said Hogue, sponsor of the Radio Frequency Identification Right to Know Act. 'Marketing people especially are going to love this kind of stuff.'"
I wrote a letter to NewEgg, asking them to stop using HTTP Referrer on their site, because I thought it a privacy concern. Their response: "Unfortunately the HTTP Referrer Header cannot be eliminated because it is an essential tool for our Marketing Department used to monitor where we are getting our web traffic from so that we can improve future campaigns to focus on more specific demographics. Please accept our humblest apologies for any inconvenience." I have tried not to shop at NewEgg ever since, because the idea of gathering information on my web viewing habits WITHOUT informing me, and without my consent, really does bother me.
My main point here though is that this is just one example of how marketing people will do ANYTHING to gather information about people. Without a privacy policy, I think the folks in Utah are right, things like RFID will be used to gather personal information about consumers.
> Is there such a thing as an RFID tag locator?
How about an RFID Reader Card for your laptop or PDA? You can get one for $150.00ish US from Syscan International (http://www.syscan.com). It fits a CF slot or PCMCIA with an adapter.From an article in RFID Journal
http://www.rfidjournal.com/article/articleview/
"The read range is just five to 10 cm (two to four inches). But Striefler says the company is working to extend that. 'We hope to increase the power of the chip to improve its read range.'
Looks like a bold new frontier for interacting creatively with corporate computer systems.
Some mornings it's hardly worth chewing through the restraints to get out of bed.
Incidently... having been a cashier for a bit I can tell you: No one cares when you buy personal kinds of stuff. You wanna buy condoms? Go for it... most people have sex, it's not a big secret. Other than mild amusement when a giggly couple comes thru buying wine and rubbers, I never gave a damn.
One exception, though: Couple cam thru buying wine, condoms, KY, straight razors, rubbing alcohol (!!!), and nothing else. Had a funny look in their eyes... I don't know what they were up to, but the alcohol and razors STILL makes me shudder.
"Faith: Belief without evidence in what is told by one who speaks without knowledge, of things without parallel." - A.B.
Starting from this, building a RFID reader detector should be easy -- know when someone is scanning for tags. After that, if some reader is looking for tags with data, why not give the poor thing some? LOUDLY. Reading the data off of some existing tags should give you an idea of what format data the reader is looking for, especially if they use any CRCs or such to stop someone from feeding the reader arbitrary data. Then feed them arbitrary data. The best part is that you really aren't transmitting with passive RFID, you're just "echoing" the reader's transmission.
The gizmo used in the project is an Atmel e5551. Google for that and you'll find lots of things to read.
One line blog. I hear that they're called Twitters now.