Slashdot Mirror
Senator Leahy Calls for RFID Technology Hearings
securitas writes "Vermont Senator Patrick Leahy has called for congressional hearings into radio frequency identification (RFID) technology. The comments were made Mar. 23 to the Georgetown University Law Center's conference on video surveillance technology during a speech titled 'The Dawn of Micro Monitoring: Its Promise, And Its Challenges To Privacy And Security'. Leahy suggested that RFIDs may require federal regulation to ensure the public's privacy rights. Leahy is quoted as saying that the combination of RFIDs, sophisticated databases, networks and the Internet means that, 'We are on the verge of a revolution in micro-monitoring - the capability for the highly detailed, largely automatic, widespread surveillance of our daily lives.' He goes on to say that, 'We need clear communication about the goals, plans, and uses of the technology, so that we can think in advance about the best ways to encourage innovation, while conserving the public's right to privacy.' (Leahy's RFID speech transcript)"
Hopefully, any legislation proposed on protecting privacy can be passed without goobering it up with unrelated riders...
He's calling for hearings. That means that the government is looking out for you. Right?
Or is the government just making gestures so that you will feel better while, they don't really do anything at all? Sorta like airport security.
Have you voted?
Most people don't particularly care that they can potentially be tracked with their purchases. It's already happening now, and the world hasn't come to an end. Bar codes and their scanners hasn't made life worse for anybody.
It's funny to see slashdot, home of tech geeks turn into luddites over some things.
Slashdot Moderation: From positive to terrible in 2 "insightful" posts.
This is a serious issue. The matter of someone being able to monitor everything people do will call into question all manner of legal issues and definitely needs thought before it is implemented.
The issue of what this tech can be used for has so many deep and penetrating details. If RFID tags are in your purchace goods and you check out but they remain active as you drive down the road, can the police access the data without a search warrant? How about a marketing company checking all of the goods and seeing your travels etc. What do we do about Identity Theft here? There are so many issues that need looked into. Doubtless even if we try there are many more we have not even thought of yet.
Civilized people are facing the choice between the individual becoming merely a tool or cog in the Commercial world of the Industrialists or if the Industrialists tools will work for the Individual. Making this decision out of ignorance is not wise.
Never Politically Correct ~ I prefer the facts If you don't like what I say, get a life, or comment yourself.
"We are on the verge of a revolution in micro-monitoring - the capability for the highly detailed, largely automatic, widespread surveillance of our daily lives." And in the next sentence says: "while conserving the public's right to privacy." If I know anything, it's that it can't be both ways...
ALL RFID tags MUST be PERMANENTLY disabled BEFORE a purchased article leaves the premises of the place it was purchased.
It would be a simple, one-sentence law that would solve the entire problem. Of course, our government would rather spend a billion dollars in pork barrel research grants in order to come to the same conclusion... I'm sure there's a Vermont think-tank that is pushing Sen. Leahy for this "investigation"
I still haven't figured out what the big deal about "tracking people's purchases" is all about. I really haven't looked into this much, but I understand that the things can't be read from more than 5 feet away. I mean, if the government is within 5ft of my refrigerator monitoring my pizza bites, I think I have much worse problems than being tracked.
Lets face it, politicians only look at RFID as another form of "postage" for which to collect more taxes.
If the true intent of his "hearings" was to vet the technology, he would have industry experts and companies that are employing RFID today go before him and his council of elders.
What we will see (as so often is the case) is hand wringing and posturing to present this as "evil corrupt corporate" technology.
Never mind the 3M+ dogs that already have them imbedded in their necks.
Never mind the windfall afforded from instant package tracking and location determination it will provide.
Leahy and crew (ala "The Sopranos") are viewing this not with the public's best interest, but, with tax revenue dollars in their eyes.
Expect to pay 1cent per RFID tag in the next 2 years, but have to suffer under 35cents in taxes.
Everyday, death is becoming more appealing that taxes.
Someone should not be required to keep an RFID tag on something valuable just because they may have to get warranty service on it someday.
That's right. Warranty service should be redeemable on a product regardless. However, there are some manufacturers (Netgear comes to mind) who require that you register with them or you don't have a warranty.
It's just like having an RFID tag, imo...
RFID is good technology, with a lot of potential and a number of legitimate uses.
Gotta agree with you there. Some of the potential applications where I think it will be VERY much welcomed include inventory control and shipping (imagine if your FedEx package is tracked by computer instead of having to be barcode scanned)...
Every technology has its upsides and downsides, good uses and bad uses.
personal RFID blockers/jammers, like a keyfob you carry that gives you a privacy zone by jamming the freq. in say a 3' dia. zone around you.
I agree. My worry is not so much monitoring as it is public safety. How do I know twenty years from now my girlfriends/SOs necklace/ring won't have an RFID tag in it saying what it is and how much it's worth. Some shady character comes along, uses his blackmarket scanner to figure out if she's worth mugging and then mugs her.
I know it's a stretch, and I know most petty muggers won't have RFID scanners...
Another example: What's to stop a car jacker from stealing my laptop out of my car while I get a drink or pay for my gas? If he knows it's there then he knows he'll get something more than a few CDs worth out of breaking into my car...
Daniel
No, it's not true.
Retailers are exploring the potential for returning items based on the RFID tag. That requires the tag to remain active while in the customer's possession.
The benefits of using a durable tag are obvious: the retailer won't require a receipt for the return, as it can simply look up the history of the item, figure out how much you paid for it, and whether you paid cash, check or credit card, and return your money correctly.
The drawbacks are unknown (or at least known only to some privacy wonks who are routinely lumped in with the tinfoil hat brigade,) and that's what Senator Leahy says he wants to explore. Right now, major U.S. retailers are looking to invest lots of money in RFID. Once that expensive infrastructure is in place, they will fight hard to keep it. Senator Leahy wants to make sure that these retailers start out with a long-term acceptable solution, rather than wage a battle later.
I find myself mostly agreeing with the Senator Leahy on many issues. He's certainly the most tech-savvy Senator in the nation, and he appears "geek-friendly" in my eyes. I just wish he was the Senator from my state.
John
Well, ideally, RFIDs should be disabled on property after purchase by the consumer, otherwise yes, a lot of information would be leaking.
There is a bill in California right now that sets out to address consumor privacy concerns. NPR also talked about this in the morning. I agree w/ poster #1 with the potential benefits of RFID and despite my liberal and consumer advocate leanings, I am in favor of them. Clearly, however, policy needs to be set for how they will function both in and out of stores/warehouses. Should they be deactivated when leaving a store? At first I thought yes, but then other potential uses are quashed. Suppose your refridgerator could give you an instant inventory? That kind of thing is something i'de like to have someday. A middle ground was proposed by RSA to have a bag that temporarily blocks RFID until you get home. I don't know how good that will work for all situations, though. Like it or not, RFID is coming. The benefits are just too great to ignore. The question is, how will it be regulated? Now is the time for consumers to lobby for legislation dictating how RFID can be used!
Have a Happy.
Only allow people to scan for RFID that match a white list of your own property or property in your care with your consent. Any reading not on a white list must be discarded. Once an item is sold it is no longer their property and must be removed from the white list - with todays pos tech this would be absurdly easy to implement.
And even easier to circumvent. That's like making everyone's root password be "passw0rd", but then requiring peoplle to use ssh clients which will only connect to the "white list" of other computers they have accounts on. You might prevent accidental abuse this way, but the false sense of security will just make malicious abuse easier.
Isn't this a bit complex? If you're planning to lift the garment anyway, why not just lift it the first time and save the energy...
As part of the return process, the garment/tag will be re-added to the inventory. Most (cheap) tags are read-only and only say "I am tag {2575452E-E8D5-42CD-896D-2796C44D2EC6}". When the "customer [or agent thereof]" shoplifts it, the item record matching the tag will now have sold = false, and trigger the alarm. The door reader would only pass tags it doesn't know about or ones with sold = true. (If I was designing it. :^)
One line blog. I hear that they're called Twitters now.
Think of it this way, If you go to the Mall and walk into Abercrombie, and buy a pair of shorts today, then if you took that pair of shorts to the GAP and tried to scan the bar code, you'd end up getting an 'error' code of some sort. Why? Because GAP doesn't care about Abercrombies stuff and they don't KNOW what the code is. Why doesn't the GAP know A&F's code, and what item that code represents? because It's a proprietary network!
Everyone needs to remember, these companies are not interested in the 'open source' world and 'sharing' information the way the /. community is (or big brother).
If all of the companies who are going to start using RFID tags decided to share the exact details of what each code means/represents in a mega database with the government, then yes - it's time to dawn the tinfoil hats... But until the day that these RFID tags are carrying more than just an ID number and arn't encrypted, you should be safe.... All the person with the 'scanner' will know is that someone came in wearing products with XXX_ID and YYY_ID'd items.
Leave it to the guys at 2600 to go around and determine what the ID's represent and then publish the lists...
It's refreshing to finally see so much coherent, sensible discussion of this topic. The conspiracy theories are, quite frankly, beginning to wear thin.
When put into perspective, this technology is like so many before it. The _possibilities_ for misuse are there, but the probability of widespread misuse, considering the implementation hurdles, cost, and effectiveness, is far outweighed by its valid uses.
Besides, there will always be vendors who will not use the technology. If you're really concerned about your "privacy," why waste your energy trying to hold back the tide? Take your dollars to the vendor that makes you more comfortable. You _still_ have the freedom of choice.
so sayeth whereiswaldo:
Examples:
- make RFID tags biodegradable
nice idea, but how do you embed the ciruitry into something that won't either a) think that the circuit is food, or b) evolve the biomass into something non-degradable by normal means?
- make RFID tags readable only a certain number of times before they stop working
this implie's a powersource that could concievably be larger/bulkier than the tag itself, adding circuitry for logic, et al.
all in all, a more expensive proposition.
Nice idea's, but, IMHO, I don't see either of these examples happening.
Sometimes people just have to learn and adapt to change, it is one of the requirements of being a living thing.
And politicians wonder why voter turn out is low? They waste their time and my tax dollars on stupid hearings and debates. Why don't they do something about the patiot act and dmca first? Those are much greater invasions of my privacy than some little electronic tag that will let stores know what kind of jeans I bought.
I remember the uproar on CueCat a few years ago.
Give a slow barcode reader to everyone and then watch them use it.
What prevents a 2nd year EE student from publishing a circuit or code openly on how to read and decode the tags? Is this a DCMCA reverse engineering threat?
Could the Prism wireless chipset which has been hacked already under Linux hit RFIDs with the right signal to get a return signal as a result?
Hopefully Congress will force as a concession that RFIDs strings be freely available I think like ISBN numbers. UPCs I think you have to pay the Databases or license the decodeing algorithm especially ones related in manufacturing and parts cataloging and not Point of Sale IDs. IE the stuff that doesn't get read by a check out scanner.
That's absurd. RFIDs are passive, meaning they have very, very short range (a few inches, couple feet at most). To "scan" a house from the street, you'd need an enormous transmitter/receiver combo, which would generate a tremendous amount of RF noise that would be sure to be noticed in a neighborhood.
Secondly, even if you did manage to get the RFID tag number, how exactly would you "check a UPC database?" FYI, these tags are not like UPC codes. UPC codes are not unique. The first 5 (4?) digits of a UPC code identify the manufacturer, the remaining 5 identify the product. For example, 78492 means "GE", and 87369 means "Washing Machine, model GE T705" (warning: completely fake data, for illustrative purposes only). That info is not that hard to find.
But with RFID, however, each individual washing machine has its own number. So if you scanned a house with an RFID-embedded TV, you'd get a number back, something like 823657489101048392733583323634. I suppose its possible that some of the digits in there would designate a publicly-available manufacturer (so you'd know that whatever you just scanned, it's a "Toshiba" something-or-other), but you wouldn't know whether it was a bigscreen plasma TV, or an alarm clock, unless you had access to Toshiba's private database, which you would not.
"I'm sure it could be hacked into," you say, but OK, if you're rich enough to drive around a neighborhood with a massive, expensive RFID transmitter/receiver, and savvy enough to break into company databases, why are you bothering to steal TV's? Why not break into their Credit Card database instead of their Product database, and save yourself some hassle? Or better yet, wouldn't someone like that likely already be gainfully employed?
Like woodworking? Build your own picture frames.
Cell phones are trackable and individually identifyable. The law shouldn't prohibit sale of Cell Phones. What if you want to buy RFID tracking clothing for your children (lowjack for kids) - fine - but label the item as having said device. Where the device does not explitly depend on the tracking functionality, instructions on how to disable the functionality without damaging your product should be included. (Squeeze this location with a pliar until you hear a faint click, or snap).
O.K. If Wal-Mart want's to sell every piece of merchanise with a permanant RFID tag included - fine, but label each and every item with a sticker or a hanging tag. (I believe their shotgun sales will drop through the floor pretty quick if they do).
Basically, if you have a law that blanket says, that you can sell this without labelling, but can't USE the data - well then you've got a wiretap style law, that can't be enforced; RFID whitelists are too difficult to enfoce (it simply won't happen). It will become a private wiretap issue. Where this scenario, "We know the murderer was in the house, because we got an RFID reading from his sneakers , pants, shirt and underwear," becomes indamissable in court.
If I record my phone calls, nothing can be done to enforce the laws against it - so long as I don't "directly use" those recordings. Same will be true for RFID data readings. Privacy issues will abound anyway - but if I'm buying stuff that can be tracked, let me know.
I work at a gas station, and we have an average sized cigarette rack. Every night, before close, the supervisor has to count all the cigarettes (often this is me). It's a tremendous pain in the ass, there are usually around 1,000 packs of smokes on any given day.
:)
Now, just think if those smokes all had RFID's embedded in the plastic wrapping. Then I could just wave a little wand, and get the readout. It would reduce errors in counting, and it would be faster, too. And if the RFID tag was in the plastic wrapping and not inside the pack of smokes itself, it would get discarded when the customer unwraps the plastic, so nobody would be able to track him with it after he left the store.
So, I guess you could say: I, for one, welcome our new RFID overlords.
Just make sure that all the RFID tags are either a) embedded in the packaging of the product, not the product itself, or b) as a sticker in a prominent location on the product when it has no such packaging. That way the stores get all the benefits of the increased inventory controls of RFID, and the public won't have to worry about any of the potential abuses.
This would also be a great step in the direction of removing all those unsightly barcodes from everything