Slashdot Mirror
RFID Leaders Talk Privacy
An anonymous reader writes "RFID News has released a set of interviews with EPIC, VeriSign, CASPIAN, HP and EPCGlobal on RFID and privacy. From CASPIAN founder Katherine Albrecht: 'In most cases, asking how a company exploring item-level RFID tagging can protect their customers' privacy is like asking a fox how he can best ensure the safety of your chickens.'"
Check it out: RFID Blocker Tag
Wow. There are 4 articles (or at least links) for slashdotters to not read before posting.
Or will the posts be based on the sound bites?
Ok, I give up, why you?
RFID is great and all, but until there is legislation preventing law enforcment from using/viewing the data collected by these companies, I wouldn't go for it.
Buying products with these tags seems like asking to be tracked. I know there are benefits to using them, but I'd rather not volunteer a public record of everything I do while carrying these products. It contradicts the spirit of the privacy rights granted in the constitution.
And other tech that disables the RFID tag at Point of Sale, how the heck is an organization using RFID supposed to prevent other organizations from reading the same tag into a database?
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
OK, so you don't want to get fucked over by the 'evil' (I don't believe a technology can be evil btw, only its uses) that is RFID in the hands of corporates. Simple solution; don't steal stuff from Walmart. If you don't steal items with rfid on them, you won't get hassled. It's an anti-theft device, it's not like they're implanting them in your foreheads.
like asking a fox how he can best ensure the safety of your chickens.
Well, they are your chickens. You must insure that other predators don't eat them. You must keep them penned up and guarded so only you can eat them. You don't want to share those chickens do you? I didn't think so. You kill everything else that might eat them.
Let's see, RFID wise. My business owns that data on Job Blow. Other businesses should be able to use my data to their advantage that would be wrong. I need to have laws implemented so only my business can track my consumers. I need to buy or destory in the stock exchange other businesses that may compete with me.
Your Data will be safe with US, we are contractually obligated to do so!
fine print: In order to keep our technology up to date, we reserve the right to amend, modify, change, alter, append, add, delete, subtract, change, morph, alter, vary, transform, renovate, make over, differ, diverge, rework, revise, adjust or otherwise perform any act similiar to any word or synonym of any word in addition to, but not limited to those listed above, for any reason whatsoever.
"I had to eat the chickens to protect them"
The difference between stupidity and genius is that genius has its limits.
Once firmly implanted beneath the scalp, behind the nape of the neck and/or in the palm of the hand, the RFID chip(s) will enable law enforcement agencies to instantly know your location without the need to task satellites or get involved in wasteful car surveillance. They'll no longer need to burst in to make sure you're in the hotel room with your mistress. They'll know you're in there with her. And since they'll instantly know your exact location, they can be much more respectful of your belongings when they break in (with a court order, of course) and rummage through your stuff. They'll know exactly how long they have so they'll be careful.
Now if they just legally abolish these cumbersome doors (that terrorists so often hide behind while plotting their evil deeds), why I'll be glad to have traded any semblance of liberty for perfect security.
Thank you, Big Brother.
OK, so the new Library in Seattle uses RFID to keep track of their books, and uses an automatic sorting machine to deliver them to the correct location depending on their RFID. I see no harm in that. What next, the Patriot Act will allow the government access to the books you check out, heh.
wow a "tinfoil hat" that I can keep in my pocket. Actually a Tinfoil Forcefield!
Ahhh, RFID. The latest topic that gets some slashdotters panties all in a bunch.
But with RFID at least the store will instantly know what kind of panties they are so you can reorder them.
Tired of buying gifts your wife hates? Unsure exactly what size she wears? RFID is the answer! Put a detector by the door, collect a couple weeks of data, and voila, you have a list of her favorite clothes! Then you can go buy similar items and she'll think you're wonderful and so intuitive about her tastes!
-- If god wanted me to have a sig, he'd have given me a sense of humor.
UPC labels and those little "plus cards",plus credit card numbers equals it's very, very easy to track people's purchasing. If you think they'll come to your house and use an antenna to see what you have inside, forget it. It's way easier to just watch people walking out of the store, and see what they buy, and what car they drive, for example.
stuff |
regarding RFID tags, but one question that never seems to get answered is: What are the range of these tags? If the tags have a range of many miles, I can understand the privacy concerns, but if the tags' range is inside the store or the parking lot, I have a lot of trouble seeing what the big deal is.
their primary purpose is not anti-theft, but is inventory tracking and statistical analysis. The RFID tags are there when you BUY the stuff, and can (and will) be used to track you and the items you've purchased after you consider your interaction with the store to be done.
Its just like the supermarkets with their "discount cards". Which to get one you must give your ph#/name/address etc... (of course you can give bogus information). But now the supermarkets start tracking exactly what you buy and when you buy it....
If I buy a 5lb bag of bran.. should I get a call from the exlax salesman?
1) They are only used on things that are cost effective to track (tags are expensive, about $.25 US to about $200).
2) Not all RFID tags are unique (the same signal could mean two different products).
3) All EPC tags should be unique.
4) RFID is an old technology that is still about 2 years away from being mature.
5) Some types of RFID (i.e. EPC) do not work well on metal or liquids.
6) It's not a matter of the fox ruling the hen house and we own the hens. The fox owns the hens and the hen house and sees this as the best way to manage her inventory. The fox doesn't care what happens to the hen once you buy it (returns excluded).
7) I've had failure rates reported to me of up to 30% with cheap tags out of the box, 10% in the field. This cuts down greatly on the cost effectiveness of the technology.
Disclaimer, I own a Data collection company
Or not.
It is already a regular practice for Police to drive around neighborhoods with thermal scanners. When they come across a house that has a lot more heat, they start an investigation to see if they have an indoor garden.
If the range is as far enough to be detected from inside your house to the street, your privacy is compromized.
Howdy Doodly Doo!
Anybody want some Toast?
Do we have any evidence of that besides the raving of tinfoil-hat loonies? I haven't even heard a convincing argument why companies might want to track items after they leave the store.
How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
The second ammendment is the right to keep and bear arms.
/ am endment04/
/ am endment01/
Freedom from unreasonable search and seizure is in the 4th amendment.
http://caselaw.lp.findlaw.com/data/constitution
Right of the people to freely assemble is in the 1st amendment.
http://caselaw.lp.findlaw.com/data/constitution
"We can't solve problems by using the same kind of thinking we used when we created them." -- Albert Einstein
His most famous prediction, that most website would be funded by Micropayments in 2000 hardly came true.
PJRC: Electronic Projects, 8051 Microcontroller Tools
Present examples like that when talking to retailers. They value their own "privacy". Mall operators hate it when you take pictures of store displays.
If you look at the examples that Albrecht from CASPIAN notes, you'll see from internal discussions by the industry that they already plan on this sort of tracking. They're just looking for ways to counter public pressure and present a positive spin on it.
They will as long as it isn't explicitly illegal because they believe that it will provide them with an enormous amount of information that they can mine to eventual increase sales and sales margins. That's their job. The fact that they are attempting to do this on the backs of our privacy doesn't enter into their conversations.
There is a guy that gives out stickers with copies of the UPC on his Safeway Club Card, which means that there are hundreds (thousands?) of people crediting their purchases to his account.
I think he is a slashdotter and that's how I found his webpage. I don't remember. I might be able to talk, but toasters don't have a whole lot of memory. I should join in and buy lots of embarrassing items. I wonder what his Terrorism Quotient is.
Howdy Doodly Doo!
Anybody want some Toast?
The main fear with RFID is those with power (governments, corporations) will use it against those without (people). In what ways can this be reversed?
Cameras, for example, can be used for facial recognition and tracking, but can also be used to document abuses in prisons.
The ad in the sidebar has an eyechart that reads "PORN SPYWARE INSTANTMESSAGING BANDWIDTH MALICIOUS MOBILECODE INTER..." with a little lens magnifying "P2P".
The text below flashes "Peer-to-peer is clearly a problem." "Stay focused on managing P2P with [OurProduct]" from Websense.
Clearly, an enormous problem.
Bull crap. All you have to do it remove the RFID device from the product after you buy it and all that wacky tracking is automatically disabled.
Its the "slippery slope" argument. You dont get from point A to Z overnight, you go in increments.
Picture a Minority Report scenario with you walking around the mall and getting voice ads targeted at you based on what tags you have. You have a coke in your hand with an RFID tag? Maybe Pepsi will pester you to try a Pepsi, etc..
Personally I like some targeted ads. I use yahoo and gave them accurate information for where I live and I get ads based on my location.
Which would be bad.
Well let's see:
1) To track return of items (both by item and by customer),
2) To offer "enhanced" services to frequent customers (as evidenced by the number and type of RFID tags they have on them entering the store),
3) To offer "enhanced" services to people wearing competitor's RFID tags.
And those are just a few reasons. There are companies already trying to leverage the information that will be available from this data. From the linked website:
"Unheard of means only it's undreamed of yet,
Impossible means not yet done." ~~ Julia Ecklar
And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads:
And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.
Here is wisdom. Let him that hath understanding count the number of the beast: for it is the number of a man; and his number [is] Six hundred threescore [and] six.
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
hmmmm RFID seems to me no real problem. Some people will care, some will not. If you are one that cares then you simply don't buy RFID equip gear or disable them if you do. To remove, locate it, cut it, crush, EMP, or whatever. As a side note these will likely not stand up to 5 sec in a microwave (usefull if you don't have your own EMP for use on clothes or other non metal goods). If you what to get rid of them to steal, then you are on your own as i advocate not stealing.... If they are trying to build them into stuff like laptops and cell phones i actually don't see a problem as these are already traceable by their wireless links.
at the most make them disclose the use of this technology so you can buy intelligently if you desire to avoid it.
The actual range of a RFID tag is infinite assuming line of sight. The problem is the power requirements needed to increase the distance. Assuming they follow an inverse fourth power law (inverse square to send the reader signal, inverse square for the transponder to reply), a tag that could normally be read from 3 feet away using a 5 watt reader could be read over 50 feet away with a 1 megawatt pulse. Note that 1 megawatt-second is roughly 27 kilowatt-hours of energy. It would be possible to extend the range using a directional transmitter and reciever though. Of course, my math might be wrong, but very long range tracking such as by sattelite would require insane amounts of power.
And the inclusion in the soles/linings is from RFID industry sources. If the item is easy to remove/displace like the security patch, then it has little value for the sort of tracking planned.
The problem with technologies like the RFID tags is that we really cannot regulate it until we know what "it" is. We have to have the list of abuses of the technology before regulators have a track record that they can act upon.
It seems to me that pre-emptive regulations generally do not acheive their goals. Often the regulations are influenced by the industry to be regulated. Generally, the regulations block a small firms from entering an industry and end up feeding the monopolies.
Preemptive regulation generally has the effect of rewarding those companies on the inside track of the regulations (the politically connected) whild disenfranchising those who do not have the political connections to the regulators. As such it is best to put off regulation until the industry has matured a little.
Preemptive regulations might be inspired by consumer fears. Lacking an actual history of abuses, the actual process of preemptive regulation tends to be controlled by the industry being regulated. As such, the regulation limits the number of players in a market and often comes up favorable to the companies being regulated.
For example, you might recall several years ago when the House of Representatives considered a spam regulation bill. Without being passed into law, spammers slapped the House Bill number on their ads because the regulation was giving them legitimacy.
Look at Internet porn. There was a great desire among legislators to find a way to block porn from kids. Without serious debates. The preemptive regulators listened to the porn dealers. The porn industry suggested that having a valid credit card number verified a person's age. Getting a credit card number is the first 90% of the battle to actually putting a charge on the credit card. While online news sources do not have a viable funding mechanism, the attempt to regulate an industry gave the porn industry the internet on a silver platter.
Trying to regulate RFID tags in their infancy is likely to simply give an market advantage to the politically connected companies that draft the legislation.
Unfortunately, since RFID tags are tags purchased by businesses for internal business use, the consumer really won't have that much choice about where and when they get used.
Forgive the obvious title. The thing I think a lot of people don't get when they say RFID is like barcodes, is that a barcode is just for a type of object. It's visibly printed on the package. It has to be visible to scan.
RFID will allow companies to have tags embedded into the products, be readable from a short distance without being visible and without knowing it's been scanned, and have the capacity to track individual items.
A bar code scan could show something you what brand Razor Blade you have using UPC if you still had the package. An RFID scan could tell you when the blade was made, when it was sold, who stocked it, when it was shipped, etc and it could be embedded into the blades. Carry it back into the store, purchased or stolen and they could identify you via credit card records.
Just like TiVo, companies will suddenly know exactly who bought what, no more focus groups needed. Regular consumer companies could benefit from this by making inventory easier, and suppliers and manufacturers could use data mining of customer data to know not just how many were sold, but complete demographic data on every person who purchased it. Just connect the databases.
I understand people who say technology is neither good or bad, it depends on how you use it. Still you have to admit that some technology is much more easily applied towards good or bad purposes. Computers make copying easy and almost impossible to stop, just like RFID will make tracking items easy. It seems designed to do all the things privacy advocates dread.
Even now, I bet you can think of 10 web sites that want to sell you something, but do not have any pricing information. Instead, they want to "connect" you with a "representative" (read: salesperson) to "answer your questions" (read: force-feed you more advertising).
Mail? Put "slashdot" in the subject to pass the spam filters.
If you bought any of the items on you with a credit card, or a membership card, or a "discount friendly" card, then the merchant can tie all of those items to you directly (even if you paid for the rest with cash). And they can use that information to create a profile of your purchasing habits.
Since when did Verisign ever care about privacy? Isn't this the parent company that OK'd the sale of millions of email addresses from whois records? I'm not sure if Verisign is in my corner.
is like asking a fox how he can best ensure the safety of your chickens.
I understand the sentiment. However, how safe is asking a former hacker to work on your network security?
It's all about keeping them in line. Privacy legislation. I find nothing wrong with using RFID tags for inventory control, but using the tag and the personal information in, say, the method of payment to track purchases is wrong.
Unlike the bar code, RFID could be bad for your health. RFID supporters envision a world where RFID reader devices are everywhere - in stores, in floors, in doorways, on airplanes -- even in the refrigerators and medicine cabinets of our own homes. In such a world, we and our children would be continually bombarded with electromagnetic energy. Researchers do not know the long-term health effects of chronic exposure to the energy emitted by these reader devices
(Emphasis theirs). Unless they give some numbers on how the reader emissions compare to the thousands of other sources we are being subjected to, that's just baseless speculation, with the old "think of the children" cliche thrown in to tug at our heartstrings. That's usually a good sign that someone doesn't have a real argument to offer.
There's been a trend on slashdot in the last year to talk about "slippery slope" arguments as if it's a valid thing to do. A slippery slope argument is fallacious, by definition.
Although I'm not going to bother replying to everyone who responded to me (as they all say approximately the same things, and yours was the only reasonably-stated one of the bunch), none of the things mentioned require (or are neccessarily made easier) by the tracking of individual items after they leave the store. In fact, they already have a much more powerful tool in credit cards -- because those allow them to link purchasers with everything they bought.
Think about it
I've always got to laugh when people talk about protecting their privacy by giving false information for those grocery store club cards. Virtually nobody pays with cash anymore; don't they realize that if the store is interested in compiling a list of who buys what, they would just identify you by the name on your credit card? RFID paranoia falls into the same category. The stores have good reasons for using it, but as a tool to track you, there's no reason for it.
How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
like asking a fox how he can best ensure the safety of your chickens.
actually, that wouldnt be a bad idea, kinda like asking a hacker how to best secure your systems no? wouldnt the best person to ask be the person with the most knowledge of how to screw your stuff up? that said, this article is more analagous to asking the sleezbag who led the fox to the chicken coop for a price how to bes insure the safety of the chickens, you wouldnt trust him even as far as you could throw him.
--Aaron
"goodbye and hello, as always" ~Prince Corwin, from Zelazny's Amber series
This would be great in many ways. As a 'grunt' at a national chain (not walmart), I love some of the implications of RFID implementation. If you've ever spent a half hour looking for a product in an over-crowded stock room, with a customer impatiently waiting for a bit more than 'just a sec', you know what I mean.
As far as the privacy issues are concerned, some of them can be ammoralated with a simple encryption scheme, which would make checking out what's bought at a competitor's store much harder.
Legislation declaring such signals as 'private' info that needs a warrent to access/read would help reduce the Big Brother syndrome.
As far as getting 'tracked' within a store, how is this different from the security cams that can see (nearly) every inch of the sales floor anyhow?
On the other side of things, if shoplifting becomes far less common, the store looses less money due to 'shrink'(products dissapearing/being dameaged}. This translates to a longer time between price increases (sort of lower consumer prices)
Like with all ideas like this. It's starts out sensably: "It's for a good reason" and "it's only for a few feet" Well that's with *todays* technology. Pan out a few more years (say 20) when RFID is common place. Well, in the meantime the burgeoning now-cashed-up RFID R&D industry has been "improving". Now it's no longer a few feet, it's ...
You get the idea.
Sure it *might* be benign NOW. But it won't take long before it's exended, more and more.
It might sound paranoid, (and hey, that *is* probobly me :-) but time and time a gain has shown that this kind of technology losed it's original limitations over time. And if we're talking computing, then ...*rapidly*.
Like in Orwell's 1984, it's citizens didn't realise they had lost most of their freedoms because they were taken away so incrementally and progressively.
Keep it in a safe place when not in use, like right next to your CoffeeTron Dick Defender
Following links from links from the article, I came across http://www.ti.com/tiris/ which is the list of the RFID equipment that TI is already selling to companies. In fact, their item RI-TRP-RFOB looks exactly like the Mobil SpeedPass that I stopped using a few months ago, although I wonder which version it is- they have a 64-bit read-only, an 80-bit read-write, and an 88-bit read-only with a challenge-response mechanism, all working at 134.2kHz.
Even better (or worse for consumers,) their RI-I01-110A looks a lot like the square "anti-theft" stickers that I've seen on different items at Wal-Mart for years... which leads me to believe that pretty much every Wal-Mart in the country already has RFID readers at the doors, and they just need to install more 13.56MHz tags on/in their merchandise in order to attain their dream of "total retail visibility".
I wonder if the "de-activate" device they have at the cash registers is actually turning off the tag, or if it's just registering the tag as "sold" in a separate computer system which is (as far as you and I know) only being used for loss prevention purposes, and the reader looks up the serial number and recognizes it as sold and therefore doesn't squeal at you when you walk out the door.
I also have an idea for a device I'd like to see on the market, which would read an RFID tag, show you what data is contained in it, and which could "toast" a tag after you get it home- so you could verify that it is indeed shut off. It would have to work with several frequency bands, and would probably have the same low power limits that the in-store readers are limited to (in order to get FCC type-acceptance.) Free idea for a business venture if somebody knows how to build such a beast, and I'll be one of your first customers...