Slashdot Mirror
RFID Leaders Talk Privacy
An anonymous reader writes "RFID News has released a set of interviews with EPIC, VeriSign, CASPIAN, HP and EPCGlobal on RFID and privacy. From CASPIAN founder Katherine Albrecht: 'In most cases, asking how a company exploring item-level RFID tagging can protect their customers' privacy is like asking a fox how he can best ensure the safety of your chickens.'"
Check it out: RFID Blocker Tag
There are many more uses Wal-Mart (and others) are touting for RFID, such as improving returns, inventory control etc. I still hate it, but anti-theft is just the tip of the iceberg.
OK, so the new Library in Seattle uses RFID to keep track of their books, and uses an automatic sorting machine to deliver them to the correct location depending on their RFID. I see no harm in that. What next, the Patriot Act will allow the government access to the books you check out, heh.
UPC labels and those little "plus cards",plus credit card numbers equals it's very, very easy to track people's purchasing. If you think they'll come to your house and use an antenna to see what you have inside, forget it. It's way easier to just watch people walking out of the store, and see what they buy, and what car they drive, for example.
stuff |
1) They are only used on things that are cost effective to track (tags are expensive, about $.25 US to about $200).
2) Not all RFID tags are unique (the same signal could mean two different products).
3) All EPC tags should be unique.
4) RFID is an old technology that is still about 2 years away from being mature.
5) Some types of RFID (i.e. EPC) do not work well on metal or liquids.
6) It's not a matter of the fox ruling the hen house and we own the hens. The fox owns the hens and the hen house and sees this as the best way to manage her inventory. The fox doesn't care what happens to the hen once you buy it (returns excluded).
7) I've had failure rates reported to me of up to 30% with cheap tags out of the box, 10% in the field. This cuts down greatly on the cost effectiveness of the technology.
Disclaimer, I own a Data collection company
There is a guy that gives out stickers with copies of the UPC on his Safeway Club Card, which means that there are hundreds (thousands?) of people crediting their purchases to his account.
I think he is a slashdotter and that's how I found his webpage. I don't remember. I might be able to talk, but toasters don't have a whole lot of memory. I should join in and buy lots of embarrassing items. I wonder what his Terrorism Quotient is.
Howdy Doodly Doo!
Anybody want some Toast?
Well let's see:
1) To track return of items (both by item and by customer),
2) To offer "enhanced" services to frequent customers (as evidenced by the number and type of RFID tags they have on them entering the store),
3) To offer "enhanced" services to people wearing competitor's RFID tags.
And those are just a few reasons. There are companies already trying to leverage the information that will be available from this data. From the linked website:
"Unheard of means only it's undreamed of yet,
Impossible means not yet done." ~~ Julia Ecklar
And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads:
And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.
Here is wisdom. Let him that hath understanding count the number of the beast: for it is the number of a man; and his number [is] Six hundred threescore [and] six.
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
The problem with technologies like the RFID tags is that we really cannot regulate it until we know what "it" is. We have to have the list of abuses of the technology before regulators have a track record that they can act upon.
It seems to me that pre-emptive regulations generally do not acheive their goals. Often the regulations are influenced by the industry to be regulated. Generally, the regulations block a small firms from entering an industry and end up feeding the monopolies.
Preemptive regulation generally has the effect of rewarding those companies on the inside track of the regulations (the politically connected) whild disenfranchising those who do not have the political connections to the regulators. As such it is best to put off regulation until the industry has matured a little.
Preemptive regulations might be inspired by consumer fears. Lacking an actual history of abuses, the actual process of preemptive regulation tends to be controlled by the industry being regulated. As such, the regulation limits the number of players in a market and often comes up favorable to the companies being regulated.
For example, you might recall several years ago when the House of Representatives considered a spam regulation bill. Without being passed into law, spammers slapped the House Bill number on their ads because the regulation was giving them legitimacy.
Look at Internet porn. There was a great desire among legislators to find a way to block porn from kids. Without serious debates. The preemptive regulators listened to the porn dealers. The porn industry suggested that having a valid credit card number verified a person's age. Getting a credit card number is the first 90% of the battle to actually putting a charge on the credit card. While online news sources do not have a viable funding mechanism, the attempt to regulate an industry gave the porn industry the internet on a silver platter.
Trying to regulate RFID tags in their infancy is likely to simply give an market advantage to the politically connected companies that draft the legislation.
Unfortunately, since RFID tags are tags purchased by businesses for internal business use, the consumer really won't have that much choice about where and when they get used.
One of the major selling points of RFID is that the tag itself will not only be the "magic barcode" but it will also serve as a security tag to prevent unpaid-for merchandise from walking out the door. It will save the not-inconsiderable cost of a second tag that exists only for security purposes.
The concerns are that you could be found "guilty by RFID association."
Let's say you're careful about purchasing anonymously, only paying cash for everything -- shirt, shoes, underwear, etc, no matter where you shop. But, if you so much as purchase a single RFID tagged packet of gum with a credit card, and then walk through the scanners at the door, it would be very possible to scan the rest of the RF tags that permeate your clothing, and build up a database of "shirts, shoes, underwear, all associated with a packet of gum purchased by one Ann A Thema, credit card #123-456-789." Then, you change clothes, come back the next day with the same shoes on but a different RFID-tagged pair of pants, shirt, underwear, etc., they can throw all of those items into their Ann A Thema bucket based upon your assoication with the shoes, which they associated with your gum yesterday.
Pretty soon, your entire wardrobe is cataloged by Walmart. One little slip-up and *bam* -- all anonymity is lost.
OK, so Walmart now knows that you came in Friday and purchased a red shirt at 4:23. The bank down the street was robbed by a guy in a new red shirt at 5:15. The cops subpoena every store in the neighborhood that sold shirts on that day. You pop up as a match in WalMart's database, and you then get to spend a day explaining to the police that you were just sitting at home alone at 5:15, you weren't out robbing anybody.
John Ashcroft's wet dreams? Maybe. One thing is it can't happen without RFID. Ordinary barcodes are removed after purchase. But RFID is the tag that keeps on tagging.
John