Hacking the RFID Network

An anonymous reader writes "The world's largest retailers are developing the EPC Network as the infrastructure for a global rollout of item-level RFID. In many ways this 'Internet of Things' resembles the ISBN system or CueCat's codes-to-content. But the network built for tracking consumer goods could also be used for intangible items: airline seats, music tracks or service calls."

Sounds like they're working

on overusing this new system

Track music downloads and service calls? That's billions of unique items every year. How many items do these RFID tags support?

Re:Sounds like they're working

[Short+Circuit]

It's a tech industry conspiracy. They've got to find some use for all 64 of those bits. ;)

Re:Sounds like they're working

It is possible for users to deploy up to 20 billion unique transponders.

Google says that in here (maybe here?) there's a claim of supporting up to 550 billion unique ID codes with this manufacturer.

It seems to vary significantly depending on which provider you choose, but that's 91.6 RFIDs per human being on Earth. It's about 1800 RFIDs per human being in the United States.

(PSA of anti-slash)

Re:Sounds like they're working

[taniwha]

actually that sounds like really poor design on someone's behalf - these things are supposed to become ubiquitous - wait 'till McDonalds starts using them for order tracking and the post office for mail tracking/sorting - they'll run out after a few years

Re:Sounds like they're working

[superpulpsicle]

Anyone know what the architecture to this system is? Are they having MS databases and MS windows clusters in the backend?

Re:Sounds like they're working

[Big+Smirk]

Well, there is 96bits on info on the tag (the 64bit tags are already just about dead). The reprogrammable tags (unsecure) will have something like 196 bits of scratch space. Secure tags are laser programmed. Of those 96bits, some are dedicated to the same functions as the old UPC codes. But you can imagine 48 bits as a serial number. There are various EPC standards proposed that will dictate how many bits are dedicated to each data type.

Re:Sounds like they're working

[lawpoop]

I don't think there will be any collision problem if they are re-used. If they are generated randomly, what are the chances that two RFID tags of the same number will meet in space and time? Probably not often enough to worry about, and then the difference should be obvious. A 2008 Post Office receipt vs. a 2021 can of baked beabs.

Re:Sounds like they're working

[Qrlx]

I propose we begin tagging RFID tags with RFID tags, and feed the data into a meta-tracking database.

Re:Sounds like they're working

[taniwha]

maybe not ... but unless the post office can distinguish between a letter currently being routed from the baked beans in a parcel (kind of implies a manufacturer portion to the number in much the way that MAC addresses are handed out)

On the other hand selling RFID stamps kind of makes sense - they don't get postmarked, just used once, and can be used for routing along the way ... urgh - that means that junk mail doesn't even need to print addresses on the outside, just stick a stamp addressed to you .... the downside of course are privacy isues - now the govt has a complete record of everyone who send mail and who they sent it to

Re:Sounds like they're working

[Tongo]

We can only hope. Having these things in an Access databse will be the only way to save our privacy.

Re:Sounds like they're working

[Saeed+al-Sahaf]

The Homeland Security folks are already on this...

Re:Sounds like they're working

[Jahf]

And yet I've known at least 2 people who claim to have had MAC address collisions (without doing things like changing the MAC via ifconfig). So even a manufacturer-doled-out system isn't going to be foolproof.

What might make sense is to reserve a pool that expire every X number of years. Use that for perishables or disposables. Probably would need interim periods between expiration and re-activation.

BTW the cost of putting RFID on mail, at least in the forseeable future, is prohibitive. Not for UPS style packages, but for the standard first class letter the RFID tag manufacturing costs are more than twice the selling price of a stamp. Enough people today have stopped sending postal letters because of the regular increase in the price of stamps, tripling cost (which would be the cost of the stamp today plus the RFID) would hobble the post office.

Re:Sounds like they're working

[hesiod]

> yet I've known at least 2 people who claim to have had MAC address collisions

Make that three. Unfortunately, that happens, although it is very rare. However, how many bits are there in a MAC address? How many bits will there be in the RFIDs? Using totally BS statistics, if the MACs had had one more bit on the right-hand side, you might have only met one person with a collision. If they had 3 more, you probably never would have met one.

Is there a predetermined ID length for the RFIDs?

Re:Sounds like they're working

[Jahf]

I'm going off memory here, so hopefully I'm not too far off.

I believe MAC addresses are 48bit, the current RFID is 64bit and the new RFID spec that is becoming adopter is 96bit.

Not sure though ... and you're right, as long as they are done diligently, you probably won't see collisions as frequently as MAC addresses.

However, in the case of a Wal-Mart warehouse you're talking -millions- of addresses and when you talk to a person who had a MAC collision you're usually talking in the high dozens to low thousands of addresses. So there is at least an order of magnitude of difference in scale between the two.

Then again, will the inventory clerks care all that much about whether a bic pen showed up as a tool chest because of a collision? Probably not as that would be a percentage of a percentage of their inventory and inventory is expected. So perhaps it is pretty much moot unless someone REALLY screws up their tags.

Re:Sounds like they're working

[RossS-G]

Unintentional collisions wouldn't happen: each manufacturer gets a unique ID, and in turn gives each product type, and each instantiation of each product of that type (e.g., this particular 12 oz. can of Coke) a unique serial. Only that particular manufacturer gets to assign codes with its manufacturer ID (or, as EPCglobal calls it, an EPC Manager Number) in it, and presumably won't screw up when it assigns its own IDs to its own products.

Re:Sounds like they're working

[Jahf]

And again I point out that that is exactly what was supposed to happen with MAC addresses. See previous posts. Less likely with RFID, yes, but still not impossible.

The more you know!

[obli]

So that's what the tiny stipes of metal embeded under the protective plastic cover on library books are for...

Re:The more you know!

[mboverload]

No. Those are magnetic strips that trigger the electro-magnetic detectors by the library doors. No RFID, sorry.

Re:The more you know!

[winavr]

Yeah, that's all they are: tiny strips of metal. Not RFID transponders. Do some research.

So this means....

[mboverload]

I can track my porn collection internationally?

Re:So this means....

You mean your pr0n collection?

I've beend oing that for years...

[obli]

I've tagged all my mp3 files with "downloaded from obli" in the comments field to see if one ever returns to me one day (don't know why I would download an mp3 I already have, but hey), maybe I'll see it in a friend's library, maybe someone recognizes the name, who knwos?

Re:I've beend oing that for years...

[AuMatar]

Thats not the worlds smartest idea. If you ever get caught up to by the RIAA, they can use that to prove how many cases of infringement you have.

Re:I've beend oing that for years...

No they can't. Hell, they probably couldn't use it even if the guy used his True Name instead of "obli" - though it'd take more work to get justice done.

Re:I've beend oing that for years...

[lawngnome]

I actually had that happen - when napster got big (ahh the days...) I downloaded a track from a longtime online friend without knowing it - the tag had his nick in it, sure enough it was from him...

Airline seats are intangible?

[Marxist+Hacker+42]

I knew they could be used as flotation devices- but now they're apparently virtual as well. That explains the problem with overselling flights I guess. They're selling VAPORSEATS (tm) (Patent Pending)

Re:Airline seats are intangible?

Nah, it's just a ploy so they can make you
click on an ELUA before you sit down. It won't
just be airline seats, but televisions, computers,
cars, clothing, food, water, air......

Since the article summary is cryptic...

[GillBates0]

this is what I learnt about the system from a cursory read of the article:

What they're saying is that RFID can be applied to intangible information - content rather than the physical media - just like ISBN/Library_of_Congress system uses an identifier for a book rather than an instance of it.

In other words: RFID can be extended to apply to an entire class, rather than instances of it, as is usually done.

Bet somebody'll mention how this is great for pr0n in the next 5 minutes.

Re:Since the article summary is cryptic...

[krgallagher]

Wow! This would be great for p0rn!

Re:Since the article summary is cryptic...

Someone should make a huge database of what all rfid#'s correspond to and make it public, and let people contribute info too. Then everybody can carry a small scanner around and find out a lot about what other people have with them. Might be interesting... WarRFIDing :)

Re:Since the article summary is cryptic...

[ari_j]

Actually, someone beat you by 6 minutes.

By the way, there's a difference between "cryptic" and "written by an idiot". Thanks for answering the question I was about to post, which was: "The story here is what?"

Re:Since the article summary is cryptic...

[iowannaski]

Not quite. He isn't saying that RFID can be applied to itangible items, just that intangible items could use the same nomenclature and share the same namespace as RFID'ed items. While the author suggests that individual music tracks could be given ID codes, he doesn't address the problem of how (or whether) to extend those ID codes to multiple instances of the same music track.

FINALLY

[surreal-maitland]

at least someone will be able to find my remote control

Re:FINALLY

[shut_up_man]

Hey, I'm looking forward to be able to type "grep socks".

Re:FINALLY

[Pieroxy]

Agreed. I would give up all my liberties for a device that would accurately tell me where my remote control is. Last time I found it in the refrigerator. Hopefully I was thirsty and I had beer, I could have left it in there for days...

Re:FINALLY

[overunderunderdone]

Hey, I'm looking forward to be able to type "grep socks".

You got modded "funny" but really that *is* the point.

Re:FINALLY

[fzimper]

Now, that brings up a real useful idea: program laundry machines to refuse to start as long as there are lonely (i.e. only one of a pair) socks in it.

Re:FINALLY

[DMUTPeregrine]

Hey, from bash.org
#5273 +(11741)- [X]
hm. I've lost a machine.. literally _lost_. it responds to ping, it works completely, I just can't figure out where in my apartment it is.
That will be a thing of the past!

Hmmm

RFID presents the same looming threat as bar codes.

What does "hacking" have to do with any of this?

Re:Hmmm

[finkployd]

And what looming threat do bar codes present?

Finkployd

Re:Hmmm

[pilgrim23]

Indeed. Does anyone have links to any sources for info on 1: eliminate or deactivate RFID chips in clothing and other itesm other then the old method of microwave which seems to have an adverse reaction to Andrew Jackson's eyball iirc from an earlier /. on this or: 2: how to tweak, hack, redirect, reprogram, re-tune, reset an RFID so that instead of denoting on the bill of lading that this airline seat is Joe Blow on his way to see his mistress in Newark, rather it is 1000 crates of pampers being shipped to the Wally World in Tampa.

Re:Hmmm

I always thought that RFID was a sneaky threat. Is it possible to loom over someone in a sneaky way?

Re:Hmmm

[Trailwalker]

And what looming threat do bar codes present?

The requirement for shirt, shoes and a minimum age of 18 to be served alcohol.

Re:Hmmm

[mightyJohn]

Hacking has nothing to do with the "looming threat." The story is about using the infrastructure being assembled to make the widescale use of RFID systems possible for other purposes.

Re:Hmmm

[DustMagnet]

RFID presents the same looming threat as bar codes.

The problem with trying to make a point and be funny at the same time is that it's often hard for people to be sure of the point. I'm going to assume you are saying that RFID represents no more threat to consumers than bar codes. I'm also going to say that's not true.

RFID has better range, stealth and uniqueness over bar codes and that makes them a bigger danger. If RFID wasn't more powerful, Walmart wouldn't want it. That extra "power" can be used for good and evil.

I think the benefits far outway the dangers, especially for nerds. If people start wearing RFID chips, it will be a lot more fun than wardriving. Only a fool would argue that RFID chips will never be abused.

Re:Hmmm

[aardvarkjoe]

And what looming threat do bar codes present?

Why, the threat of having them tatooed on your forehead, of course!

Re:Hmmm

[hcdejong]

I worked at an EMC research lab once, and they had a device made from a piezoelectric lighter and a big coil (originally used to measure current). The contraption would fry just about any electronic device held near the coil. Something like this should work with RFID tags, too.

Re:Hmmm

[hesiod]

> Something like this should work with RFID tags, too

How close did it have to be to the tag? Would you first have to find out exactly where the tag was to kill it? (How hard is that, anyway?) I suppose you could just keep zapping different areas until the receiver stopped getting a signal, but that could be rather tedious.

Re:Hmmm

[hesiod]

> Is it possible to loom over someone in a sneaky way?

It is possible, but quite difficult. The main problem is that they are noisy, making it quite difficult to do it sneakily -- especially when the target notices a giant weaving contraption floating above their head.

Re:Hmmm

[hesiod]

> That extra "power" can be used for good and evil.

Excuse me, but put your tinfoil hat back on, buddy. That extra "power" is the ability to read basically the same info without having to physically touch the item. That's about it. Instead of putting the reader an inch away from a specific location printed on a box, you just prance around the warehouse, waving your "wand" to do inventory. Certainly more fun than barcodes.

Also, unless there are RFID readers every 10 feet on every street, there's not much chance of this becoming a threat to civil liberties in any way.

Re:Hmmm

Excuse me, but put your tinfoil hat back on, buddy.

STFU.

Re:Hmmm

[pilgrim23]

Thanks. Now that I know it is possible...time to head to the workbench and see what I can build..

So what happens ....

[taniwha]

if I make my own RFID object that pretends to be other stuff .... maybe lots of other stuff ..... ?

"err sir ... you appear to be stealing an elephant from our store .... err um please turn out your pockets ... wait I was wrong you appear to be carrying the entire housewares department ..."

Re:So what happens ....

[taniwha]

Ok - I was being rather tongue in cheek there ... but seriously what's to stop me walking through a store with an RFID sniffer and playing havoc with someone's inventory system when I exit?

Could anyone who understands RFID perhaps enlighten us about what sorts of security is built into the system?

Re:So what happens ....

[sxtxixtxcxh]

i don't think there's anything legally to stop you from broadcasting rfids... however, getting stopped by security every time you walked in/out of a store would eventually get bothersome... and lose it's fun after the first time.

Re:So what happens ....

[LehiNephi]

My first thoughts were exactly the same. What's to prevent you from building/buying/manufacturing + selling RFID denial-of-service devices? I can see Congress (or the FCC) quickly outlawing such devices, but how hard would it be to build one?

Not only could you drive any Walmart's system into the ground (allowing someone to get away with shoplifting), but you could sabotage someone else, sending them into a no-cameras room for a visit with store security. I confess to some degree of ignorance here, but are there any mechanisms in place in RFID systems to prevent such sabotage/DOS attacks?

One more point--what's to prevent ME from bugging the store and datamining everyone's shopping habits? I imagine an RFID detector would be simple to build, require little power, take little room, be easy to hide by the doors of a store, and would be able to intercept all radio traffic between the RFID tags and store equipment.(/me thinks for a second) Wow, that's kind of scary.

Re:So what happens ....

[taniwha]

might be a great basis for a harassment suit :-) .... "every time I go to Walmart their security people stop me when I leave ... search me in front of my friends .... this is slander of my good name!"

A friend of mine got into a situation a bit like this and was about to sue someone (she just couldn't figure out who) .... people kept cutting up her credit cards and bank cards, BART (magnetic train) tickets would also stop working etc etc when she explained this to me at the movies once my immediate question was "did she have any magnets in her purse?" ... she pulled out a handfull of refrigerator magnets she'd been carrying around for a while ... which was an end to the issue

Re:So what happens ....

[NoMoreNicksLeft]

Personally, I want to build a quiet robot, no more than 3 inches tall (but flat and wide, 2' x 2' or so?). Cover the top with tile look alikes for the store under attack. From a distant B&W security camera, it should be invisible. Drive it around in a 24/7 walmart late at night, having it drag stuff off.

RFID means it can actively search out the things I want it to find, without having to be so heavy on the remote control.

Re:So what happens ....

[hamsterboy]

I work kind of tangentially on my company's RFID products, so I don't know everything. From what I understand, Gen2 tags (shaping up to be the standard) support read, write, and kill operations. Reading can be done by anyone, but writing and killing may have password protection. If the password is not set, anybody can write or kill a tag.

I'm not sure about security on the password exchange, but with how little thought seems to have gone into the other "standards", I wouldn't be surprised if it was plaintext.

Hamster

Re:So what happens ....

[hamsterboy]

Transmission ranges on these things are VERY short. Keep in mind that the FCC regulates how much power you can pump through a reader, and that the tag is powered entirely by this transmission. With an RFID tag mounted to the pricetag on a shirt, you'll be lucky to get 3 feet of transmission. Also, the tag will most likely be killed right after the customer's credit card is charged, so sitting outside the door won't get you any data at all.

In answer to your first question, fairly difficult. You'd need an active device which listens for a query from a reader, and responds as though it were a tag. Also, the tag is just responding with essentially the same data as a barcode; any code that isn't in the master database in the sky will be ignored. And the readers can handle a large number of tags (read rate for some readers is >1000 tags/sec, and will only get better), so a DoS will be pretty difficult. Not something you'd wire-wrap in your garage.

Hamster

Re:So what happens ....

[wrc]

Simple. Once it is ubiquitous, make it illegal to manufacture or sell any device that can interfere. Heck, make it illegal to even tell people how to make such a device.

Hmm. How likely is that to ever happen?

Re:So what happens ....

[HeyLaughingBoy]

-what's to prevent ME from bugging the store and datamining everyone's shopping habits?

Practicality, perhaps? Odds are you don't care about an individual's shopping habits, or you'd be stalking him. So if you need to know what Walmart customers are buying lots of, why not just buy lunch for a Walmart stock clerk and ask him? Easier, and probably a lot more effective.

Re:So what happens ....

So if I coat these things that are the size of a grain of rice with a sticky substance and scatter them on the floor of a public bus...each one with a random ID. Woudnt that kill the usefulness of the system in a couple of days

Re:So what happens ....

[Alexander+Hulpke]

Probably the same as if you would draw your own barcode labels and stick them on items in the supermarket.

Re:So what happens ....

[hamsterboy]

Not really. It would just mean that Wal-Mart's product database would have to be weeded for nonexistant products (which your tags would trigger), and the readers would have to be good at weeding out invalid tags (which they already are).

Also, we're ignoring the antenna length. If the tag has a 1/16" antenna, you'll be lucky to read the tag from two inches away, much less from half the width of the currently-installed gateways.

Hamster

Re:So what happens ....

[DosBubba]

I wouldn't be suprised either. For now, RFID tags are too small to support the processing power needed for encryption and still be cheap enough to be attractive.

Re:So what happens ....

[Thomas+Shaddack]

You can mount an effective DOS. The tags, the collision-resistant ones, are listening for the responses of other tags, and trying to not transmit during them, and retransmitting after a random delay when a collision is detected. The DOS device would have to operate in a very similar way, but force collisions into the transaction - either by listening to the preambles of tag responses and broadcasting impulses at that moment, or by broadcasting series of short pulses or bursts, with less spacing than is the length of the tag response, effectively not giving enough space between the pulses for the tags to provide complete response. Definitely something that can be wirewrapped in a garage, especially with the excellent Microchip PIC or Atmel microcontrollers available for few bucks.

Re:So what happens ....

So, in other words, I really *can* go and do some testing of my 433MHz amplifier and antenna system at full (1500W out) power and not worry about causing Wal-Mart some problems, eh? Kewl...

Re:So what happens ....

[Thomas+Shaddack]

So, in other words, I really *can* go and do some testing of my 433MHz amplifier and antenna system at full (1500W out) power and not worry about causing Wal-Mart some problems, eh? Kewl...

433 MHz is a band for industrial comtrol/communication systems, I don't think it is used for RFID purposes. (I may be wrong, but I think they are typically using lower frequencies.)

But don't worry about Walmart. They cause enough problems around them (car traffic, pollution, waste, damage to previous retail infrastructure...) they deserve some of their own.

Re:So what happens ....

[hesiod]

> I wouldn't be surprised if [an RFID password] was plaintext.

For devices that small, I don't necessarily think that it would be a password, per se, but just a short string of bits. In addition, these things aren't exactly PCs, with the power to handle encryption, so I believe it wouldn't really be a viable option.

More likely, the RFIDs are premade with the n bit security key and if it 'hears' that key, it starts writing the next packet to its own memory, if it reads a respond request, it sends its own ID back.

Re:So what happens ....

[hesiod]

> From a distant B&W security camera, it should be invisible. Drive it around in a 24/7 walmart late at night, having it drag stuff off.

Yes, it may look invisible, but security may become suspicious seeing a stereo walk off by itself.

Re:So what happens ....

[NoMoreNicksLeft]

True. Still would be cool as hell.

Then again, maybe you'd move it really slowly. Figure from midnight until 4am is slow, can it do the entire distance in 4 hours, and would that motion be perceptible?

Re:So what happens ....

I think security would notice the plasma screen waiting to be stepped on in front of the door.

Their "Object Name Service"...

[tcopeland]

...piggybacks on DNS to look up manufacturer info. The spec is here... nifty stuff!

Re:Their "Object Name Service"...

[Wanker]

The research group at MIT that preceded EPC global released GPL reference source code for an ONS client and server which I've been unable to locate online since EPC global took over. All I can recall is that they were on an mit.edu FTP site that was buried about 10 links down in the midst of their research papers. However, I do have the filenames and md5sums in case someone finds a mirror:

ae99d2b01957e827e4b4eea0f5520d6e ons-1.0.tar.gz
596126f77a460818902d4253c3927feb ons-content-server-1.0.tar.gz
b65115d6e619272f998 c01c98ae31f31 ons-server-1.0.tar.gz

It's implemented as patches to the GNU adns server, so their implementation remains GPLed. If you can find the source.

This paper describes ONS in detail:

http://www.autoidlabs.com/whitepapers/MIT-AUTOID -T M-004.pdf

And no doubt, trackable.

[TyrranzzX]

The major shortcoming of RFID tags is not their rollout in stores, it's that they want to do things like weave them into clothing fabric or hide them so you've got to work to get them out. I don't know about you, but that's a bit excessive. Moreso, the range on the tags is an issue; the tag may be tiny, but you can still get a considerable amount of range out of that, look what's possible with GPS.

Then we've got the registering everything idea. If we put RFID tags on everything that can go for 100 feet, and if everything has a unique identification code, then the government can ask for a list of which codes are associated with which objcts. Then, as stuff is baught, you swipe through your drivers lisence and a database is updated with what you have. Combine this with bank account data, wifi hotspots on poles that are constantly pinging devices, garbage trucks equiped with rfid scanning technology, and other pieces of information, and you've got one hell of a spying system. All those evil laws the people in power dream of would be possible.

If there was a law that said the RFID tags could only be put on removable stickers, and must have a range limited to less than 5 feet, then it'd be ok. It's the "weaving them into products" thing that's got everyone upset. Infact, if that weaving thing didn't exist, I think RFID tags would be pretty neat; you could buy a bunch of food and query it through your house, which could download and update a database of recipe's which could be setup on some kind of whacky algoritm that figures out which is going to go bad first.

The only problem there is that as the chips evolve, we'll be throwing small flash cards on em with advertising or more complicated systems of ensuring produce hasn't been tampered with, which if the laws don't change, will require licensing since you're copying; licensing to eat, not a good thing.

AS far as tracking people is conserned, we all know of the mark of the beast, and we all know that tracking accounts with rfid tags is just plain stupid. If you're going to track a person, have them wear a wrist band or something; even the guys on star trek didn't have that little pin thingy embedded in their forhead.

Re:And no doubt, trackable.

[DrEldarion]

The major shortcoming of RFID tags is not their rollout in stores, it's that they want to do things like weave them into clothing fabric or hide them so you've got to work to get them out. I don't know about you, but that's a bit excessive.

Excessive? Consider some of the main usages:

Anti-theft: Easily removable is a bad thing.
Quick checkout: Easily removable is a bad thing.

I don't think it's "excessive" when having them be easily removable defeats the entire purpose for which a lot of stores will use them.

Re:And no doubt, trackable.

We are so far away from tracking at 100 feet - GPS type applications for RFID, that's even crazier. Right now WalMart suppliers are having trouble getting the tags to read on a case of liquid laundry detergent.

Re:And no doubt, trackable.

[chopkins1]

The problem that most retailers are concerned with is not so much tracking you (don't get me wrong that is there) as with preventing shrinkage (i.e. theft).

Having worked in retail, and having had to apply those exploding dye tags and alarm tags on garments as a management type, if I can avoid that pain by having unique RFID tags embedded in the clothes which identify the item, type, size, and serial number of the items, this would save me time and money.

Re:And no doubt, trackable.

In the future, people will build Faraday cages in the walls of their homes.

Also, a whole cottage industry of RFID jammers, spoofers, etc. will spring up. And if the FCC tries to clamp down, it will just become a do-it-yourself thing.

Re:And no doubt, trackable.

[AnodeCathode]

As long as we can continue to obtain rolls of aluminum foil without RFID tags, we should be good to go.

Re:And no doubt, trackable.

[drinkypoo]

Please do not use GPS as an example. The signal for GPS is sent by satellites, presumably with large antennae. The signal for RFID is sent by the RFID tag (at least, the signal you're interested in reading) which has a small antenna and operates with very low power. The GPS [transmission] antenna only needs to handle a certain range of orientations of receiver to sender, and RFID must broadcast omnidirectionally because you cannot guarantee the orientation of the tag.

What scares me is that eventually shoes will have RFID tags in them somewhere, and tires will have them too. This defeats the proxmity problem completely.

Re:And no doubt, trackable.

This is FUD, plain and simple. A tiny bit of research would show you that active RFID tags (that is, those which contain their own batteries and hence are so large as to be unsuitable for retail) work at ranges of about 100 meters. Their primary use will be shipping containers, freight trailers etc.

Passive tags, which are the ones being tried out in retail, generate their RF signal using current induced in them by an RFID interrogator. The power output is so low that the effective range is presently less than 2 feet; beyond that distance the read rates of the tags goes to nearly zeor. Check the specs on the tags.

Maybe if you spent less time perfecting the fit on your tin foil hat you could contribute something useful to the conversation instead of showing the rest of us how paranoid you are.

Re:And no doubt, trackable.

I will market an "RFID Zapper" that has a powerful AC electromagnet in it (just like a bulk videotape eraser) and you can just wave it over your shoes, tires, etc and fry the circuits in them.

Of course, my zapper will cost three times as much as a bulk videotape eraser even though it will be fundamentally the same.

Re:And no doubt, trackable.

[Jane_Dozey]

You can already remove existing anti-theft tags if you don't mind a little hole in the garment you were stealing. Just bring a pair of scissors. But seriously, retailers need to clearly state where the tags is and how to remove it. Sew it into an identifiable tag (like the one with washing instructions) so that the customer can remove it if they wish. Also, state that the product has an RFID chip attached to it.
I wouldn't have a problem with RFID if I could take the tag off of whatever I bought and dispose of it. I don't mind cutting off an extra tag in my clothes if it gives me piece of mind.

Re:And no doubt, trackable.

[TyrranzzX]

If you want to prevent theft, find another way of doing it without invading my privacy. Surely there are other ways.

Re:And no doubt, trackable.

[TyrranzzX]

What was the size of a room and millions of dollers 20 years ago can be baught within a small case for a few hundred. Likewise, what is in a small case will surely fit on a dime in 20 years. That is what I was pointing out.

intangible: airline seats and japanese children!

[sxtxixtxcxh]

http://news.com.com/Japan%20school%20kids%20to%20b e%20tagged%20with%20RFID%20chips/2100-1012_3-52667 00.html

i, for one, welcome our rfid tagged japanese overlords.

Sacramento is HOT HOT HOT, damn olympics

Why not just write your name on a dollar bill like the rest of us?

Services

[scrotch]

Services?!

Tag your plumber.

Re:Services

Upon first read, I saw:
"tag your plumper"

Re:intangible: airline seats and japanese children

[TyrranzzX]

If there's anything to say about the japanese, it's "wow, they're screwed up". If tagging your kid everywhere they go says something, it says "I don't trust you"; and the longer kids aren't trusted with responsability, the less they will be responsable, and if the world is filled with irresponsable people....

Dear lord...that'd be one screwed up place...

Just how intangible ..

[AndroidCat]

.. Are Japanese school children anyway? (Japan school kids to be tagged with RFID chips) Just wait until a stalker hacks that RFID network!

Re:Just how intangible ..

Not that your concern is totally crazy, but note they are only tracked around the school itself. As long as the school itself has good physical security (presumably it would, if implementing this extreme measure), the net effect of kid-tagging would be positive as there is more danger of a kiddie wandering off than of a baddie wandering in & doing harm.

Once the kid's outside of the school, again, the added danger of being scannable by RFID is basically nil since its range is below that needed for facial-recog. anyway.

To say nothing of what this forbodes, it's a reasonable step. Now if only we could plug these things on the PARENTS. While I worked at an all-ages volunteer math tutoring service at the public library, we had plenty of parents ditch their kids on us as babysitters. WTF is wrong with these people?

Re:Just how intangible ..

[character_assassin]

Fortunately, pedophilia and rape fantasies are practically unheard of in Japan.

Re:Just how intangible ..

[AndroidCat]

They have something for those kind of parents: parole monitoring units that strap to their ankle.

Perhaps kidnapping with RFID assist (to check the parents in an income/assets database) is farfetched, but wouldn't it make the start of a great anime plot? Young japanese schoolkid holding a friend's backpack gets kidnapped by mistake ..

Re:Just how intangible ..

[TyrranzzX]

Heheheheee. Oh the good I could do...

ME: Hey little betty, can I buy that nice tracking wrist watch off of you for $50?

Betty: Sure!

Several hours later, standing around in a dark cold alley way in the middle of perverted paedophile-ville.

Pedophile: Dodedo...hey...a small girl, 7 years old, down that cold dark alley way. Don't mind if I do...dodedodedoooo...


Pedophile: Hrmph, it says she's right here.

*Pedophile turns around to find 5 guys, dressed in black assualt gear, brandishing baseball bats and shotguns, one of the guys steps foward*

Angry dude: Hi! Whatcha doin' here in this dark alley way? What'cha doin' by that little girls RFID watch? Why yer pants buldgen?

Pedophile: I was, uh, er, looking for my daughter.

Angry dude: No, that isn't your daughter. Her last name is Kattin, your's is Briar. It also says here on my PDA, that you're a conviced pedophile. You know what pedophiles make, right?

Pedophile: Um...please don't kill me.

Angry dude: Answer the question. You know what pedophiles make right?

Pedophile: No...

Angry dude: They make good trophies; Sean rather like the skulls, although Bill over there likes collecting hair and bones. *Bill all this time has been caressing a hacksaw* John over there, the one with the shovel; he rather likes femurs though, while James tends to like the skin for stuffing purposes and to fertilize his ground with the blood. They say never ever waste a perfectly good pedophile. You know what I like?

Pedophile: No...

*Angry dude gets out a pair of tree branch cutters, the big kind with the 6 inch blade, and a bottle of hard, round objects*

Angry dude: I enjoy collecting these, do you know what they are?

Pedophile: Um...marbles?

Angry dude: Nope, they're balls.

The group of angry men decend on the poor pedophile.

*That night on the news*

Tonight another freshly neutered pedophile was found on lake and palmer avenue, in a alley way hogtied and gagged.

Police chief: There have been several cases of this in the past few months. Apparently the group likes to pay small girls and boys for their wrist watches, which they use to bait and trap, then nueter previously convicted pedophiles, or severly beat new ones. The police have also recieved a plaque from the supposed vigalante's; here it is.

*Plaque is adorned with several pairs of nuts, with the saying: Na Na Na boo boo, we've got more than youu dooo. - Terrorists"

Re:Just how intangible ..

[AndroidCat]

I dunno. Those vending machines with the used schoolgirl underwear .. that's just not right!

Re:Just how intangible ..

[bechthros]

They're born and bred to a society that values money and things above people and feelings, and tells us that if we need things like love, respect, or acceptance, that we can simply go out and buy them. So naturally their concern is for themselves alone. I've never met a screwed-up kid that didn't have some pretty screwed-up parents, and I've met a *lot* of screwed-up kids.

Re:Just how intangible ..

[djdavetrouble]

Fortunately, pedophilia and rape fantasies are practically unheard of in Japan.

I was just about to embark on a flame when my sarcasm sensor finally kicked in, and I remembered all of the rape/schoolgirl shit from their comics. Indeed. They like their young girls in Japan.

RFID/UPC/IP6 ?

[kabocox]

Why doesn't some entity work on a universal system of tracking nearly everything?

I'd like to scan in that barcode at the bottom of a Walmart Reciept and import all the tag information about what I bought to my home database and/or spreadsheet.

ISBN, UPC, VIN are all fairly standard. The artical wants a standard for reusable resellabl items. Bus tickets, subway tickets, airplane tickets, and movie tickets all come to mind.

I'd love to be able to track/search/use all this information for my own personal use. I wouldn't want to have to list it on my IRS returns or to my insurance company. Well, if I'd get a big deduction I wouldn't mind listing it.

Re:RFID/UPC/IP6 ?

I'd love to be able to search all the info on cute girls in the street too (for my personal use *wink* *wink*)...

Mexico's got ya beat!

[Thud457]

Excuse me, but I seem to have misplaced my Attorney General. Have you seen him lying around anywhere?

The solution?

[AMD-lover]

Why bother RFID labels when they're easily destroyed by the spark of a piezo element (like in a lighter)?
Hell, I even destroyed a radio with that (my parents weren't proud of me then....).

Re:intangible: airline seats and japanese children

[Erwos]

"and the longer kids aren't trusted with responsability, the less they will be responsable"

I'm not sure I agree with that one. It ignores the vastly different cultures and the effects they have on people. The Japanese live in a rather different society than you or I.

-Erwos

RFID identity dilution

[nekoniku]

How long are RFID tags (or the databases' links between a person and their stuff) supposed to last?

When people get tired of or wear out their RFID clothes and then give them to Goodwill or sell them through consignment stores, tracking systems will think they're in multiple places at the same time.

So does this mean I should or should *not* start buying all my clothes at the second-hand store when RFID rolls out? :P
nn

Re:RFID identity dilution

[Marxist+Hacker+42]

You mean you aren't already thanks to the abandonment of the American Worker by the Capitalist Pigs?

Re:RFID identity dilution

[Noctris]

What I wonder in all of this is why the hell everybody freaks out @ the thought of being "tracked".. Don't you ever buy stuff with credit cards ? own a phone ? have electricity in your house ? own a mobile/pager ? use the internet ?own a license plate ? Well then , with little creative thinking, they ALREADY can track you.. so why the hell worry about something as an RFID ?

intangible seats?

[scabbers]

why on earth should airline seats be intangible? last time I sat in one it wasn't. I further imagine that the seats not get lost too often and therefore do not need to be tracked..... This whole idea is just nonsense...

Re:intangible seats?

[RossS-G]

Airline seats are real, but they're not "bought" or "sold" (or, in this case, rented or scheduled) with the physical good on hand. What I meant in the article was that there may be a utility to adopting the EPC as a standard reference to saleable things, whether or not there's a physical good to stick an RFID on.

The example of Amazon.com and its Web services API is somewhat relevant to this... Amazon has made it possible for its affiliates to fetch and display book information, if they make a request based on those existing standards, the UPC, EAN or ISBN. It's a shame I can't currently use a UPC universally (and this is what the CueCat folks were aiming at) to fetch product information from the authoritative sources, but the Object Name Service should make that possible for EPCs (which include UPCs and other legacy codes within them). That will dramatically simplify Internet commerce, I think, and expanding EPCs to other areas--including to airline seats--would improve things there as well.

Instead of RFID tracking everything why not..

[Tandoori+Haggis]

simply dictate where you send your products and keep the consumer in one place, like a vat of amneotic fluid. Come to think of it, all those carbon based units churning out 100W of heat and only using less than 10% of their processing power...

Imagine a super beowulf cluster of those...

Er wait...

Mexican Officials Get Chipped

First the Mexicans, Next US!
"Mexico's attorney general said on Monday he had had a microchip inserted under the skin of one of his arms"
... read more here:
http://www.wired.com/news/print/0,1294,64194,00.ht ml

Re:Mexican Officials Get Chipped

The first thing they'll do when they catch him is cut off his arms.

Re:intangible: airline seats and japanese children

[Proud+like+a+god]

We all know where this will end up... you have seen Battle Royale right? ;-)

Re:intangible: airline seats and japanese children

[ch-chuck]

one benefit - an instructor or gym leader will no longer have to do 'roll call', they just check the pc for the door scanner. Here's an Excel spreadsheet of everyone who walked thru the door in the last 10 minutes. Wait, where's Keiko? Ah, she never left the previous classroom.

Open Source RFID

[winavr]

If anybody wants to do something constructive, then help "hack" on the open source RFID C library on Savannah.

A good use for existing RFID tags

[Alaska+Jack]

It's my understanding that a common practice these days is to have microships (which I assume to be RFID tags) injected under the skin of pets, so lost pets can be identified even if they're not wearing collars.

I think a good idea would be to make pet doors that can "learn" to unlock only when certain RFID tags are within 4 or five feet. You could set it for the pets you own, and other pets (and/or other critters) wouldn't be able to get in.

Also, if your pets didn't have the chips implanted, you could just get a chip on a collar.

Alaska Jack

Re:A good use for existing RFID tags

[E-Rock]

Damn, that's a good idea. Not necessarily for RFID, but in general. Too bad someone already beat us to market:

Magnetic

Infrared

Re:A good use for existing RFID tags

Good idea--it's already been implemented. However, it is a little more consumer friendly--your dog or cat gets a collar that unlocks the pet door for them when they get near.

Saw this on a business flight a couple months ago in the SkyMall catalog ($69.95).
Cat Door

Re:A good use for existing RFID tags

[Alaska+Jack]

Yes, I know about the magnetic approach. But it seems to me like an RFID approach would be better and more reliable. Also there is the fact that many pets (again, AFIAK) already have RFID chips implanted in them.

- jc

Re:A good use for existing RFID tags

[absurder]

Here's how to build your pet door.

Buy one of these for $115
http://www.allflex-boulder.com/OemModule.htm
It has TTL serial output that sends the number from the tag in your pet when it's within range.

Here's a pet door made from an automotive window motor, but doesn't use RFID to trigger it.
http://www.parallax.com/html_pages/resources/custa pps/app_doggy_door.asp

Add your favorite microcontroller (a Basic Stamp would do the trick).

Re:A good use for existing RFID tags

[dschuetz]

I think a good idea would be to make pet doors that can "learn" to unlock only when certain RFID tags are within 4 or five feet.

I came VERY close to doing almost exactly this a few years back. We have two cats, each with kidney issues requiring a special diet. The kicker is, they each had their own food, and eating the other's would just make their own problem worse. So we had to pour out their food, stand there and watch them eat, then when it looked like they were done, take it away.

So I was all set to go rip apart some prox cards, get a couple of readers, and figure out how to hook them to those automatic pet feeders (with the timed-opening doors). Fortunately, another company came out with a single food that manages *both* problems, and our cats are now both fat, dumb, and happy. Well, Jake's fat. Elwood's a bit slimmer. They're both fairly dumb, and both quite happy.

Re:A good use for existing RFID tags

[The_REAL_DZA]

"You could set it for the pets you own, and other pets (and/or other critters) wouldn't be able to get in."

Uh, I think you meant "You could set it for the pets you own, and other pets (and/or other critters) wouldn't be able to get in unescorted ." Those of us with those big, friendly (but gullible) dogs would still come home to a "party" every day...

Re:A good use for existing RFID tags

[Alaska+Jack]

Yeah, that's definitely true, and I thought of it while typing my comment. But an RFID-aware pet door, set to unlock only when the chip is *very* close, would still be a big improvement over existing doors.

- AJ

Security at the beginning

[Blindman]

I'll let the philosophers sort out whether the ability to track every object is a good or bad thing. However, I do know that if this system becomes too pervasive without security, this is going to be a big problem in a hurry.

I remember a commercial where a shifty guy walks through a store stuffing things in his jacket, and then walks out of the door to be stopped by security. The guard informs him that he forgot his receipt, hands it to him, and sends him on his way. I'm all for putting checkers out of work, but if such an environment existed, it would also be profitable to spoof the system.

As they are currenly used, I suppose the only profit would be to either disable the tags or somehow make the store think it has already been purchased. That brings me to the next issue. I assume most people have tried to walk out of a store with a purchased tagged item where the checker forgot to take off the tag. It is annoying and embarassing. Imagine if this could happen with every article of clothing that you own because the store database gets screwed up.

Re:Security at the beginning

The commercial mentioned was an Ogilvy & Mather ad produced for IBM in 1999, and called "Checkout Line."

http://www.ogilvy.com/our_work/tvtemplate/superm ar ket.html
(also available on AdCritic)

Re:Security at the beginning

[hamsterboy]

The current generation of RFID tags (Gen2) specifies that tags are to include a "kill" function to avoid just this type of scenario. Basically, if a tag reader issues the "kill" command, the tag destroys itself, and will no longer respond to any reader at all.

There's password protection to avoid the obvious method of theft, but I'm not sure how secure that is. Plus, it would be easily detectable if someone were using an unauthorized reader inside the store; they're literally broadcasting their position and what they're trying to do.

Hamster

Re:Security at the beginning

[Thomas+Shaddack]

Plus, it would be easily detectable if someone were using an unauthorized reader inside the store; they're literally broadcasting their position and what they're trying to do.

If the store is equipped to detect this. You can also use a limited-range transmitter, trading radiated power for distance, and using highly directional antenna, further reducing the necessary radiated power.

Another method is a pulse transmitter keyed by the preamble of the tag response, forcing collision into every tag answer. You don't transmit until the tags in your vicinity are, transmit in similar power intensity (just a tid bit higher), and stop transmitting at the moment the tag read attempt is stopped.

Seek and destroy

[Hannes+Eriksson]

What would be the easiest way to find and/or destroy an RFID tag? Put your new pullover in the microwave oven for 3 seconds?

Is there any way to destroy such a tag embedded in electronics? Would it be possible to make the tag a vital part of the electronics in such a way that its destruction would lead to immediate equipment failure?

Are the signals easy to spoof?

Re:Seek and destroy

[Pastis]

Same idea. What about someone going into the wild with a tool to fry any RFID he/she finds. I would believe some freedom activits capable of doing that.

If your tool doesn't work when your RFID is fried, and some people find a way to multi-fry them in a massive way, that could cause high damage.

Re:Seek and destroy

[oliphaunt]

not only that. I'm sure there will be a market for these "RFID-fryers" once RFID use becomes widespread. If you take a second to look at the story about the METRO Future Store, and you ignore all the paranoid rhetoric but you pay attention to the layout of the RFID readers in the store (here) and the account of the RFID deactivator (here) you'll recognize that the people running the store would be perfectly happy to keep track of every tagged item you bring into the store as well as what you take out. Yes, this is a story about groceries, but they partner with other RFID-using companies. And if the tags are woven into the fabric of your clothes, and they can tie your clothes to you, you can bet that every store you walk into will be able to offer you a personalized shopping experience. Whether or not that is a desireable outcome is left as an exercise for the reader.

But anyhow. In the future where every store in every country has RFID readers at the entrance/exit doors, and individuals can buy RFID readers for less than $100 and use them to read the make of your clothes and the limits on your credit cards from the seat behind you on the subway, the only way you'll be able to protect yourself will be to deactivate the chips yourself. The appliance will be like a microwave- every house will have one, and you'll pop your purchases in it for 30 seconds after you bring them home, to burn out the circuits on the RFID chips.

Can I buy one of these today? If not, (I've always wanted to do this):

1. invent simple push-button RFID burn-out appliance
2. build prototype and sell it
3. ????
4. PROFIT!!!!

Re:Seek and destroy

[Stray7Xi]

It's not a good idea to microwave an object without something to absorb the microwaves (typically water in the food you're cooking). If nothing absorbs the microwaves they may be reflected and damage the magnetron. If you want to destroy RFID's in clothing, you can add a cup of water beside it or something similar while microwaving.

If you're microwaving water beware of superheating

With regard to electronics, RFID's can be remotely killed without the use of a microwave by sending a specific signal. This allows you to target one RFID but not the one adjacent to it. You can be assured there will be consumer devices to kill RFID's. It's a hobby-project I'd like to pursue in future but there's no point until it becomes more standard.

Re:Seek and destroy

[Thomas+Shaddack]

What about someone going into the wild with a tool to fry any RFID he/she finds.

Don't worry, there is a device in development for remote disabling of car engine control computer, using a microwave beam; effectively an EMP gun. I suppose it could be used for frying RFID tags, either on its own, or after tweaking its output frequency to hit the tag's resonance frequency.

We don't have to design anything ourselves. We just have to wait a while, until both RFID and EMP technologies hit the road, then put them against each other.

Re:Seek and destroy

[Hannes+Eriksson]

http://www.spychips.com/metro/scandal-deactivation .html - "This will make the RFID tag useless"

AFAIK only the writable part of only some tags can be written to, not the laser-burned unique ID and all RO tags work till they fail from mechanical stress.

Re:Seek and destroy

[hesiod]

> there is a device in development for remote disabling of car engine control computer,

In other news, Diesel engines are making a comeback!

Im such a nerd...

I use my cuecat for my passwords...

Re:Mexican Officials Get Chipped - Assinine Idea

[hadesan]

Wired Story

Kind of assinine. Now instead of the criminals trying to track him physically so they can assassinate him - they give the criminals the ability hack the Tracking System and follow him in that fashion and find out his patterns...

Pretty stupid... Gonna suck if someone designs a killer robot that homes in on someone's implanted chip

THX-1138

Looks like this is the kind of world we are heading to :\

Re:intangible: airline seats and japanese children

[TyrranzzX]

No, they really don't. Yes, the culture is different, but essentially the same. The japanese culture is crazy, because their value system is completly, utterly, and totally screwed up. Namely, because of what we did to them after world war 2; destroyed most of their culture with industrialism.

Their society is decaying in much the same way ours is. They are a different people, but all people's on the planet have the same values, but different ways of going about it. You can worship a non-existant god, or a gigantic gold statue; the bible and buddist teachings teach the same thing accept in different respects.

Frankly, if you need to track your kid, you've done a poor job of parenting them. A child by the age of 7 or 8 should be able to watch themselves, and by 12 or 13 they should be capable of taking care of themselves; this is how it worked for a few hundred or thousand years in western culture, and if the westerners can do it so can the easterners. If you find that hard to believe, then you shouldn't have kids.

Some kids need to be watched, I will agree, but they shouldn't. With any luck, they'll wise up or eliminate themselves from the gene pool. Hrm, that reminds me of a quote...

"The gene pool is stagnant and I am the minister of chlorine!" - Postal Dude.

Those activists aren't too bright.

[Positive+Charge]

Maybe I'm just spoiled being a hardware engineer, but it seems to me that the people who are crying about these RFID tags and privacy are just plain ignorant.

I can tell you it will be trivially easy to build a jammer for them. Maybe a little harder to build an RF source with enough energy to burn out their cute little itty-bitty diodes. And until they get wise and start putting challenge/responce encryption in them, building a box to spoof them would be a weekend project for your average Radio Shack hobbyist.

Will someone please educate them about the technology so they can devote their time to something that really matters? (If they want something to bitch about, they can read my blog for ideas.)

I might just wait until they're manditory in license plates and walk parking lots blowing them all out, (but probably not being a grownup and all.) Perhaps I should have posted as AC just for suggesting it. (Damned Patriot Act bastards.)

Re:Those activists aren't too bright.

[speclj]

Just wanted to say I enjoyed your blog and have bookmarked it for further entertainment. Your ideas echo nearly verbatim many of the thoughts that I have had about these subjects but am too busy + lazy to blog them. So cheers, keep it going!
BTW, you are a hardware engineer so it may be "trivial" to you but not all. Schematics and parts list would be a neat idea if they really are that simple :)

Re:Those activists aren't too bright.

History says they are doomed to repeat prior failures. Cheap and cheerful RFID will NOT be secure, and if they add all the smartcard smarts and crap, the cost goes upto $2 or more a pop - price gun labels will always be cheaper.

Their challenge/Response protocol better be bigger than 196 bits. Why is it that there are Rolling Electronic Keys for Automobiles again?
How long did CD/DVD keys stay safe? Mag stripes on credit cards safe - I think not.

Offhand, if lasers cut a code, a bit of patience with a microscope - you will be able to read the code.

Muck up the write, or kill sync burst, and consumers will be armed with 100's of their own they can re-program, and ready to wreak havoc, and sprinkle about the 'store'.

RFID may have some use, but not stock control for the purposes of loss prevention.

Now if say, I was given a shopping 'wand', that had a usb or mobile phone bluetooth connection, that read in my shopping list, wishlist, body measurements etc, like a water finding wand, I could find the damm clothes without having to flip through racks. As I walked pass milk in the supermarket, it could go beep. oh dear, rfid shopping wands are now prior art.

Re:Those activists aren't too bright.

Hey, this would be great for the blind, and sight impaired,
And sticking on surgical instruments and swaps, in case the doctors/butchers accidently leave something in, and on hospital medications - especially in British NHS, where actually getting the right medication really is a lottery.

Re:Those activists aren't too bright.

[akajerry]

Well if you do build a devise to fry RFID tags keep it away from your own wireless devices you'll probably fry them too.

One of the biggest implementation problems that exist with RFID today is not other wireless technology interfering with the readers, but rather the readers interfering with other wireless technology. The readers are very bad wireless spectrum hogs. The most common ones work at 915MHz and others use the 2.4GHz range. The readers will effectively jam any other devices in the same band for a range of about 10ft, making a 2.4GHz RFID reader with a built in WiFi link to the corporate database practically impossible. And you don't want a 915KHz reader anywhere near your hospital room.

Re:Those activists aren't too bright.

[hesiod]

> you don't want a 915KHz reader anywhere near your hospital room.

Yeah, it might interfere with your AM radio...

Seriously, why?

Re:Those activists aren't too bright.

[akajerry]

Meant 915MHz, which is in what is known as an ISM (Instrument, Scientific and Medical) band. There are a few ISM bands, but 900MHz is used a lot in medical monitoring devices today.

All these devices share the same band by talking as little as possible, using as little power as possible when they do, both to conserve spectrum and battery life. RFID readers send out a continuous signal using as strong a signal as allowed because that's where the RDIF tag draws its power from. And they aren't equipped with narrow band comb filters either.

Ten people can carry on conservations at once in the same room if they all whisper to the person next to them or wait for breaks in the other conversations to talk. If one persons decided to yell continuously the whole system falls apart.

Re:Those activists aren't too bright.

[hesiod]

> ISM (Instrument, Scientific and Medical) band.

Interesting, I had not known that (and I even work in a hospital, but do not fix the medical EQ). Thanks for the info!

Ask Bill

[DarkHelmet]

How many items do these RFID tags support?

640k items should be enough for everybody

Re:intangible: airline seats and japanese children

[nkh]

They destroyed most of their culture (well I'd say half of it), but it's still on the safest country in the world (if you don't fuck with the yakuza). That's why I don't understand their behaviour. It's maybe because all the parental scheme has disappeared (the father never at home for example).

Sorry . . .

[forand]

it already exists: /. and we all know how well that works at solving even the most basic problem

the bigger lame ass you are

Well, it basically works like an RDIF, but its only one bit (checked in or checked out) not 256 bits. Do some research.

Re:"Excessive? Consider the usages"

[nusratt]

"Consider some of the main usages . . . Anti-theft . . . Quick checkout . . . 'easily-removable' defeats the entire purpose for which a lot of stores will use them."

It's not the merchants' _ostensible_intended_ usages which are excessive, Virginia; it's the _potential_ uses, by corporations, hackers, private snoops, governments, etc.

Jeez, things are going way beyond Ben Franklin's famous saying about trading liberty for security. Lately, I've been seeing way too many of these examples of people being naively willing to short-sightedly throw away privacy, the safety of anonymity, and safeguards against the Ashcrofts of the world -- irreversibly -- not for "security", but MERELY for fscking temporary CONVENIENCE!!

Re:intangible: airline seats and japanese children

NOO!!!!!

Please dear lord nooooo!. This is one evil film.

Re:"FUD" -- not!

[nusratt]

"Passive tags . . . using current induced in them by an RFID interrogator . . . effective range is presently less than 2 feet"

yeah, and now we can all relax, confident in the knowledge that THIS technology will never advance further, right?

"showing the rest of us how paranoid you are"

yes, right along with all those "kooks" at ACLU, eff.org, epic.org . . .

how to make money off all this...

[v1]

Someone needs to make an RFID jammer. A little keychain size device that jams any RFID traffic within one's personal space, rendering any RFID tags you're carrying to be effectively inert. Surely something like this should not be hard to make.

I'd buy one.

Re:how to make money off all this...

It's called a "tin-foil bag", and yes, shoplifters are now using them...

I'd buy one.
Heck, I didn't know Winona Ryder even read slashdot!

Re:how to make money off all this...

[Secrity]

IANAL. A device like that would be illegal to sell in the US, for the same reason that you can't sell telephone jammers. The FCC regulations make it illegal to deliberately interfere with other radio signals (whether licensed or not). On the other hand, I wonder how difficult it would be to build passive RFID jammers. Also if certain types of RFID tags are programmable, how difficult and effective would it be to reprogram them?

Re:how to make money off all this...

[v1]

Well, the FCC makes it illegal to jam OTHERS radio signals. Last I checked, RFID uses somewhat low power RF transmitted by a "receiver" (gate at a store usually) to excite a resonant antenna in the RFID tag, which provides it power to momentarily transmit back to the gate. If one were to interfere with the signal being sent back to the gate, that'd be interfering with your own transmision, and although IANAL either, I'd surmise that's not illegal anymore than assulting yourself is illegal.

A bit off-topic, cel phone jammers are illegal, but are cordless phone jammers? I think when you get into the very-low-power, unregulated bands, there aren't the same stringent rules that there are for the licensed bands.

Re:how to make money off all this...

[hesiod]

> that's not illegal anymore than assulting yourself is illegal.

Unless you are successful at assaulting yourself... Suicide is illegal.

Also, even if assaulting yourself isn't illegal, there's a chance you will be detained anyway -- for psychiatric evaluation.

Re:"FUD" -- not!

The RF power output on a RFID Reader if you made one that could read 100+ feet would start to interfere or render other electronic devices inoperable. The FCC has VERY tight restrictions on devices that put out RF in any form. Besides the fact that unless all the shelving and walls in the store are made of non-ferrous all the metal in stores would interfere with reading the tags.

Not to mention that to get acurate reads from the tags the reader antenae will still have to be with in 8-12 inches of the tag.

Re:"trivially easy to build a jammer"

or in other words: "Well, I have the assembly instructions right here. It just happens to be written in Urdu. Maybe I'm just spoiled being an Urdu speaker, but it seems to me that the people who are crying about these Urdu documents are just plain ignorant. I can tell you it will be trivially easy for you to translate it into English."

The point isn't that it's "trivially easy" to *build*; the point is designing it. Since it's so trivially easy for a hardware engineer, why don't you post a schematic and parts-list for us? Seriously, do it, and I'll build one toot sweet [sic].

Re:ignoramus

[winavr]

Well, it basically works like an RDIF, but its only one bit (checked in or checked out) not 256 bits.

No, it doesn't work like an RFID tag. An RFID tag is an ASIC containing a memory and an antenna, that's either battery powered or inductively powered, then encapsulated. STFW.

RFID Journal FAQ

A metal strip does not identify anything.

Tags are disabled after use

RFID tags can receive a "kill" signal that isn't undoable. When you checkout, the clerk kills the tag.

It is not an immortal beacon of the evil governement to track your oh-so-important person.

Re:Tags are disabled after use

[Hannes+Eriksson]

Of course it's not immortal, but it is a beacon (almost atleast) and an evil government _could_ use it to track any person important enough.

How hard would it be for an evil government to place a reader under every stripe of every zebra crossing, in the middle of every roundabout and under the threshold to every entrance to every single public building in the country? Public transports could also use some tracking devices...

Hook 'em all up on a country-wide radio network, link tracking requests to credit card transactions and gsm positioning (down to 50m accuracy last I checked) and presto, you've got a consumer tracking device.

Good thing these bastards can be blocked quite efficiently with a tin-foil hat.

Re:Tags are disabled after use

[hesiod]

> an evil government _could_ use it to track any person important enough.

... Who happened to be within a 15 foot radius. I think spy satellites are a more likely tracking method.

Re:Tags are disabled after use

[thomn8r]

Hell, they still haven't figured out how to reliably terminate the inventory tags in use now; think about how many times you've seen the alarms go off when someone is walking out of a store with legitimatly purchased items.

Will RFID tags set off alarms if not disarmed? Most likely not. You'll think they're disarmed, though...

Re:Tags are disabled after use

It would cause major problems for WalMart if someone discovered their RFID security code, built a device to kill/deactivate the tags and just walked around the store with it.

Or if they were especially mean, they could just hide the devices in a couple of shopping carts and let the customers do all the work. Just when they think they have all the RFIDs fixed, another customer uses the 'special' shopping cart.... doh!

Re:"FUD" -- not!

"The FCC has VERY tight restrictions on devices that put out RF in any form."

and how inconceivable is it, that readers will eventually be so small and cheap, that they can be placed so densely that you can't avoid being in range (without engaging in behavior that's considered sufficient probable cause to be detained)?

Who was predicting ubiquitous gigabit wifi ten years ago?

RFID for finding all those misplaced things.

[Mike+Van+Pelt]

Truth being said in jest dept: These tags are tiny. I'd love to be able to put one on my wife's glasses, my keys, my cell phone, etc., etc., and yes, most especially the remote controls. Then, with a reader, I could at least get a "warmer... warmer... colder..." guide to where the items were.

Then there's the problem of misplacing the reader. I think I'd want to have it "want" to be in a docking station in a fixed location, and start making noise after a few minutes "away from home".

Re:RFID for finding all those misplaced things.

The tags may be tiny, but the 4" antenna attached to each may be somewhat easy to spot.

Assuming for the moment that we're talking about the passive RFID tags (such as those produced by Alien and Matrics), then the tiny chip on the tag gets its power by receiving the RF signal generated by the transmitter, and uses that power to send back a signal saying "here's my data".
Now assuming the usual inverse square stuff, and allowing that the signal back from the chip is being sent with about 30 dB attenuation, then some simple math (left as an exercise to the student because it's been a while since I did it) should give you some real-world ideas as to the range and reliability of these damned tags. And the size/power of the transmitter needed to energize them. And that's assuming a clean read in the first place, and not having to disambiguate Avogadro's Number of tags in the immediate vicinity of the transmitter. And that doesn't count the tags within 6" of the transmitter that have melted!

Sorry, mate, but I've been working with some of these tags and readers in an industrial environment for a while now. I'm alternately amused and frustrated by the tin-foil-hat brigade and the assertion that someone with a hand-held battery-powered minature device could scan tags reliably from across the room/across the street/from low-earth orbit and figure out where you bought your underwear.

I'd love to tag the cat myself and then track it round the house/neighborhood, but I suspect that the Tesla-esque transmitter on the roof would cause some comment among the neighbors/Dept of Homeland Security (-:

Re:RFID for finding all those misplaced things.

[rtb61]

Perhaps this "Microsoft has been awarded a patent for using human skin as a power conduit and data bus. Patent No. 6,754,472" help you solve that pesky problem. The human body can act as an antenna, i.e. ever tried to tune an indoor TV antenna, dang but ain't the picture always better until you let go of the antenna.

Re:RFID for finding all those misplaced things.

[dschuetz]

and uses that power to send back a signal saying "here's my data".

Wow! Finally, a job for all those who never progressed beyond "Hello, world!"

A good use for existing RFID tags-On the hoof.

"Also, if your pets didn't have the chips implanted, you could just get a chip on a collar."

If ranchers chip their cattle? Does that make them chipped beef?

Re:ignoramus

It identifies that you're trying to steal the book!

Re:"FUD" -- not!

"Passive tags . . . using current induced in them by an RFID interrogator . . . effective range is presently less than 2 feet"
yeah, and now we can all relax, confident in the knowledge that THIS technology will never advance further, right?

Don't be absurd. Of course the technology will evolve. But why would you assume that nothing is being done to on the privacy front? As a matter of fact, the privacy argument is the most interesting non-technical discussion in all of RFID/EPC. But to assume that technical evolution automatically means the death of privacy/birth of Big Brother puts you squarely among the tin-foil hat crowd.

One thing that the RFIDTFHs (RFID TinFoilHats) fail to realize is that your purchases (UNLESS you use only cash) is already in databases. Credit cards, affinity cards, loyalty cards, SpeedPass, real estate, ATM, EZPass etc. data is already being aggregated. The horse is long gone from the barn.

"showing the rest of us how paranoid you are"
yes, right along with all those "kooks" at ACLU, eff.org, epic.org . . .

And I didn't say anything about the groups you mentioned being kooky. I characterized the original poster as paranoid, and that's all I said. To infer from that remark what my views of other groups or individuals might be is faulty reasoning at best and a shopworn debating trick to boot.

The Problem With Mexico...

...is that it's full of Mexicans.

Fucking gross Beaners can't even speak Spanish right.

bad article title

[aggiefalcon01]

Talk about a deceptive article title. I see it, and I think of people hacking an RFID network to find ways to mess with it (which would be good if the network becomes too intrusive). Instead, it's about ways of using the technology, that aren't what we're all thinking about right now.

Re:"FUD" -- not!

[nusratt]

"why would you assume that nothing is being done to on the privacy front?"

I'm not. But little or nothing would be done on that front, if there weren't people voicing concerns. When you make statements like "showing the rest of us how paranoid you are", you belittle the act of expressing those concerns, which the field of rhetoric calls an "ad hominem" argument -- to use your phrase, "a shopworn debating trick".

If you think that the concerns need to be voiced, then say so. OTOH, if you think the concerns are unwarranted, then say so. But don't ridicule someone for expressing concern, then turn around and ridicule them for defending that concern by associating themselves with respected organizations who share that concern.

So, which is it? Do you believe the concern is legit? And if so, then exactly which utterances of other people do you consider to be "paranoid", and why?

"our purchases (UNLESS you use only cash) is already in databases."
I do. And that's why.

"data is already being aggregated. The horse is long gone from the barn."
Even if the horse is presently gone, that's no reason to shoot in its direction and then turn around and demolish the barn. If Samuel Adams and his ilk had had your attitude, the US national Anthem would now be "God Save The Queen".

Perhaps we can agree to elevate this dialogue by shunning the extremes of the spectrum.

better than hacking, would be simply more tags

[CFD339]

No need to shoplift OUT of the store -- walk in and start tossing rfid emiters in coat pockets, bags of socks, other shoppers' carts .....

Overwhelm the system and it becomes useless.

Re:better than hacking, would be simply more tags

[Ernest]

Won't work. Shop will only track it's own.

Server send shop's own (or even department's own) ID over the radio waves, and only RFIDs tagged for this query will respond.

crime is now easier

Imagine driving through the truck stop, or rail yard, 'asking' each truck/car what it's carrying. You can then take only what is of the most value to you.

Re:crime is now easier

[hesiod]

> Imagine driving through the truck stop [...] 'asking' each truck/car what it's carrying.

Oooh, this trailer has 2330343456872389735897634523912389s!!! Kick ass, I've always wanted one!

RFIDs are an ID number, not an invoice. You would need access to the reference database first. You'd be better off opening the trucks & looking than you would trying to figure it out from an RFID.

Unless of course, different companies had different beginning tag digits, then if you get a tag number for BMW, you're set.

You could get an idea of how many items were on there, but if you don't know what the item is, or more importantly how big each one is, the count is pretty useless.

Re:crime is now easier

[hesiod]

> if you get a tag number for BMW, you're set.

... with your brand new box of BMW keychains.

Re:"FUD" -- not!

Gimme a break. The original poster used the phrase 'they want to do things like weave them into clothing fabric or hide them'... That's not so much 'voicing concerns' as it is a page straight out of Classic Paranoia 101. Who are 'they' exactly? The 'Gummit'? Or maybe the Tri-Lateral Commission?

Your statement that 'little or nothing would be done on that front, if there weren't people voicing concerns' is absurb on its face. How can you possibly argue what would be or would not be done in an hypothetical future? Can you not imagine that those who stand to benefit from RFID also have privacy concerns?

RFID Database

[jfmiller]

To get off the tinfoil hat posts for just a second,

What kind of database is going to be able to handle all this information. I've already heard someone say DNS where every company is responcible for tracking their own data and making it searchable, but what about, for example Pepsi. They could potentially produce 1e9 units in a year. Is database technology ready for those kind of numbers?

JFMILLER

Re:RFID Database

[RossS-G]

Why not? The idea with the ONS is that someone (VeriSign, per the contract that EPCglobal let) will run a fairly small (and replicated by others) root service to say, "If you want to know about EPC=XXXXXX..., you need to look over there," and give a pointer to PepsiCo. At PepsiCo (or some agent of PepsiCo's choosing, say IBM, or GXS, or whomever), there'll be services to further parse the request, and direct it to an appropriate target. PepsiCo could choose to construct a single huge database with entries for every tag (associated with every product) it creates, though it need not... that might be broken up among various bottling units, etc... we need to think of "EPC space" as a vast, federated landcape of services.

The elegance of the EPC is that it parses into parts: a part will say, "This EPC was assigned by PepsiCo," a part will say, "It corresponds to this PepsiCo product," and a (fairly large) part will say, "For this PepsiCo product, this particular EPC represents this specific unit."

Re:Mexican Officials Get Chipped - Assinine Idea

[Thomas+Shaddack]

Pretty stupid... Gonna suck if someone designs a killer robot that homes in on someone's implanted chip

More likely implementation: a proximity landmine or a roadside bomb, with his "name" written in. Maybe, with more high-tech adversary, even a homing missile or a drone.

I can pretty well imagine one of those little UAVs that were described here on Slashdot couple weeks ago, autonomous, loaded with a RFID scanner and a small shaped charge (and a camera in order to double as a one of the Eyes in the sky), patroling above the streets and looking for targets, then descending upon them in a suicidal strike.

WRONG, hamsterboy...

Uh... NOT QUITE...

Transmission ranges on the newer tags can be up to 15 feet away with standard FCC licenced readers, dependent upon their antenna size. With present technology, an RFID antenna can be the entire length of the label on the package, using metalic ink printed on the label acting as the antenna. That's EXISTING technology.

The chip itself is very small... what counts is the size of the antenna. With clothing, the antenna could be woven into the elastic strip in your underwear, creating a rather long RFID antenna if you're overweight like me.

In addition, the chips are NOT the same as the barcodes. Barcodes are not unique identifiers. All barcodes on a specific product are the same. RFID chips are unique. No two chips have the same ID. For instance, as a Walmart employee, if I scan a barcode on your underwear package, I can tell it's a Fruit of the Loom, size 38 by checking my Walmart database, and that we sell it for $5.99.

With the RFID chip woven into your shorts, I can tell it's a Fruit of the Loom, size 38, manufactured on 2/1/2004 in Chicago, sold to Walmart on 2/30/2004, sold to John Smith on 3/6/2004 for $5.99, using Mr. Smith's VISA card, number 1234 2555 5555 5544. When Mr. Smith comes back to Walmart wearing our underwear, I know it's him because our doorway RFID scanners picked up his underwear ID tag when he entered the store.

I also know that Mr. Smith's entire purchase history with Walmart and that he must be gaining weight, since last year, he bought the smaller size 32 underwear. So, being the wonderful marketing person I am, I walk up to him and tell him that we've got a sale on Diet products in aisle 7 today.

Welcome to the new marketing world of RFID.

in addition to that....ddos!

screw trying to read them - do a DDOS of *their* readers by constantly pumping a large magnitude signal spike at the store (or in it) so you activate all the RFIDs within (the wide) range of the spike all at once!

you don't need to worry about signal quality or reading signals - just screw it so nobody *else* can use the system.

Re:"FUD" -- not!

[TyrranzzX]

Any moron can figure out "they" refers to the people implimenting and using the technology on the sellers side and governmental side of the affairs. If you interperete that as something else, you need to check your head. If you're insulting it, you are a fool.

I know one thing about the sellers; they are profit driven and they must do so by law. They bribe government officials to pass laws, have no problem knowingly buying goods produced out of slave labour at insane profits, and finally, they have no regard for privacy or human decency, as per evidenced by loyalty cards. In short, their goal is to, quite literally, enslave us. Look at what wallmart does in small towns; they move in and kill the competition, then reduce pay and incrase prices. It's called feudalism; the vassals must work at wallmart and buy from to survive, thus they are slaves.

If we don't make a stand now, and instead of staying alert, allow our senses to be dulled by the consumerist sirens call, they will succeed. I know people like let their guard down or outright reject the obvious in order to be safe; ignore the problem and it won't be there.

Perhaps you didn't notice, but americams have no civil rights left; if the government wasn't evil, they would've left those alone.

You need to do some reading and more importantly, sit down with yourself and logically assess the situation. Prove me wrong; I like being prooven wrong.

Re:"FUD" -- not!

[nusratt]

1. Put away the Jolt Cola.
2. Take ten deep breaths.
3. Review the thread . . .

The originating "FUD" post -- http://slashdot.org/comments.pl?sid=114371&cid=969 1647 -- responded, not to the article OP, but to "And no doubt, trackable"
http://slashdot.org/comments.pl?sid=11 4371&cid=969 1099 -- (admittedly somewhat breathless, scatter-shot, and wanting of a copy-editor).

Nowhere in *that* thread is there any mention of "THEY want to . . . hide them".
He/she did write, 'It's the "weaving them into products" thing that's got everyone upset.'
Can we at least agree on that simple question of fact?
And he/she didn't say that spying was the *intention*, merely that it would make "one hell of a spying system. All those evil laws the people in power dream of would be **possible**."

The referenced "voicing concerns" was *my* post responding to your first "FUD" post, http://slashdot.org/comments.pl?sid=114371&cid=969 1879
And yes, now that I've looked again, I see that you're accurate in saying, "I characterized the **original** poster as paranoid." There might have been less confusion in this thread, if your first "FUD" post had been "reply to"'d the article-OP and not the "And no doubt, trackable".

My comment about how privacy-protection flows from "people voicing concerns" isn't about a "hypothetical future", but about the past. Businesses wouldn't be concerned if consumers didn't object.

Yes, as you say, "those who stand to benefit from RFID" [I presume you mean consumers] "also have privacy concerns" -- which is why I & other posters say, in effect, that it's essential to our privacy, that RFID must be removed from consumer merchandise upon purchase. After purchase, the merchandise's location and use is no one else's business, *regardless* of whether it was bought with a credit-card.
So, let's cut through all the rhetoric and return to the privacy/paranoia issue: DO YOU AGREE OR NOT with the premise of this last paragraph, to wit, "privacy demands the right to *easily* go about our business without having RFID tags accompany our person, our private vehicles, etc."?

Looks expensive...

Hacking RFID on the cheap looks tough. Be prepared to spend a small bundle.

arrogance of the West

If there's anything to say about Westerners, it's: "wow, they're arrogant". Take it from I'm one of them. Let me urge the above author and other Slashdot readers to be cautious when judging a culture as foreign as Japanese. The Japanese put less emphasis on individual responsibility than we do. To them social cohesion is a much greater good so it is no surprise that RFID tagging does not arouse a large amount of concern. The consequences of this different cultural emphasis is that while Japanese people are expected to conform to norms more rigorously than we are, Tokyo is without a doubt the safest large city in the world.

Tin foil pockets anyone?

If I'm not totally ignorant, wrapping something up in a metal casing, for example tin foil, would efficiently stop all radio communication. So if stores have "automatic tellers" charging me by scanning me, why the heck would I not have a pocket lined with tin foil?

Woops, that CF card and new camera just, uh, dropped into my super-pocket...

Use a thermo-bag for your groceries

Those are lined with aluminum :)

But seriously, if you're worried about RFID tags in your clothes, you can always microwave the clothes and destroy the chip. Or you can use an RFID reader to ping the clothes.

A modern day terrorist might enter a big supermarket and set off a microwave bomb which would be totally undetected except for a short burst of static in electronic devices, and all RFID tags everywhere would be dead.

Re:Use a thermo-bag for your groceries

[hesiod]

> A modern day terrorist might enter a big supermarket and set off a microwave bomb

Not to invalidate your opinion in any way, but I seriously doubt Al-Qaida is getting off on the thought of temporarily disrupting the St. Louis WalMart's inventory control system. The effort to make a microwave bomb would be much better spent doing something else. Although, I would prefer they do that over sinking a cruise ship...

Ergh...One question..!

[ducklord]

I don`t understand one thing: if you go in a shop and buy, say, 30-40 different goods, are they tracked all "at the same time" or one by one? That, although it doesn`t seem so important, has a lot to do with our privacy: If the RFID tags can`t be tracked in groups, then when you bring what you bought to your car, when you throw away the garbage it won`t get tracked or, at least, -some- of the things will get tracked, but not the whole bunch. Not being so technical regarding RFID technology, I understand it like "the signals could get mixed" or something... Does it work that way?

Re:Ergh...One question..!

[hesiod]

> I understand it like "the signals could get mixed" or something.

I thought the same thing, but somewhere in this thread, someone explains that they (tags or readers? dunno) can detect a "collision," and if the tag wasn't read correctly, it will resend after a random time (prolly on the order of milliseconds).

Re:Wow

[The_REAL_DZA]

If that happens, won't you be wishing you had replied to that Nigerian prince's e-mails...

Re:intangible: airline seats and japanese children

[The_REAL_DZA]

Well, that's one way to look at it. Another way (the way that I, as a nerd-recently-become-father, am inclined to think of it) is that if your kid disappears (against their will) in a department store or at the park you've got at least as good a chance of finding him/her as you would your LoJack-equipped SUV. Of course, you wouldn't want to advertise to the world that you've got a chip implanted in your kid's arm (like this fool), and it would have to be something that wasn't "always on" but rather could be remotely activated in the event of an emergency (again, sort of like LoJack...)

Re:intangible: airline seats and japanese children

Frankly, if you need to track your kid, you've done a poor job of parenting them. A child by the age of 7 or 8 should be able to watch themselves, and by 12 or 13 they should be capable of taking care of themselves; this is how it worked for a few hundred or thousand years in western culture, and if the westerners can do it so can the easterners. If you find that hard to believe, then you shouldn't have kids.

So that's your take, but how much do you know about life in Japan? I was over there recently and one of my guides was telling me that child kidnapping was a major problem in some of the larger cities. If I worked there and had a schedule which didn't allow me to personally walk my kid to school I'd feel much better watching them online, knowing I could call the police if they suddenly strayed off their normal path and started going 60 miles an hour down a highway. Not wanting your child raped and possibly killed is not 'crazy' by any means.

Re:intangible: airline seats and japanese children

[TyrranzzX]

And who says they can't carry around a 6 inch knife on their side, or learn martial arts? If your kid can run and won't get into some strangers car, as well as walks to school in a group with other kids and doesn't take shorcuts through dark alleyways, chances are they're pretty safe.

Re:"FUD" -- not!

[hesiod]

> DO YOU AGREE OR NOT with the premise of this last paragraph, to wit, "privacy demands the right to *easily* go about our business without having RFID tags accompany our person, our private vehicles, etc."?

I know you weren't asking me, but I do not agree with that statement. Privacy demands the right to go about our business, however we see fit, without having someone TRACKING any tags we might have on our person. Having a GPS device does not automatically make you less private. When a privacy invasion occurs, it's because someone else, without our permission, is tracking that device.

It's a subtle difference, but it is the intentions of another individual that invade privacy, not the fact that it's possible to do so. Of course, making that easier to do (regardless of initial intent) is still a problem, IMO, but the tags aren't the invaders.

Weak Security + Kill Command

It would cause major problems for WalMart if someone discovered their RFID security code, built a device to kill/deactivate the tags and just walked around the store with it.

Or if they were especially mean, they could just hide the devices in a couple of shopping carts and let the customers do all the work. Just when they think they have all the RFIDs fixed, another customer uses the 'special' shopping cart.... doh!

Re:"FUD" -- not!

[nusratt]

Your rights are violated if you're forced to wear a yellow star or pink triangle -- even if the badge is in a non-visible location, and even if "forced" merely means that it's legally permitted, but practically awkward or difficult, to remove the badge. Having a GPS device DOES automatically make you less private, if you haven't *chosen* to have the device.

The right not to be tracked is meaningless without the right to have the *certainty* of not being tracked, i.e. what the courts call "the expectation of privacy". If you can't move about except in the constant presence of tracking devices, and you have no knowledge or control of when the devices are currently tracking you, then that's not privacy.

Programmed by a laser??

And this is scored +5 informative. How about -5 misinformed?

Re:FINALLY, really

[1,$d]

This is actually what I want out of RFID tags!

If they're small enough for me to put on many, many things I own, and if I control the database that maps an ID to a thing, I can walk through my house with an RFID scanner looking for the keys, or the OpenGL book, or my apartment's rental contract, or whatever. Instant pseudo-organization!

There are practical questions:

1. How do we make it quick and easy to tag lots of our things? I want to go tap, tap, tap with a pencil-sized dispenser and tag 3 things.
2. How do we make it easy to record the ID & name of a thing we just tagged? An iPod would hold a lot of data... maybe metadata should be audio, or should be input as audio and converted to text.
3. How can we make it easy to say "I want to find [thing-name]"? Should all data and searches be verbal instead of text? With some speech-to-text, you could tie a lot of your tagged objects to other data: say the name of the song you want and your scanner leads you to the CD.
4. What's a good way to represent the data of tagged stuff? If names of things are audio, is there a best simple fuzzy representation of words? We should be able to say "contract" and find the apartment contract, not my contact lens.
5. What privacy is really required? If I put randomly numbered tags on stuff, nobody can scan my house for the UPC of my solid gold Aibo. But I should be the only one who can make its tag respond. And I cannot go resetting the password on every tag in the house and the storage .
6. Can the tags be made thin and small enough to tag lots of pieces of paper? Hunting for a specific piece of paper in your filing cabinet (the pile on the floor) could become obsolete, or much easier.
7. These ideas are now published here on Slashdot, may have bee mentioned before; we haven't seen them patented (yet). Are there any RFID ideas you want add to this thread, before some evil SOB patents them? ("Method of doing another obvious thing with RFID", patent # 10,438,109,852)