RFID

Summary

Notags seem to be the people taking the lead on this area.

Radio Frequency Identification (RFID) is an item-tagging technology with profound societal implications. Used improperly, RFID has the potential to jeopardize consumer privacy, reduce or eliminate purchasing anonymity, and threaten civil liberties.

RFID tags are tiny computer chips connected to miniature antennae that can be affixed to physical objects. In the most commonly touted applications of RFID, the microchip contains an Electronic Product Code (EPC) with sufficient capacity to provide unique identifiers for all items produced worldwide. When an RFID reader emits a radio signal, tags in the vicinity respond by transmitting their stored data to the reader. With passive (battery-less) RFID tags, read-range can vary from less than an inch to 20-30 feet, while active (self-powered) tags can have a much longer read range. Typically, the data is sent to a distributed computing system involved in, perhaps, supply chain management or inventory control.

Known Applications

National Applications

RFID is used in Biometric passport that are now the only form of passport you can get in the uk. RFID will be included in the UK ID Card. Additionally, RFID tags are used in current US passports.

Commercial Applications

Packaging and Transport

RFID tags are used in earmarking of packages, per contents, distribution target, and furthermore. The information encoded into an RFID tag on a package may be used in the routing of the package to its assigned destination. RFID tags may be applied in the automation of systems within an environment involving a large-scale transport of packages.

Event Tickets

RFID tags may be added into tickets as a preventative measure against bootlegging and forgery.

Authorization of Personnel

Sites have been known to use RFID-tag cards for authorization of entry by personnel.

Pharmaceutical Products

RFID tags are being placed into labels of pharmaceutical products, so as to prevent bootlegging and fraud.

Credit Cards

Some new credit cards have RFID capabilities. MasterCard's PayPass system is used on new Barclaycards and probably other cards too. Wikipedia has more details.

Issues

RFID tags have generated privacy concerns.

The Information Commissioner's Office is the UK's independent public body set up to promote access to official information and to protect personal information. During a Ofcom consultation on RFID said "Where the use of such tags involves the collection, generation or disclosure of personal information then the Act will apply. In particular, this means that individuals should be aware when information about them is being collected and what it will be used for." "We are pleased that a group of industry representatives who have come together to form the UK RFID Council are developing a code of practice on the use of RFID tags and have initiated a dialogue with this office."

European Commission consultation on RFID

RFID Position Statement of Consumer Privacy and Civil Liberties Organizations

Contact less Credit Cards Consumer Report 2006. The report describes the RFID contained in new Visa, Mastercard and American Express cards along with security concerns.

By the end of 2006, it is estimated that between 35 and 50 million credit and debit cards will be contactless and available for use in 25,000-50,000 merchant locations in the United States alone. Many experts are anticipating that this new technology could eventually obsolete the magnetic stripe, at which point all of the world's electronic payments would be contactless.

RFID Tags in People

Some commercial agencies within the US have developed RFID tags that would be injected subcutaneously -- i.e. under a person's skin. At least one agency[1] has developed reader device for the tags -- the premise being, essentially, that doctors would use the tag like as an electronic dog tag, identifying a person within the company's registry of users, the identifiers being indexed as onto to notes about medical allergies, medical history, and furthermore.

Some particularly wry salesmen have proposed that immigrant workers would be tagged with such human-marking RFID devices -- "our tagged immigrant cattle force," would they propose?

Links


Wikipedia has a good neutral introduction, including a summary of the privacy and other issues.

Press

2007-04-03 - ZDNet - European Commission keeping an eye on RFID
Author: Anne Broache
Summary: The European Commission may have decided against imposing new rules on radio frequency identification tags for now, but a top official warned on Monday that regulations are likely if future uses of the technology don't protect fundamental privacy rights.
2007-03-15 - The Register - EC chucks RFID regs back to industry
Author: Joe Fay
Summary: The European Commission effectively handed regulation of RFID to the RFID industry today when it announced the results of last year's consultation on the technology.
2006-11-02 - The Register - US.gov tunes out scathing RFID privacy report
Author: John Leyden
Summary: An external security advisory committee reporting to the US Department of Homeland Security has produced a highlight critical report (PDF) advising against the use of RFID technology in government documents.
2006-10-30 - Wired - Feds Leapfrog RFID Privacy Study
Author: Ryan Singel
Summary: Gov puts RFID in IDs, Despite Damning Report.
2006-10-17 - OUT-LAW.COM - EU mulls RFID privacy laws
Author: John Leyden
Summary: Concern about the privacy implications of using RFID tags need to be overcome if the technology is to gain public acceptance, according to a new EU study.
2006-10-16 - BBC - Radio tags spark privacy worries
Summary: A perceived threat to privacy posed by radio tags has emerged as the main fear in an EU study of the technology.
2006-09-28 - The Register - Shops must use RFID with care
Summary: Shops which use RFID tags and CCTV cameras must tell shoppers every time an RFID tag is used and must tell shoppers how to remove them. The order comes in guidelines produced by the Information Commissioner's Office.
2006-09-27 - OUT-LAW News - Shops must use RFID with care, says Information Commissioner
Summary: Shops which use RFID tags and CCTV cameras must tell shoppers every time an RFID tag is used and must tell shoppers how to remove them. The order comes in guidelines produced by the Information Commissioner's Office.
2006-08-31 - EFF - California Lawmakers Pass Safeguards for Privacy-Leaking RFID Chips
Author: Lee Tien
Summary: Groundbreaking Bill Waits for Governor's Signature. The California State Senate passed tough new privacy safeguards late yesterday for use of "tag and track" devices known as Radio Frequency Identification (RFID) chips embedded in state identification cards. The bill helps ensure that Californians can control the personal information contained on their drivers' licenses, library cards and other important ID documents.
2006-08-17 - News Hour - New Identification Technology Raises Concerns over Privacy
Author: Tom Bearden
Summary: New radio frequency identification, or RFID, technology uses hidden tags to track nearly everything from merchandise to hospital patients but civil libertarians are worried that this technology may be misused and people's privacy violated.
2006-08-12 - ZDNet - On not learning from history
Author: Ed Gottsman
Summary: One use of implantable RFID chips is as replacements for biometric (and other) identification. Implant a chip in your hand and — voilà! — a single flamboyant gesture grants access to your car, home, work, bank account, credit, theater tickets, and so on. At least, that's the vision. Its success hinges on the "uncopy-ability" of an RFID tag–obviously, if someone can remotely make a copy of your tag, then he becomes, for all practical purposes, you…which means that shortly you'll be able to write a book called something like "How I Stopped Worrying and Learned to Love Identity Theft." Imagine, then, the wailing and gnashing of teeth at one implantable biometric RFID chip vendor, one of whose tags has apparently been cloned using little more than a PC and a homebrew antenna...
2006-08-03 - Wired - Hackers Clone E-Passports
Author: Kim Zetter
Summary: A German computer security consultant has shown that he can clone the electronic passports that the United States and other countries are beginning to distribute this year. The cloning news is confirmation for many e-passport critics that RFID chips won't make the documents more secure.
2006-08-03 - Slashdot - Hackers Clone E-Passport
Summary: I guess the sceptical Slashdot community always knew that e-passports are a big waste of time and money; now German security consultants have been able to successfully clone e-passports, even onto building access cards. FTA: 'The whole passport design is totally brain damaged,' Grunwald says. 'From my point of view all of these RFID passports are a huge waste of money. They're not increasing security at all.'
2006-07-22 - Reuters - High-tech cloning
Author: Nic Fulton
Summary: VeriChip claim that their chips implanted in humans are impossible to clone. Two crackers show how to do it in seconds.
2006-07-05 - The Register - EU opens public consultation on RFID
Author: Maxim Kelly
Summary: Fears about new Radio Frequency Identification technology (RFID), have prompted the EU to open a public consultation process.
2006-07-05 - Computer Business Review - EU looks at RFID privacy concerns
Summary: Viviane Reding, the EU Commissioner for Information Society and Media, is turning her attention to the RFID market, specifically looking at the implications of RFID for privacy and the need for safeguards.The Commission has opened an online public consultation of radio frequency identification on how to ensure that the growing use of RFID boosts the competitiveness of the EU economy while safeguarding personal data. On the "Your Voice in Europe" web site, Reding invited people to contribute to the debate, for a "communication planned for December 2006."
Wired - The RFID Hacking Underground
Author: Annalee Newitz
Summary: Many RFID tags have no encryption and will happily transmit their information in the clear if they are active or within range of a reader. Worse yet is that they can be overwritten. Some interesting scenarios and experiments: snagging the code off of a security badge and replaying it to gain access to a secure building; vandalizing library contents by wiping or changing tags on books; changing the prices of items in a grocery or other store; and getting free gas by tweaking the ExxonMobil SpeedPass tags.
Note: Also on Slashdot Real RFID Hacking Scenarios
2006-05-09 - Computing - RFID privacy guidelines established
Author: Arif Mohamed
Summary: A group of IT suppliers and users has issued a set of best practice guidelines on how firms should use consumer information they gather via RFID technology.
2006-04-14 - ZDNet - RFID vulnerable to attacks, researchers say
Author: Tom Espiner
Summary: Talks about DOS attacks and Dutch researchers announcing the successful creation of a virus capable of infecting some RFID tags.
2006-03-23 - Computing - Alton Towers visitors set for RFID ride
Author: Lisa Kelly
Summary: Alton Towers to tag guests. The YourDay in the Park video-capture system will use RFID bracelets to identify wearers, who will be captured on cameras stationed at key rides and attractions around the site.
2006-02-05 - The Sunday Times - The spy in your shopping trolley
Author: Jon Ungoed-Thomas
Summary: Supermarkets are testing new electronic tags that could be used to track shoppers in the store and to keep tabs on goods after customers have taken them home. The surveillance chips have the potential to trace the life of goods “from depot to dustbin”.
2006-01-30 - The Register - 'RFID tag' - the rude words ID card ministers won't say
Author: John Lettice
Summary: For over six months now Burnham, pursued doggedly by MP and ID card opponent Lynne Jones, has been peddling the bizarre conceit that RFID and 'contactless' or 'proximity' chips are entirely different beasts.
2005-04-28 - The Times - Big Brother: the spy in your shopping trolley
Author: Steve Boggan
Summary: Stores are testing tiny ID tags that can transmit details of what you buy, where and how. Useful tool for shoppers, or an unacceptable invasion of privacy?
2005-04-02 - The Times - Child-tracking
'Author: David Rowan
Summary: More controversial is the growing use of radio-frequency "smart tags" to monitor junior's whereabouts. Radio-frequency identification (RFID) tags have been used for some years to track farm animals or domestic pets, but now primary schools and amusement parks are attaching them to little people. Schools in Japan and the United States have been fitting the tags to pupils' name-tags and schoolbags, with scanners built into school gates and classroom doors to read their signals from a distance. One Tokyo school sends parents automatic text messages each time their child steps on or off the bus. The service is particularly popular after a rash of recent media reports of child kidnappings.
2005-02-08 - The Register - World Cup 2006 'abused for mega-surveillance project'
Author: Monika Ermert
Summary: Germany's football authorities have been accused of Big Brother tactics over their decision to incorporate RFID chips into tickets for World Cup 2006.
2004-06-07 - The Times - No place to hide from hi-tech snoopers
Author: Chris Partridge
Summary: One would assume that tracking goods in a supermarket, as opposed to people, would not pose privacy or civil rights problems. But a new generation of high-tech barcode is raising concern over its potential for retailers to track and target customers
Retrieved from "https://wiki.openrightsgroup.org/w/index.php?title=RFID&oldid=23991"