RFID ‘really scary technology’
p2p news / p2pnet: RFID (Radio Frequency IDentification) tags, are, to considerably understate the situation, controversial.
International government, medical, military and other concerns insist RFID is absolutely vital for a host of applications ranging from inventory control to making sure patients get the correct medication.
But privacy advocates are just as vocal.
They say another name for RFID tags is Spy chips >>>>>>>>>>>>>>>>>
RFID, Present and Future
By Edward W. Felten Freedom to Tinker
One of the advantages of teaching in a good university is the opportunity to hear smart students talk to each other about complicated topics. This semester I`m teaching a graduate seminar in technology and privacy, to a group of about ten computer science and electrical engineering students. On Monday the class discussed the future of RFID technology.
The standard scenario for RFID involves affixing a small RFID tag to a consumer product, such as an item of clothing sold at WalMart. (I`m using WalMart as a handy example here; anyone can use RFID.) Each tag has a unique ID number. An RFID reader can use radio signals to determine the ID numbers of any tags that are nearby. WalMart might use an RFID reader to take an inventory of which items are in their store, or which items are in the shopping cart of a customer. This has obvious advantages in streamlining inventory control, which helps WalMart operate more efficiently and sell products at lower prices.
This sounds fine so far, but there is a well-known problem with this scheme. When a customer buys the item and takes it home, the RFID tag is still there, so people may be able to track the customer or learn what he is carrying in his backpack, by scanning him and his possessions for RFID tags. This scares many people.
The risk of post-sale misuse of RFID tags can be mitigated by having WalMart deactivate or kill the tags when the customer buys the tag-containing item. This could be done by sending a special radio code to the tag. On receiving the kill code, the tag would stop operating. (Any practical kill feature would allow a special scanner to detect that a dead tag was present, but not to learn the dead tag`s ID number.)
Killing tags is a fine idea, but perhaps the consumer wants to use the tag for his own purposes. It would be cool if my laundry hamper knew which clothes were in it and could warn me of an impending clean-sock crisis, or if my fridge knew whether it contained any milk and how long that milk had been present. These things are possible if my clothing and food containers have working RFID tags.
One way to get what we want is to have smarter tags that use cryptography to avoid leaking information to outsiders. A smart tag would know the cryptographic key of its owner, and would only respond to requests properly signed by that key; and it would reveal its ID number in such a way that only its owner could understand it. At the checkout stand, WalMart would transfer cryptographic ownership of a tag to the buyer, rather than killing the tag. Any good cryptographer can figure out how to make this work.
The problem at present is that garden-variety RFID tags can`t do fancy crypto. Tags don`t have their own power source but get their power parasitically from an electromagnetic carrier wave broadcast by the reader. This means that the tag has a very limited power budget and very limited time â not nearly enough of either to do serious crypto. Some people argue that the RFID privacy problem is an artifact of these limitations of today`s RFID tags.
If so, that`s good news, because Moore`s Law is increasing the amount of computing we can do with a fixed power or time budget. If Moore`s Law applies to RFID circuits â and it seems that it should â then the time will come in a few years when dirt-cheap RFID tags can do fancy crypto, and therefore can be more privacy-friendly than they are today. The price difference between simple tags and smart tags will be driven toward zero by Moore`s Law, so there won`t be a cost justification for using simpler but less privacy-friendly tags.
But here`s the interesting question: when nicer RFID tags become possible, will people switch over to using them, or will they keep using today`s readable-by-everybody tags? If there`s no real cost difference, there are only two reasons we might not switch. The first is that we are somehow locked in by backward compatibility, so that any switch to a new technology incurs costs that nobody wants to be the first to pay. The second is a kind of social inertia, in which people are so accustomed to accepting the privacy risks of dumber RFID technologies that they don`t insist on improvement. Either of these scenarios could develop, and if they do, we may be locked out from a better technology for quite a while.
Our best hope, perhaps, is that WalMart can benefit from a stronger technology. Current systems are subject to various uses that WalMart may not like. For example, a competitor might use RFID to learn how many of each product WalMart is stocking, or to learn where WalMart customers live. Or a malicious customer might try to kill or impersonate a WalMart tag. Smarter RFID tags can prevent these attacks. Perhaps that will be enough to get WalMart to switch.
Looking further into the future, the privacy implications of small, communicating devices will only get more serious. The seminar read a paper on smart dust, a more futuristic technology involving tiny, computationally sophisticated motes that might some day be scattered across an area, then picked up by passersby, as any dust mote might be. This is a really scary technology, if it`s used for evil.
Today, inventory control and remote tracking come in a single technology called RFID. Tomorrow, they can be separated, so that we can have the benefits of inventory control (for businesses and individuals) without having to subject ourselves to tracking. Tracking will be more possible than ever before, but at least we won`t have to accept tracking as a side-effect of shopping.
==================
Something you think we should know? tips[at]p2pnet.net
October 27th, 2005 at 2:09 pm
hahaha what abunch of paranoid tits, you can just see someone running down the road following people with portable rfid scanners ‘to see whats in their backpacks’ oo better not mug that guy as i cant detect what’s in his backpack – get a life – hahaha this is so funny how paranoid do some people get heheheh
October 27th, 2005 at 4:22 pm
Ha ha ha,,, ha maah ha ha,, ha maah maaah, maah mah maaaah
October 27th, 2005 at 5:29 pm
Hahaha, yeah, ostriches are pretty funny birds! Hahahaha!
October 27th, 2005 at 5:39 pm
Many of the hypothetical scenarios proposed in this article are based on inaccurate assumptions and have no basis in fact. We are years away from goods at Wal-Mart being tagged at the item-level. It has been 3-years in the making for Wal-Mart to simply get their pallets and master cases outfitted with RFID tags, and that initiate is still not complete, and won’t be for at least another 2-5 years.
Furthermore, if one day retailers such as Wal-Mart do ever begin to implement item-level tagging, the information on the tag would simply be a serial number, similar to the number that is represented by a barcode. Should someone even be able to “read” this number, it would be meaningless, only a number, unless he had access to Wal-Mart’s databases. A tag on a shirt will not contain and transmit information such as, “Hanes T-shirt, Blue, Size L,” or any information about the purchaser or anything other than a simple serial number.
Going further with the assumption that item-level tagging will one day be a reality, tags and readers must be precisely configured to communicate with one another, and must operate in an environment that is condusive to the radio signals being transmited. Something as simple as a high humidity environment can make capturing a read impossible. Also, readers generally have a read range of a few inches to about 15 feet. To obtain greater read ranges using RFID technology requires more specialized and high-end tags and readers, which aren’t being used or even considered by retailers today. This severely limits the risk that any old regular Joe is going to be able to purchase an RFID reader and walk around scanning and reading things and getting private information. This fear, as far as I can see, is rather completely unfounded.
If I am to go on to point out futher inaccuracies; it should be noted that there are currently RFID tags available that do carrry their own power supply, so that tags do not require the power supplied by a reader to send out a signal. These tags also already have encryption capabilities and although more expensive, are currently in use in very specialized, security sensitive applications.
It is distressing that there has been so much controvery caused over such a promising technology. Most of the fears people have are based on inaccurate and untrue information, such as this, that is being dispersed about RFID technology. There are actually laws being passed in states, such as California, to inhibit the adotopion of RFID technology in certain industries. RFID has been around and has been in use for decades, without incident, and is only now gaining the attention of the masses because of more prolific implementations, such as Wal-Mart. Nobody has seemed to raise any complaints or have any problems with services such as the Mobile SpeedPass, the EZ Pass toll collection system, or the new MasterCard PayPass now becoming available at smaller retail outlets and McDonald’s drive through windows. All of these services which offers consumers increased convenience and security are based on RFID technology.
October 27th, 2005 at 8:24 pm
The thrust of the story is that people or organizations who have bad intentions could use RFID technology in scary bad ways, just like any other technology… One thing that makes them scary is these devices can be made so small that one might never find them or even know they are carrying them around. I’d be more concerned about three-letter governmental agencies or criminals using covert RFIDs or readers than walmart knowing what kind of deoderant is in my bathroom. You make a good point that RFIDs have many good uses. Are you so naive that you cannot see the possibilty that RFIDs will be used for bad ends as well?
P.S. People running around talking about the sky falling wiil not stop RFID implimentation, but perhaps public awarness may lead to prudent legislation governing their use.
October 27th, 2005 at 9:05 pm
What’s interesting is that RFID will never come in through the front door. Just like cameras on every street corner and BLOGS in every Internet site. They will just begin to appear. As a matter of fact, we will not even know they are there most of the time. I’m a private investor and an actually looking at buying an RFID company as we speak. So what I am looking at right now in the palm of my hand is a ‘chip’ that is literally the size of a grain of sand. It can read and write at 11ms and can store all types of info, including a bio-metric. They will all have crypto, they will be ubiquitous, and they will all be connected to the Internet. So the questions isn’t yes or no. The question is how to we set privacy standards given the inevitable.