Like any other technology, RFID is not more or less dangerous than others.
The issue is all about its usage.
You will find attached a press release about a "good" way to use it, I got
it while drafting this reply.
Here are some other comments:
1/ Customer profiling
Opponents of RFID tagging say the tags make it theoretically possible to
"profile" a consumer remotely, by linking the data on a garment, for
example, with the purchaser's credit card information via the retailer's
database and then cross-referencing that to the credit card company's
database to obtain a broader picture of buying habits. But that scenario is
unlikely "unless you live in a totalitarian state with a perfect information
architecture-or in a Hollywood movie," quipped Ashton.
This is already done or can be done, without RFID, simply with barcode. When
you go to Wallmarts, use your credit card, or your loyalty card, you can be
tracked.
The only way to avoid this is to have laws forbidding creating such
database. There is such a law in France.
But this does not prevent me receiving spam e-mails from US hotel chains
when I have left them my e-mail address.
2/ the "Kill" command (I would prefer the term "deactivate" )
This is very easy to implement, similar to the Lock command. The only but
major problem is the secure way to do it. In the MIT specs in August 2002,
the "Kill" command was not protected by a password, and I mentioned this
during our meeting in Boston. Apparently the point was well received since
they have added a password.
Which password to use? The same for all the tags? The same for all products
from a given supplier? If you have 20 suppliers for 10,000 products in a
shop, how does this work?
Then the risk is that the password becomes known by hackers, thieves etc..
What the result can be, I don't know.
3/ Protection of data written to the tag
This is the serious part. If the tag stores the P/N of the item and that
this is used to charge the customer when he leaves the shop, it would be a
temptation to have a small reader device that modifies the P/N and/or the
price before going to the cashier. But you can do the same by switching
barcodes, and we know this is done.
4/ Lifetime
In all my contacts with customers and prospects, a key issue was the
lifetime of the tag. Can it survive the product lifetime? The intent is to
store on the tag during the life of the product various information such as
proof of purchase, warranty, date of purchase, repair, etc... A problem that
Mark & Spencers had (has?) is that some persons steeled an article, say a
coat, and then return it asking for reimbursement They have no way to know
whether the product had been paid or not. Their marketing policy was to not
ask for the invoice (proof of purchase). Good or bad policy?
5/ Proof of ownership
Some people may want to write their name on the tag, simply as a proof of
ownership in case their coat is stolen or lost. If the tag is destroyed,
this cannot be done.
Every car has a unique number and a license plate, that can be read by
anyone, the cops in particular. All electronic products have a S/N.
6/ Big Brother
The only risk that can come to my mind is that when I enter a Gap shop they
could read that I have bought a Benneton coat of this model at that date.
Does it really matter? Is there any benefit to them? Do I care? Maybe it
could be a good argument to get a discount.
Conclusion
The destruction (physical or logical) of the tag brings more drawbacks than
benefits. Securing the information is an important aspect that has been
considered and handled within the ISO committees (SC31 and SC17). The
group's researchers developed a password-associated kill command as a part
of its RFID protocol specs. Just as a read, write or be-silent command can
be sent to any RFID tag from a reader, a command could be sent that would
instruct the chip to self-destruct, said Daniel Engels, director of the
Auto-ID Center in Cambridge, Mass. A chip so instructed would either blow a
fuse or set its memory at a value that would render it permanently unable to
communicate.
While the Auto-ID Center's proposed spec issues a standard command to
deactivate the chip, it's up to tag designers to decide how the physical
deactivation will occur, Engels said.
Alien Technology has already developed a kill-command-equipped prototype
chip compliant with the Auto-ID Center's UHF class 1 specification. Matrics,
meanwhile, is working on a prototype based on the UHF class 0 spec, and
Philips' prototype will be based on a 13.56-MHz spec.
Philips' Morgenroth said he doesn't expect a cost premium to accompany the
kill feature.
Bill Allen, marketing and communications manager at Texas Instruments Inc.'s
RFID group, said he believes consumers should be able to opt out of RFID
programs via mechanisms like the kill command, although he called the
worst-case scenarios of privacy breaches "fantasy."
Auto-ID Center's Ashton said that the center has created an independent
policy council to explore the development of a privacy policy. At a minimum,
he said the policy will give the customer the option to kill tags at
checkout.
-----Original Message-----
From: Loic Dachary [mailto:address@hidden
Sent: lundi 19 mai 2003 11:14
To: Berthon, Alain; address@hidden
Cc: address@hidden; Robin Gross; address@hidden
Subject: RFID and privacy
Hi,
I'm about to release a Free Software library to dialog with
RFID transponders. It implements the ISO-15693 derivative used by
Texas Instruments readers as a host/reader protocol as well as the
proprietary protocol used by the 6000 series. It is wrapped into an
abstraction designed to allow the addition of other protocols.
I'm concerned about the possible use of the RFID technology to
harm the privacy of citizens. After a long discussions with people
sharing my concern, we concluded that the best way to counter that
perverse effect was to inform users and developers.
For that purpose I would like to include the text below at
a prominent place in the documentation and in the interactive parts
of the software. I'd very much appreciate your criticisms.
Thanks in advance for your help,
----------------------------------------------------------------------
HELP MAKE RFID USELESS TO BIG BROTHER
The RFID technology is an essential component to implement a world of
total control. Unless citizens and scientists require safeguards, it
can be used by corporations or governments to track and record about
everything. At present (May 2003), this issue is not addressed at all:
corporations are allowed to include RFID tags in any objects they like
and citizens have no way to get rid of them. The standard used to
dialog with a RFID tags (ISO-15693) does not even provide a way to
permanently shut down a RFID tag.
We strongly encourage every citizen, company or government to require
that industry standards are modified to implement safeguards designed
to protect the privacy of every citizen. Statements should be sent to
the standardization group (http://www.wg8.de/) but there is no open
mailing list for this group. The editor of ISO-15693-3 is Alain
Berthon (address@hidden). The webmaster of wg8.de and the editor of
ISO-14443-2 is Michael Hegenbarth (address@hidden). The
statements sent should be friendly : the editors of the standards are
our allies, not our enemies. The editors could use well written
statements to push for functionalities protecting privacy but
aggressive letters would be useless to them. Please cc: every
statement to the address@hidden public mailing list for
<<r-TacMedCS_Navy_Final 05.03.doc>>
r-TacMedCS_Navy_Final 05.03.doc
Description: MS-Word document
--- End Message ---