HAPPY BOOKSGIVING
Use code BOOKSGIVING during checkout to save 40%-55% on books and eBooks. Shop now.
Register your product to gain access to bonus material or receive a coupon.
Discusses the hottest growth in wireless today--RFID, and its controversial technology, business, and policy issues.
° Radio frequency identification (RFID) is shaping the future of global supply chains, and many companies have asked suppliers to begin using RFID tags by 2006.
° Contains advice from experts with major stakeholders in RFID such as Microsoft, Intel, Procter and Gamble, and Texas Instruments.
° Garfinkel is a noted journalist, author, and computer security/ privacy expert.
“RFID is the first important technology of the twenty-first century. That’s an awesome responsibility. How can we know when and how RFID is being used? How can we make sure it is not misused? How can we exercise choice over how it affects us personally? How do we ensure it is safe? This book is a valuable contribution to the ongoing effort to find the answers.”
—From the Foreword by Kevin Ashton, cofounder and former executive director, Auto-ID Center; vice president, ThingMagic Corporation
Radio frequency identification (RFID) technology is rapidly becoming ubiquitous as businesses seek to streamline supply chains and respond to mandates from key customers. But RFID and other new wireless ID technologies raise unprecedented privacy issues. RFID: Applications, Security, and Privacy covers these issues from every angle and viewpoint.
Award-winning technology journalist and privacy expert Simson Garfinkel brings together contributions from every stakeholder community—from RFID suppliers to privacy advocates and beyond. His contributors introduce today’s leading wireless ID technologies, trace their evolution, explain their promise, assess their privacy risks, and evaluate proposed solutions—technical, business, and political. The book also looks beyond RFID, reviewing the privacy implications of Wi-Fi, Bluetooth, smart cards, biometrics, new cell-phone networks, and the ever-evolving Internet. Highlights include
Clear, balanced, and accessible, this is the indispensable primer for everyone involved in RFID: businesses implementing or evaluating RFID; technology suppliers responding to user concerns; and policymakers and privacy advocates who want a deeper understanding of the technology and its implications.
Includes contributions from
AIM Global, Inc.
CASPIAN
Center for Democracy and Technology
EPCglobal, Inc.
The Galecia Group
Gemplus
IDAT Consulting & Education
Institute for the Future
Matrics, Inc.
MIT Computer Science & Artificial Intelligence Laboratory
MIT Media Laboratory
OATSystems
Privacy Journal
The Privacy Rights Clearinghouse
The Procter & Gamble Company
RSA Laboratories
UCLA Department of Geography
Wayne State University Law School
Tracking Avian Flu and Mad Cow: Is RFID Bringing Safer Food to a Store Near You?
Please visit the author's website at
Download the Sample Chapters related to this title.
Foreword.
Preface.
Acknowledgments.
I: PRINCIPLES.
1. Automatic Identification and Data Collection: What the Future Holds.
Introduction
A Brief History of AIDC
The "Industry" That Isn't
The Interconnected World
Clear and Present Benefits
Future Applications
Conclusions
2. Understanding RFID Technology.
Introduction
RFID Technology
RFID Applications
Conclusions
3. A History of the EPC.
Introduction
The Beginning
A Mini-Lecture: The Supply Chain
The Auto-ID Center
Harnessing the Juggernaut
Conclusions
4. RFID and Global Privacy Policy.
Introduction
Definitions of Privacy
Mapping the RFID Discovery Process
Privacy as a Fundamental Human Right
Privacy Through Data Protection Law and Fair Information Practices
Conclusions
5. RFID, Privacy, and Regulation.
Introduction
Some Current and Proposed RFID Applications
Whither Item-Level Tagging?
Understanding RFID's Privacy Threats
Conclusions
6. RFID and the United States Regulatory Landscape.
Introduction
Current State of RFID Policy
RFID Policy Issues
Government Versus Individual Context
Business Versus Individual Context
Industry Leadership
Options for Government Leadership
Snapshot of Current Status
Policy Prescriptions
The Case for, and Limits of, EPCglobal Leadership
Conclusions
7. RFID and Authenticity of Goods.
Introduction
A Few Important Concepts in Authentication
Authenticity of Tags and Authenticity of Goods
Authenticity of Goods and Anticounterfeiting Measures
Authentication of Readers
Authentication of Users Across the Supply Chain (Federation)
Conclusions
8. Location and Identity: A Brief History.
Introduction
Place and Identity in a World of Habits and Symbols
Locational Technologies
Rethinking Identity: Beyond Traits and Names
On RFID
Conclusions
9. Interaction Design for Visible Wireless.
Introduction
The Role of Interaction Design
A Common Vocabulary
Designing and Modifying WID Systems
Conclusions
II: APPLICATIONS.
10. RFID Payments at ExxonMobil.
Introduction
Interview with Joe Giordano, ExxonMobil Corporation
11. Transforming the Battlefield with RFID.
Introduction
Logistics and the Military
Conclusions
12. RFID in the Pharmacy: Q&A with CVS.
Introduction
CVS and Auto-ID
Project Jump Start
RFID in the Store
Making RFID Work: The Back End
13. RFID in Healthcare.
Introduction
Home Eldercare
Challenges
Conclusions
14. Wireless Tracking in the Library: Benefits, Threats, and Responsibilities.
Introduction
RFID System Components and Their Effects in Libraries
RFID Standards
RFID in U.S. Libraries
Best-Practices Guidelines for Library Use of RFID
Conclusions
15. Tracking Livestock with RFID.
Introduction
RFID Has to Prove Itself
Putting RFID to Work
RFID and Livestock Marketing
RFID World Livestock Roundup
III: THREATS.
16. RFID: The Doomsday Scenario.
Introduction
RFID Tags and the EPC Code
A Ubiquitous RFID Reader Network
Watching Everything: RFID and the Four Databases It Will Spawn
Corporate Abuse
Government Abuse
Conclusions
17. Multiple Scenarios for Private-Sector Use of RFID.
Introduction
Scenario 1: "No One Wins"
Scenario 2: "Shangri-La"
Scenario 3: "The Wild West"
Scenario 4: "Trust but Verify"
Conclusions
18. Would Macy's Scan Gimbels?: Competitive Intelligence and RFID.
Introduction
In-Store Scenarios
So, Who Wants to Know?
Conclusions
19. Hacking the Prox Card.
Introduction
Reverse-Engineering the Protocol
Security Implications
Protecting Against These Types of Attacks
Conclusions
20. Bluejacked!
Introduction
Bluetooth
Bluetooth Security and Privacy Attacks
Conclusions
IV: TECHNICAL SOLUTIONS.
21. Technological Approaches to the RFID Privacy Problem.
Introduction
The Technical Challenges of RFID Privacy
Blocker Tags
Soft Blocking
Signal-to-Noise Measurement
Tags with Pseudonyms
Corporate Privacy
Technology and Policy
Conclusions
22. Randomization: Another Approach to Robust RFID Security.
Introduction
The Problems in RFID Security
Conclusions
23. Killing, Recoding, and Beyond.
Introduction
RFID Recoding and Infomediaries
Infrastructure Issues
Conclusions
V: STAKEHOLDER PERSPECTIVES.
24. Texas Instruments: Lessons from Successful RFID Applications.
Introduction
Toll Tracking: Who Knows Where You Are Going?
Contactless Payment: Are Safeguards Already in Place?
RFID and Automotive Anti-Theft: Staying Ahead of the Security Curve
How and What We Communicate
Conclusions
25. Gemplus: Smart Cards and Wireless Cards.
Introduction
What Is a Smart Card?
Smart Card Communication and Command Format
Card Life Cycle
Smart Card Applications
"Contactless" Cards
Protocols and Secure Communication Schemes
Constraints of Contactless Products
Contactless Products and the Contact Interface
Conclusions
26. NCR: RFID in Retail.
Introduction
Payment Applications
Inventory Management Applications
Hybrid Scanners
Privacy Concerns
RFID Portal
Conclusions
27. P&G: RFID and Privacy in the Supply Chain.
Introduction
Procter & Gamble's Position
RFID Technology and the Supply Chain
Global Guidelines for EPC Usage
Conclusions
28. Citizens: Getting at Our Real Concerns.
Introduction
Prior to the Point of Sale
After the Point of Sale: Nonconsumer Goods
After the Point of Sale: Consumer Goods
After the Point of Sale: Privacy Interests
Eliminating the RFID Threats to Privacy
Conclusions
29. Activists: Communicating with Consumers, Speaking Truth to Policy Makers.
Introduction
RFID Characteristics That Threaten Privacy
Proposed Technology-Based Solutions
Is Consumer Education the Answer?
Calling for a Technology Assessment
Conclusions
30. Experimenting on Humans Using Alien Technology.
Introduction
The Surveillance Society: It's Already Here
A Trick to Overcome Resistance
Constituents to Change-and to Stasis
Privacy Advocates Own This Story
Privacy, Change, and Language
How to Make Consumers Demand Change (and RFID)
Conclusions
31. Asia: Billions Awaken to RFID.
Introduction
Factors Separating Western and Asian RFID Experience
The Extant Paper Database and Electronic Credit Card Systems
RFID in India
RFID Across Asia
Conclusions
32. Latin America: Wireless Privacy, Corporations, and the Struggle for Development.
Introduction
An Overview of Wireless Services Penetration into Central America
Pervasiveness of Telecommunications in Central America
Privacy Concerns
An Overview of Privacy Across Latin America
Conclusions: Privacy, Poverty, and the Future
APPENDIXES.
Appendix A: Position Statement on the Use of RFID on Consumer Products.
Appendix B: RFID and the Construction of Privacy: Why Mandatory Kill Is Necessary.
Appendix C: Guidelines for Privacy Protection on Electronic Tags of Japan.
Appendix D: Adapting Fair Information Practices to Low-Cost RFID Systems.
Appendix E: Guidelines on EPC for Consumer Products.
Appendix F: Realizing the Mandate: RFID at Wal-Mart.
Index.
There's a school bus stopped outside a middle school Spring, Texas, a wealthy suburb on the northern edge of Houston's metropolitan sprawl. Inside the bus several well-dressed and obviously well-off children stand in the aisle waiting to get off. Sandra Martinez, a 10-year-old with a thick brown braid and a charcoal grey blazer, pauses while she takes her ID card, hanging from a lanyard around her neck, and presses it against the large grey panel that’s mounted on the big padded barrier that divides the stairwell from the passenger compartment.
The panel beeps.
Sandra descends the school-bus steps and the next student fumbles for her ID card. Meanwhile, a computer onboard the bus is hard at work. First the computer takes a geospatial reading from the Global Positioning System receiver that's mounted inside the bus. Next, the computer, using an onboard digital cell phone, sends to Spring Independent School District the precise time and location that Martinez left the bus using an onboard digital cell phone. This information is made instantly available on a Web site where it can be accessed by Martinez's parents, the school administration, or anyone else with the appropriate access codes. The purpose of the system, which was installed at a cost of $180,000, is to let parents know precisely when and where their children get on or off the school bus. "If it works one time, finding a student who has been kidnapped, then the system has paid for itself," Brian Weisinger, the head of transportation for the Spring district, told the New York Times.1
No student has ever been kidnapped in Spring, Texas.
A slightly different student tracking is in use at the Enterprise Charter School in Buffalo, New York. There, a pair of kiosks that were purchased at a cost of $40,000 read ID tags as students enter and exit the building. Mark Walter, head of technology for the Buffalo school, told the New York Times that initially, the system failed to register some students, but now it works pretty well. Advocates of the technology say that it just might even be expanded—for example, with readers placed on individual classroom doors to see if students are attending their classes.
Some students, of course, invariably forget their tags at home or lose them. Some might even purposely throw them away. Even for these students, technology has an answer: In late 2004, the U.S. Food and Drug Administration approved for general use a tiny radio tag that can be implanted under the skin. Similar technology has been used to track household pets since the 1990s.
Meanwhile, by the time this book is in print, the U.S. State Department will probably have started issuing passports that carry a tiny RFID chip that includes 64 kilobytes of memory and, alas, can be covertly read at a distance of 30 feet by anyone with a suitable reader and a good antenna.2 The State Department says that there’s no need to worry: The data on the chip will reportedly be encrypted, so anybody who reads it will only read gibberish.
Radio Frequency Identification - better known as RFID - is fast becoming one of the most controversial technologies of our era.
Proponents of RFID say that the tiny tags, made out of silicon chips and radio antennas, can stamp out counterfeit drugs, fight terrorism, and at the same time help Wal-Mart keep its shelves stocked. They say that widespread adoption of RFID will allow companies to improve efficiency, cut costs, and offer dramatic new products and services to their customers. Most proponents scoff that the technology has a downside at all—other than perhaps the cost of the tags, and the cost of tags is dropping fast.
But RFID has many critics. The most vocal are privacy activists who argue that the technology's unprecedented ability to track the movement of individually serialized objects could be turned around and used to track the people carrying those objects. They worry that the RFID readers across the nation could report back to a single global network that could be used by the government as a kind of roving geographical wiretap.
Many critics argue that RFID is a threat not just to individuals, but to corporations and governments as well. In a few years, RFID readers at warehouse doors will allow companies to inventory the contents of cartons without opening them. But without the proper controls, the technology could also facilitate industrial espionage by giving competitors unprecedented access to a company's inventory. And once you begin thinking about RFID as an offensive technology, a lot of possibilities start emerging. Just as toll roads can use RFID to read E-ZPass tags and automatically debit drivers' accounts, an RFID-equipped bomb could wait patiently until it senses the tag of a particular individual driving above, and then detonate. Want to falsely implicate someone in a crime? Just clone one of their RFID tags and then arrange for it to pass by a particular reader just minutes before a murder.
This book is the first of its kind to explore the wide range of security and privacy issues that are being raised by RFID technology. It is the first book to bring together advocates and opponents from across the RFID spectrum. In its pages you will find chapters from companies that are producing RFID readers; from companies that are busy putting products with embedded RFID-tags on their shelves; and from the very privacy activists who are trying to stop them. Bringing together this diverse group of individuals and organizations has taken a lot of time and work. The result is the most balanced and accurate discussion you will find of RFID technology and its attendant controversy anywhere on the planet.
As its name implies, the term RFID is generally used to describe any technology that uses radio signals to identify specific objects. In practice, this means any technology that transmits specific identifying numbers using radio. Electronic Article Surveillance (EAS) systems, used by many clothing and music stores to set off an alarm when a shoplifter steals an item, are not RFID because the EAS tags do not have individual codes or serial numbers that can be read remotely. The Mobil Speedpass system used to pay for gas is an RFID system: Each Speedpass tag contains a unique serial number that is used to identify the tag's owner.
Each RFID tag consists of a silicon chip, an antenna, and some kind of housing. The tags come in sizes as large as a paperback book and smaller than a grain of rice. So-called active tags contain batteries, while passive tags are powered directly by the radio frequencies used to read them. The reading range of a tag depends on many factors, including the tag's electronics, its antenna, the reader, the radio frequencies used, and decisions made at the time the system is deployed. It is therefore inaccurate to state a "typical tag's" read range without first specifying what kind of tag you are using. (I explain these technical issues and others in Chapter 2, Understanding RFID Technology.)
Already, RFID technology is broadly deployed within the United States. Between
the “proximity cards” used to unlock many office doors, and the
automobile
" immobilizer chips" built into many modern car keys, it's estimated
that roughly 40 million Americans carry some form of RFID device in their pocket
every day. I have two: Last year MIT started putting RFID chips into the school's
identity cards, and there is a Philips immobilizer chip inside the black case
of my Honda Pilot car keys.
Many of today's media accounts of RFID aren't about these proprietary devices or RFID in general, but the standardized Electronic Product Code (EPC) chips that were developed by the Auto-ID Center and are now being overseen by EPCglobal, a trade organization. RFID systems have been around for more than thirty years, opening office doors and tagging laboratory animals, but when the EPC was introduced, these systems were too expensive for mass deployment. By standardizing on a simple chip design and over-the-air protocol, EPC is able to take advantage of mass production's efficiencies.
EPC tags are designed to replace today's ubiquitous Universal Product Code (UPC) bar codes, except instead of identifying the maker and kind of product, the 96-bit EPC code will give every package of razors, box of pancake mix, and pair of sneakers its own unique serial number. The tags, which operate in the unlicensed radio spectrum between 868 MHz and 965 MHz, can be read at a distance of many feet and through paper, fabric, and some plastics. And although the tags can cost as much as a 40 cents today, when purchased by the millions, the cost rapidly decreases to 10 cents per tag or less. (Sanjay Sarma, one of the founders of the Auto-ID center, explains the birth of the Auto-ID center and the EPC in Chapter 3, A History of the EPC.)
I had my first experience with RFID technology in January 1984. I was a freshman at the Massachusetts Institute of Technology and had just taken a job at one of MIT's new biology labs. For added security, the lab had installed a keyless entry system. The lab gave me thick blue card to put in my wallet. To get into the secure area, all I had to do was wave my wallet in front of a special reader. Within a few days I learned that I could just bump against the reader, leaving my wallet in my pocket. It was very cool and high-tech and allegedly very secure.
After a few weeks in my wallet, the top layer of the card's plastic was starting to peel away. And a few days after I quit that job, I ripped open the card to see how it worked. Underneath the laminate I found a printed circuit board, a chip that was the size of a postage stamp, and a dozen or so metal pads, some of them shorted together with a dab of solder.
It was immediately clear that my card's serial number was determined by which pads were soldered together and which had been left open. My ID number had been canceled when I resigned, but in theory I could have changed my card's ID to someone else's simply by making or breaking a few connections on the card. I never tested this hypothesis, but there is no reason why it shouldn't have worked. (Twenty years later, the security of many proximity card systems has only marginally improved; Jonathan Westhues explores other ways of subverting the security of proximity cards in Chapter 19, Hacking the Prox Card.)
I promptly forgot about RFID for the next ten years. Then, in 1994, my editor at Wired Magazine asked me to write a brief article about ID chips that were being injected into cats and dogs. I called up the chip manufacturer and learned that the technology was being used for far more. Some firms were using RFID to track the movement of gas cylinders; other companies were using it to follow the paths of tools at job sites. A few nursing homes were even experimenting with tagged bracelets that could automatically set off alarms when Alzheimer patients wandered out the back door.
A few months later I learned that highway authorities from Massachusetts and New York to California were in the final stages of testing RFID-based Electronic Toll Collection (ETC) systems for a variety of highways and bridges. The tags, which could be read at speeds of up to 100 miles per hour, would cut traffic jams and the resulting levels of smog at toll booths. But it was also clear that the new ETC systems would also create a huge database recording the precise time and location of every toll crossing by every tagged car.
The planners of those early RFID systems said that it was important to establish policies that would prevent toll-crossing information from being used for purposes unrelated to traffic management. But such policies were never adopted. These days ETC databases are routinely used by law enforcement agencies to track the movement of suspect cars - and by both divorce and labor lawyers to track the movements of people under investigation. I spoke with these technologists in the 1990s: None of them wanted to create a ubiquitous surveillance system that would permanently record the movements of cars on the highways and make that information available to anybody with a subpoena. Yet somehow, that's the system we got.
Newspaper and magazine stories about RFID frequently present the technology as one that forces us to make trade-offs and compromises. Almost always, RFID is portrayed as promising some new convenience or security feature, but in return, consumers must be willing to give up a little privacy to reap these benefits.
ETC is perhaps the best example of this tradeoff. With an E-ZPass tag you can speed through the toll booths on the George Washington Bridge, but that nasty divorce attorney will be able to get a blow-by-blow record of every time you entered and left Manhattan for the past year.
But making E-ZPass a combination toll payment and surveillance system was a conscious choice on the part of the engineers who designed the system and the highway administrators who approved it. Instead of broadcasting a serial number that's used to debit an account, the creators of E-ZPass could have adopted a more complex over-the-air protocol based on anonymous digital cash. Such a system would actually have been more secure—that is, more resistant to various kinds of cloning, fraud and abuse—than the account-based systems in a growing number of states. But as near as I have been able to determine, the system based on digital cash was never seriously considered.
The question of whether or not the nation's ETC system should preserve privacy or be a tool for surveillance should have been a subject of public debate. But it wasn’t. Instead, policy was determined by a small number of technologists and administrators with virtually no input from either the public or elected officials.
In Massachusetts, for instance, when the Massachusetts Turnpike Authority (MTA) issued its request for proposal (RFP) to contractors interested in supplying the ETC technology to the state, the RFP mandated that respondents propose only account-based systems similar to New York's E-ZPass. (Not surprisingly, a Boston-area company called ATCom, which had a system based on anonymous digital cash, cried foul, arguing that they had been frozen out of the bidding process because they had a technology that preserved privacy!)
John Judge was the MTA official responsible for the decision. When I called him up to ask about the RFP, he told me in 1997 that "privacy is a non-issue."
I think that is the experience nationwide, as least as it relates to electronic toll collection. Privacy has not been an issue that has emerged nationally. I think that [is] principally because it is a voluntary system. If you are of a mind where you might be concerned about privacy issues, you just don't have to join the program and can use the traditional toll collection methods. I don't think that it is any more an issue than credit cards.3
Did John Judge and other MTA administrators not hear an outcry from an enraged electorate because the electorate simply wasn’t informed about any decisions? Wide-scale public notification of the system's design happened only after contracts were signed, equipment was installed, and administrators were trying to accelerate the public's adoption of Massachusetts' "FastLane" technology. At that point it was too late to challenge the system’s underlying design. Instead, consumers were simply given a "take it or leave it" choice for the convenient but admittedly invasive technology.
For the record, John Judge was wrong. The privacy and security considerations of RFID systems are profoundly more complex than those associated with credit cards.
For starters, radio waves are both invisible and penetrating. I cannot read your credit card if it is in your pocket, but I can read a proximity card or even an RFID-enabled credit card in that same place. Every E-ZPass or FastLane tag has a small battery that lasts for five years or so; without significantly increasing costs, each E-ZPass tag could have been equipped with a tiny speaker that would "beep" whenever the tag was read. Because they are not, there is no simple way for users of E-ZPass and the like to audit the system for themselves. Are there hidden E-ZPass readers scattered around New York City or Washington, D.C.? If each E-ZPass tag had a tiny speaker, it would be a simple matter to find out about unpublicized reader deployments.
The choice between using or abstaining from RFID-based payment systems on the highway is profoundly different from the choice between using cash and using credit in another important way. Whether you buy your lunch with cash or a credit card, the length of the overall transaction is about the same. With RFID this is not the case. At Boston's Logan Airport on a typical weekday night, you might wait in line for ten minutes or longer to make it through the tolls. But if you're willing to give up your privacy, you can sail through the FastLane electronic toll lane at 100 miles per hour - well, at 40 miles per hour, at least. So unlike people who buy their lunch with cash, people who try to travel the highways with cash end up paying a considerable penalty for the privilege of preserving their privacy.
It's probably too late to change the toll payment system used by Connecticut, Maine, Massachusetts, New Jersey, New York, Pennsylvania, and a growing number of other states. Today's highway regulators aren't interested in experimenting with new RFID systems; they're interested in seeing a single system deployed throughout the United States so that drivers can travel coast-to-coast without reaching for their coins. Once a technological direction is embarked upon, it is very difficult to start making incompatible choices.
This is not to say that privacy on the highway is lost. We can still have the privacy of our toll crossings; we just can't assure that privacy through technical means. But states or the federal government could pass legislation - if there were political will, to set a high threshold for protecting toll-crossing information. Such legislation could make RFID-collected toll crossing information "off limits" for use in divorce proceedings, for instance, much in the way that the Video Privacy Protection Act of 1988 (18 U.S.C. Sec. 2710) made videotape rental records off limits. (The VPPA, better known as the Bork Bill, was passed after Judge Bork's video rental records were obtained by Washington, D.C.'s City Paper. The bill sped through Congress soon afterwards - allegedly because lawmakers were worried that their own video rental records might be similarly obtained and published.) RFID-protection legislation could set standards that needed to be followed for the protection of the information, and it could establish a "data retention" policy that required RFID-collected information to be destroyed after six months.
Our lawmakers could pass such legislation quickly. All it takes is the political will. (Stephanie Perrin and Jonathan Weinberg explore global and national privacy regulations and discuss how those regulations apply or could be applied to RFID in Chapter 4, RFID and Global Privacy Policy, and Chapter 5, RFID, Privacy, and Regulation, respectively.)
Alternatively, privacy protections can be built directly into RFID technology itself. The EPC standard, for instance, supports a "kill" command that makes it possible to permanently disable tags after they are no longer needed. If tags might be needed for some kind of post-sale use - for example, enabling a product return - it might be possible to remove the tag's antenna so that the reader needs to be in physical contact with the device. Yet another approach is the so-called RFID blocker tag, which jams all RFID transmissions within a sphere around the holder - think of this as a kind of "sphere of privacy." (Ari Jules, one of the co-inventors of the blocker tag, explores these and other technological solutions to the RFID privacy problem in Chapter 21, Technological Approaches to the RFID Privacy Problem.)
But on a deeper level, John Judge was right - just not for the reason that he thought. Privacy on the highways is a non-issue because the right to anonymous travel had already been considered at the dawn of the automobile and was rejected.
Horses and buggies didn't have to be registered, but soon after motorized vehicles were introduced, they were required to display license plates in every state of the United States. The explicit purpose of the plates was to make every car different and, by so doing, eliminate anonymity.
These days the technology for reading and automatically recognizing license plates has been virtually perfected. RFID-based systems are more accurate than optical license plate readers: They can read when the car is moving at a higher speed, and they are not affected by mud, rain, or fog. But the fundamental question of anonymous travel on the roads has already been resolved in the negative: Americans don’t have it—at least not if they want to drive their own car.
And here, RFID promoters maintain, is the fundamental problem in discussing the technology in a vacuum: Practically without exception, every threat to privacy that could conceivably be caused by RFID can already be accomplished using some combination of other technologies. The cat is already out of the bag! What the RFID industry really needs to do, noted Canadian computer columnist Peter de Jager argues in Chapter 30, Experimenting on Humans Using Alien Technology, is to stop scaring the public with frightening scenarios and product names and instead clearly articulate to the public the advantage that will come from the technology - be that advantage improved customer service, lower costs, or decreased fraud.
Such thinking might be dangerous, however. Privacy activists like Beth Givens (Chapter 29, Activists: Communicating with Consumers, Speaking Truth to Policy Makers) argue that before we deploy this technology, we should more carefully assess its impact - something that really hasn't been done to date. Although it is true that stores can use store loyalty cards, credit cards, and even face-recognition technology to track people and their purchases, it may be that the increased accuracy of an RFID tag hidden in your clothing or buried in the sole of your shoe fundamentally changes the kinds of applications that stores and other businesses are willing to deploy.
Whether RFID presents a doomsday scenario or not, I believe that at the very least we have a right to know when we are being monitored by radio frequency devices. Because radio waves are invisible and penetrating, RFID has the potential to be a uniquely covert technology. I can't tell if there is an RFID tag buried in the sole of my shoe. I can't see if a store's RFID reader is silently and invisibly inventorying the clothes on my body.
Philips Semiconductors, one of the worldwide leaders in RFID, claims that it has shipped more than a billion RFID devices worldwide. This astonishing figure was announced by Mario Rivas, the company's executive vice president for communications, at the MIT RFID Privacy Workshop.
Many people in the audience were visibly shocked when Rivas made his statement. After all, RFID is usually presented in the popular press as something of a fledgling technology that is still being tried out, not as a mature technology that has a solid role in the worldwide marketplace. But over the past ten years, RFID has made stunning gains. Indeed, Mark Roberti, editor of the RFID Journal, estimates that between 20 and 50 million Americans carry an RFID chip in their pocket every day - either in the form of a proximity card used for entering buildings and garages or else an automobile key with an immobilizer chip molded into the key's plastic handle.
One way to make the invisible visible is through the use of regulations and laws. Two years ago I called upon the RFID industry to adopt an RFID consumer "Bill of Rights," in which the industry would pledge to refrain from various nefarious practices, such as hiding RFID chips in clothing or other consumer products without notification, having secret RFID readers, and giving consumers the option of having chips deactivated in products that they purchase. Other policy suggestions included in this book are: Privacy Rights Clearinghouse position paper (Appendix A), a position paper from the Electronic Frontier Foundation (Appendix B), and Japan's METI Draft Guidelines on the use of RFID (Appendix C).
Some of these proposals are actually in the "Guidelines on EPC for Consumer Products" (Appendix E), which are on the Web site of EPCglobal, the internal consortium that is overseeing the allocation of RFID serial numbers used in many consumer products. But the guidelines are considerably watered down from what I and others have proposed. For example, EPC guidelines say that consumers should have the right to know if an EPC RFID tag is inside a product that is purchased, but they don't have a right to know about the presence of readers in a store or other public places. Instead of giving consumers the right to have a tag removed or deactivated (killed), the guidelines instead say that consumers have to be told whether or not they have such a right. Instead of giving consumers a right to know what the RFID information is being used for, the policies simply call for companies to publish their policies regarding "Record Use, Retention, and Security" on their Web sites.
This book is an outgrowth of a workshop on RFID Privacy issues that I organized at MIT in the fall of 2003. That conference, sponsored by MIT's Computer Science and Artificial Intelligence Laboratory and by the MIT Media Lab, brought together roughly 200 researchers, developers, reporters, and students from around the world. We gathered on Saturday, November 15, 2003, to hear presentations from 15 technologists and privacy activists. For many, it was the first time coming face-to-face with the other side for serious discussions. You can find videotapes of those presentations, together with presenters - slides and papers on the conference Web site at http://rfidprivacy.us.
This book takes up where the conference left off. Since we met in Cambridge, RFID has gone from the headlines to the loading docks and the store shelves. We are living in the future. Nevertheless, many of us are still thinking about RFID using the language of the past.
Although discussion on some form of RFID technology seems to be in the newspaper every day, surprisingly few books on RFID technology are available. Our hope with this book is to give you a good overview of RFID applications, the underlying technology, and the public policy debate.
This book is divided into 5 parts; it includes 32 chapters and 6 appendixes.
Part I, Principles, examines the history, underlying technology, and public policy debates that affect RFID technology in general.
Chapter 1, Automated Identification and Data Collection: What the Future Holds, by Dan Mullen and Bert Moore, looks at the past, present, and future of Automatic Identification and Data Collection technologies, from the bar code to advanced RFID systems. Dan Mullen is president of AIM Global, the Association for Automatic Identification and Mobility. I met him when I was serving on the Auto-ID Center's outside public policy committee. Bert Moore is director of IDAT Consulting & Education, a technology-agnostic, vendor-independent firm that helps companies understand, evaluate, select, and implement automatic identification and data collection (AIDC) solutions. Think of this chapter as the RFID industry’s position paper of what can be done with the technology.
Chapter 2, Understanding RFID Technology, by Henry Holtzman and me, is a brief tutorial on how RFID systems work. Henry Holtzman is Research Scientist at the MIT Media Laboratory and the founder of Presto Technologies, which developed an RFID-based payment system back in the go-go 1990s. My contributions to this chapters are based, in part, on Matt Reynolds's presentation at the RFID Privacy Workshop, which Henry and I organized in the fall of 2003. In this chapter, you’ll learn the theoretical range at which RFID devices can be read. You'll learn of some basic RFID applications that aren’t covered elsewhere in this book.
Chapter 3, A History of the EPC, by Sanjay Sarma, looks specifically at the history and development of the Electronic Product Code and the Auto-ID center. Sanjay Sarma is the cofounder of the Auto-ID center; we are honored to have his personal perspective on the history of what may be the twenty-first century's most important commercial code.
Chapter 4, RFID and Global Privacy Policy, by Stephanie Perrin, introduces the reader to various international conventions and national laws on data protection and shows how those rules are likely to affect the deployment and use of RFID systems. Based in Montreal, Stephanie Perrin is a recipient of the Electronic Frontier Foundation's Pioneer Award for her role as a global privacy advocate. These days she spends her time consulting on various privacy issues to the Canadian government and global corporations.
Chapter 5, RFID, Privacy, and Regulation, by Jonathan Weinberg, explores how U.S. law might respond to RFID technology. Jonathan Weinberg, a professor of law at Wayne State University, has written extensively about privacy and Internet law and regulation.
Chapter 6, RFID and the United States Regulatory Landscape, by Doug Campbell, is an in-depth examination of how RFID technology is likely to be regulated by the U.S. federal bureaucracy. In this chapter, Doug Campbell looks at issues such as government access to stored data, the impact on health, impact on labor regulations, and ways various actors are likely to respond to changing frameworks.
Chapter 7, RFID and Authenticity of Goods, by Marlena Erdos, explores uses of RFID tags in product authenticity. The chapter looks at the interaction of authentication of tags and the authentication of goods and at other related authentication issues. Marlena Erdos is an expert in secure distributed computing systems, having architected, designed, and implemented them for well over a decade. Recent interests (and work assignments) have led her into analysis and design of secure RFID-based systems.
Chapter 8, Location and Identity: A Brief History, by Michael R. Cur
Download the Foreword
file related to this title.
Download the Index
file related to this title.