RFID Privacy Happenings: Don't fear new bar codes

September 28, 2003

Don't fear new bar codes

Larry Downes's reaction in USA Today why Katherine Albrecht's quote "The risk it poses to humanity is on a par with nuclear weapons" is so out of line with reality.

He also comments:

Groups such as the Electronic Privacy Information Center and the Electronic Frontier Foundation are most concerned about what happens once the product leaves the store. In theory, our home computers could some day serve as EPC readers, but only if consumers allow it. For example, EPC could be used to automatically reorder products or let consumers know when an appliance needs preventive maintenance. That's useful, not invasive.

Posted by simsong at September 28, 2003 06:24 PM

Comments

"The MIT group soon will issue a set of guidelines for companies that want to use EPC. Its aim is to head off consumer concerns before the technology appears in stores. The guidelines stipulate that consumers:

* Must be told if EPC readers and tags are in use.

* Must be able to permanently stop the transmission of data to or from tags once they leave the store.

* Have the right to buy EPC-tagged products without their identity being linked in any way to the sale."

ALL of the current item level packaging RFID tag trials in stores and supermarkets break ALL of these as yet unpublished consumer privacy guidelines.

Where are the trials of Auto-ID RFID tags which are "killed" at the checkout ?

Posted by: Watching Them, Watching Us at September 29, 2003 08:00 AM

Every single product-level RFID trial to date has had a station where tags could be killed.

That's because there have been NO product-level RFID trials to date. But the trials that were planned at Wal-mart, before they were canceled, were going to have a kill station.

Posted by: Simson Garfinkel at October 4, 2003 07:58 AM

Tesco here in the United Kingdom tested smartshelves and Gillette Mach 3 tags in the first half of this year, and has another trial on DVD packaging currently running and being expanded.

None of these tags are "killed" at the checkout and the public is not even informed that the trials are underway,

c.f.

Chips with everything
Published: 27-Jul-2003
By: David Rowan

http://www.channel4.co.uk/news/2003/07/week_4/28_chips.html

RealVideo clip:

http://www.channel4.com/news/ftp_images2/2003/07/week_4/4chips.ram

These tags are too "stupid" to be "killed" to comply with the EPC tag specification, but they are RFID tags and there has been Auto-ID Center involvement in the projects.

If retailers are allowed to get away with pushing these privacy unfriendly tags onto the public, then they will never take up any as yet untested EPC tags with "kill" features or secure handshake protocols simply because these must always be more complicated and expensive.

Has there been a statement from Auto-ID etc condemning the use of such "stupid" tags and excluding them from the EPC tag standards ?

For photos of the MeadWestvaco tags used on consumer item level DVD packaging have a look at:

http://www.spy.org.uk/cgi-bin/rfid.pl

Posted by: Watching Them, Watching Us at October 6, 2003 03:59 AM

Downes' article is more than a bit disingenuous, e.g., in suggesting that, "...the truth is that even the most aggressive marketer doesn't have much use for data about anything more specific than your sex, age and ZIP code."

USA Today published my letter to the editor on the article: http://www.usatoday.com/usatonline/20031006/5562503s.htm

but it was significantly edited... what I'd said was:

Larry Downes article, "Don't fear new bar codes" (9/25), quickly dismisses any concerns of lessened privacy due to radio-frequency ID (RFID) used on consumer products, glossing over significant potential problems. One obvious one: while the largest retailers may be able to ensure customers that RFIDs are "killed" at point of sale, few if any of the smaller ones will have the knowledge or ability...

If RFIDs are widely used in retail, they'll be widely found on the products we carry, use, and consume, and be scanned by numerous parties, e.g., the bar which scans future RFID-bearing drivers licenses, but which can also compile detailed dossiers on its patrons, their friends, and preferences, then sell them for a profit, to myriad interested parties, from insurance providers, and mortgage lenders, to government agencies and anyone with a credit card.

RFIDs will be used, and generally useful, in commercial supply chains, but their potential to erode privacy shouldn’t be underestimated.

Ross Stapleton-Gray, Ph.D., CISSP

Posted by: Ross Stapleton-Gray at October 15, 2003 06:35 PM

Maybe some useful to national security agency.

Posted by: shearer su at December 2, 2003 07:58 PM

How can you remember info. when your sort turm mimerary is stolen from you, The tecnolige in the past was bad enough to destore the people, now you add bar codeing to. WHY?? dont you just shoot every one in the head to get it over with, its more faster and more humane, than stocking, stilling,pimping,torsureing,the people. becouse that is all it is used for, you LIE, on how wonderful the shit is, WHY dont you come and ask me, the one who is wareing your shit on me????

Posted by: Virginia Kuwamoto at January 31, 2004 02:16 PM