"Privacy advocates warn that radio frequency identification (RFID) technology could be used to track our movements and there have been calls for a boycott. But IT analysts at META Group say the scare stories ignore common sense, practicality and basic physics."
http://www.out-law.com/php/page.php?page_id=rfidscarestoriesi1071488883&area=news
Posted by holtzman at December 15, 2003 11:12 AMIt would appear that the META Group's so called "analysts" have either not bothered to read the
"Position Statement on the Use of RFID on Consumer Products"
http://www.privacyrights.org/ar/RFIDposition.htm
or there is a commercial agenda behind their allegedly impartial advice. How many of META Group's customers have a vested interest in the RFID commercial bandwagon ?
What difference does it make if the normal read range of a consumer item level RFID tag is only sufficient to span the doorway entrance to a shop or other public place ? If, as at present, the "cheap but stupid" RFID tags or Smart Labels cannot be "killed" at the checkout, then they can be promiscuously read by doorway readers in other shops etc. Why won't the cost of readers fall as RFID tags are rolled out in their billions ?
Just because the tags do not contain your actual name, address and credit card details, they do contain a "unique" serial number, and so they could easily become the "3rd. Party cookies" secret consumer profiling tools of the "Internet of Things"
META Group's analysts may be new to this field.
Posted by: Simson Garfinkel at December 20, 2003 02:02 PMA fuller version of the Meta Group report has emerged online:
"RFID SECURITY SCARES IGNORE FACTS"
http://www.itworld.com/nl/it_insights/12102003/
This does not do justice to the proponents of the current state of the technology, seems to be ignorant of the successful warehouse pallet and crate level trials of the last year, the developments in manufacturing technology such as fluidic assembly which are driving down the cost of the RFID tags, or the whole concept of an Auto-ID/EPCglobal scalable "Internet of Things".
The so called "analysts" have also ignored the real personal privacy issues associated by concentrating on the straw man of "satellite tracking", an issue which is dealt with in the Position Paper mentioned above.
They do not even mention some of the real *security* as opposed to *privacy* problems with RFID tags, from Denial of Service attacks via radio (in the unlicensed, no-action-from-the-authorities-if-there-is-interference Industrial, Scientific and Medical band allocations, or the astonishingly weak *8 bit* passwords in EPCglobal Class 1 UHF tags etc.
"META Group analysts Dwight Klappich, Bruce Hudson, Gene Alvarez, Tim McLaughlin, Chris Kozup, John Brand, and Jack Gold contributed to this article."
Who paid for *seven* "analysts" to come up with such a weak and misleading report ?