URLs mentioned in this talk.

RFID Privacy Workshop:

            http://www.rfidprivacy.org/                   Main workshop  website

            http://www.rfidprivacy.org/blog             RFID Privacy Blog

 

RFID is not a better barcode:

            Digital ID World Editor’s Blog

            Design News July 6, 2001 article. “Barcodes on Steroids”

 

Taggants:

            National Academies Press, Marking, Rendering Inert, and Licensing of Explosive Materials: Interim Report

 

Articles:

            “The Internet of Things,” Chana R. Schoenberger, Forbes, March 18th, 2002.

 

“Michelin Embeds RFID Tags in Tires,” RFID Journal, January 17th, 2003.

 

Websites:

Digital ID World  [website] [editor’s blog]

 

Outline for talk:

  • Different kinds of RFID technology:
    • Read-only tags
    • Tags with memory
    • Tags with processing
  • Different kinds of chips:
    • Active
    • Passive
    • Semi-Passive
  • Comments on Katherine:
    • talks about transmitting to a satellite, you would need something the size of a cell phone.
    • Shelf-readers are not to scan what is on people, but what is on the shelf.
    • Michellin tags are actually 24 inches, not 6 feet.
  • The importance of threat models.
  • What are the privacy threats with RFID, and how can we address them?
    • People will be tracked wherever they go.
    • People’s social networks will be determined through correlation.
    • Information obtained above will be used for:
      • Invasive marketing techniques.
      • Government spying on citizens.
    • RFID will allow greater degree of worker monitoring than was ever before possible.
      • Clerks who don’t ring things up in stores.
      • Employees who allow shoplifting (because RFID will allow the store to determine when something was stolen.)
  • Well, what other sort of technology is out there for tracking?
    • Barcodes.
      • Privacy activists say that RFID is much more than a barcode:
        • No line-of-site
        • Every product has a different item
        • Inventory an entire box at once.
      • But we forget that barcodes themselves were quite controversial
        • People in the 1960s/1970s saw them as part of the dehumanization of society.
        • Before that, it was punch-card bills. “Do not fold, spindle or mutilate.”
        • Zero knowledge advertisements (circa 2000)
        • “I am not a piece of your inventory”
    • Taggants for explosives
      • Required addition to plastic explosives in Antiterrorism Act of 1996.
      • Tremendously controversial: In November 2001 (after 9/11), Institute of Makers of Explosives officially was opposed to the addition of taggants to commercial explosives.  (Argued that less than 2% of bombings in the US involve commercial explosives.)
    • Caller-ID
      • Huge effort to get it deployed in the 1980s
      • People though it would be a pro-privacy feature; consumers saw it as anti-privacy.
      • Successful in most states, except for CA.
    • Intel Processor Serial Number
      • Sparked a boycott
      • Huge publicity problems
      • No PSN in Pentium 4
      • Ultimately, doesn’t matter; serial numbers are in:
        • Hard drives
        • Ethernet chips.
        • Other PC devices.
        • … All used by Windows registration.
      • Lesson: People focus on specific technical instances, not general principles. (This is counter-intuitive.)
  • Are the RFID fears justified?  Here’s what we would need:
    • Universal deployment of compatible RFID tags.
    • Universal deployment of compatible readers
    • Universal network.
    • Technology for matching up EPC codes with purchase history.
    • Ability to constantly update and query the database.
      • Estimate for the US: 1-10 billion new transactions a day, keep all transactions forever
  • Vendors have made customer fears worse
    • Forbes Article with graphic by Chana Schoenberger, March 18th, 2002
    • Stores have eyes. Now they're getting ears and brains. Soon tiny wireless chips stuck on shampoo bottles and jeans will track all that you wear and buy.”
    • Alien Technology, a Morgan Hill, Calif. chip company, is developing chips the size of a piece of glitter for MIT”
    • Benetton announcement
      • March 11, 2003 article in EE Times.
      • “Since I.CODE ICs are embedded into garment labels, they would remain attached for the life of an each piece of clothing. As the use of RFID chips moves closer to consumers, some worry about privacy issues raised by the tracking capabilities of RFID technology. Duverne said standards groups are looking for a uniform way to "deactivate" the RFID function after clothes with smart labels are purchased by consumers.”
      • Philips said that it would ship 15 million chips to Benetton. (EETimes March 27)
      • April 5th – Benetton backs off.
    • Michelin announcement
      • Part of Transportation, Recall, Enhancement, Accountability and Documentation Act, to track recalls, not to spy on motorists.
      • Automotive Industry Action Group’s B-11 standard for North America, which calls for a read distance of 24 inches.
      • Philips announcement makes no mention of privacy issues.
      • Chip they intend to use is a Philips I-Code HSL chip operating at 868-915 Mhz and storing 2 kilobytes of information.
  • Options for dealing with the privacy “problem”
    • Technology:
      • We could simply not adopt RFID
      • Mandatory Kill
      • Mandatory partial kill
      • Passwords – consumers control the chips.
    • Policy:
      • We could regulate what people do with it. (bill of rights)
      • We could make vendors liable for misuse. (They may be, already)
  • Problems with the technological options:
    • RFID will be adopted; too many good reasons:
      • Tire recalls
      • Drug counterfeiting.
      • Recycling
    • But it might not be adopted for 20 years, if the vendors continue to screw up.
    • Optional Kill / Mandatory Kill / Passwords:
      • There is no obvious post-sale consumer benefit to EPC vs. UPC.
      • There is a recycling benefit.
  • RFID Bill of Rights
    • Approach to dealing with the policy issues
    • Consumers should have
      • The right to know whether products contain RFID tags.
      • The right to have RFID tags removed or deactivated when they purchase products.
      • The right to use RFID-enabled services without RFID tags.
      • The right to access an RFID tag’s stored data.
      • The right to know when, where and why the tags are being read.
    • Modeled on the Smartcard holder’s Bill of Rights.
      • 1. NO HIDDEN INFORMATION. Smart card users have the right to know what kind of information is stored on the cards that they carry.
      • 2. PERSONAL TRANSPARENCY. If the information on your card is pertains to the cardholder, that person has the right to know not just what kind of information is stored, but specifically what data is in place, and what it means.
      • 3. DATA CORRECTABILITY. If the information on the card is incorrect, the cardholder has an absolute right to have it corrected.
      • 4. CARD SECURITY. If a card is lost, stolen, or seized, it must be not possible to use the card in a way that would damage the cardholder's interests.
      • 5. APPLICATION RECOVERABILITY. There must be a way for card holders to recover after a card is lost.
    • What do these rights mean?
    • How do you enforce them?
    • How do you detect infringement?
    • Who should be policing – Government or business?
  • Take home points:
    • It looks like there is one RFID system, but there are many
    • Regulation won’t stop all bad uses.
  • Common misconceptions:
    • “Spec of Dust.” You could make the tags 1-2 mm in size, but if you make them that small, you’ll need a big antenna or else the read range will be 1-2mm.
    • AIMGlobal does not believe that it will be at consumer-items anytime soon.
    •