--- From: "Jim Harper - Privacilla.org" <jim.harper@private> To: "'Brian McGroarty'" <brian@private> Cc: <declan@private> Subject: RE: [Politech] Reply to RFID tags reportedly found in German loyalty card [priv] Date: Thu, 12 Feb 2004 10:49:17 -0500 5a94eebcdb7349a33c Having thought this through a bit, I'm wondering if the problem you've posed isn't still a bit far-fetched. The read range on consumer-goods RFID tags is about six feet, non-directional. Less than that if there is interference from a body, liquid, or metal. (BTW, they need to have short read ranges for commercial applications. Otherwise, everyone gets charged for stuff they aren't buying at the checkout counter and the three nearby customers with RFID loyalty cards all get scanned by the reader, which doesn't know who is buying what.) How do you read what RFIDs appeared at a rally? Herd all the attendees through a gate? Requiring that is inconsistent with First Amendment assembly rights and practically impossible if the rally involves any substantial dissent. Certainly some RFID tags at a rally can be scanned near barricades or some bottleneck to entry. Maybe. But the data is already poor. Who thinks they're going to get good enough data from this to actually spend the money on doing it? (Perhaps governments, so remember my comments on government control.) Now, I'm skeptical that a reader is going to be *hidden* near the entrance to many buildings, yet within six (or less) feet of entrants, but not within six feet of passersby. That's far-fetched in many places, but possible in some. People trying to hide RFID readers might find themselves giving away readers more often than they collect useful data. Again, who does this, and why do they think they'll benefit from collecting a lot of bad data? I do believe, by the way, that someone should develop a cheap, easy-to-carry scanner that detects radio communications so that the highly privacy sensitive can always be aware of what surrounds them. Useful right now in gym locker rooms, etc. Only a few people have to carry them for secret scanning to be routed out. And the mere risk of discovery will suppress secret RFID reading by established organizations with, say, consumer brands to protect. I have spoken to a "mesh computing" CEO and a prominent privacy trade association head about the concept. We'll see if the idea takes on life. Now, let's say you are able to pick up an RFID tag in one location and then pick it up in another. You don't have an ID on the person, just the fact that the tag has appeared both places. You don't know (I suspect) whether the tag is (and was) on a shirt, in a wallet, or on a package of razors. You certainly don't know who had it the first time. To know who has it the second time, the second scan has to be truly isolated. What happens next? Something "ugly." But isn't this alluded-to ugly thing going to happen whether RFID is part of the process or not? Photography seems to be a greater threat than RFID, frankly. (Declan you need to explain your privacy-invadin' photographs of rallies, meetings, and news conferences on mccullagh.org!) But seriously, your allusion goes to all abuses of power. I still see RFID as only a very remote possible part of that process. RFID is pretty darn good for sensing the movement of goods in controlled environments like stores, loading docks, and trucks. But it doesn't seem very good at tracking individuals once it enters a social system like the human environment. We haven't even gotten into the "counter-spy" behaviors that people use to frustrate tracking already, like pseudonymity, trading and sharing loyalty cards, etc. Heck, you could make hats out of RFID tags or RFID-tagged material and spoofed RFID tags. Sell them at flea markets and eventually everyone who has ever purchased anything will appear to be everywhere all at once - to anyone foolish enough to attempt human tracking via RFID. (There's the kind of overstatement used to make the claims that RFID is such an ominous threat.) Again, RFID use in the commercial environment will probably bring better nutrition to children by lowering the prices charged their parents on all variety of goods. We must make careful judgments that involve balancing of consumer interests. And I don't think threats posed by governments are muted by suppressing technologies. I'm interested in further thoughts on this. Jim Jim Harper Editor Privacilla.org -----Original Message----- From: Brian McGroarty [mailto:brian@private] Sent: Wednesday, February 11, 2004 3:55 PM To: Jim Harper - Privacilla.org Cc: declan@private Subject: Re: [Politech] Reply to RFID tags reportedly found in German loyalty card [priv] As I see it, the basic issue with Radio Frequency IDs is this: The tag offers a unique ID when activated, and by carrying the tag, the carrier has a unique ID attached, whether they know it or not. Reading RFIDs is cheap and easy to do covertly. If RFIDs become common, the tags will be leveraged by all kinds of groups, not just the people installing them. Even if an RFID doesn't say "This is Brian McGroarty," it's still enough for a system to detect: - "this is one of the IDs I saw at a political rally that displeased me," - "this is one of the IDs I saw at the Jewish Synagogue," - "this is an ID that was picked up by the reader we hid outside the adult bookstore," or - "this is one of the IDs that entered the business our union was striking against." None of these are far-fetched, and the implications of any of them could be ugly. On Wed, Feb 11, 2004 at 10:32:31AM -0500, Jim Harper - Privacilla.org wrote: > [Declan, if you post this, please remove Brian's personal information!] [ Actually, okay to use my name -- Brian] > > Hi Brian: > > Thanks for your note. I appreciate your measured tone compared to some of > the other folks who I've heard from! For some reason, I've chosen to be a > little provocative (perhaps even sloppy) in what I'm saying about RFID. > That said, favorable and unfavorable responses are running about even. > > I'm a student of privacy, which boils down to the movement of facts about > people. In the example you've given, you're right that a passive RFID tag, > which is the type to be used in the consumer goods context, can be read by > anyone with a reader. (To be most accurate, a passive tag does not > broadcast.) But a long chain of links has to be in place for the reading of > a tag to reveal any information about any person. > > The person with the reader would have to have access to the database that > links the code number of the RFID tag to a particular item. Learning the > number of an RFID tag alone reveals nothing more than the presence of an > RFID tag and its number. For companies planning to use RFID, there are more > reasons not to publish their RFID numbering scheme than reasons to publish > their numbering scheme, so I am fairly confident they will not. Perhaps > people will be able to learn how RFID numbers are allocated in blocks, like > IP numbers are. Then, someone with a reader might be able to learn that an > RFID tag with a number allocated to XYZ Corporation passed a certain > location at a certain time. > > Next, they have to learn the identity of the holder of the RFID tag. This > is practically difficult in crowds and on streets, of course, because RFID > does not have any directional capability. There are two ways that I can > think of. One is to identify the person directly while they are isolated > and the RFID tag is scanned. Take their picture? Stop them to ask? > Facial-scanning software? - which apparently doesn't work. I don't see > consumers generally acquiescing to being ID'd on entry into stores and such. > Stores are trying to get people inside and that kind of intrusiveness would > keep people out. > > The other way is to tie the RFID tag back to the identity of the purchaser. > This could be done through the payment system, when someone uses a credit > card or check card, but it can not be done when someone pays in cash. > Somebody did an experiment where they placed a camera over a shelf with > RFID-tagged items and then monitored the movement of items in stores, to > learn consumer behavior. This may have captured the appearance of consumers > from above, though I don't know if any true identity information was > collected. In any event, it is creepy, and it has spawned a lot of the > concern about RFID tags. But this was a consumer research project. It is > far too expensive for any economically-minded company (and they all are) to > conduct wholesale. That would be a tremendous waste. > > Even if you can learn what the identity of the purchaser is, you still don't > know who is carrying an item when it is subsequently scanned. Was the item > for the purchaser or was it a gift? Has it been given to charity? Is it on > the purchaser's spouse, sister, or son? In a bag? In a garbage bin? More > RFID in more places will actually help ensure the obscurity and > worthlessness of information collected in any effort to "monitor." > > The reason why all this is important to me is the very real likelihood that > RFID technology will improve efficiencies in the supply chain. Meaning: > goods that consumers want are available to them more cheaply. In a country > (and world) that still has a lot of hungry mouths to feed, I think this is a > priority worth pursuing, and I suspect that the bulk of consumers have this > as a priority too. As long as the privacy threats from RFID remain > far-fetched, my vote is for diapering babies and getting formula into (and > onto) their faces. I will be as vocal against RFID if it ever gains > widespread use that is contrary to the interests of consumers as I perceive > them. > > Here's the crucial caveat: All I've said goes out the window when you move > from the commercial context to the governmental context. Governments are > not subject to the same economic restrictions of businesses and they have > unique powers. They can demand that companies turn over their RFID > numbering schemes. They can build arrays of RFID readers in places that no > economically rational actor would. They can force people to identify > themselves in locations where RFID readers can isolate them. And so on. > > I believe this is an argument for government control much more than RFID > control. The locus of the problem is the unique power of governments, not > any technology. Digital cameras are in heavy use by governments to monitor > streets and intersections, but we don't place limits on commercial use of > digital imaging technology because of it. RFID should be treated the same > way. The potential benefits from the technology are too great. > > Thanks again for the note. Bet you didn't expect this long response. I'm > confident in my views, but still learning, so I'd be delighted to hear back > with suggested improvements to my thinking. > > Jim Harper > Editor > Privacilla.org > > -----Original Message----- > From: Brian McGroarty [mailto:brian@private] > Sent: Tuesday, February 10, 2004 11:17 PM > To: jim.harper@private > Subject: Re: [Politech] Reply to RFID tags reportedly found in German > loyalty card [priv] > > I'm not clear on the point you're trying to make. > > I assume you are aware that RFIDs can be read from a distance, and by > any party, not just the store? > > There's a substantial difference between a card you only present to > your grocer, and an ID that's broadcast to any party with $30 worth of > electronics, undetected by the RFID holder. _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2b30 : Wed Feb 18 2004 - 21:58:17 PST