You can find the FDA final report here: http://www.fda.gov/oc/initiatives/counterfeit/report02_04.html#radiofrequency >Use of mass serialization to uniquely identify all drug products intended >for use in the United States is the single most powerful tool available to >secure the U. S. drug supply. Mass serialization involves assigning a >unique number (the electronic product code or EPC) to each pallet, case, >and package of drugs and then using that number to record information >about all transactions involving the product, thus providing an electronic >pedigree from the point of manufacture to the point of dispensing. This >unique number would allow each drug purchaser to immediately determine a >drug's authenticity, where it was intended for sale, and whether it was >previously dispensed. --- From: Marcel Waldvogel <marcel@private> Date: Thu, 19 Feb 2004 15:42:39 To:dave@private Cc:Steve Bellovin <smb@private> Subject: Re: [IP] FDA suggests RFID tagging of drugs Dave, Steve, My interpretation of the appropriate sections in the FDA document seem to use the RFID only passively: it will return its unique electronic product code (EPC) for each query, and not using a challenge-response scheme. My interpretation seems to be further supported by the comparison of RFID to 2-D bar codes, which certainly are passive. Such a use allows for easy copying of the EPC to counterfeit drugs. When the system is to be used offline (which could be a goal; this is not stated), it might even be possible to generate unique-looking EPCs. Without a cryptographic challenge-response scheme, which would break compatibility to other RFID systems and probably be too expensive to manufacture, it does not provide any protection against counterfeiting. It only makes customers carrying drugs easily identifyable, which will aid in discrimination, tracking, and profile-building. In summary, I expect the system to be completely BAD (Broken As Designed). But nevertheless, I find it fascination how easily and frequently even educated people attribute almost-magical properties to technology. -Marcel http://marcel.wanda.ch/ Dave Farber wrote: >Delivered-To: dfarber+@ux13.sp.cs.cmu.edu >Date: Wed, 18 Feb 2004 22:25:01 -0500 >From: Steve Bellovin <smb@private> >Subject: FDA suggests RFID tagging of drugs >To: dave@private > >The FDA has released a report calling for the RFID tagging of >pharmaceuticals to help defend against counterfeiting. The word >"privacy" barely occurs in the report -- there's simply a reference to >HIPAA -- and it is not listed among the important unresolved issues. > >The report is at http://www.fda.gov/oc/initiatives/counterfeit/report02_04.html > > > --Steve Bellovin, http://www.research.att.com/~smb > _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2b30 : Sun Feb 22 2004 - 22:21:52 PST