La Marca de La Bestia
Mood:  on fire
RFID tags: Big Brother in small packages
January 13, 2003, 6:26 AM PT
By Declan McCullagh

Could we be constantly tracked through our clothes, shoes or even our cash in the future?
I'm not talking about having a microchip surgically implanted beneath your skin, which is what Applied Digital Systems of Palm Beach, Fla., would like to do. Nor am I talking about John Poindexter's creepy Total Information Awareness spy-veillance system, which I wrote about last week.
Instead, in the future, we could be tracked because we'll be wearing, eating and carrying objects that are carefully designed to do so.
The generic name for this technology is RFID, which stands for radio frequency identification. RFID tags are miniscule microchips, which already have shrunk to half the size of a grain of sand. They listen for a radio query and respond by transmitting their unique ID code. Most RFID tags have no batteries: They use the power from the initial radio signal to transmit their response.

You should become familiar with RFID technology because you'll be hearing much more about it soon. Retailers adore the concept, and CNET News.com's own Alorie Gilbert wrote last week about how Wal-Mart and the U.K.-based grocery chain Tesco are starting to install "smart shelves" with networked RFID readers. In what will become the largest test of the technology, consumer goods giant Gillette recently said it would purchase 500 million RFID tags from Alien Technology of Morgan Hill, Calif.
Alien Technology won't reveal how it charges for each tag, but industry estimates hover around 25 cents. The company does predict that in quantities of 1 billion, RFID tags will approach 10 cents each, and in lots of 10 billion, the industry's holy grail of 5 cents a tag.
It becomes unnervingly easy to imagine a scenario where everything you buy that's more expensive than a Snickers will sport RFID tags, which typically include a 64-bit unique identifier yielding about 18 thousand trillion possible values. KSW-Microtec, a German company, has invented washable RFID tags designed to be sewn into clothing. And according to EE Times, the European central bank is considering embedding RFID tags into banknotes by 2005.

It becomes unnervingly easy to imagine a scenario where everything you buy that's more expensive than a Snickers will sport RFID tags.
That raises the disquieting possibility of being tracked though our personal possessions. Imagine: The Gap links your sweater's RFID tag with the credit card you used to buy it and recognizes you by name when you return. Grocery stores flash ads on wall-sized screens based on your spending patterns, just like in "Minority Report." Police gain a trendy method of constant, cradle-to-grave surveillance.

You can imagine nightmare legal scenarios that don't involve the cops. Future divorce cases could involve one party seeking a subpoena for RFID logs--to prove that a spouse was in a certain location at a certain time. Future burglars could canvass alleys with RFID detectors, looking for RFID tags on discarded packaging that indicates expensive electronic gear is nearby. In all of these scenarios, the ability to remain anonymous is eroded.

Don't get me wrong. RFID tags are, on the whole, a useful development and a compelling technology. They permit retailers to slim inventory levels and reduce theft, which one industry group estimates at $50 billion a year. With RFID tags providing economic efficiencies for businesses, consumers likely will end up with more choices and lower prices. Besides, wouldn't it be handy to grab a few items from store shelves and simply walk out, with the purchase automatically debited from your (hopefully secure) RFID'd credit card?

The privacy threat comes when RFID tags remain active once you leave a store. That's the scenario that should raise alarms--and currently the RFID industry seems to be giving mixed signals about whether the tags will be disabled or left enabled by default.

In an interview with News.com's Gilbert last week, Gillette Vice President Dick Cantwell said that its RFID tags would be disabled at the cash register only if the consumer chooses to "opt out" and asks for the tags to be turned off. "The protocol for the tag is that it has built in opt-out function for the retailer, manufacturer, consumer," Cantwell said.
Wal-Mart, on the other hand, says that's not the case. When asked if Wal-Mart will disable the RFID tags at checkout, company spokesman Bill Wertz told Gilbert: "My understanding is that we will."
Cantwell asserts that there's no reason to fret. "At this stage of the game, the tag is no good outside the store," he said. "At this point in time, the tag is useless beyond the store shelf. There is no value and no harm in the tag outside the distribution channel. There is no way it can be read or that (the) data would be at all meaningful to anyone." That's true as far as it goes, but it doesn't address what might happen if RFID tags and readers become widespread.
If the tags stay active after they leave the store, the biggest privacy worries depend on the range of the RFID readers. There's a big difference between tags that can be read from an inch away compared to dozens or hundreds of feet away.

The privacy threat comes when RFID tags remain active once you leave a store.
For its part, Alien Technology says its RFID tags can be read up to 15 feet away. "When we talk about the range of these tags being 3 to 5 meters, that's a range in free space," said Tom Pounds, a company vice president. "That's optimally oriented in front of a reader in free space. In fact if you put a tag up against your body or on a metal Rolex watch in free space, the read range drops to zero."
But what about a more powerful RFID reader, created by criminals or police who don't mind violating FCC regulations? Eric Blossom, a veteran radio engineer, said it would not be difficult to build a beefier transmitter and a more sensitive receiver that would make the range far greater. "I don't see any problem building a sensitive receiver," Blossom said. "It's well-known technology, particularly if it's a specialty item where you're willing to spend five times as much."

Privacy worries also depend on the size of the tags. Matrics of Columbia, Md., said it has claimed the record for the smallest RFID tag, a flat square measuring 550 microns a side with an antenna that varies between half an inch long to four inches by four inches, depending on the application. Without an antenna, the RFID tag is about the size of a flake of pepper.

Matrics CEO Piyush Sodha said the RFID industry is still in a state of experimentation. "All of the customers are participating in a phase of extensive field trials," Sodha said. "Then adoption and use in true business practices will happen...Those pilots are only going to start early this year."
To the credit of the people in the nascent RFID industry, these trials are allowing them to think through the privacy concerns. An MIT-affiliated standards group called the Auto-ID Center said in an e-mailed statement to News.com that they have "designed a kill feature to be built into every (RFID) tag. If consumers are concerned, the tags can be easily destroyed with an inexpensive reader. How this will be executed i.e. in the home or at point of sale is still being defined, and will be tested in the third phase of the field test."

If you care about privacy, now is your chance to let the industry know how you feel. (And, no, I'm not calling for new laws or regulations.) Tell them that RFID tags are perfectly acceptable inside stores to track pallets and crates, but that if retailers wish to use them on consumer goods, they should follow four voluntary guidelines.

First, consumers should be notified--a notice on a checkout receipt would work--when RFID tags are present in what they're buying. Second, RFID tags should be disabled by default at the checkout counter. Third, RFID tags should be placed on the product's packaging instead of on the product when possible. Fourth, RFID tags should be readily visible and easily removable.
Given RFID's potential for tracking your every move, is that too much to ask?

Our Government following The Anticrist's Lead?
Mood:  incredulous
Senate approves electronic ID card bill

Last modified: May 10, 2005, 8:10 PM PDT
Last-minute attempts by online activists to halt an electronic ID card failed Tuesday when the U.S. Senate unanimously voted to impose a sweeping set of identification requirements on Americans.
The so-called Real ID Act now heads to President Bush, who is expected to sign the bill into law this month. Its backers, including the Bush administration, say it's needed to stop illegal immigrants from obtaining drivers' licenses.

When the act's mandates take effect in May 2008, Americans will be required to obtain federally approved ID cards with "machine readable technology" that abides by Department of Homeland Security specifications. Anyone without such an ID card will be effectively prohibited from traveling by air or Amtrak, opening a bank account, or entering federal buildings.

After the Real ID Act's sponsors glued it to an Iraq military spending bill, final passage was all but guaranteed. Yet that didn't stop a dedicated cadre of privacy activists from trying to raise the alarm in the last few days.

UnRealID.com, which calls the legislation a "National ID card," reports that more than 10,800 people filled out its online petition to senators.
The Electronic Frontier Foundation hastily created a "Stop The Real ID Act!" campaign last week, and the ACLU denounced the bill as creating "a system ripe for identity theft." Security guru Bruce Schneier offered his own negative critique.
If the Real ID Act had been a stand-alone piece of legislation--instead of being embedded in an unrelated military spending bill--its passage in the Senate might have been less certain.

The House approved it in February by a relatively narrow vote of 261-161, and some senators had condemned it. Sen. Dick Durbin, D-Ill., warned last month that the Real ID Act creates "de facto national ID cards" and the National Immigration Law Center said it will make it harder even for legal immigrants and citizens to get driver's licenses.

Rep. F. James Sensenbrenner, a Wisconsin Republican and Real ID Act sponsor, applauded the Senate vote on Tuesday. "The Real ID is vital to preventing foreign terrorists from hiding in plain sight while conducting their operations and planning attacks," Sensenbrenner said. "By targeting terrorist travel, the Real ID will assist in our War on Terror efforts to disrupt terrorist operations and help secure our borders."

FAQ: How Real ID will affect youLast modified: May 6, 2005, 4:00 AM PDT
By Declan McCullagh
Staff Writer, CNET News.com
What's all the fuss with the Real ID Act about?
President Bush is expected to sign an $82 billion military spending bill soon that will, in part, create electronically readable, federally approved ID cards for Americans. The House of Representatives overwhelmingly approved the package--which includes the Real ID Act--on Thursday.
What does that mean for me?
Starting three years from now, if you live or work in the United States, you'll need a federally approved ID card to travel on an airplane, open a bank account, collect Social Security payments, or take advantage of nearly any government service. Practically speaking, your driver's license likely will have to be reissued to meet federal standards.
The Real ID Act hands the Department of Homeland Security the power to set these standards and determine whether state drivers' licenses and other ID cards pass muster. Only ID cards approved by Homeland Security can be accepted "for any official purpose" by the feds.

How will I get one of these new ID cards?
You'll still get one through your state motor vehicle agency, and it will likely take the place of your drivers' license. But the identification process will be more rigorous.
For instance, you'll need to bring a "photo identity document," document your birth date and address, and show that your Social Security number is what you had claimed it to be. U.S. citizens will have to prove that status, and foreigners will have to show a valid visa.
State DMVs will have to verify that these identity documents are legitimate, digitize them and store them permanently. In addition, Social Security numbers must be verified with the Social Security Administration.

What's going to be stored on this ID card?
At a minimum: name, birth date, sex, ID number, a digital photograph, address, and a "common machine-readable technology" that Homeland Security will decide on. The card must also sport "physical security features designed to prevent tampering, counterfeiting, or duplication of the document for fraudulent purposes."

Homeland Security is permitted to add additional requirements--

such as a fingerprint or retinal scan--on top of those. We won't know for a while what these additional requirements will be.
Why did these ID requirements get attached to an "emergency" military spending bill?
Because it's difficult for politicians to vote against money that will go to the troops in Iraq and tsunami relief. The funds cover ammunition, weapons, tracked combat vehicles, aircraft, troop housing, death benefits, and so on.
The House already approved a standalone version of the Real ID Act in February, but by a relatively close margin of 261-161. It was expected to run into some trouble in the Senate. Now that it's part of an Iraq spending bill, senators won't want to vote against it.

What's the justification for this legislation anyway?

Its supporters say that the Real ID Act is necessary to hinder terrorists, and to follow the ID card recommendations that the 9/11 Commission made last year.
It will "hamper the ability of terrorist and criminal aliens to move freely throughout our society by requiring that all states require proof of lawful presence in the U.S. for their drivers' licenses to be accepted as identification for federal purposes such as boarding a commercial airplane, entering a federal building, or a nuclear power plant," Rep. F. James Sensenbrenner, a Wisconsin Republican, said during the debate Thursday.

You said the ID card will be electronically readable. What does that mean?
The Real ID Act says federally accepted ID cards must be "machine readable," and lets Homeland Security determine the details. That could end up being a magnetic strip, enhanced bar code, or radio frequency identification (RFID) chips.

In the past, Homeland Security has indicated it likes the concept of RFID chips.
The State Department is already going to be embedding RFID devices in passports, and Homeland Security wants to issue RFID-outfitted IDs to foreign visitors who enter the country at the Mexican and Canadian borders. The agency plans to start a yearlong test of the technology in July at checkpoints in Arizona, New York and Washington state.

Will state DMVs share this information?
Yes. In exchange for federal cash, states must agree to link up their databases. Specifically, the Real ID Act says it hopes to "provide electronic access by a state to information contained in the motor vehicle databases of all other states."

Is this legislation a done deal?

Pretty much. The House of Representatives approved the package on Thursday by a vote of 368-58. Only three of the "nay" votes were Republicans; the rest were Democrats. The Senate is scheduled to vote on it next week and is expected to approve it as well.
White House spokesman Scott McClellan has told reporters "the president supports" the standalone Real ID Act, and the Bush administration has come out with an official endorsement. As far back as July 2002, the Bush administration has been talking about passing this legislation.

Moves closer to e-passports
The State Department will begin issuing electronic passports with microchips that store biometric and other data by early next year.
October 25, 2004 12:00 PM


Digital Agenda: Homeland security--A global assault on anonymity

Cutting-edge data mining and other intelligence tools could redefine privacy as we know it. A News.com special report.
October 19, 2004 11:08 PM
RFID, coming to a library near you
•

The dusty shelves of your local library are going high-tech with tagging chips. Civil liberties groups warn of a privacy nightmare.
October 18, 2004 10:05 AM

E-passports to put new face on old documents•

Countries begin test programs--get ready for a facial scan the next time you take an overseas flight.
August 18, 2004 4:00 AM