Loss of Privacy

Keeping you informed on recent losses to privacy and civil rights worldwide.

Browsing Posts in RFID

In the latest RFID news, IBM has announced that they are planning on inserting RFID chips into Italian scooters and diapers in order to track their movements.  IBM will implement this, most likely, via their new WebSphere RFID Information Center , a new software that allows multiple companies to log and share data from RFID tags.

Honda Italia Industriale, which sold 12.7 million scooters last year, plans to use RFID chips and IBM software to track motorcycle parts and tools circulating within its manufacturing plant in Atessa, Italy.

This, Honda believes, will lead to a more efficient plant because they can easily be tracked throughout the warehouse.

Pliant, based in Schaumburg, Ill., will sell a new RFID-embedded plastic wrap to consumer-goods companies that want to detect any tampering of their products in transit from manufacturer to distributor. Pliant is using IBM’s software to keep track of RFID-marked cargo–everything from cereal boxes to diapers–in the warehouse.

Though Pliant wants to keep track of tampering [] , there is no word on whether the RFID tags will be disabled before the unsuspecting public purchases items embedded with the tags.

These two companies add themselves to the new, and evolving, technology that IBM hopes will be a boon for businesses.  Boeing already tracks their parts via RFID but many retail outlets are still hesitant to use the new technology due to its cost and the lingering questions of consumer’s privacy, such as those that were asked about the Nike iPod.

Other companies already using RFID in their products include US Passports and discs that aim to prevent piracyRitek, the world’s largest DVD and CD maker, introduced these discs through their subsidiary, U-Tech in September 2006 in conjunction with IPICO, who makes the RFID chips for the discs.  This affects all discs, stamped and recordable.

The technology, which can also be used for Blu-Ray and HD-DVD discs, will allow movie studios to remotely track individual discs as they travel from factories to retail shelves to consumers’ homes.

Home DVD players will eventually be able to check on the chip embedded in a disc, and refuse to play discs which are copied or played in the ‘wrong’ geographical region, the companies behind the technology expect.

“This technology holds the potential to protect the intellectual property of music companies, film studios, gaming and software developers worldwide,” said Gordon Yeh, chief executive of Ritek Corporation.

RFID readers will then be built-in to home DVD players to extend the anti-copying technology into homes as part of a digital rights management system.

Again, while it is important to note that having the ability to track your product from warehouse to stores is a good idea, once a person purchases CDs and DVDs, they should actually own the product.  What this does is create a system whereby you are only leasing the product, to be used in your own home, in a manner, that someone else dictates.

It also locks you into one specific system that you are able to use to watch your purchased product.  Your DVD player will perform security tests to locate the RFID chip.  This will be done at the hardware level instead of the current system of software and drivers.  If it does not locate the chip, you will not be able to use the disc.

Ritek believes that this will eliminate piracy altogether.  It may, but I will believe it when I see it.  There will always be a way to copy or record something.  It might take a bit of time, but we have seen protection scheme after protection scheme broken.  Firmware has been modified for years and, if this new technology requires firmware, it will be cracked.  The most recent story is that the HD-DVD restrictions have been cracked and pirated copies of Serenity are available via bittorent.

GM and Toyota have also used RFID tags in the past and still had problems with theft.  Nissan is also implementing RFID.  Even if the data is encrypted, if all you need is a copy, then that is easy to do.  You can be on your way in your new car with a working copy of a key or ID.

Though tracking shipments is a good use of RFID tags, placing them on individual packages presents dangers.  Not all tags are passive and, in many warehouses, tags can be read from several meters away using standard issue readers.  Several meters away is still far enough away that you won’t notice someone reading your tags when you leave the supermarket.   Once you reach home and use the products, all a person needs to do is pass by your garbage cans with a reader and, over time, can account for the types of items you like to buy.  There is no need to for them to dig through your trash and get dirty because a brisk walk will gather all the information that they will need for whatever nefarious purpose they can think of.

IPICO claims that its RFID tags can be read from at least six metres away, and at a rate of thousands of tags per minute. The passive chips require no battery, as they are powered by the energy in radio waves from the RFID reader.

With this reality, it will not be hard to read the RFID tags for whatever possibility a person can imagine.  By continuing to label consumers as the bad guys, much of the RFID technology will be used to prevent normal people from doing normal things with items they purchased and legally own.  These protections aren’t even used to combat piracy, as Hollywood has finally admitted.  What will happen is the elimination of fair use for media, tracking of individual’s personal habits, and abuses of the system.  The question is, are those in Hollywood and Washington going to accept this as they watch their sales dwindle further because Joe Citizen is no longer purchasing their products or will Joe Citizen blindly accept yet another control telling them how to live?

I suggest you do what I have done; purchase several cheap DVD players, get a lot of blank media, keep your mouth shut, and don’t ever upgrade to this crap idea that those that sell you products should tell you how to use them.

flattr this!

Tokyo is about to go Minority Report. Starting next month, the Tokyo Ubiquitous Network Project will launch its services in Tokyo’s Ginza district, sending shoppers ads via its RFID networks.

Shoppers can either rent a prototype reader or get messages on their cell phones. The tags and transmitters identify a reader or phone’s location and match it to information provided by shops.

Along with this nifty way of shoving more ads down people’s throats, there are, yet again, calls of concerns about privacy.

Researchers, for instance, have suggested that a sensor designed by Nike Inc. and Apple Computer Inc. to keep track of running distances could also be used to track runners’ whereabouts — such as by installing readers along running paths.

Others worry that tags embedded in clothing could give a retailer valuable details on how long a consumer spends trying on sweaters.

While RFID has good uses, such as tracking pallets of merchandise in warehouses, modern day uses seem to go too far. Children are being tracked at schools, teaching them that it is okay to have their every move logged into a database somewhere. They no longer think it’s a big deal that their every move is being kept somewhere to be analyzed later. Many regular people balked at the idea of RFID tags, forcing companies to target the wealthy first, then children and, now, the public at large. When being tracked is ubiquitous to breathing, those that argued against RFID will be the minority and no longer count.

flattr this!

In not so surprising news, professional hacker, Adam Laurie, has claimed that he has successfully hacked Australia’s ePassport system. His new reader is able to access the passports, even through a jacket pocket, just so long as he is within a few inches of the actual passport. He is working on a new reader that can read passports from greater distances, putting all passport holders’ identities in jeopardy.

He had previously used the same tools to hack into Britain’s electronic passport, and warns it could enable criminals to steal your identity or terrorists to target you based on your nationality

He claims such a “hack” would also allow someone that looks like the passport holder to “clone” passports, and cross borders using a false identity.

Hey, it’s not like this should surprise anyone. These systems are entirely insecure, yet Britain, Australia, and the USA have pushed through these new technologies without proper and complete testing. Of course, the Australian government is downplaying this information and denying that it can actually happen. After all, millions of dollars have been spent getting this system online and, to have it be declared a failure so soon after its inception is an unthinkable admission on the government’s part, especially when, a little more than a year ago, Australia was hailing their passports as unhackable and the most secure ever.

“Each passport has a unique key which must be entered before the operator can access the information on the passport chip. The key is contained in the machine-readable zone on the data page of each passport.”

For crying out loud! We’ve heard this over and over. The government sticks their heads in the sand and says, “nuh-uh you can’t crack this. We’re better than the hackers.” It’s been proven many times already that you can clone the information on the passport. If it’s cloned, of course it’s going to pass whatever security measures the passport actually has. For once, I’d like someone in the government to say, “Holy Shit! Can we take a look at this so we can try to prevent this from happening to our unsuspecting citizens?”

“As far as the key is concerned … the information needed to derive this key is available not only on the printed page inside the passport, but sometimes from other sources such as online airline booking sites,” Mr Laurie said in an email.

“The information required is the date of birth, expiry date of the passport, and the passport number.

“This means that you would be unable to read the passport of a random passer-by, but if you were targeting a specific individual, and could get prior knowledge of those bits of information, you could read the passport without touching or seeing it.”

Don’t you think it would be prudent to listen to Mr. Laurie? He is telling you how to circumvent the passport’s security, thereby letting you know what is vulnerable and, essentially, how to fix it. He is concerned more with the fact that so much information regarding a person’s identity is placed on the chips in passports and that someone who would like to do evil can obtain access to the database.

Mr Laurie also raised the concern of “profiling”, whereby an attacker could potentially target specific nationalities.

Yes, many places, such as Slashdot, discussed this some time ago. You target a specific nationality, then kill them just because of it. In this instance, you do not even need physical access to the passport. You scan and learn the nationality of the person. You hate this particular nation so, it’s just a matter of how you want to kill them. Tell me again how RFID chips, biometrics, fingerprints, etc. will stop the terrorists now?

But, that’s okay, the Australian government says it’s not possible to rewrite or alter their passport’s chips, missing the point completely. There’s no need to worry when those evil muggers and terrorists target you just for being [insert your nationality here], they won’t be able to alter your passport so you’re perfectly safe.

flattr this!

This year the news media has taken steps to reveal the many uses for RFID to the general public but most people do not know that RFID has been in existence and common use for several years. What people do not know is how many systems have been using this technology because they simply do not equate the use of a simple convenience with a technology that could also invade their privacy later on.

E-ZPass has been in use since August 3, 1993 in New York State and, by February 6, 1997, it was in use along the entire New York State Thruway. Today, it ranges from Florida to Maine and Illinois.

Also in 1993, there were a few dutchmen playing around with the idea of RFID because they weren’t satisfied with the current uses of timing in marathons. A year later, they used their new technology at the Berlin marathon. The company, ChampionChip, is the oldest company to use this technology. While there are other companies with similar technology, I have to admit a bias to ChampionChip as I have a friend who worked for them from near the beginning until earlier this year. I’ve also been to the headquarters in Nijmegen, The Netherlands twice. Still, this is a great use of RFID technology that sometimes gets overlooked by those of us wearing our tin-foil hats.

Glasgow Rangers Football Club implemented RFID into their ticketing system in 1999. Many other sporting events and organizations have followed.

In 2000, Wal-Mart wanted to start chipping all of their inventory. In 2003, they began tagging their warehouses, a task that was to be completed by 2005.

Canada has its own mandatory cattle identification program that has been running since January 1, 2001. Its aim is to trace diseases and other items that may end up being harmful for cattle or humans.

The Oyster Card was introduced in London in 2003 and has been happily tracking Londoners for three years.

Marks & Spencer also began using RFID in their clothing line in 2003. Here, however, the chips aren’t permanently embedded into the clothing. They are attached to tags that are attached to clothing.

In 2004, the Baja Beach Club in Barcelona, Spain began implanting VIPs with chips so they are readily identifiable. This was to keep the riff-raff out of the VIP-only areas of the club.

A guy who calls himself Dividuum created an RFID music player with SID files from a Commodore 64. When an RFID tag gets near the music player, the music is played. This is a very cool use of RFID.

This weirdo decided to chip himself and these crazy kids want to give you help so you can chip yourself. There is a tribe of people who like RFID and want you to like it too. Several governments around the world want to chip migrant workers. Verichip wants to begin implanting US military personnel. Fortunately, EFF still thinks chipping people is a bad idea.

As of October 2006, all US Passports have RFID in them. Thankfully, my passport runs out in 2013 so I’ve got some time to remain nostalgic for the old system. I’ve also got plenty of time to get one of those portable Faraday Cages for my passport so no one can clone it.

Many libraries have objected and rejected the idea of RFID in books, citing it to be too dangerous [pdf] to track what individuals read. Still, others, think it’s a great tool.

Korea has created RFID chips out of 100% organic matter, which should ease the minds of people with allergies. Now, there’s no need to worry anymore about harming the environment or yourself as you chip away. Besides, the US FDA has said it’s safe, so go ahead, chip yourself.

The list goes on and on. Silicon.com has an article about the 10 best and worst uses of RFID. Now, while there are good, practical uses for RFID, such as inventory control, race timing, and tracking airline luggage, much of the other uses are not always a good idea.

These other uses make people lazy. Parents may not watch their children close enough because they will become lackadaisical and think that, “oh they’re chipped, they’ll turn up sooner or later.” Well, this is enough time for them to disappear altogether.

Implanting people with chips is dangerous. We don’t know the long-term effects of being chipped on a person’s body. Some people are more susceptible than others to infections. I also think too far ahead to a time when criminals will begin ripping people’s hands, arms, whatever off, so they can get access to your chip and everything that is you. We know the government will eventually put your entire identity on the chip. Hospitals are already doing this in the name of safety. Face it now and stop deluding yourself that it isn’t going to happen.

Remember, RFID chips can be copied and cloned. If a security system can identify the RFID chip, then so can the bad guys. They will get access to the machines. You can buy them now, if you’ve got the cash. If you are too poor, then make your own. But don’t think that RFID is entirely safe.

Face it. RFID isn’t coming. It’s already here. We haven’t done enough to stop it from invading out private lives so we’d better get off our asses now and find ways to make the system more secure before your identity is transferred to an insecure, easily defeated chip.

flattr this!