Anti RFID Campaign

stop-rfid-logo

Logo of the anti-RFID campaign by German privacy group FoeBuD

How would you like it if, for instance, one day you realized your underwear was reporting on your whereabouts? — California State Senator Debra Bowen, at a 2003 hearing.

The use of RFID technology has engendered considerable controversy and even product boycotts by consumer privacy advocates such as Katherine Albrecht and Liz McIntyre of CASPIAN who refer to RFID tags as “spychips”. The two main privacy concerns regarding RFID are:

  • Since the owner of an item will not necessarily be aware of the presence of an RFID tag and the tag can be read at a distance without the knowledge of the individual, it becomes possible to gather sensitive data about an individual without consent.
  • If a tagged item is paid for by credit card or in conjunction with use of a loyalty card, then it would be possible to indirectly deduce the identity of the purchaser by reading the globally unique ID of that item (contained in the RFID tag).

Most concerns revolve around the fact that RFID tags affixed to products remain functional even after the products have been purchased and taken home and thus can be used for surveillance and other purposes unrelated to their supply chain inventory functions.

The concerns raised by the above may be addressed in part by use of the Clipped Tag. The Clipped Tag is an RFID tag designed to increase consumer privacy. The Clipped Tag has been suggested by IBM researchers Paul Moskowitz and Guenter Karjoth. After the point of sale, a consumer may tear off a portion of the tag. This allows the transformation of a long-range tag into a proximity tag that still may be read, but only at short range – less than a few inches or centimeters. The modification of the tag may be confirmed visually. The tag may still be used later for returns, recalls, or recycling.

However, read range is both a function of the reader and the tag itself. Improvements in technology may increase read ranges for tags. Having readers very close to the tags makes short range tags readable. Generally, the read range of a tag is limited to the distance from the reader over which the tag can draw enough energy from the reader field to power the tag. Tags may be read at longer ranges than they are designed for by increasing reader power. The limit on read distance then becomes the signal-to-noise ratio of the signal reflected from the tag back to the reader. Researchers at two security conferences have demonstrated that passive UHF RFID tags, not of the HF type used in US passports, normally read at ranges of up to 30 feet, can be read at ranges of 50 to 69 feet using suitable equipment.

Another privacy issue is due to RFID’s support for a singulation (anti-collision) protocol. This is the means by which a reader enumerates all the tags responding to it without them mutually interfering. The structure of some collision-resolution (Medium Access Control) protocols is such that all but the last bit of each tag’s serial number can be deduced by passively eavesdropping on just the reader’s part of the protocol. Because of this, whenever the relevant types of RFID tags are near to readers, the distance at which a tag’s signal can be eavesdropped is irrelevant; what counts is the distance at which the much more powerful reader can be received. Just how far this can be depends on the type of the reader, but in the extreme case some readers have a maximum power output of 4 W, enabling signals to be received from tens of kilometres away. However, more recent UHF tags employing the EPCglobal Gen 2 (ISO 18000-6C) protocol, which is a slotted-Aloha scheme in which the reader never transmits the tag identifying information, are not subject to this particular attack.



Technical note: the anti-collision scheme of ISO 15693 will render this rather implausible. To eavesdrop on the reader part of the protocol – and gather the 63 least significant bits of a uid – would require the reader to send a mask value of 63 bits. This can only happen when the reader detects a collision up to the 63rd bit. In other words: One can eavesdrop on the transmitted mask-value of the reader, but for the reader to transmit a 63 bit mask-value requires two tags with identical least significant 63 bits. The probability of this happening must be near zero. I.e. the eavesdropper needs two virtually identical tags to be read at the same time by the reader in question. (However, “blocker tags” can readily be produced, for example to protect privacy from RFID surveillance, which can simulate collisions at any time). In any discussion of eavesdropping and skimming, it is important to make a distinction between inductively-coupled and radiatively-coupled tags. Protocols like ISO 15693 use 13.56 MHz radio frequencies and inductive coupling between the tag and reader. The signal power falls very rapidly to extremely low levels a few antenna diameters away from the reader when inductive coupling is used, so an attacker must be within a few meters to intercept the reader signal, and closer to read a tag. Protocols like 18000-6C, which use 900 MHz signals, usually use radiative coupling between tag and reader; a wave is launched, whose power falls roughly as the square of the distance. Tag signals can be intercepted from ten meters away under good conditions, and the reader signal can be detected from kilometers away if there are no obstructions. The potential for privacy violations with RFID was demonstrated by its use in a pilot program by the Gillette Company, which conducted a “smart shelf” test at a Tesco in Cambridge, England. They automatically photographed shoppers taking RFID-tagged safety razors off the shelf, to see if the technology could be used to deter shoplifting. This trial resulted in consumer boycott against Gillette and Tesco. In another incident, uncovered by the Chicago Sun-Times, shelves in a Wal-Mart in Broken Arrow, Oklahoma, were equipped with readers to track the Max Factor Lipfinity lipstick containers stacked on them. Webcam images of the shelves were viewed 750 miles (1200 km) away by Procter & Gamble researchers in Cincinnati, Ohio, who could tell when lipsticks were removed from the shelves and observe the shoppers in action.

In January 2004 privacy advocates from CASPIAN and the German privacy group FoeBuD were invited to the METRO Future Store in Germany, where an RFID pilot project was implemented. It was uncovered by accident that METRO “Payback” customer loyalty cards contained RFID tags with customer IDs, a fact that was disclosed neither to customers receiving the cards, nor to this group of privacy advocates. This happened despite assurances by METRO that no customer identification data was tracked and all RFID usage was clearly disclosed.

The controversy was furthered by the accidental exposure of a proposed Auto-ID consortium public relations campaign that was designed to “neutralize opposition” and get consumers to “resign themselves to the inevitability of it” whilst merely pretending to address their concerns. During the UN World Summit on the Information Society (WSIS) between the 16th to 18th of November, 2005, founder of the free software movement, Richard Stallman, protested the use of RFID security cards. During the first meeting, it was agreed that future meetings would no longer use RFID cards, and upon finding out this assurance was broken, he covered his card in tin foil, and would only uncover it at the security stations. This protest caused the security personnel considerable concern, with some not allowing him to leave a conference room in which he had been the main speaker, and then the prevention of him entering another conference room, where he was due to speak.

In 2004-2005 the Federal Trade Commission Staff conducted a workshop and review of RFID privacy concerns and issued a report recommending best practices.

RFID was one of the main topics of 2006 Chaos Communication Congress (organized by the Chaos Computer Club in Berlin) and triggered a big press debate. Topics included: electronic passports, Mifare cryptography and the tickets for the FIFA World Cup 2006. Talks showed how the first real world mass application of RFID technology at the 2006 FIFA Soccer World Cup worked. Group monochrom staged a special ‘Hack RFID’ song.

Tags: , , , ,

4 Responses to “Anti RFID Campaign”

  1. […] HR Web Cafe – workplace weblog by ESI Employee Assistance Group wrote an interesting post today on Anti RFID CampaignHere’s a quick excerpt Logo of the anti-RFID campaign by German privacy group FoeBuD How would you like it if, for instance, one day you realized your underwear was reporting on your whereabouts? — California State Senator Debra Bowen, at a 2003 hearing. The use of RFID technology has engendered considerable controversy and even product boycotts by consumer privacy advocates such as Katherine Albrecht and Liz McIntyre of CASPIAN who refer to RFID tags as “spychips”. The two main privacy concerns regarding RFID ar […]

  2. Excellent post. It looks that most of the steps are relying on the creativeness factor….

  3. MBT Shoes says:

    Your post is excellent. Thanks you truly for providing plenty of both useful and interesting propose ….

Leave a Reply