Feeds

RFID spy-chippers leak confidential data on the Web

And they want to track your every move

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

Public relations flacks eager to win the public over to the benefits of mass RFID (Radio Frequency Identification) chip proliferation have ironically managed to leave their own confidential plans unprotected on the Web.

An outfit called CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) discovered the trove of marketing half-truths on the MIT Auto-ID Center Web site, available for all to see. The irony of data leakage by a group dedicated to allaying the privacy concerns of millions of people whose every possession may soon be broadcasting data indiscriminately to the world is just too tempting to be ignored.

"The Auto-ID Center is the organization entrusted with developing a global Internet infrastructure for radio frequency identification. Their plans are to tag all the objects manufactured on the planet with RFID chips and track them via the Internet," CASPIAN says.

Cryptome.org has volunteered to host the PR documents along with some pointed here.

Apparently the RFID lobby sees public reluctance as nothing more than an obstacle to be overcome with shallow bromides and platitudes. Many of the documents are related to focus-group surveys in which consumers wisely note that RFID offers them few benefits while posing considerable threats to privacy. In response, PR firm Fleischman-Hillard recommends that the industry communicate several inaccuracies, the most egregious being that the RFID transponder is "nothing more than an improved bar-code," as if broadcasting data were an inconsequential difference.

In another it is suggested that the sheep-like populace will resign itself to the inevitability of this innovation, though they may not much care for it.

In one document it is recommended that RFID tags be re-named "Green Tags" to suggest an overlay of environmental concern. But it seems that they will be re-named eTags, to give them that cool Silicon Valley cachet instead.

At no point do the flacks suggest the obvious solution to consumer concerns, namely that any products containing such tags be identified clearly and that they be designed so that buyers can remove or disable them easily.

A recent document posted here explains how 'eTags' will be used in connection with the ePC Network. The acronym ePC stands for Electronic Product Code: a "globally unique pointer for making enquiries about the item associated with the EPC," we are told. So that's the plan according to AutoID.org: a 'globally unique pointer' in every product, networked via the Web, and marketed as nothing more than an 'improved bar code'.

Our Friend the Atom Hidden Transponder

One of the challenges facing the 'chip everyone and everything' lobby is inventing applications for the chips that benefit consumers directly. They do of course offer real benefits to the manufacturing, transportation and retail industries, but training John Q Public to respond positively requires some sort of agreeable, real-world experience to illuminate his overall perception of the technology.

Perhaps with this in mind, Watchmaker Timex, of "it takes a licking and keeps on ticking" fame, would like you to be the first on your block to have your bank account emptied or your credit card maxed out by a sneak thief.

Timex is offering wristwatches with RFID transponders tied to the popular Speedpass system, which automatically bills one's credit card or debits one's bank account. The new watches, priced between $40 and $45, will allow consumers to "instantly pay for purchases at over 7,500 Exxon and Mobil stations nationwide and at over 440 participating McDonalds' restaurants in Chicago and Northwest Indiana," Timex says.

While the prospect of free quickie-mart snacks and Happy Meals may offer scant inducement to criminals, if the scheme were to catch on and expand, fraud would quickly become a problem and security concerns would drive consumers away. Thus early success might be the quickest route to ultimate failure.

Of course there is a more remote but quite disturbing possibility: that rampant transponder/credit fraud would provide the rationale for implanting the chips in people's bodies, reviving old concerns about the Biblical Mark of the Beast, to be required for all commerce when Satan's ultimate victory over mankind is at hand:

"And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads: And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name" Revelation 13:16-17.

It's a scary thought, and recent advances in technology give it currency, at least in some circles; but surely the fact that retail behemoth Wal-Mart has taken a leading role in the widespread conversion from bar-codes to RFID transponders, and the fact that major oil companies like Exxon Mobil and child-friendly homes away from home like McDonalds are getting involved should relieve everyone's anxiety.

Indeed, Wal-Mart only yesterday announced that it would delay trials within its stores of the 'Smart-Shelf' system, a venture with Gillette which would have chipped packets of razor blades and shaving foam to make re-stocking easier for its overworked staff. The company now says it will concentrate on chipping in the warehouse, but not the retail outlet.

Whether recent bad press surrounding the RFID publicity documents has anythng to do with this decision is difficult to determine, but the official statement, that Wal-Mart never really wanted the Smart Shelf system, is pretty hard to swallow once one reviews the PR documents. It may be that the cost per unit is still too high for inexpensive retail products, or it may be that the company is doing a bit of PR damage control. Either way, the Mark of the Beast looks set to catch on more slowly with the public than originally thought. ®

Related Story RFID chips are here

Beginner's guide to SSL certificates

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
Carders punch holes through Staples
Investigation launched into East Coast stores
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.