RFID spy-chippers leak confidential data on the Web

And they want to track your every move

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

Public relations flacks eager to win the public over to the benefits of mass RFID (Radio Frequency Identification) chip proliferation have ironically managed to leave their own confidential plans unprotected on the Web.

An outfit called CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) discovered the trove of marketing half-truths on the MIT Auto-ID Center Web site, available for all to see. The irony of data leakage by a group dedicated to allaying the privacy concerns of millions of people whose every possession may soon be broadcasting data indiscriminately to the world is just too tempting to be ignored.

"The Auto-ID Center is the organization entrusted with developing a global Internet infrastructure for radio frequency identification. Their plans are to tag all the objects manufactured on the planet with RFID chips and track them via the Internet," CASPIAN says.

Cryptome.org has volunteered to host the PR documents along with some pointed here.

Apparently the RFID lobby sees public reluctance as nothing more than an obstacle to be overcome with shallow bromides and platitudes. Many of the documents are related to focus-group surveys in which consumers wisely note that RFID offers them few benefits while posing considerable threats to privacy. In response, PR firm Fleischman-Hillard recommends that the industry communicate several inaccuracies, the most egregious being that the RFID transponder is "nothing more than an improved bar-code," as if broadcasting data were an inconsequential difference.

In another it is suggested that the sheep-like populace will resign itself to the inevitability of this innovation, though they may not much care for it.

In one document it is recommended that RFID tags be re-named "Green Tags" to suggest an overlay of environmental concern. But it seems that they will be re-named eTags, to give them that cool Silicon Valley cachet instead.

At no point do the flacks suggest the obvious solution to consumer concerns, namely that any products containing such tags be identified clearly and that they be designed so that buyers can remove or disable them easily.

A recent document posted here explains how 'eTags' will be used in connection with the ePC Network. The acronym ePC stands for Electronic Product Code: a "globally unique pointer for making enquiries about the item associated with the EPC," we are told. So that's the plan according to AutoID.org: a 'globally unique pointer' in every product, networked via the Web, and marketed as nothing more than an 'improved bar code'.

Our Friend the Atom Hidden Transponder

One of the challenges facing the 'chip everyone and everything' lobby is inventing applications for the chips that benefit consumers directly. They do of course offer real benefits to the manufacturing, transportation and retail industries, but training John Q Public to respond positively requires some sort of agreeable, real-world experience to illuminate his overall perception of the technology.

Perhaps with this in mind, Watchmaker Timex, of "it takes a licking and keeps on ticking" fame, would like you to be the first on your block to have your bank account emptied or your credit card maxed out by a sneak thief.

Timex is offering wristwatches with RFID transponders tied to the popular Speedpass system, which automatically bills one's credit card or debits one's bank account. The new watches, priced between $40 and $45, will allow consumers to "instantly pay for purchases at over 7,500 Exxon and Mobil stations nationwide and at over 440 participating McDonalds' restaurants in Chicago and Northwest Indiana," Timex says.

While the prospect of free quickie-mart snacks and Happy Meals may offer scant inducement to criminals, if the scheme were to catch on and expand, fraud would quickly become a problem and security concerns would drive consumers away. Thus early success might be the quickest route to ultimate failure.

Of course there is a more remote but quite disturbing possibility: that rampant transponder/credit fraud would provide the rationale for implanting the chips in people's bodies, reviving old concerns about the Biblical Mark of the Beast, to be required for all commerce when Satan's ultimate victory over mankind is at hand:

"And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads: And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name" Revelation 13:16-17.

It's a scary thought, and recent advances in technology give it currency, at least in some circles; but surely the fact that retail behemoth Wal-Mart has taken a leading role in the widespread conversion from bar-codes to RFID transponders, and the fact that major oil companies like Exxon Mobil and child-friendly homes away from home like McDonalds are getting involved should relieve everyone's anxiety.

Indeed, Wal-Mart only yesterday announced that it would delay trials within its stores of the 'Smart-Shelf' system, a venture with Gillette which would have chipped packets of razor blades and shaving foam to make re-stocking easier for its overworked staff. The company now says it will concentrate on chipping in the warehouse, but not the retail outlet.

Whether recent bad press surrounding the RFID publicity documents has anythng to do with this decision is difficult to determine, but the official statement, that Wal-Mart never really wanted the Smart Shelf system, is pretty hard to swallow once one reviews the PR documents. It may be that the cost per unit is still too high for inexpensive retail products, or it may be that the company is doing a bit of PR damage control. Either way, the Mark of the Beast looks set to catch on more slowly with the public than originally thought. ®

Related Story RFID chips are here

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story


A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.