Feeds

RFID spy-chippers leak confidential data on the Web

And they want to track your every move

  • alert
  • submit to reddit

Intelligent flash storage arrays

Public relations flacks eager to win the public over to the benefits of mass RFID (Radio Frequency Identification) chip proliferation have ironically managed to leave their own confidential plans unprotected on the Web.

An outfit called CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) discovered the trove of marketing half-truths on the MIT Auto-ID Center Web site, available for all to see. The irony of data leakage by a group dedicated to allaying the privacy concerns of millions of people whose every possession may soon be broadcasting data indiscriminately to the world is just too tempting to be ignored.

"The Auto-ID Center is the organization entrusted with developing a global Internet infrastructure for radio frequency identification. Their plans are to tag all the objects manufactured on the planet with RFID chips and track them via the Internet," CASPIAN says.

Cryptome.org has volunteered to host the PR documents along with some pointed here.

Apparently the RFID lobby sees public reluctance as nothing more than an obstacle to be overcome with shallow bromides and platitudes. Many of the documents are related to focus-group surveys in which consumers wisely note that RFID offers them few benefits while posing considerable threats to privacy. In response, PR firm Fleischman-Hillard recommends that the industry communicate several inaccuracies, the most egregious being that the RFID transponder is "nothing more than an improved bar-code," as if broadcasting data were an inconsequential difference.

In another it is suggested that the sheep-like populace will resign itself to the inevitability of this innovation, though they may not much care for it.

In one document it is recommended that RFID tags be re-named "Green Tags" to suggest an overlay of environmental concern. But it seems that they will be re-named eTags, to give them that cool Silicon Valley cachet instead.

At no point do the flacks suggest the obvious solution to consumer concerns, namely that any products containing such tags be identified clearly and that they be designed so that buyers can remove or disable them easily.

A recent document posted here explains how 'eTags' will be used in connection with the ePC Network. The acronym ePC stands for Electronic Product Code: a "globally unique pointer for making enquiries about the item associated with the EPC," we are told. So that's the plan according to AutoID.org: a 'globally unique pointer' in every product, networked via the Web, and marketed as nothing more than an 'improved bar code'.

Our Friend the Atom Hidden Transponder

One of the challenges facing the 'chip everyone and everything' lobby is inventing applications for the chips that benefit consumers directly. They do of course offer real benefits to the manufacturing, transportation and retail industries, but training John Q Public to respond positively requires some sort of agreeable, real-world experience to illuminate his overall perception of the technology.

Perhaps with this in mind, Watchmaker Timex, of "it takes a licking and keeps on ticking" fame, would like you to be the first on your block to have your bank account emptied or your credit card maxed out by a sneak thief.

Timex is offering wristwatches with RFID transponders tied to the popular Speedpass system, which automatically bills one's credit card or debits one's bank account. The new watches, priced between $40 and $45, will allow consumers to "instantly pay for purchases at over 7,500 Exxon and Mobil stations nationwide and at over 440 participating McDonalds' restaurants in Chicago and Northwest Indiana," Timex says.

While the prospect of free quickie-mart snacks and Happy Meals may offer scant inducement to criminals, if the scheme were to catch on and expand, fraud would quickly become a problem and security concerns would drive consumers away. Thus early success might be the quickest route to ultimate failure.

Of course there is a more remote but quite disturbing possibility: that rampant transponder/credit fraud would provide the rationale for implanting the chips in people's bodies, reviving old concerns about the Biblical Mark of the Beast, to be required for all commerce when Satan's ultimate victory over mankind is at hand:

"And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads: And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name" Revelation 13:16-17.

It's a scary thought, and recent advances in technology give it currency, at least in some circles; but surely the fact that retail behemoth Wal-Mart has taken a leading role in the widespread conversion from bar-codes to RFID transponders, and the fact that major oil companies like Exxon Mobil and child-friendly homes away from home like McDonalds are getting involved should relieve everyone's anxiety.

Indeed, Wal-Mart only yesterday announced that it would delay trials within its stores of the 'Smart-Shelf' system, a venture with Gillette which would have chipped packets of razor blades and shaving foam to make re-stocking easier for its overworked staff. The company now says it will concentrate on chipping in the warehouse, but not the retail outlet.

Whether recent bad press surrounding the RFID publicity documents has anythng to do with this decision is difficult to determine, but the official statement, that Wal-Mart never really wanted the Smart Shelf system, is pretty hard to swallow once one reviews the PR documents. It may be that the cost per unit is still too high for inexpensive retail products, or it may be that the company is doing a bit of PR damage control. Either way, the Mark of the Beast looks set to catch on more slowly with the public than originally thought. ®

Related Story RFID chips are here

Beginner's guide to SSL certificates

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.