An EPC RFID tag used for Wal-Mart Radio Frequency Identification (RFID) is an automatic identification method, relying on storing and remotely retrieving data using devices called RFID tags or transponders. An RFID tag is a small object that can be attached to or incorporated into a product, animal, or person. RFID tags contain silicon chips and antennas to enable them to receive and respond to radio-frequency queries from an RFID transceiver. Passive tags require no internal power source, whereas active tags require a power source.
Contents [hide] • •
• •
•
• • •
• • •
[edit]
1 History of RFID tags 2 Types of RFID tags o 2.1 Passive o 2.2 Semi-passive o 2.3 Active 3 The RFID system 4 Current usage o 4.1 RFID in inventory systems o 4.2 RFID mandates o 4.3 Human implants 5 Potential uses o 5.1 Gen 2 o 5.2 Patient identification 6 Regulation and standardization 7 RFID Legislation 8 Controversy o 8.1 Passports o 8.2 Driver's licenses o 8.3 Religious Reaction to RFID o 8.4 Vulnerabilities 9 See also 10 References 11 External Links
History of RFID tags
An RFID tag used for electronic toll collection In 1945 Léon Theremin invented an espionage tool for the Soviet government which retransmitted incident radio waves with audio information. Even though this device was a passive covert listening device, not an identification tag, it has been attributed as the first known device and a predecessor to RFID technology. The technology used in RFID has been around since the early 1920s according to one source (although the same source states that RFID systems have been around just since the late 1960s) [1][2]. A more similar technology, the IFF transponder, was invented by the British in 1939 [1], and was routinely used by the allies in World War II to identify airplanes as friend or foe. Another early work exploring RFID is the landmark 1948 paper by Harry Stockman, titled "Communication by Means of Reflected Power" (Proceedings of the IRE, pp 1196– 1204, October 1948). Stockman predicted that "...considerable research and development work has to be done before the remaining basic problems in reflected-power communication are solved, and before the field of useful applications is explored."
Mario Cardullo claims that his U.S. Patent 3,713,148 in 1973 was the first true ancestor of modern RFID; a passive radio transponder with memory. [2] The first demonstration of today's reflected power (backscatter) RFID tags was done at the Los Alamos Scientific Laboratory in 1973. [3] [edit]
Types of RFID tags RFID tags can be either passive, semi-passive (also known as semi-active), or active. [edit]
Passive
Passive RFID tags have no internal power supply. The minute electrical current induced in the antenna by the incoming radio frequency signal provides just enough power for the CMOS integrated circuit (IC) in the tag to power up and transmit a response. Most passive tags signal by backscattering the carrier signal from the reader. This means that the aerial (antenna) has to be designed to both collect power from the incoming signal and also to transmit the outbound backscatter signal. The response of a passive RFID tag is not just an ID number (GUID); the tag chip can contain nonvolatile EEPROM for storing data. Lack of an onboard power supply means that the device can be quite small: commercially available products exist that can be embedded under the skin. As of 2006, the smallest such devices measured 0.15 mm × 0.15 mm, and are thinner than a sheet of paper (7.5 micrometers).[4] The addition of the antenna creates a tag that varies from the size of postage stamp to the size of a post card. Passive tags have practical read distances ranging from about 2 mm (ISO 14443) up to a few meters (EPC and ISO 18000-6) depending on the chosen radio frequency and antenna design/size. Due to their simplicity in design they are also suitable for manufacture with a printing process for the antennas. Passive RFID tags do not require batteries, and can be much smaller and have an unlimited life span. Non-silicon tags made from polymer semiconductors are currently being developed by several companies globally. Simple laboratory printed polymer tags operating at 13.56 MHz were demonstrated in 2005 by both PolyIC (Germany) and Philips (The Netherlands). If successfully commercialized, polymer tags will be roll printable, like a magazine, and much less expensive than silicon-based tags. [edit]
Semi-passive Semi-passive RFID tags are very similar to passive tags except for the addition of a small battery. This battery allows the tag IC to be constantly powered, which removes the need for the aerial to be designed to collect power from the incoming signal. Aerials can therefore be optimized for the backscattering signal. Semi-passive RFID tags are thus faster in response, though less reliable and powerful than active tags. [edit]
Active Unlike passive RFID tags, active RFID tags have their own internal power source which is used to power any ICs that generate the outgoing signal. Active tags are typically much more reliable (e.g. fewer errors) than passive tags due to the ability for active tags to conduct a "session" with a reader. Active tags, due to their onboard power supply, also transmit at higher power levels than passive tags, allowing them to be more effective in "RF challenged" environments like water (including humans/cattle, which are mostly water), heavy metal (shipping containers, vehicles), or at longer distances. Many active tags have practical ranges of hundreds of meters, and a battery life of up to 10 years. Some active RFID tags include sensors such as temperature logging which have been used in concrete maturity monitoring or to monitor the temperature of perishable goods.
Other sensors that have been married with active RFID include humidity, shock/vibration, light, radiation, temperture and atmospherics like ethylene. Active tags typically have much longer range (approximately 300 feet) and larger memories than passive tags, as well as the ability to store additional information sent by the transceiver. The United States Department of Defense has successfully used active tags to reduce logistics costs and improve supply chain visibility for more than 15 years. At present, the smallest active tags are about the size of a coin and sell for a few dollars. [edit]
The RFID system An RFID system may consist of several components: tags, tag readers, edge servers, middleware, and application software. The purpose of an RFID system is to enable data to be transmitted by a mobile device, called a tag, which is read by an RFID reader and processed according to the needs of a particular application. The data transmitted by the tag may provide identification or location information, or specifics about the product tagged, such as price, color, date of purchase, etc. The use of RFID in tracking and access applications first appeared during the 1980s. RFID quickly gained attention because of its ability to track moving objects. As the technology is refined, more pervasive and possibly invasive uses for RFID tags are in the works. In a typical RFID system, individual objects are equipped with a small, inexpensive tag. The tag contains a transponder with a digital memory chip that is given a unique electronic product code. The interrogator, an antenna packaged with a transceiver and decoder, emits a signal activating the RFID tag so it can read and write data to it. When an RFID tag passes through the electromagnetic zone, it detects the reader's activation signal. The reader decodes the data encoded in the tag's integrated circuit (silicon chip) and the data is passed to the host computer. The application software on the host processes the data, often employing Physical Markup Language (PML). Take the example of books in a library. Security gates can detect whether or not a book has been properly checked out of the library. When users return items, the security bit is re-set and the item record in the Integrated library system is automatically updated. In some RFID solutions a return receipt can be generated. At this point, materials can be roughly sorted into bins by the return equipment. Inventory wands provide a finer detail of sorting. This tool can be used to put books into shelf-ready order. [edit]
Current usage
•
The Canadian Cattle Identification Agency began using RFID tags as a replacement for barcode tags. The tags are required to identify a bovine's herd of origin and this is used for trace-back when a packing plant condemns a carcass. Currently CCIA tags are used in Wisconsin and by US farmers on a voluntary basis. The USDA is currently developing its own program.
•
In the UK, systems for prepaying for unlimited public transport have been devised, making use of RFID technology. The design is embedded in a creditcardlike pass, that when scanned reveals details of whether the pass is valid, and for how long the pass will remain valid. The first company to implement this is the NCT company of Nottingham City, where the general public affectionately refer to them as "beep cards". It's also the case with "Navigo" pass in Paris public transport system (RATP).
RFID tags used in libraries: square book tag, round CD/DVD tag and rectangular VHS tag. •
High-frequency RFID tags are used in library book or bookstore tracking, pallet tracking, building access control, airline baggage tracking, and apparel and pharmaceutical item tracking. High-frequency tags are widely used in identification badges, replacing earlier magnetic stripe cards. These badges need only be held within a certain distance of the reader to authenticate the holder. The American Express Blue credit card now includes a high-frequency RFID tag.
•
UHF RFID tags are commonly used commercially in case, pallet, and shipping container tracking, and truck and trailer tracking in shipping yards.
•
Microwave RFID tags are used in long range access control for vehicles.
•
RFID tags are used for electronic toll collection at toll booths with Georgia's Cruise Card, California's FasTrak, Illinois' I-Pass, the expanding eastern states' EZPass system, Florida's SunPass, Massachusett's Fast Lane, North Texas NTTA and Houston HCTRA EZ Tag, The "Cross-Israel Highway" (Highway 6), Philippines South Luzon Expressway E-Pass, Brisbane's Gateway Motorway E-
Toll in Australia, Central Highway (Autopista Central) in Chile and all highways in Portugal (Via Verde, the first system in the world to span the entire network of tolls) and France (Liber-T system). The tags are read remotely as vehicles pass through the booths, and tag information is used to debit the toll from a prepaid account. The system helps to speed traffic through toll plazas as it records the date, time, and billing data for the RFID vehicle tag. •
Sensors such as seismic sensors may be read using RFID transceivers, greatly simplifying remote data collection.
•
In January 2003, Michelin began testing RFID transponders embedded into tires. After a testing period that is expected to last 18 months, the manufacturer will offer RFID-enabled tires to car makers. Their primary purpose is tire-tracking in compliance with the United States Transportation, Recall, Enhancement, Accountability and Documentation Act (TREAD Act).
•
Some smart cards embedded with RFID chips are used as electronic cash, e.g. SmarTrip in Washington, DC, USA, EasyCard in Taiwan, Suica in Japan, TMoney in South Korea, Octopus Card in Hong Kong, and the Netherlands and Oyster Card on the London Underground in the United Kingdom to pay fares in mass transit systems and/or retails. The Chicago Transit Authority recently began using RFID technology in their Chicago Card.
•
Starting with the 2004 model year, a Smart Key/Smart Start option became available to the Toyota Prius. Since then, Toyota has been introducing the feature on various models around the world under both the Toyota and Lexus brands, including the Toyota Avalon (2005 model year), Toyota Camry (2007 model year), and the Lexus GS (2006 model year). The key uses an active RFID circuit which allows the car to acknowledge the key's presence within approximately 3 feet of the sensor. The driver can open the doors and start the car while the key remains in a purse or pocket.
•
In August 2004, the Ohio Department of Rehabilitation and Correction (ODRH) approved a $415,000 contract to evaluate the personnel tracking technology of Alanco Technologies. Inmates will wear wristwatch-sized transmitters that can detect if prisoners have been trying to remove them and send an alert to prison computers. This project is not the first such rollout of tracking chips in US prisons. Facilities in Michigan, California and Illinois already employ the technology.
•
A number of ski resorts, particularly in the French Alps, have adopted RFID tags to provide skiers hands-free access to ski lifts.
[edit]
RFID in inventory systems An advanced automatic identification technology such as the Auto-ID system based on the Radio Frequency Identification (RFID) technology has two values for inventory systems. First, the visibility provided by this technology allows an accurate knowledge on the inventory level by eliminating the discrepancy between inventory record and physical inventory. Second, the RFID technology can prevent or reduce the sources of errors. Benefits of using RFID include the reduction of labor costs, the simplification of business processes and the reduction of inventory inaccuracies. [edit]
RFID mandates Wal-Mart and the United States Department of Defense have published requirements that their vendors place RFID tags on all shipments to improve supply chain management. [5]. Due to the size of these two organizations, their RFID mandates impact thousands of companies worldwide. The deadlines have been extended several times because many vendors face significant difficulties implementing RFID systems. In practice, the successful read rates currently run only 80%, due to radio wave attenuation caused by the products and packaging. In time it is expected that even small companies will be able to place RFID tags on their outbound shipments. Since January, 2005, Wal-Mart has required its top 100 suppliers to apply RFID labels to all shipments. To meet this requirement, vendors use RFID printer/encoders to label cases and pallets that require EPC tags for Wal-Mart. These smart labels are produced by embedding RFID inlays inside the label material, and then printing bar code and other visible information on the surface of the label. [edit]
Human implants
Hand with the planned location of the RFID chip
Just after the operation to insert the RFID tag was completed Implantable RFID chips designed for animal tagging are now being used in humans. An early experiment with RFID implants was conducted by British professor of cybernetics Kevin Warwick, who implanted a chip in his arm in 1998. Night clubs in Barcelona, Spain and in Rotterdam, The Netherlands, use an implantable chip to identify their VIP customers, who in turn use it to pay for drinks [6]. In 2004, the Mexican Attorney General's office implanted 18 of its staff members with the Verichip to control access to a secure data room. (This number has been variously mis-reported as 160 or 180 staff members, though the correct number is actually 18. [7]) Security experts are warning against using RFID for authenticating people due to the risk of Identity Theft. For instance a Mafia Fraud Attack would make it possible for an attacker to steal the identity of a person in real-time. Due to the resource-constraints of RFIDs it is virtually impossible to protect against such attack models as this would require complex distance-binding protocols. [edit]
Potential uses RFID tags are often envisioned as a replacement for UPC or EAN barcodes, having a number of important advantages over the older barcode technology. They may not ever completely replace barcodes, due in part to their higher cost and in other part to the advantage of more than one independent data source on the same object. The new EPC, along with several other schemes, is widely available at reasonable cost. The storage of data associated with tracking items will require many terabytes on all levels. The escape is filtering, as nobody will save data without defined purpose. It is likely that goods will be tracked preferably by the pallet using RFID tags, and at package level with Universal Product Code (UPC) or EAN from unique barcodes. The unique identity in any case is a mandatory requirement for RFID tags, despite special choice of the numbering scheme. RFID tag data capacity is big enough that any tag will have a unique code, while current bar codes are limited to a single type code for all instances of a particular product. The uniqueness of RFID tags means that a product may be individually tracked as it moves from location to location, finally ending up in the
consumer's hands. This may help companies to combat theft and other forms of product loss. Moreover, the tracing back of products is an important feature that gets well supported with RFID tags containing not just a unique identity of the tag but also the serial number of the object. This may help companies to cope with quality deficiencies and resulting recall campaigns, but also contributes to concern over post-sale tracking and profiling of consumers. It has also been proposed to use RFID for POS store checkout to replace the cashier with an automatic system which needs no barcode scanning. However this is not likely to be possible without a significant reduction in the cost of current tags and changes in the operational process around POS. There is some research taking place, however, this is some years from reaching fruition. Active RFID tags also have the potential to function as low-cost remote sensors that broadcast telemetry back to a base station. Applications could include sensing of road conditions by implanted beacons, weather reports, and noise level monitoring. [edit]
Gen 2 GS1 and GS1 US operate the joint venture EPCglobal. EPCglobal is working on international standards for the use of RFID and the EPC in the identification of any item in the supply chain for companies worldwide. The organization's board of governors includes representatives from GS1, GS1 US, The Gillette Company, Procter & Gamble, Wal-Mart, Hewlett-Packard, Johnson & Johnson, Checkpoint Systems and Auto-ID Labs and others. The EPCglobal gen 2 standard was approved in December 2004, and is likely to form the backbone of RFID tag standards moving forward. This was approved after a contention from Intermec that the standard may infringe a number of their RFID related patents. It was decided that the standard itself did not infringe their patents, but it may be necessary to pay royalties to Intermec if the tag were to be read in a particular manner. EPC Gen2 is short for EPCglobal UHF Generation 2. EPC standardisation is headed to become adopted by ISO, e.g. in accordance with complementary standardisation based on the ISO standard 18000-6. [edit]
Patient identification In July 2004, the Food and Drug Administration issued a ruling that essentially begins a final review process that will determine whether hospitals can use RFID systems to identify patients and/or permit relevant hospital staff to access medical records. The use of RFID to prevent mixups between sperm and ova in IVF clinics is also being considered [8].
In October 2004, the FDA approved the country's first RFID chips that can be implanted in humans. The 134 kHz RFID chips, from VeriChip Corp., a subsidiary of Applied Digital Solutions Inc., can incorporate personal medical information and could save lives and limit injuries from errors in medical treatments, according to the company. The FDA approval was disclosed during a conference call with investors. Shortly after the approval, authors and anti-RFID activists Katherine Albrecht and Liz McIntyre discovered a warning letter from the FDA that spelled out serious health risks associated with the VeriChip. According to the FDA, these include "adverse tissue reaction," "migration of the implanted transponder," "failure of implanted transponder," "electrical hazards" and "magnetic resonance imaging [MRI] incompatibilty." Some in-home uses, such as allowing a refrigerator to track the expiration dates of the food it contains, have also been proposed, but few have moved beyond the prototype stage.
[edit]
Regulation and standardization There is no global public body that governs the frequencies used for RFID. In principle, every country can set its own rules for this. The main bodies governing frequency allocation for RFID are: • • •
• • • •
USA: FCC (Federal Communications Commission) Canada: DOC (Department of Communication) Europe: ERO, CEPT, ETSI, and national administrations (note that the national administrations must ratify the usage of a specific frequency before it can be used in that country) Japan: MPHPT (Ministry of Public Management, Home Affairs, Post and Telecommunication) China: Ministry of Information Industry Australia: Australian Communications and Media Authority. New Zealand: Ministry of Economic Development
Low-frequency (LF: 125 - 134.2 kHz and 140 - 148.5 kHz) and high-frequency (HF: 13.56 MHz) RFID tags can be used globally without a license. Ultra-high-frequency (UHF: 868 MHz-928 MHz) cannot be used globally as there is no single global standard. In North America, UHF can be used unlicensed for 908 - 928 MHz, but restrictions exist for transmission power. In Europe, UHF is under consideration for 865.6 - 867.6 MHz. Its usage is currently unlicensed for 869.40 - 869.65 MHz only, but restrictions exist for transmission power. The North American UHF standard is not accepted in France as it interferes with its military bands. For China and Japan, there is no regulation for the use of UHF. Each application for UHF in these countries needs a site license, which needs to
be applied for at the local authorities, and can be revoked. For Australia and New Zealand, 918 - 926 MHz are unlicensed, but restrictions exist for transmission power. These frequencies are known as the ISM bands (Industrial Medical Scientific). The return signal of the tag may still cause interference for other radio users [9]. Some standards that have been made regarding RFID technology include: • • • • • • •
ISO 11784 & 11785 - These standards regulate the Radio frequency identification of animals in regards to Code Structure and Technical concept ISO 14223/1 - Radio frequency identification of Animals, advanced transponders - Air interface ISO 10536 ISO 14443 ISO 15693 ISO 18000 EPCglobal - this is the standardization framework that is most likely to undergo International Standardisation according to ISO rules as with all sound standards in the world, unless residing with limited scope, as customs regulations, air-traffic regulations and others. Currently the big distributors and governmental customers are pushing EPC heavily as a standard well accepted in their community, but not yet regarded as for salvation to the rest of the world.
A primary security concern surrounding RFID technology is the illicit tracking of RFID tags. Tags which are world-readable pose a risk to both personal location privacy and corporate/military security. Such concerns have been raised with respect to the United States Department of Defense's recent adoption of RFID tags for supply chain management [10]. More generally, privacy organizations have expressed concerns in the context of ongoing efforts to embed electronic product code (EPC) RFID tags in consumer products. A second class of defense uses cryptography to prevent tag cloning. Some tags use a form of "rolling code" scheme, wherein the tag identifier information changes after each scan, thus reducing the usefulness of observed responses. More sophisticated devices engage in challenge-response protocols where the tag interacts with the reader. In these protocols, secret tag information is never sent over the insecure communication channel between tag and reader. Rather, the reader issues a challenge to the tag, which responds with a result computed using a cryptographic circuit keyed with some secret value. Such protocols may be based on symmetric or public key cryptography. Cryptographically-enabled tags typically have dramatically higher cost and power requirements than simpler equivalents, and as a result, deployment of these tags is much more limited. This cost/power limitation has led some manufacturers to implement cryptographic tags using substantially weakened, or proprietary encryption schemes, which do not necessarily resist sophisticated attack. For example, the Exxon-Mobil Speedpass uses a cryptographicallyenabled tag manufactured by Texas Instruments, called the Digital Signature Transponder
(DST), which incorporates a weak, proprietary encryption scheme to perform a challenge-response protocol.
Still other cryptographic protocols attempt to achieve privacy against unauthorized readers, though these protocols are largely in the research stage. One major challenge in securing RFID tags is a shortage of computational resources within the tag. Standard cryptographic techniques require more resources than are available in most low cost RFID devices. RSA Security has patented a prototype device that locally jams RFID signals by interrupting a standard collision avoidance protocol, allowing the user to prevent identification if desired. [11]. Various policy measures have also been proposed, such as marking RFID tagged objects with an industry standard label. [edit]
RFID Legislation •
California – SB1834 PURPOSE: Restrict the way businesses and libraries in California use RFID tags attached to consumer products or using an RFID reader that could be used to identify an individual. Defeated by members of the California state assembly on June 25, 2005.
•
Massachusetts – HB 1447, SB 181 PURPOSE: Requires labels regarding use and purpose of RFID on consumer products; requires the ability to remove tags; and restricts info on tags to inventory and like purposes.
•
Maryland – HB 354 PURPOSE: Creates a task force to study privacy and other issues related to RFID and report on whether legislation is needed.
•
Missouri – SB 128 PURPOSE: Requires a conspicuous label on consumer packaging with RFID disclosing existence of the tag and that the tag can transmit a unique ID before and after purchase.
•
Nevada – AB 264 PURPOSE: Requires manufacturers, retailers and others to ensure placement of a label regarding existence of RFID on product prior to sale.
•
New Hampshire – HB 203 PURPOSE: Requires written or verbal notice of existence of a tracking device on any product prior to sale.
•
New Mexico – HB 215 PURPOSE: Requires businesses purveying tagged items to post notices on their premises and labels on the products; requires removal or deactivation of tag at point of sale.
•
Rhode Island – H 5929 PURPOSE: Prohibits state or local government from using RFID to track movement or identity of employees, students or clients or others as a condition of a benefit or service.
•
South Dakota – HB 1114 PURPOSE: Prohibits requiring a person to receive implant of an RFID chip.
•
Tennessee – HB 300, SB 699 PURPOSE: Requires conspicuous labeling of goods containing RFID disclosing existence of RFID and that it can transmit unique information.
•
Texas – HB 2953 PURPOSE: Prohibits school district from requiring student to use an RFID device for identification; requires school to provide alternative method to those who object to RFID.
•
Utah – HB 185 PURPOSE: Amends computer crime law to include RFID.
•
Wisconsin – Assembly Bill 291 PURPOSE: Prohibits anyone, including employers or government agencies, from requiring people to have microchips implanted in them. Violators would face fines of up to $10,000.
[edit]
Controversy
How would you like it if, for instance, one day you realized your underwear was reporting on your whereabouts? — California State Senator Debra Bowen, at a 2003 hearing [12] The use of RFID technology has engendered considerable controversy and even product boycotts by consumer privacy advocates such as Katherine Albrecht and Liz McIntyre of CASPIAN who refer to RFID tags as "spychips". The four main privacy concerns regarding RFID are: • • •
•
The purchaser of an item will not necessarily be aware of the presence of the tag or be able to remove it; The tag can be read at a distance without the knowledge of the individual; If a tagged item is paid for by credit card or in conjunction with use of a loyalty card, then it would be possible to tie the unique ID of that item to the identity of the purchaser; and The EPCglobal system of tags create, or are proposed to create, globally unique serial numbers for all products, even though this creates privacy problems and is completely unnecessary for most applications.
Most concerns revolve around the fact that RFID tags affixed to products remain functional even after the products have been purchased and taken home, and thus can be used for surveillance and other nefarious purposes unrelated to their supply chain inventory functions. Although RFID tags are only officially intended for short-distance use, they can be interrogated from greater distances by anyone with a high-gain antenna, potentially allowing the contents of a house to be scanned at a distance, something distinctly Orwellian in nature. Even short range scanning is a concern if all the items detected are logged in a database every time a person passes a reader, or if it is done for nefarious reasons (e.g., a mugger using a hand-held scanner to obtain an instant assessment of the wealth of potential victims). With permanent RFID serial numbers, an item leaks unexpected information about a person even after disposal; for example, items that are resold or given away can enable mapping of a person's social network. Another privacy issue is due to RFID's support for a singulation (anti-collision) protocol. This is the means by which a reader enumerates all the tags responding to it without them mutually interfering. The structure of the most common version of this protocol is such that all but the last bit of each tag's serial number can be deduced by passively eavesdropping on just the reader's part of the protocol. Because of this, whenever RFID tags are near to readers, the distance at which a tag's signal can be eavesdropped is irrelevant; what counts is the distance at which the much more powerful reader can be received. Just how far this can be depends on the type of the reader, but in the extreme case some readers have a maximum power output of 4 W, enabling signals to be received from tens of kilometres away.[citation needed] Technical note: the anti-collision scheme of ISO 15693 will render this rather implausible. To eavesdrop on the reader part of the protocol - and gather the 63 least significant bits of a uid - would require the reader to send a mask value of 63 bits. This
can only happen when the reader detects a collision up to the 63rd bit. In other words: One can eavesdrop on the transmitted mask-value of the reader, but for the reader to transmit a 63 bit mask-value requires two tags with identical least significant 63 bits. The probability of this happening must be near zero. I.e. the eavesdropper needs two virtually identical tags to be read at the same time by the reader in question. The potential for privacy violations with RFID was demonstrated by its use in a pilot program by the Gillette Company, which conducted a "smart shelf" test at a Tesco in Cambridge, England. They automatically photographed shoppers taking RFID-tagged safety razors off the shelf, to see if the technology could be used to deter shoplifting. [13] This trial resulted in consumer boycott against Gillette. There was also a protest of Tesco. A boycott against Tesco for its involvement with item-level RFID tagging has been in effect since early 2005. In another incident, uncovered by the Chicago Sun-Times, shelves in a Wal-Mart in Broken Arrow, Oklahoma, were equipped with readers to track the Max Factor Lipfinity lipstick containers stacked on them. Webcam images of the shelves were viewed 750 miles (1200 km) away by Procter & Gamble researchers in Cincinnati, Ohio, who could tell when lipsticks were removed from the shelves and observe the shoppers in action. In January 2004 privacy advocates from CASPIAN and the German privacy group FoeBuD were invited to the METRO Future Store in Germany, where an RFID pilot project was implemented. It was uncovered by accident that METRO "Payback" customer loyalty cards contained RFID tags with customer IDs, a fact that was disclosed neither to customers receiving the cards, nor to this group of privacy advocates. This happened despite assurances by METRO that no customer identification data was tracked and all RFID usage was clearly disclosed. [14] The controversy was furthered by the accidental exposure of a proposed Auto-ID consortium public relations campaign that was designed to "neutralize opposition" and get consumers to "resign themselves to the inevitability of it" whilst merely pretending to address their concerns. [15] The standard proposed by EPCglobal includes privacy related guidelines for the use of RFID-based EPC. These guidelines include the requirement to give consumers clear notice of the presence of EPC and to inform them of the choice that they have to discard, disable or remove EPC tags. These guidelines are non-binding, and only partly comply with the joint statement of 46 multinational consumer rights and privacy groups. In 2004, Lukas Grunwald released a computer program RFDump which with suitable hardware allows reading and reprogramming the metadata contained in an RFID tag, although not the unchangeable serial number built into each tag. He said consumers could use this program to protect themselves, although it would also have significant malicious uses. [edit]
Passports A number of countries have begun to embed RFID devices in new biometric passports, to facilitate efficient machine reading of personal data. Security expert Bruce Schneier said of these proposals: "It's a clear threat to both privacy and personal safety. Quite simply, it's a bad idea." The RFID-enabled passport uniquely identifies its holder, and in the proposal currently under consideration, will also include a variety of other personal information. This could greatly simplify some of the abuses of RFID technology, and expand them to include abuses based on machine reading of data such as a person's nationality. For example, a mugger operating near an airport could target victims who have arrived from wealthy countries, or a terrorist could design a bomb which functioned when approached by persons from a particular country. The US State Department initially rejected these concerns on the grounds that they believed the chips could only be read from a distance of 10 cm (4 in), but in the face of 2,400 critical comments from security professionals, and a clear demonstration that special equipment can read the test passports from 10 m (33 feet) away, the proposal was reviewed. RFID passports will start to be issued in mass distribution in October 2006.[16] In November 2005, the State Department stated that as of October 2006 all new US passports will contain RFID chips with some security features. The passports will be shielded to prevent skimming. The department will also implement Basic Access Control (BAC), which functions as a Personal Identification Number (PIN) in the form of characters printed on the passport data page. Before a passport's tag can be read, this PIN must be entered into an RFID reader. The BAC also enables the encryption of any communication between the chip and interrogator [17]. The Pakistan Passport Authority has started issuing passports with RFID tags. The Norwegian Passport authority has also issued passports with RFID tags, and was criticized by the Norwegian Data Inspectorate Department because of their lack of implementing any security features. As of November 2005 only a handful of passports have been issued [18]. The Malaysian Passport Authority has started using passports with RFID tags since early 2000. The New Zealand government introduced chipped passports on 4 November 2005 after trials with pilots from the United States in association with Australia. All new passports issued by New Zealand will contain these chips. France is to start issuing biometric identity cards on 17 April 2006. [edit]
Driver's licenses
The US state of Virginia has considered putting RFID`S tag into driver's licenses ostensibly to make lookups faster for police officers and other government officials. The Virginia General Assembly also hopes that by including the tags, false identity documents would become much harder to obtain. The proposal was first introduced in the "Driver's License Modernization Act" of 2002, which was not enacted, but as of 2004 the concept was still under consideration. The idea was prompted by the fact that some of the September 11 hijackers held fraudulent Virginia driver's licenses. However the American Civil Liberties Union has noted that in addition to being a risk to privacy and liberty, the RFID proposal would not have hindered the hijackers, since the false documents they carried were valid, officially issued documents obtained with other false identification. The weakness in the system is not failure to validate documents in the field, but failure to verify identity before issuing them. [edit]
Religious Reaction to RFID There has been discussion by members of the Christian community, especially Christian anarchists, that RFID tagging could represent the mark of the beast mentioned specifically in the Book of Revelation (see Revelation 13:16). This subject is studied by those Christians interested in the fields of eschatology (last things) and dispensationalism. Previously, other forms of identification such as credit cards and UPC codes had been suggested as candidates for the mark. [19] [20] [21] While the exact Mark of the Beast used in the Left Behind series was not fully explained, the implanted chip exhibited behavior similar to a RFID tag. [edit]
Vulnerabilities •
•
•
•
The New York Times reported on new research showing how RFID tags could be "infected" with computer viruses. "RFID malware is a Pandora's box...," the Times quotes from the study available at www.rfidvirus.org. The Wall Street Journal reported on the privacy implications of RFID technology in consumer cards and passports. The article refers to RFID Blocking Wallets which are "designed to shield radio chip bank card[s] from being read without [the consumer's] knowledge" as a method of ensuring security. Security expert Bruce Schneier reports on a Weizmann Institute of Science study suggesting "so-called 'wallet phones' will be capable of attacking HF tags" through power analysis attack. Wired Magazine reported that current encryption and security measures used by RFID devices are grievously inadequate. Currently, it is very easy to steal and/or modify the data contained on most RFID chips.
[edit]
See also
Wikimedia Commons has media related to: Radio Frequency Identification • • • •
Ubiquity WiBro Electronic tagging Mass surveillance
[edit]
References 1. ^ Dargan, Gaurav; Johnson,Brian; Panchalingam, Mukunthan; Stratis, Chris (2004). The Use of Radio Frequency Identification as a Replacement for Traditional Barcoding. URL accessed on 2006-05-31. 2. ^ Landt, Jerry (2001). Shrouds of Time: The history of RFID. (PDF) AIM, Inc.. URL accessed on 2006-05-31. [edit]
External Links • •
RFID Journal RFID Law Blog
Retrieved from "http://en.wikipedia.org/wiki/Radio_Frequency_Identification"