Joined: 26 Mar 2006 Posts: 707 Location: Toronto,Canada (biggest Canadian city)
Radio Frequency Identification (RFID) Essentials
[Quote]RFID Essentials
By Himanshu Bhatt, Bill Glover
...............................................
Publisher: O'Reilly
Pub Date: January 2006
Print ISBN-10: 0-596-00944-5
Print ISBN-13: 978-0-59-600944-1
Pages: 276
Radio Frequency Identification (RFID) is rapidly changing the
way businesses track inventory and assets. From Wal-Mart and Tesco to the
U.S. Department of Defense, early efforts are already showing benefits,
but software, integration, and data processing for RFID still present a challenge. If you are a developer or an architect charged with developing an RFID system, this book is for you. Drawing on extensive experience, Bill Glover and Himanshu Bhatt provide you with essential information on this emerging technology.
With the knowledge you gain in these pages, you will possess the
information and understanding you need to start designing, building, or
integrating with RFID systems.
In RFID Essentials you will find information on:
---- Tags and tag protocols, including the Electronic Product Code (EPC)
---- Readers and reader protocols
---- RFID middleware
---- Security and privacy
---- Managing RFID devices
---- RFID's impact on your architecture
Bill Glover has been writing software since 1981 and has worked as a
programmer, lead developer, or architect on systems of all sizes, from
small, automated systems controlling dams and feedmills up to a
complete redesign and reimplementation of one of the world's busiest
travel web sites. Bill first worked with RFID in 1995, tracking
individual cattle using ear tags. He is currently a Senior Java
Architect with Sun Microsystems, Inc., and works with Sun's RFID
consulting practice and the RFID Test Center.
Himanshu Bhatt heads the U.S. RFID Practice and Software Technology Lab
for Sun Microsystems, Inc. Prior to assuming this role, Himanshu was
responsible for business development and consulting in emerging areas
of technology. Himanshu has over 16 years of experience in the
architecture and development of distributed, multitier systems using a
host of technologies for Fortune 1000 companies. Himanshu has spoken at
industry conferences such as JavaOne and the LoneStar Symposium and has
published articles on Java/J2EE technologies.
/Quote]
A new book by privacy advocates makes the case that corporations and government agencies are in collusion to put tiny radio transmitters on nearly everything we buy. Companies say it's about providing thought leadership, not the Mark of the Beast.
Katherine Albrecht and Liz McIntyre hope to become the twin Erin Brockoviches of RFID, by revealing the threat posed by the radio tag replacements for barcode labels.
They may get their wish, if readers believe the conclusions of the privacy advocates' new book, Spychips: How Major Corporations and Government Plan to Track Your Every Move with RFID.
Albrecht and McIntyre make a staggering accusation in Spychips: that Philips, Procter and Gamble, Gillette, NCR and IBM are conspiring with each other and the federal government to follow individual consumers everywhere, using embedded radio tags planted in their clothing and belongings.
The businesses, who form the center of the RFID industry, hope to wirelessly monitor the contents of consumers' refrigerators, medicine cabinets, basement workbenches -- even their garbage pails, the book claims.
These companies have long insisted they are interested only in making their supply chains run more smoothly.
The authors, who run the consumer privacy rights group Caspian, support their assertions with company documents, records of patents and patent applications, and statements made by RFID industry leaders at corporate events.
They also cite magazine articles and news reports in which industry executives appear to be rubbing their hands over the power of RFID tags to track consumers. In one example, Gillette vice president of global business management Dick Cantwell in quoted in a 2001 Technology Review article as saying he looks forward to the company using (RFID) readers "to track consumer use of its products at home."
Those who have been following the RFID privacy debate will find no shocking revelations of smoking guns in Spychips. But by assembling in one place a vast amount of documentation and history, and stretching it all together into a coherent narrative, the authors clearly hope to reach a broad group of ordinary consumers -- enough, perhaps, to mobilize a movement against the technology.
Spychips is published by the Christian media publisher Thomas Nelson, and a forthcoming Christian edition of the book will contain an additional chapter linking RFID to the Mark of the Beast passage in the Bible's Book of Revelation, as well as "minor updates throughout the text to reflect Christian concerns," said Albrecht.
The Spychips Threat: Why Christians Should Oppose RFID Technology and Surveillance is due out in January 2006.
While the authors' religious motives might make the books easier for critics to dismiss, others note that successful consumer exposés are rarely written in an academic style by researchers with PhDs.
"Unsafe at Any Speed and Silent Spring were not written by academics," said Ronald Shaiko, a senior fellow at the Nelson A. Rockefeller Center for Public Policy and the Social Sciences at Dartmouth. "The Jungle (about Chicago's meat packing industry) was a novel," he said.
All of those books caused U.S. laws to change, said Shaiko.
As described by Albrecht and McIntyre, the RFID "conspiracy" amounts to more of a marriage of convenience between corporate and government interests. Marketers believe RFID tags on goods will help them figure out what makes a shopper pick an item off a shelf and put it back, while the government may want to use the tags to monitor individuals suspected of crimes or under the scrutiny of state social workers.
RFID will help officials "ensure the well-being of the people they serve" through contact with social workers monitoring people in their homes, according to one patent application filed by Big Five consulting firm Accenture, described in Spychips.
The authors also relate imagined scenarios in which stalkers and lechers armed with handheld, rogue RFID readers terrorize and humiliate their prey.
Procter and Gamble spokeswoman Jeannie Tharrington declined to comment on Spychips, saying the company had not had the opportunity to review the book, which goes on sale Tuesday. But she wrote in an e-mail that the company "remains committed to protecting consumer privacy while moving forward with our plans to continue testing and learning about the cost and benefits" of RFID.
An executive who handles RFID business at NCR division Teradata believes the Spychips' authors took much of their source material out of context in spinning their conspiracy theory. Companies in the RFID industry are in the business of imagining every conceivable application for the technology, he said.
"That's part of creating thought leadership," said Richard Beaver, director for retail offer development at Teradata. "Many of the documents we produce or use are concept documents. You can make all kinds of assumptions about the future (based on them)."
Spychips make Orwell's Big Brother seem relatively harmless
funzone36 wrote:
Quote:
By Kéllia Ramares
Online Journal Associate Editor
Jan 17, 2006, 00:44
Email this article
Printer friendly page
Spychips: How major corporations
and government plan to track your
every move with RFID
By Katherine Albrecht & Liz McIntyre
Foreward by Bruce Sterling, Wired.com
ISBN: 1595550208
Hardcover, 270 pp
Nelson Current, 2005
Marketers want to tag data to identify you and profile your possessions so they can target you with marketing and advertising material wherever you go. Government agents crave the power of hidden spychips to monitor citizens' political activities and whereabouts. And, of course, criminals can't wait to identify easy marks and high-ticket items by scanning the contents of shopping bags and suitcases at a distance. [authors' emphases]. --Katherine Albrecht & Liz McIntyre, Spychips, p 29.
RFID stands for Radio Frequency Identification. Organizations that promote RFID, which include companies whose names and brands you recognize, such as Wal-Mart, Gillette, Procter & Gamble, Intel, UPS and Benneton, as well as government agencies such as the Department of Defense and the Department of Homeland Security, want to implant an RFID tag on every item on earth.
Unlike current bar codes in which all similar items, e.g. 12 oz. cans of Coca-Cola, have the same number, RFID tags would give each individual item a unique identification number. Such tagging, combined with databases of purchasing histories tied to credit cards, ATM cards and supermarket loyalty cards, would create a system of universal product registration. "Spychips" explains what marketers, government agents and criminals are doing and could do in the near future with such a system.
Katherine Albrecht is the founder and director of C.A.S.P.I.A.N. (Consumers Against Supermarket Privacy Invasion and Numbering) and Liz McIntyre is C.A.S.P.I.A.N.'s communications director. The C.A.S.P.I.A.N. web site, which asks, "Is Big Brother in your grocery cart? " and the companion Spychips web site provide a lot of information about RFID and related strategies, as well as efforts by C.A.S.P.I.A.N. and other groups worldwide to derail the effort to make everything we carry, wear or drive traceable to us. The book "Spychips" is the natural continuation of their years-long efforts to inform the public about this global threat to privacy and liberty.
In "Spychips," Albrecht and McIntyre prove that the RFID industry's claims that their tags would not be used to track people are total lies. They do so by excerpting patent applications made by the some of the biggest proponents of RFID: transnational corporations such as IBM (patent application # 20020165758 -- IDENTIFICATION AND TRACKING OF PERSONS USING RFID-TAGGED ITEMS), Procter & Gamble (patent application #20020161651 -- SYSTEMS AND METHODS FOR TRACKING CONSUMERS IN A STORE ENVIRONMENT) and Philips Electronics (patent application # 6,611,206 -- AUTOMATIC SYSTEM FOR MONITORING INDEPENDENT PERSONS REQUIRING OCCASIONAL ASSISTANCE). Patents have been granted for some devices mentioned in the book.
A regimen of ubiquitous RFID does not stop at tagging things. The plans include tagging people. Already, the FDA has approved a subdermal RFID implant and, as Spychips graphically details, Persephone, Inc, a California-based company calls for surgical implantation of tracking devices in patent application # 2004174258 -- METHOD AND APPARATUS FOR LOCATING AND TRACKING PERSONS.
A major thesis of this book is that, contrary to the claims that RFID tags will make for a better world, the ubiquitous presence of spychips will only make the evils of the world worse. And in these times when we see people from Saddam Hussein to George W. Bush likened to Hitler, Albrecht's and McIntyre's imagining of what it would have been like for the Nazis to have had access to RFID is especially chilling:
In a world filled with RFID readers, the Nazis could have been far more efficient in depriving Jews of access to basic necessities and the stuff of daily life. RFID numbers encoded in their chips could mark Jews as social and technological pariahs, causing any doorway, elevator, or appliance equipped with RFID-based authentication to shut down when a Jew attempted to use it. In a cashless society where an ID swipe is required for nearly every activity, pay phones could be programmed to withhold dial tones, subway gates could remain firmly closed, and store equipment could refuse to ring up "Aryan only" foods like eggs and milk for the "wrong" kind of person. --Katherine Albrecht & Liz McIntyre, Spychips, p. 211
"Spychips" is a must read for anyone interested in preserving democracy, civil liberties, the concept of "innocent until proven guilty," and personal privacy. It is also a must read for people who want to be free from constant and intrusive marketing, and safer from criminals. The book will also be of interest to people concerned about abuse of technology, and people interested in Biblical interpretation. ("And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads. And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name." Rev. 13:16-17, quoted in Spychips, Chapter 14 Are You Next? p. 167).
That quote from the Book of Revelation reminds me of a bank commercial -- perhaps you've seen it -- where the customers stand passively in a long line after having had a barcode stapled to their foreheads. It's passivity that will make the scary world of ubiquitous RFID a reality, say Albrecht and McIntyre. Although RFID is already with us in forms such as "FasTrack" and "EZ-Pass" electronic toll collectors, the authors hope that the tagging of everything, and thus of everyone, can be stopped dead in its tracks with massive consumer action reflecting the very high level of consumer opposition to RFID. The chapter called "Pull the Plug: How you can help win the RFID war," recounts some anti-RFID victories, and lists a series of small, moderate and bold steps consumers can take to oppose RFID, as well as listing a number of "the worst of the spychippers," i.e., companies that deserve to be boycotted for their "past, present, or future plans to use -- or abuse -- RFID on consumer products."
The authors also promote their "RFID Right to Know Act," a piece of model legislation that would require the labeling of items containing RFID. Considering the federal government's promotion of RFID, well documented in "Spychips," and industry opposition to labeling legislation in other contexts, such as foods containing genetically modified organisms (GMOs) and dairy products containing growth hormones, the chances that an "RFID Right to Know Act" will be passed are probably somewhere between slim chance and fat chance. Nevertheless, the legislation is available at the Spychips web site where Albrecht and McIntyre keep news about consumer actions against spychipping companies and other information about RFID.
Interested consumers should read "Spychips" and go to the web site for more information. Then go out and rent a copy of the movie "Minority Report."
They can steal your smartcard, lift your passport, jack your car, even clone the chip in your arm. And you won't feel a thing. 5 tales from the RFID-hacking underground.
James Van Bokkelen is about to be robbed. A wealthy software entrepreneur, Van Bokkelen will be the latest victim of some punk with a laptop. But this won't be an email scam or bank account hack. A skinny 23-year-old named Jonathan Westhues plans to use a cheap, homemade USB device to swipe the office key out of Van Bokkelen's back pocket.
"I just need to bump into James and get my hand within a few inches of him," Westhues says. We're shivering in the early spring air outside the offices of Sandstorm, the Internet security company Van Bokkelen runs north of Boston. As Van Bokkelen approaches from the parking lot, Westhues brushes past him. A coil of copper wire flashes briefly in Westhues' palm, then disappears.
Van Bokkelen enters the building, and Westhues returns to me. "Let's see if I've got his keys," he says, meaning the signal from Van Bokkelen's smartcard badge. The card contains an RFID sensor chip, which emits a short burst of radio waves when activated by the reader next to Sandstorm's door. If the signal translates into an authorized ID number, the door unlocks.
The coil in Westhues' hand is the antenna for the wallet-sized device he calls a cloner, which is currently shoved up his sleeve. The cloner can elicit, record, and mimic signals from smartcard RFID chips. Westhues takes out the device and, using a USB cable, connects it to his laptop and downloads the data from Van Bokkelen's card for processing. Then, satisfied that he has retrieved the code, Westhues switches the cloner from Record mode to Emit. We head to the locked door.
"Want me to let you in?" Westhues asks. I nod.
He waves the cloner's antenna in front of a black box attached to the wall. The single red LED blinks green. The lock clicks. We walk in and find Van Bokkelen waiting.
"See? I just broke into your office!" Westhues says gleefully. "It's so simple." Van Bokkelen, who arranged the robbery "just to see how it works," stares at the antenna in Westhues' hand. He knows that Westhues could have performed his wireless pickpocket maneuver and then returned with the cloner after hours. Westhues could have walked off with tens of thousands of dollars' worth of computer equipment - and possibly source code worth even more. Van Bokkelen mutters, "I always thought this might be a lousy security system."
RFID chips are everywhere - companies and labs use them as access keys, Prius owners use them to start their cars, and retail giants like Wal-Mart have deployed them as inventory tracking devices. Drug manufacturers like Pfizer rely on chips to track pharmaceuticals. The tags are also about to get a lot more personal: Next-gen US passports and credit cards will contain RFIDs, and the medical industry is exploring the use of implantable chips to manage patients. According to the RFID market analysis firm IDTechEx, the push for digital inventory tracking and personal ID systems will expand the current annual market for RFIDs from $2.7 billion to as much as $26 billion by 2016.
RFID technology dates back to World War II, when the British put radio transponders in Allied aircraft to help early radar system crews detect good guys from bad guys. The first chips were developed in research labs in the 1960s, and by the next decade the US government was using tags to electronically authorize trucks coming into Los Alamos National Laboratory and other secure facilities. Commercialized chips became widely available in the '80s, and RFID tags were being used to track difficult-to-manage property like farm animals and railroad cars. But over the last few years, the market for RFIDs has exploded, driven by advances in computer databases and declining chip prices. Now dozens of companies, from Motorola to Philips to Texas Instruments, manufacture the chips.
The tags work by broadcasting a few bits of information to specialized electronic readers. Most commercial RFID chips are passive emitters, which means they have no onboard battery: They send a signal only when a reader powers them with a squirt of electrons. Once juiced, these chips broadcast their signal indiscriminately within a certain range, usually a few inches to a few feet. Active emitter chips with internal power can send signals hundreds of feet; these are used in the automatic toll-paying devices (with names like FasTrak and E-ZPass) that sit on car dashboards, pinging tollgates as autos whiz through.
For protection, RFID signals can be encrypted. The chips that will go into US passports, for example, will likely be coded to make it difficult for unauthorized readers to retrieve their onboard information (which will include a person's name, age, nationality, and photo). But most commercial RFID tags don't include security, which is expensive: A typical passive RFID chip costs about a quarter, whereas one with encryption capabilities runs about $5. It's just not cost-effective for your average office building to invest in secure chips.
This leaves most RFIDs vulnerable to cloning or - if the chip has a writable memory area, as many do - data tampering. Chips that track product shipments or expensive equipment, for example, often contain pricing and item information. These writable areas can be locked, but often they aren't, because the companies using RFIDs don't know how the chips work or because the data fields need to be updated frequently. Either way, these chips are open to hacking.
"The world of RFID is like the Internet in its early stages," says Ari Juels, research manager at the high tech security firm RSA Labs. "Nobody thought about building security features into the Internet in advance, and now we're paying for it in viruses and other attacks. We're likely to see the same thing with RFIDs."
David Molnar is a soft-spoken computer science graduate student who studies commercial uses for RFIDs at UC Berkeley. I meet him in a quiet branch of the Oakland Public Library, which, like many modern libraries, tracks most of its inventory with RFID tags glued inside the covers of its books. These tags, made by Libramation, contain several writable memory "pages" that store the books' barcodes and loan status.
Brushing a thatch of dark hair out of his eyes, Molnar explains that about a year ago he discovered he could destroy the data on the books' passive-emitting RFID tags by wandering the aisles with an off-the-shelf RFID reader-writer and his laptop. "I would never actually do something like that, of course," Molnar reassures me in a furtive whisper, as a nonbookish security guard watches us.
Our RFID-enabled checkout is indeed quite convenient. As we leave the library, we stop at a desk equipped with a monitor and arrange our selections, one at a time, face up on a metal plate. The titles instantly appear onscreen. We borrow four books in less than a minute without bothering the librarian, who is busy helping some kids with their homework.
Molnar takes the books to his office, where he uses a commercially available reader about the size and heft of a box of Altoids to scan the data from their RFID tags. The reader feeds the data to his computer, which is running software that Molnar ordered from RFID-maker Tagsys. As he waves the reader over a book's spine, ID numbers pop up on his monitor.
"I can definitely overwrite these tags," Molnar says. He finds an empty page in the RFID's memory and types "AB." When he scans the book again, we see the barcode with the letters "AB" next to it. (Molnar hastily erases the "AB," saying that he despises library vandalism.) He fumes at the Oakland library's failure to lock the writable area. "I could erase the barcodes and then lock the tags. The library would have to replace them all."
Frank Mussche, Libramation's president, acknowledges that the library's tags were left unlocked. "That's the recommended implementation of our tags," he says. "It makes it easier for libraries to change the data."
For the Oakland Public Library, vulnerability is just one more problem in a buggy system. "This was mostly a pilot program, and it was implemented poorly," says administrative librarian Jerry Garzon. "We've decided to move ahead without Libramation and RFIDs."
But hundreds of libraries have deployed the tags. According to Mussche, Libramation has sold 5 million RFID tags in a "convenient" unlocked state.
While it may be hard to imagine why someone other than a determined vandal would take the trouble to change library tags, there are other instances where the small hassle could be worth big bucks. Take the Future Store. Located in Rheinberg, Germany, the Future Store is the world's preeminent test bed of RFID-based retail shopping. All the items in this high tech supermarket have RFID price tags, which allow the store and individual product manufacturers - Gillette, Kraft, Procter & Gamble - to gather instant feedback on what's being bought. Meanwhile, shoppers can check out with a single flash of a reader. In July 2004, Wired hailed the store as the "supermarket of the future." A few months later, German security expert Lukas Grunwald hacked the chips.
Grunwald cowrote a program called RFDump, which let him access and alter price chips using a PDA (with an RFID reader) and a PC card antenna. With the store's permission, he and his colleagues strolled the aisles, downloading information from hundreds of sensors. They then showed how easily they could upload one chip's data onto another. "I could download the price of a cheap wine into RFDump," Grunwald says, "then cut and paste it onto the tag of an expensive bottle." The price-switching stunt drew media attention, but the Future Store still didn't lock its price tags. "What we do in the Future Store is purely a test," says the Future Store spokesperson Albrecht von Truchsess. "We don't expect that retailers will use RFID like this at the product level for at least 10 or 15 years." By then, Truchsess thinks, security will be worked out.
Today, Grunwald continues to pull even more-elaborate pranks with chips from the Future Store. "I was at a hotel that used smartcards, so I copied one and put the data into my computer," Grunwald says. "Then I used RFDump to upload the room key card data to the price chip on a box of cream cheese from the Future Store. And I opened my hotel room with the cream cheese!"
Aside from pranks, vandalism, and thievery, Grunwald has recently discovered another use for RFID chips: espionage. He programmed RFDump with the ability to place cookies on RFID tags the same way Web sites put cookies on browsers to track returning customers. With this, a stalker could, say, place a cookie on his target's E-ZPass, then return to it a few days later to see which toll plazas the car had crossed (and when). Private citizens and the government could likewise place cookies on library books to monitor who's checking them out.
In 1997, ExxonMobil equipped thousands of service stations with SpeedPass, which lets customers wave a small RFID device attached to a key chain in front of a pump to pay for gas. Seven years later, three graduate students - Steve Bono, Matthew Green, and Adam Stubblefield - ripped off a station in Baltimore. Using a laptop and a simple RFID broadcasting device, they tricked the system into letting them fill up for free.
The theft was concocted by Avi Rubin's computer science lab at Johns Hopkins University. Rubin's lab is best known for having found massive, hackable flaws in the code running on Diebold's widely adopted electronic voting machines in 2004. Working with RSA Labs manager Juels, the group figured out how to crack the RFID chip in ExxonMobil's SpeedPass.
Hacking the tag, which is made by Texas Instruments, is not as simple as breaking into Van Bokkelen's Sandstorm offices with a cloner. The radio signals in these chips, dubbed DST tags, are protected by an encryption cipher that only the chip and the reader can decode. Unfortunately, says Juels, "Texas Instruments used an untested cipher." The Johns Hopkins lab found that the code could be broken with what security geeks call a "brute-force attack," in which a special computer known as a cracker is used to try thousands of password combinations per second until it hits on the right one. Using a home-brewed cracker that cost a few hundred dollars, Juels and the Johns Hopkins team successfully performed a brute-force attack on TI's cipher in only 30 minutes. Compare that to the hundreds of years experts estimate it would take for today's computers to break the publicly available encryption tool SHA-1, which is used to secure credit card transactions on the Internet.
ExxonMobil isn't the only company that uses the Texas Instruments tags. The chips are also commonly used in vehicle security systems. If the reader in the car doesn't detect the chip embedded in the rubbery end of the key handle, the engine won't turn over. But disable the chip and the car can be hot-wired like any other.
Bill Allen, director of strategic alliances at Texas Instruments RFID Systems, says he met with the Johns Hopkins team and he isn't worried. "This research was purely academic," Allen says. Nevertheless, he adds, the chips the Johns Hopkins lab tested have already been phased out and replaced with ones that use 128-bit keys, along with stronger public encryption tools, such as SHA-1 and Triple DES.
Juels is now looking into the security of the new US passports, the first of which were issued to diplomats this March. Frank Moss, deputy assistant secretary of state for passport services, claims they are virtually hack-proof. "We've added to the cover an anti-skimming device that prevents anyone from reading the chip unless the passport is open," he says. Data on the chip is encrypted and can't be unlocked without a key printed in machine-readable text on the passport itself.
But Juels still sees problems. While he hasn't been able to work with an actual passport yet, he has studied the government's proposals carefully. "We believe the new US passport is probably vulnerable to a brute-force attack," he says. "The encryption keys in them will depend on passport numbers and birth dates. Because these have a certain degree of structure and guessability, we estimate that the effective key length is at most 52 bits. A special key-cracking machine could probably break a passport key of this length in 10 minutes."
I'm lying facedown on an examination table at UCLA Medical Center, my right arm extended at 90 degrees. Allan Pantuck, a young surgeon wearing running shoes with his lab coat, is inspecting an anesthetized area on the back of my upper arm. He holds up something that looks like a toy gun with a fat silver needle instead of a barrel.
I've decided to personally test-drive what is undoubtedly the most controversial use of RFIDs today - an implantable tag. VeriChip, the only company making FDA-approved tags, boasts on its Web site that "this 'always there' identification can't be lost, stolen, or duplicated." It sells the chips to hospitals as implantable medical ID tags and is starting to promote them as secure-access keys.
Pantuck pierces my skin with the gun, delivering a microchip and antenna combo the size of a grain of long rice. For the rest of my life, a small region on my right arm will emit binary signals that can be converted into a 16-digit number. When Pantuck scans my arm with the VeriChip reader - it looks sort of like the wand clerks use to read barcodes in checkout lines - I hear a quiet beep, and its tiny red LED display shows my ID number.
Three weeks later, I meet the smartcard-intercepting Westhues at a greasy spoon a few blocks from the MIT campus. He's sitting in the corner with a half-finished plate of onion rings, his long blond hair hanging in his face as he hunches over the cloner attached to his computer.
Because the VeriChip uses a frequency close to that of many smartcards, Westhues is pretty sure the cloner will work on my tag. Westhues waves his antenna over my arm and gets some weird readings. Then he presses it lightly against my skin, the way a digital-age pickpocket could in an elevator full of people. He stares at the green waveforms that appear on his computer screen. "Yes, that looks like we got a good reading," he says.
After a few seconds of fiddling, Westhues switches the cloner to Emit and aims its antenna at the reader. Beep! My ID number pops up on its screen. So much for implantable IDs being immune to theft. The whole process took 10 minutes. "If you extended the range of this cloner by boosting its power, you could strap it to your leg, and somebody passing the VeriChip reader over your arm would pick up the ID," Westhues says. "They'd never know they hadn't read it from your arm." Using a clone of my tag, as it were, Westhues could access anything the chip was linked to, such as my office door or my medical records.
John Proctor, VeriChip's director of communications, dismisses this problem. "VeriChip is an excellent security system, but it shouldn't be used as a stand-alone," he says. His recommendation: Have someone also check paper IDs.
But isn't the point of an implantable chip that authentication is automatic? "People should know what level of security they're getting when they inject something into their arm," he says with a half smile.
They should - but they don't. A few weeks after Westhues clones my chip, Cincinnati-based surveillance company CityWatcher announces a plan to implant employees with VeriChips. Sean Darks, the company's CEO, touts the chips as "just like a key card." Indeed.
June 6, 2006—Blommer Chocolate needed more control over (and visibility into) its inventory. The Chicago-based, family-run business has been manufacturing chocolate since 1939 and is now, according to the company, the largest cocoa-bean processor in North America. When President Bush signed the Bioterrorism Act of 2002, Blommer knew deploying a warehouse management system (WMS) and RFID-tracking system would help the company comply with the new law. The act requires food suppliers to track the custody and quality of its raw materials and finished products closely—and to do so in real-time. Toward that goal, and to make its warehouse operations more accurate and efficient, Blommer has contracted with AGI Worldwide, a provider of supply chain software and systems integration services, to deploy both an RFID tracking system and a warehouse management system for the company.
"The Bioterrorism Act clearly defined the chain of information we need to maintain on our records," says Ernie Redfern, Blommer's CIO. This means tracking raw materials as they arrive at Blommer's manufacturing plants, ensuring that samples of each shipment of raw materials are tested, and tracking the ingredients that go into each finished product, such as cocoa powder. It also requires the tracking of each shipment of finished product leaving Blommer's plants, bound for Nabisco and other Blommer customers that use the chocolate for consumer products, or for small, specialty chocolate makers. Though it doesn't brand its own products for distribution through resellers, Blommer also makes confections that it sells directly to consumers through an outlet store at its Chicago plant.
So far, the WMS and RFID systems are up and running at Blommer's Chicago plant. Redfern says the company's other manufacturing facilities in Union City, Calif., and East Greenville, Pa., will deploy the system, as will third-party logistics providers Blommer uses.
Redfern believes the food industry will embrace RFID as companies attempt to improve the tracking of products from suppliers, through transportation systems and on to end users. Still, he says, the use of RFID will come hand in hand with the development of standards-based information exchange. "We don't have standards on how data is shared in the food industry," Redfern states.
Before contracting AGI, Blommer used Microsoft's Business Dynamics enterprise resource planning (ERP) software application to track its inventory. By using RFID tags attached to pallets of goods, Blommer can now update its inventory in real time, which its ERP is not configured to do. What's more, the ERP platform does not interface with the quality-control software—known as a laboratory information management system (LIMS)—Blommer uses to track test samples of its raw ingredients and finished products. Thus, Blommer has had to identify manually, through stickers affixed to pallets of goods, the raw ingredients and finished products being tested by Blommer's quality-control department. Doing so prevent untested ingredients from being pulled into the manufacturing process, and untested products from being shipped to customers.
AGI's WMS platform now automates this process, using an interface between the WMS and the LIMS platform that flags raw materials and finished goods during testing, then removes the flag once they've have been tested and have passed safety regulations. AGI also ties this into the RFID system at the Chicago plant via a middleware layer developed by AGI.
its been a while since i posted here, ive been out of state and away from any internet connection...
but about a couple months ago i bought the necronomicon.. a book by hp. lovecraft, as i was flipping through the pages a small square piece of paper fell out and it had foil on the inside in the shape of like a computer chip looking design.. i believe its an RFID.. but my question is why would it be in the necronomicon?? i went back to the book store to find that all necronomicon books had RFID's in em.. any ideas?
Brent Jessop - [url=http://www.knowledgedrivenrevolution.com/]Knowledge Driven Revolution.com[/url]
March 13, 2007
All this trouble over the need for a passport for Canadians to enter the US. So much inconvenience and of course economic ruin. No need to worry. The government has a great solution to the problem they created. New high-tech drivers licences. Complete with all your personal information and fingerprints and a fancy new proximity RFID chip. Convenient. Exciting! Safe?
Ignoring the obvious privacy and safety concerns with the tracking abilities of the RFID chip. Ignoring the fact that this is part of a North American ID card which matches up just so nicely with the new American drivers licences under the Real ID act. Ignoring all of these things there is another major problem. The database.
The new ID cards come with a gigantic database that keeps track of all your personal information and biometric data. How secure are these databases? Lets first look at how well the government currently protects your data.
In July of 2005 the B.C. Ministry of Labour sold high-capacity data tapes at a public auction containing medical information about sexual abuse, HIV status, mental illness and also information from 30,000 refugees. An almost identical incident also occurred in B.C. only four years previous. If you are curious, the tapes netted the government $101. Fortunately this was limited to only patients of one hospital.
Another example of governments not being as responsible with your information as most assume was in September 2006. The US department of Commerce lost over 1,100 laptops including 250 from the Census Bureau containing such personal information as names, incomes and Social Security numbers.
So the government has had some trouble in the past with keeping our personal data personal. But industry with all of their market motivated superiority, surely they must do better?
Read the full article [url=http://www.knowledgedrivenrevolution.com/Articles/200703/20070313_NAU_ID_Database.htm]here[/url].
The FLX[2006‐0605] video security brief demonstrates a real‐world
vulnerability associated with the failure of the shielding component in the current
proposed electronic passport design. When partially open, as could be the case when in a
pocket, purse, or briefcase, the currently proposed passport can be detected by a nearby
inquiring RFID reader. The security brief also demonstrates an improved shield design
that requires a passport to be significantly open before reading is possible.
By Nick Farrell: Thursday 05 January 2006, 10:39
Click here to find out more!
A GROUP of German privacy hackers have come up with a portable device that can wipe a passive RFID-Tag permanently.
While it is known that RFID tags could be wiped, it usually took some fairly cumbersome microwave gear to get the job done, and the result could damage whatever the tag was installed on.
But, according to the group’s website here, two developers have managed to make a functioning prototype and produce plans that everyone can use to build their own RFID-Zapper.
The site says that RFID-Tags are likely to further threaten and compromise the privacy of consumers.
Currently it is possible to send an RFID-Tag to sleep, but the privacy group feels that this is bad because it can be can be reactivated without your knowledge.
"To defend yourself against such measures, you might want a small, simple and relatively appealing gadget to permanently deactivate RFID-Tags around you… to deactivate RFID-Tags in recently bought clothes without damaging them," they say.
The RFID-Zapper generates a strong electromagnetic field with a coil, which should be placed as near to the target RFID-Tag as possible. A strong shock of energy disables the Tag.
The developers say the device can be installed into a €7 camera. We assume it might also be jolly useful for shoplifters. µ
This video, a IBM commercial, gives a future view on how to use RFID to shop in a supermarket without have to wait in a line. It seems this is already implemented by Domoco in Japan!
WND Exclusive LIFE WITH BIG BROTHER
Driver's licenses to feature radio chips
State introducing cards that encode personal information
Posted: April 6, 2007
1:00 a.m. Eastern
Washington Gov. Christine Gregoire
The state of Washington announced a pilot project to introduce a driver's license "enhanced" with a radio frequency identification, or RFID, chip that would encode personal information and possibly serve as a passport-alternative if approved by the Department of Homeland Security.
Democratic Gov. Christine Gregoire signed a bill March 23 allowing Washington residents to apply for the $40 voluntary driver's license beginning in January.
Gregoire spokeswoman Kristin Jacobsen told WND in an e-mail the enhanced license is intended to be an alternative way of complying with theWestern Hemisphere Travel Initiative mandated by the Intelligence Reform and Terrorism Prevention Act of 2004.
(Story continues below)
The Western Hemisphere Travel Initiative, the Real ID Act, the Security and Prosperity Partnership of North America all call for ID technology to be built into drivers' licenses, passports and other types of border-crossing identification.
Concerns are being expressed within the Department of Homeland Security, however, regarding the wisdom of applying RFID technology to human identification programs.
Under the WHTI, as of Jan. 23 all citizens of the U.S., Canada, and Mexico were required to present a valid passport, or some other federally accepted document, to enter or re-enter the U.S. by air travel.
As early as Jan. 1, 2008, these passport requirements will be extended to all citizens of the U.S., Canada, and Mexico who enter or re-enter the U.S. by land or sea, extending even to ferry travel.
The Department of Homeland Security is in the process of setting requirements regarding acceptable documentation and preparing to implement the passport requirements under the WHTI.
Jacobsen told WND the Washington state enhanced driver's license will require verified proof of citizenship, identity and residence.
"They will look similar to current licenses and ID cards," Jacobsen explained, "but will have an icon on the front that indicates the holder is a U.S. citizen."
The $40 fee for the RFID license is designed to be less than the cost to apply for a passport ($97 on initial application, plus $67 to renew every 15 years). Regular driver's licenses in Washington state cost $25 to renew every five years.
"The enhanced driver's license will cost significantly less than a passport, but will carry many of the same features," Jacobsen stressed. "Features will include an embedded technology that will allow for quick and effective identification checks at border crossings."
Naomi Elmer, a spokeswoman for DHS, confirmed to WND that DHS is working with Washington state on the RFID enhanced driver's license pilot test.
Yet, Elmer positioned the Washington initiative under the Real ID, not under the Western Hemisphere Travel Initiative.
"Currently we are working with Washington state because they came to us with a proposal to see if they could create an ID that would be acceptable for Real ID," she said.
"Right now, we are now fulfilling the congressional mandate proposing minimum standards for state-issued driver's licenses and ID cards that the federal agencies would accept for official purposes," Elmer said. "These requirements will go into effect after May 11, 2008."
Elmer acknowledged not all state drivers' licenses can be reissued by that date.
"DHS is permitting states to apply for and receive extensions up to Dec. 31, 2009," she said. "For the states that are receiving extensions, their drivers' licenses will need to meet our requirements by Jan. 1, 2010."
Elmer told WND that DHS is working with Washington state on its RFID-enhanced driver's license proposal.
"We are still working out the details with Washington state at this time," Elmer said
DHS has not yet approved Washington state's proposal, she noted.
Within DHS, there is controversy over whether RFID technology should be applied to ID cards.
On Dec. 6, 2006, the Data Privacy & Integrity Advisory Committee advised DHS against the use of RFID for human identity verification. Concerns over invasion of privacy and whether RFID information could be kept secure were primary considerations in the committee's recommendation that DHS proceed cautiously before implementing the program.
Elmer also told WND that Washington state's proposal had nothing to do with the Security and Prosperity Partnership of North America.
Under SPP, the "2005 Report to the Leaders" specified the SPP working groups have determined that "trusted travelers of North America" will be issued bio-metric border crossing passes, similar to the electronic measures being issued trucks and other commercial vehicles under the "trusted trader of North America" initiative.
The Real ID Act of 2005 was passed as Division B of the Emergency Supplemental Appropriations Act for Defense, the Global War on Terror, and Tsunami Relief, 2005.
DHS has issued proposed minimum standards for driver's licenses and identification cards under the Real ID Act.
Still, a move to reject the Real ID Act is gaining momentum at the grassroots level, with nearly half the states voting not to participate.
Idaho, Maine and Arkansas have passed state resolutions rejecting participation.
Other states – including Arizona, Georgia, Montana, New Mexico, Utah, Vermont and Wyoming – are considering similar legislation.
Bills rejecting Real ID also have been introduced in Hawaii, Kentucky, Maryland, Massachusetts, Missouri, Nebraska, New Hampshire, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina and West Virginia.
On March 2, the White House announced the requirements of the Real ID Act would be put off until the end of 2009, acknowledging widespread opposition to the measure.
For RFID and public safety, he’s the decider (Secretary of Homeland Security Michael Chertoff).
Major corporations will be able to avoid lawsuits after terrorist attacks–even if they fail to protect consumers–by using RFID tags, according to an attorney who helped craft the law, and now advises RFID companies.
The law, the SAFETY Act of 2002, shields companies from liability for damages if they use technologies approved by the U.S. Department of Homeland Security.
The SAFETY Act will also help Homeland Security with a longstanding goal–promoting the idea that the remote tracking devices are absolutely necessary to protect the U.S. population.
Wal-Mart, Procter & Gamble, Tesco and Target are among the companies planning to tag and track individual store items (and shoppers) from the factory floor to the checkout counter and beyond.
Former Secretary of Homeland Security Tom Ridge, meanwhile, has said the department can be trusted with the data gathered from RFID reader devices. Homeland Security would mine the data, which includes purchase details and locations where the tags are detected, for suspicious activity.
The RFID attorney, Ray Biagini, says that RFID is a good candidate for coverage under the SAFETY Act.
RFID can “improve public health and safety in a number of ways,” writes Biagini in the latest issue of RFID Journal, a trade magazine.
The SAFETY (Support Anti-Terrorism by Fostering Effective Technology) Act gives the Secretary of Homeland Security full discretion in shielding a company against lawsuits, by certifying it is using technologies meant to protect the nation’s people and resources.
Corporate liability lawyers, defense contractors and Homeland Security officials devised the SAFETY Act in a backroom deal after 9/11, according to one of my sources, a lobbyist for technology companies in Washington.
In fact, Biagini, who works for the law firm McKenna Long & Aldridge, claims that he wrote many of the SAFETY Act’s key provisions himself.
Trial lawyers say that such tort reform measures are unfair to consumers.
For example, imagine if half of your family died after brushing with Procter & Gamble’s Gleem toothpaste, from an arfid-tagged package purchased at a Wal-Mart store. If the government blames terrorists for the poisoning, you may find it impossible to sue the retailer or its suppliers for not taking adequate safety precautions–if their use of the radio tags was Homeland Security-approved.
But given their influence at Homeland Security, Biagini (right) and the RFID industry seem likely to get their way with the SAFETY Act certifications.
Former Secretary of Homeland Security Tom Ridge and at least one of his former deputies have gone on to work for the RFID industry, along with former Secretary of Health and Human Services Tommy Thompson.
So watch as food and pharmaceutical companies begin to seek SAFETY Act protections for their arfid-tagged goods, and use the “DHS certified” seal (left) as a selling point.
Over half the birthing facilities in Ohio are being equipped with an RFID infant protection system placed on infants at birth to prevent them from being abducted from the hospital or from being given to the wrong mother.
"Standard protocol in the hospitals using the VeriChip system is that the baby receives an RFID anklet at birth and the mother receives a matching wristband," VeriChip spokeswoman Allison Tomek told WND. "The mothers are not asked."
VeriChip Corp., a publicly listed company headquartered in Delray Beach, Fla., is marketing though its wholly-owned subsidiary, Xmark, a HUGS brand tag-and-bracelet infant security system. The RFID tag is attached to an infant at birth by an ankle bracelet that is detected by monitors positioned throughout the hospital.
Critics charge the VeriChip system is an intrusive technology solution to a problem that is rare.
"The VeriChip infant security system is a technology looking for a solution," said Katherine Albrecht, founder and director of CASPIAN, Consumers Against Supermarket Privacy Invasion and Numbering.
"Baby snatching from hospital facilities is a diaper full of nonsense," Albrecht told WND.
She cited a January 2003 report from the National Center for Missing and Exploited Children concluding that of approximately 4.2 million births per year at 3,500 birthing centers in the U.S., abductions by non-family members are estimated at between zero and 12 per year. Of those, the mother is re-united with the child 95 percent of the time.
"Ironically, relying on RFID technology could end up making a rare occurrence more likely," Albrecht said. "Once hospital staffers rely on computer systems to track the human inventory in their care, they become less vigilant."
Albrecht is co-author along with Liz McIntyre of "Spychips: How Major Corporations and Government Plan to Track Your Every Purchase and Watch Your Every Move."
The HUGS system can detect if the RFID tag is lifted from the baby's skin, if the ankle strap broken or if the baby's RFID tag and the mother's don't match.
If a newborn is removed from the ward without authorization or a baby is placed with the wrong mother, the system triggers an alarm that can cause hospital entrances and exits to lock shut.
"The infant abductions that do occur tend to happen in larger, more impersonal hospitals," Albrecht emphasized.
"We actually investigated an abduction that involved a baby who was wearing an RFID ankle bracelet at the time of the abduction," Albrecht said. "What happened was a woman dressed up in hospital scrubs. Even though the other staffers in the maternity ward did not recognize this woman, nobody reported her, because they thought the RFID system would take care of any problem."
The woman figured out how to turn the RFID system off, Albrecht said, 'and she just walked right out of the hospital carrying the baby, without anybody stopping her."
VeriChip objects, claiming its RFID anklet-and-bracelet infant security system has prevented baby abductions. Spokeswoman Tomek, however, declined to cite specific proof, claiming privacy issues and the need to keep hospital security procedures confidential.
The VeriChip RFID anklets and bracelets are removed by the birthing facility when the mothers and babies are released.
HUGS system RFID anklets and bracelets are not equipped with GPS technology.
VeriChip also produces a human implantable RFID chip that is marketed in the health care area for chronic diseases, including diabetes or stroke, or memory impairment illnesses such as Alzheimer's disease.
"The only viable part of the VeriChip market right now is this infant security system," Albrecht told WND. "People in the United States don't want the human implantable RFID chips VeriChip thought was going to be the core of their business."
Albrecht said VeriChip hopes eventually there will be a mandatory program such as the UK has for implanting RFID chips in prisoners."
The VeriChip human implantable RFID chip was cleared for medical use in the U.S. by the Food and Drug Administration in October 2004.
VeriChip currently has a market capitalization of about $20 million and 2006 sales of more than $27 million.
