Privacy a hot topic as RFID Micro-chip tagging grows in use

0 views
Skip to first unread message

Pastor Dale Morgan

unread,
Sep 22, 2007, 11:21:14 PM9/22/07
to Bible-Pro...@googlegroups.com
*Big Brother and The Police State

Privacy a hot topic as RFID Micro-chip tagging grows in use*

Matt Hamblen


September 22, 2007 (Computerworld) Privacy concerns over RFID tagging
are reaching new heights, with state legislators introducing and
increasingly passing new measures to restrict their use, while employers
face a barrage of concern from workers over RFID-embedded identity badges.

Those worries were aired by speakers and attendees at RFID World: Boston
today, even as some RFID technology defenders worried that they haven't
done enough to promote the value of RFID in tracking tainted foods or
counterfeit drugs and of reducing the cost of tracking inventory.

To indicate how extreme the national RFID hysteria has become, one
speaker said privacy advocate Katherine Albrecht had urged consumers to
microwave new underwear to disable a possible RFID tag and thereby
prevent someone from tracking your whereabouts.(However, a check of
Albrecht's Web site spychips.com, actually urges not putting items in
the microwave to disable an RFID tag because it could cause a fire.)

RFID and privacy "are taken very seriously in state governments across
the U.S.," said Ben Aderson, manager and counsel for technology policy
and state government affairs at the American Electronics Association, an
industry trade group. Unfortunately, most legislators don't know RFID
technology well, he added.

Aderson said 50 bills involving limits on RFID were introduced in 19
states in 2007, and three of them became law, the largest number of the
past four years. "Nothing catastrophic has passed to completely ban RFID
in a state," he said, adding that activity at the federal level has not
been as extensive, he said.

The biggest action in states is for bills to ban implantation of RFID
chips in people without their consent, and seven states have taken up
measures, with Wisconsin and Idaho passing them, Aderson said. However,
he said the laws are unnecessary, since implanting anything in a person
would be akin to hitting someone in the face, punishable under laws of
battery.

Other measures restrict governments from tracking people's movements or
with linking RFID data with personal information, he said. Still others,
such as one in California, require notifying consumers that a product
has a tag, done either on an article of clothing or with a sign in a
store. "A concern of ours is that people don't realize how predominant
RFID chips already are, and this [legislation] would include cell
phones" equipped with RFID-type chips, Aderson said.

Still, Aderson agreed with one questioner who said the industry had not
established in the public's mind why RFID chips are necessary in order
to preempt the privacy concerns. The industry "has to create knowledge
of the value of RFID," Aderson said. "That's a very key element, to
emphasize what is out there that consumers benefit from." In addition,
Aderson said legislators need to be educated about the values of the
technology.

Among some positive examples of RFID usage is Michigan, where cattle
must be tagged with RFID, so that if an outbreak of mad cow disease
occurred, the source could be easier to locate, Aderson said. In
Florida, fish and wildlife officials are requiring owners of exotic
pets, such as snakes, to tag the animals in the event they are lost or
escape.

While Aderson generally opposed any restrictive legislation as unneeded,
a speaker from the Cato Institute in Washington urged a dialogue between
RFID opponents and advocates. The speaker, Jim Harper, director of
information policy studies at the think tank, also said the RFID
industry should cooperate and agree to oppose the use of RFID in areas
that identify individuals, their locations and backgrounds.

"Let's not do human identity stuff, and collectively say that's a bad
idea, and that doing so will provide the rest of the industry
protection" from attacks by privacy advocates, Harper said. "Great
things are coming from RFID, but we want it done right to protect privacy."

Harper said he is concerned that Washington state is considering
inserting long-range RFID tags into driver's licenses to enable them to
be a kind of border-crossing permit for drivers entering and returning
from Canada. "That's quite concerning," Harper said. "If you have
long-range RFID to communicate license information, that's an identifier
... and in 50 years that could be misused. It's not the panacea as a lot
of people think it is. Stand down everybody; let's not push."

By comparison, Harper noted the U.S. State Department went a long way
toward creating the e-passport with an RFID chip, but decided to add
encryption and other protections that still required a customs official
to slide the passport through a visual scanner, "which did nothing to
speed up the process."

Further, third-party tracking is a "distinct problem" for RFID, he said,
noting that security analysts have worried that a terrorist group could
place an RFID reader somewhere outside an embassy, and find a diplomat
carrying something in his briefcase that has an RFID tag.

"That leaves the opportunity to set up an explosive device, really
anywhere in an airport, that explodes after the [terrorist] is gone for
three to four months if the RFID system is not well designed," Harper
said. "Think about the misuses that would be made of that, and that's
the kind of thinking you get from privacy advocates, who exaggerate to
make a case."

Lee Tien, senior staff attorney for the Electronic Frontier Foundation
in Washington, gave a separate presentation, noting that there had been
at least eight news reports of hacks or spoofs of RFID-tagged identity
cards in recent months. Part of the problem with RFID tags is that they
are often promiscuous and will respond to any compatible reader, he said.

"Our concern has to do with wedding this technology with information
about people," Tien said. Noting he has a daughter learning to drive, he
said, "the last thing I want is for that driver's license card to have
information capable of being skimmed for her name, address and photograph."

Other speakers said they have encountered strong opposition from
employees over RFID chips installed in identity badges. At Boston's Beth
Israel Deaconess Medical Center, attempts to add RFID to emergency
staff's badges were abandoned about a year ago because of worries that
managers would be trying to find workers on breaks who might be smoking
or at the far reaches of the hospital, said John Halamka, the center's CIO.

"The staff reaction was, 'Oh my God, Dick Cheney just wants to watch
me,' " Halamka said. While the identity cards do not have RFID, Halamka
has successfully installed the chips on expensive medical equipment to
track it, he said, reducing the staff time needed to find the devices.

At Boeing Integrated Defense Systems, Steven Georgevitch noted that
150,000 employees in 70 countries have RFID-embedded badges that are
needed for access to buildings. But imposing the radio technology has
not been easy, he said. The experience should serve as a lesson to other
companies that IT managers need to work closely with employees to
explain the purpose of the technology and to hear the workers' concerns.

RFID in badges "is a really, really big concern," said Georgevitch,
senior manager of supply chain technology at Boeing. "Employees will
always ask ... will they track me in the bathroom?"

In one case, Georgevitch recalled, RFID information from badges was not
being broadcast from one reader device in one location at 6 p.m. daily
as it was supposed to. Boeing officials tried to track what happened by
installing a video camera near the reader. IT officials discovered that
every day, a worker was leaving the building and unplugging the reader,
then plugging it in again upon his return.

When confronted, the worker said he unplugged the machine because he was
leaving to use the bathroom and was concerned someone would track his
location. "Somebody would laugh at me," the worker said, according to
Georgevitch.

As a result, Georgevitch urged IT groups to test RFID with small groups
of workers, and to talk with people to find out their concerns. "Most IT
people never want to talk to workers, but I say go test this so people
feel comfortable," he said.

Reply all
Reply to author
Forward
0 new messages