« Fourmilab Navigation Pages Revised, New Site Map | Main | Pistol Packing Feds »
Thursday, November 8, 2007
Reading List: Spychips
- Albrecht, Katherine and Liz McIntyre. Spychips. Nashville: Nelson Current, 2005. ISBN 0-452-28766-9.
-
Imagine a world in which every manufactured object, and even living
creatures such as pets, livestock, and eventually people, had an embedded tag
with a unique 96-bit code which uniquely identified it among all
macroscopic objects on the planet and beyond. Further, imagine that
these tiny, unobtrusive and non-invasive tags could be interrogated
remotely, at a distance of up to several metres, by safe radio
frequency queries which would provide power for them to transmit
their identity. What could you do with this? Well, a heck of a lot.
Imagine, for example, a refrigerator which sensed its entire contents, and
was able to automatically place an order on the Internet for home delivery
of whatever was running short, or warned you that the item you'd just
picked up had passed its expiration date. Or think about breezing
past the checkout counter at the Mall-Mart with a cart full of stuff without
even slowing down—all of the goods would be identified by the portal
at the door, and the total charged to the account designated by the
tag in your customer fidelity card. When you're shopping, you could be
automatically warned when you pick up a product which contains an
ingredient to which you or a member of your family is allergic. And if
a product is recalled, you'll be able to instantly determine whether
you have one of the affected items, if your refrigerator or smart
medicine cabinet hasn't already done so. The benefits just go on
and on…imagine.
This is the vision of an “Internet of Things”, in which all tangible
objects are, in a real sense, on-line in real-time, with their position and
status updated by ubiquitous and networked sensors. This is not a utopian
vision. In 1994 I sketched Unicard, a
unified personal identity document, and explored its consequences; people
laughed: “never happen”. But just five years later, the
Auto-ID Labs were formed at MIT, dedicated
to developing a far more ubiquitous identification technology. With the support
of major companies such as Procter & Gamble, Philip Morris, Wal-Mart,
Gillette, and IBM, and endorsement by organs of the United States government,
technology has been developed and commercialised to implement tagging
everything and tracking its every movement.
As I alluded to obliquely in Unicard, this has
its downsides. In particular, the utter and irrevocable loss of all forms of
privacy and anonymity. From the moment you enter a store, or your workplace, or
any public space, you are tracked. When you pick up a product, the amount of time
you look at it before placing it in your shopping cart or returning it to the
shelf is recorded (and don't even think about leaving the store without
paying for it and having it logged to your purchases!). Did you pick the
bargain product? Well, you'll soon be getting junk mail and electronic coupons on your mobile
phone promoting the premium alternative with a higher profit margin to the retailer.
Walk down the street, and any miscreant with a portable tag reader can
“frisk” you without your knowledge, determining the contents of your
wallet, purse, and shopping bag, and whether you're wearing a watch worth
snatching. And even when you discard a product, that's a public event: garbage
voyeurs can drive down the street and correlate what you throw out by the tags
of items in your trash and the tags on the trashbags they're in.
“But we don't intend to do any of that”, the proponents of
radio frequency identification
(RFID)
protest. And perhaps they don't, but if it is possible and the data
are collected, who knows what will be done with it in the future,
particularly by governments already installing surveillance cameras
everywhere. If they don't have the data, they can't abuse them; if they
do, they may; who do you trust with a complete record of everywhere you go,
and everything you buy, sell, own, wear, carry, and discard?
This book presents, in a form that non-specialists can understand, the
RFID-enabled future which manufacturers, retailers, marketers, academics,
and government are co-operating to foist upon their consumers, clients,
marks, coerced patrons, and subjects respectively. It is
not a pretty picture. Regrettably, this book could be much better than
it is. It's written in a kind of breathy muckraking rant style, with
numerous paragraphs like (p. 105):
Yes, you read that right, they plan to sell data on our trash. Of course. We should have known that BellSouth was just another megacorporation waiting in the wings to swoop down on the data revealed once its fellow corporate cronies spychip the world.
I mean, I agree entirely with the message of this book, having warned of modest steps in that direction eleven years before its publication, but prose like this makes me feel like I'm driving down the road in a 1964 Vance Packard getting all righteously indignant about things we'd be better advised to coldly and deliberately draw our plans against. This shouldn't be so difficult, in principle: polls show that once people grasp the potential invasion of privacy possible with RFID, between 2/3 and 3/4 oppose it. The problem is that it's being deployed via stealth, starting with bulk pallets in the supply chain and, once proven there, migrated down to the individual product level. Visibility is a precious thing, and one of the most insidious properties of RFID tags is their very invisibility. Is there a remotely-powered transponder sandwiched into the sole of your shoe, linked to the credit card number and identity you used to buy it, which “phones home” every time you walk near a sensor which activates it? Who knows? See how the paranoia sets in? But it isn't paranoia if they're really out to get you. And they are—for our own good, naturally, and for the children, as always. In the absence of a policy fix for this (and the extreme unlikelihood of any such being adopted given the natural alliance of business and the state in tracking every move of their customers/subjects), one extremely handy technical fix would be a broadband, perhaps software radio, which listened on the frequency bands used by RFID tag readers and snooped on the transmissions of tags back to them. Passing the data stream to a package like RFDUMP would allow decoding the visible information in the RFID tags which were detected. First of all, this would allow people to know if they were carrying RFID tagged products unbeknownst to them. Second, a portable sniffer connected to a PDA would identify tagged products in stores, which clients could take to customer service desks and ask to be returned to the shelves because they were unacceptable for privacy reasons. After this happens several tens of thousands of times, it may have an impact, given the razor-thin margins in retailing. Finally, there are “active measures”. These RFID tags have large antennas which are connected to a super-cheap and hence fragile chip. Once we know the frequency it's talking on, why we could…. But you can work out the rest, and since these are all unlicensed radio bands, there may be nothing wrong with striking an electromagnetic blow for privacy.EMP,
EMP!
Don't you put,
your tag on me!
Posted at November 8, 2007 01:09