Posts filed under ‘RFID’
Gotta love these pigs. They are giving the finger to Big Brother, well, more their cute, wiggly tails. So we know that pets are implanted with RFID chips (usually under the skin between the shoulder blades in a dog or cat and providing the owner’s details together with information about the animal, which is logged onto a central database.) But RFID technology is also used for farm animals – to trace livestock through their life cycle. Microchip implants can identify an animal’s origin so if there is an outbreak of a disease, such as mad cow, the RFID-tracking system will identify the farm from which the animal carrying the disease came from. If you ask me, this is Animal Farm meets Big Brother. And one day, in the not too distant future, humans will be implanted with RFID chips and our daily activities and life-cycle will be tracked. But back to the pigs.
You’re about to watch a short video of smart pigs in Essex, UK. These pigs are equipped with (rather cumbersome) RFID-enabled collars that limit piggy’s food to a certain amount per day. The pig goes through a gate and the RFID collar works out how much food to dish out. You then see poor piggy looking sad that there is no more food as it leaves the feed chute area. But in a classic case of learned behaviour, some of the pigs have figured out the collar is the key to more food. And this is happening on a number of independent farms not just the one farm. Some pigs ditch the collars (yeah, they look uncomfortable) and other clever pigs come along, pick up the collar and…carry it to the feed gate a second time. So the animal that often ends up as bacon on the breakfast buffet is smart enough to make the mental connection between collar and more dinner and is teaching other pigs to subvert Big Brother.
And in another story of learned behaviour (this time without surveillance overtones) – have you heard about the Moscow dogs? Stray dogs have turned into canine commuters, using Moscow’s subway system to full advantage. After the collapse of the Soviet Union, many industries moved from Moscow into the surrounding suburbs and stray dogs used the industrial complexes as shelter and for food scavenging – so when industry moved, they moved too. What’s fascinating about this is that the dogs apparently work together, helping each other to learn the length of time they need to spend on a train to the suburbs; what stop to get off; and which carriages to travel in. And just like human commuters, they often take a nap on the train. There’s even a Russian website devoted to these metro dogs. Apparently, the dogs wait patiently on the station for the train to pull in and they have learned to use the traffic lights, crossing the streets with pedestrians. And they have learned innovative tactics to easily obtain food from humans. In the evenings, they hop on the train and return to Moscow. Check out this YouTube video – you can see the dog is snoozing, the announcement is saying the train is reaching a station; the dog stirs; looks around to see people are getting off; and calmly saunters out the door, ready for a day’s scavenging.
I’ve raised the issue before of RFID (radio frequency identification). If you’ve missed the posts, go here and here . You can always visit Spychips to get a good run-down on the dangers of RFID, but let me summarise for you:
- RDID devices can be inserted into clothes or products – they send a wireless, unique identification number to an RFID reader – and this data capture can be used to track an item.
- manufacturers want to replace the bar code with RFID – it helps them with warehouse inventory and supply chain sure, but it also means that the item (and its purchaser) can be tracked. You can be tied to an RFID-enabled item you buy when you use a credit card for example. What will be recorded is: the store the item was purchased from; date and time bought; your name, your address and so on. The manufacturer might then start bombarding you with targeted advertising through your email or via brochures sent to your home.
- as far as I am aware, there is no legislation or standards controlling the use of RFIDs – you may have them in your clothes right now and be unaware. Go here to find out how to spot an RFID chip and disable it. Apparently, the chips can be as small as the tip of a pencil – a mere dot.
You may have a passport with an RFID chip in it. It makes sense: the chip can contain a lot of information that immigration officials scan quickly. But….the chip can be scanned from a distance by an RFID reader. It’s not just immigration officials who can download your information, it’s anyone (a hacker for example) with a reader within close proximity. And poof: there goes your identity onto an RFID reader, ready to be used by who knows. I’ve read that these scanners can be pretty small and able to be concealed up a sleeve.
Now, you would imagine that a bunch of hardened, security savvy US law enforcement and intelligence dudes would be wise to RFID and its dangers – wouldn’t you? Yes, well, apparently not. There’s a secret squirrel conference that happens yearly in the US, known as DefCon. It’s attended by Federal agents and discusses the latest cyber vulnerabilities and the hackers who exploit them. Some attend under their real name and affiliation, but many attend undercover, secret squirrel.
Imagine their surprise when many of them had their RFID-enabled ID tags scanned and read. Attendees might have had the card in their back pocket, in a backpack, in a wallet or in a shirt pocket. Many of them passed by a table with an RFID reader in full view but were stunned, shocked, gobsmacked (as we say in Oz) when conference attendees were told about the presence of the reader and that it had captured personal information. To add insult to injury, they were told a camera snapped the card holder’s picture as well! So those attending in secret squirrel disguise may have been identified by their photo for example.
Quel horror! Big, HUGE scare. Red faces and egg on face all round I’d say. Apparently, it was all part of a project devised by security consultants to highlight privacy issues around RFID (sure hope they obtained permission to do this, otherwise I sniff a huge cat fight coming up).
Here are some scenarios to make you think about RFID dangers:
- you’re sitting at a restaurant, enjoying dinner with family or friends. Meanwhile, a hacker seated at a table nearby with a portable reader is downloading your RFID-enabled credit card – account number, expiry date, name.
- you’re standing in a queue, waiting to check-in at some international airport, passport in hand. Terrorists with a portable reader are downloading your passport details or they are busy identifying all Americans within the terminal by reading as many passports as they can.
- a hacker scans the access card number you use to get into your office building. Perhaps the hacker bumps into you, knowing you’re an employee of a certain organisation, and scans your back pocket where the security ID is kept. Since these cards are usually in sequential order, the hacker selects a number, clones the card and impersonates an employee.
There are so many scenarios I could give you. Apparently, if you chuck an RFID chip in the microwave and nuke it for 5 secs, that will kill it (but be careful as I’ve read the thing can explode too). You can also pierce the chip with a knife or cut off its antenna but you need to know how to spot an RFID chip first – so make sure you read this Spychip FAQ.
UPDATE: seems the new UK ID cards are very easy to download data from the RFID chip embedded within it. It took 12 minutes for someone to electronically copy the ID card microchip and all its information.
This week will be full of posts on privacy, so if you’re not concerned about threats to your civil liberties…well, you’d best keep your head buried in the sand.
Scientific American has a fabulous in-depth report on privacy and security. Of particular interest to me was the article, How I Stole Someone’s Identity. ThinkingShift reader, Andrew Mitchell, recently sent a link to an article about our paradoxical attitudes towards privacy. Carnegie Mellon behavioural economist, George Lowenstein, has been researching into why it seems we don’t mind divulging personal details on social networks or happily have tracking devices like mobile phones or GPS navigators. Yet, if Google StreetView or Google Maps were to be right outside our front door snapping pictures of our house, we’d probably carry on about trespass of private property and invasion of privacy (well, I sure would!).
So why do we share so much personal stuff online? In one experiment, Lowenstein and his researchers, gave college students a survey, which asked them if they had engaged in wayward or illegal activities. One group was told that any information revealed would not be divulged, the other group was not given that reassurance. Despite the strong assurance of confidentiality, only 25% in the first group of students admitted to some funny business; whilst over 50% of the second group owned up to some wrong doing.
So the notion that a strong assurance of confidentiality will relax people to the point they cough up personal info is not borne out. One of the conclusions drawn from the research is: “Creating an informal online atmosphere, it seems, encourages self-revelation, even though an unprofessional site is probably more likely to pose a privacy problem than an elaborate, professional one”.
And so, we leave bread crumbs all over the place and it seems it’s relatively easy to gather these crumbs and steal someone’s identity. For the SciAm article, the author wanted to test just how easy it is. He asked acquaintances and some people he knows casually for permission to break into their online bank accounts. No hacking was involved. The author mined the internet for golden nuggets of personal data. In one case, his “victim” was a friend of his wife – “Kim” (no, not me!). He found her blog, which gave away stuff like pets’ names, grandparents’ names, home city and so on (mmmm…..better watch how much I say from now on!!). He found her resume online and email address.
You can read for yourself how he put all the bread crumbs together and just how easy it was to break into Kim’s online banking account. Yikes, I’m having nightmares!
Then you can go on to read how the internet his helping terrorists and criminals. Other articles you should take time to read are:
- How RFID tags could be used to track unsuspecting people
- How loss of privacy may mean loss of security
- Do social networks bring the end of privacy?
- Are biometrics really accurate?
Also, check out the international report on the effects technology is having on privacy in China, Japan, the Middle East and the UK.
PS it’s Privacy Awareness Week. Privacy Awareness Week is an annual promotion by the Asia Pacific Privacy Authorities (APPA) group. APPA members participating in PAW 2008 are; Australia (including New South Wales, Victoria and the Northern Territory), Canada (including British Columbia), Hong Kong and New Zealand.
Go here and take a quiz to find out if you are aware of what is or is not protected by privacy principles.
Strike me down! In a post just a few days ago, I told you about poor Leon, the French bulldog, and the possible dangers inherent in RFID technology. VeriChip is the US company at the centre of criticism over its plans to microchip medical patients. VericChip won approval from the FDA to implant microchips into humans. And it has started doing so.
VeriChip has just announced plans to conduct a 2 year pilot study to test their RFID technology. It will implant 200 Alzheimer’s patients located in Palm Beach County, Florida with tiny electronic capsules that contain a 16 digit unique patient identifier. The patients will be scanned and their medical and personal information held in a database, which can be accessed by medical staff.
I really do have a problem with this. VeriChip says that the patients have volunteered for the pilot study. Last time I looked, Alzheimer’s was considered to be a progressive form of dementia with symptoms of impaired thought and degeneration of brain function. This means that these patients may not be truly capable of giving informed consent. I’m wondering if this is exploitation of a group of people in society who really can’t stick up for themselves. We also know from my previous post that there are questions being raised about the medical safety issues of microchips, with animal studies pointing to a possible causal link with cancer.
VeriChip is saying that microchipping Alzheimer’s patients will give families peace of mind as any patient who wanders or gets lost can have their arm scanned to identify them. But it’s no secret that RFID technology can be used for tracking purposes and it’s no secret that hackers can nab medical data as it is transferred from chip to reader to secure database.
It’s the notion of tagging people that gets me. Tagging for folksonomies, okay; tagging for Flickr okay. But tagging humans? Not okay – very Orwellian. I think once you get acceptance of tagging a small population of medical patients, it’s an easy jump to say the prison population, then parolees or sex offenders, then perhaps to get through immigration – then the whole population. Always the argument would be – it’s to protect the population from criminals; it’s to protect military bases or nuclear power plants; we need to identify wandering Alzheimer’s patients and so on. And then it’s a small jump from the chip carrying medical information to holding other information about you, for example, chip-based payment for groceries would require your credit card details be recorded on the chip. I see no reason why airline tickets couldn’t be disposed of in a future of microchipped humans – pay for your ticket and when you get to the airport a scanner verifies payment and processes you through immigration. And to keep kids safe, how about a future where a baby is microchipped at birth – the parents can track their movements or police could find a missing child. One microchip in the human arm can hold an infinite number of potential uses to track and control humans albeit some uses might be beneficial or innocent. But well-meaning and innocent can often turn into exploited and abused.
No doubt a whole new crop of evasive technologies would spring up to evade the signals being emitted by RFID chips (if they’re emitting a radio signal) and a black market in avoidance. Special clothing material to block the signal from being omitted might be invented for instance and dodgy back street “implant extractors” (people who will surgically remove the microchip should you wish to avoid being tracked and monitored) will offer their services. The microchip black market would be full of counterfeit chips that you could swap for your implanted one and take on a whole new identity.
If you want to read more on a potential future of humans chipped like cattle or if you wonder if VeriChip’s microchip can be duplicated easily, go here and read the interview with Liz McIntyre, author of Spychips: How Major Corporations Plan to Track your Every Purchase & Watch your Every Move. The creepiest part of this interview is when you read that VeriChip, like vultures circling, swooped down on corpses following Hurricane Katrina and had coroners implant chips. Scary stuff; scary interview. I even find the slogan on VeriChip’s website creepy: “RFID for people” – I guess they point this out just in case we confuse ourselves with cattle or domestic pets!
Photo credit: Spychips.com
Okay, I’ve tried to avoid any ranting about the surveillance society while I continue my research into some issues, but several items of news I’ve come across have caused me hysteria. But I’ll start off by saying that I was recently at a dinner party when the issue of my blog came up (alas, my fellow guests weren’t die-hard fans of ThinkingShift, they just wanted to know if I had a blog). The question became: what do you blog about? And naturally with that opening, I rushed right in where angels may fear to tread – the surveillance society is a pet topic I responded.
About 30 seconds of silence ensued, then one brave person asked – why? what about it? 30 seconds of stunned silence on my part and then I launched myself into a monologue about public webcams, fingerprinting of children and so on. Now, one week later, I’m still a bit stunned by the range of responses:
- “I don’t care if we’re being watched by webcams”
- “yeah, I know we’re slipping into an Orwellian paradigm, but what can you do about it?”
- “you know, if you talk about it too much, you might get visited by some people” (now, I’m not sure who these people might be or if the person uttering the comment was from ASIO or other Federal department!)
- “I’ve never really noticed any webcams”
- “Doesn’t worry me if I’m fingerprinted or iris-scanned”.
After a quick vodka (alcohol of choice when looking like deer in traffic light), I recovered myself to go on about how data and images about us could potentially be misused or abused. And then the mood changed: my fellow guests suddenly started to say things like “never thought of that aspect before”; “yeah, who exactly IS behind those webcams”; “we could end up with the Government knowing everything about us”. (Note to guest: they probably already do).
I told you recently about how NSW schools are about to introduce webcams into the classroom and the privacy issues around this. Recently, I was mid-lecture at a University where I teach; I looked up into the corner of the room; and there was a webcam. Big shock to me – I’d never been informed that the university had installed them and I haven’t been given any protocols of use for these webcams. I would suspect that my students didn’t even know they were there silently watching.
And so….to today’s post that asks the important question of whether humans are cattle or dogs? Thirty years or so ago, the first electronic tags were affixed to animals – cattle to be precise. All very innocent – the tags helped farmers to track stock. In the 1990s, domestic dogs (and cats) started to be chipped with owner identification data. Microchips are embedded everywhere: in e-tags to pay tolls; library books; in smart cards. But now it seems humans have joined the ranks of cattle and domestic pets to be chipped and tracked.
Wired has news that the company Citywatcher.com – a provider of surveillance equipment no less – has embedded glass-encapsulated microchips complete with miniature antennas into the forearms of two employees. Said employees were not cattle or domestic animals. Now the company maintains that this is all very innocent. The RFID tags, which are as thick as a toothpick, are merely to restrict access to certain areas that hold sensitive data or images. Has the company heard of (a) doing thorough background checks on employees before employing them in certain roles? or (b) trusting employees to do the right thing (I know….a radical suggestion).
This is a dangerous precedent if you ask me. Civil liberties campaigners say that human chipping could start innocently (as things did with cattle and dogs) – chipping Alzheimer’s patients to help authorities identify those who wander or chipping sex offenders to track and monitor their activities. And then it’s one small step to making all citizens scanable (hey, instead of webcams, in the future we’ll probably have barcoders at convenient places like train stations and supermarkets – just wave your chipped forearm to pay for goods and services). The cross-over from innocent to sinister has already happened. Apart from Citywatcher.com, the Baja Beach Club in Barcelona, Spain in 2004 began holding “implant nights”.
In a scene that you’d more likely see in an episode of The X-Files, a white coated dude brandishing a latex-gloved hand and hypodermic needle, swished along the line of eager club goers, anesthetised the arms of the young and pretty and injected them with microchips. And club goers willingly consented to this so they could avoid those nasty lines, breeze past bouncers, enter VIP areas and pay for drinks without paying cash. The ID on the chip was linked to the user’s bank accounts and stored in the club’s computer system. Night clubs in Scotland and Florida soon followed the trend. Hello?? Would you willingly submit to being chipped so you could bypass a queue?
Long-distance RFID technology can have a range of 11 metres (about 36 feet) and is already used to track trains so it takes little imagination to envision a future where RFID readers are placed along highways, for example, and as we whizz by in our cars with chips in our arms, the Government will know our every move; or employers will know how long we’ve spent in the loo. A willingness to be chipped might be the difference between getting a job or not.
One dude, a doctor in the US, had himself chipped so that if he was in an accident and landed in the emergency ward, medical staff would be able to access his medical history pronto. Sounds logical and innocent, but it’s one small step to imagining a future where the chipped get quicker medical treatment than the unchipped and the argument would be that they can be treated faster because of instant access to medical data ie streamlining bureaucracy.
And the technically-savvy, armed with their own RFID reader, could steal people’s identity by reading their data, something called “spoofing”. This is the problem with chipped passports – while you’re waiting in line at immigration, someone is spoofing your passport data (although having an encrypted chip apparently makes it harder). One security expert quoted in the Wired article said:
“You pass within a foot of a chipped person, copy the chip’s code, then with a push of the button, replay the same ID number to any reader. You essentially assume the person’s identity.”
Now, this scares me more than the webcams do. And like the breast implants that some women have that seem to migrate around the body, could a chip move somewhere else in the body causing a medical drama?
Human chipping is not a path we want to go down surely. What do you think?