RFID Tags.
Jul. 8th, 2004 01:57 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
swestrupRFID Tags are a great technological innovation, and have scads of really good uses, such as completely eliminating checkout lines. They also have serious drawbacks. Both are discussed in this wired article. Now, there is a middle ground that works, but I've yet to hear ANYONE propose it. The nay-sayers are dead set against RFID tags due to major issues of privacy invasion, and the retailers are very much behind them, since it could save them billions of dollars a year.
The problem boils down to one of ownership. Once you have bought a product, and its embedded RFID tag, you now OWN that product and tag, and they should do what YOU ask them to do, not the company that made them. So, while you're in the store, and the product still belongs to the company, there is an argument that they should be able to find out if you bother to read the packaging, how many times you switch choices on a product, which products you pick up automatically, and so on. This demographic information is gold to them, and were it not for the expense of trained observers, they could easily get it other ways.
The problem comes when you go through the checkout scanner. Modern RFID systems simply update the tags to note that the object is paid for, and deduct the purchase amount from your electronic wallet. The tags remain active, and anyone can scan them from then on. This is a MAJOR problem. You can imagine a corporate sniffer truck patrolling the streets at night and compiling detailed information on product penetration by neighborhood. This is the kind of info that makes big companies drool. But, you can also imagine high-tech thieves doing the same thing and figuring out which houses have the best break-in potential, based on the total value of RFID enabled luxury goods. Muggers and carjackers will have the benefit of knowing what people are carrying and what's in the trunk of a car without doing anything but using a scanner. Potentially worse, it opens the door for a new kind of pickpocket who never has to touch you. He just walks by with a device that says to your wallet 'Hi, I'm the ACME checkout scanner, you just bought a mink coat!', and your wallet will hand him the money.
Now, there are simple solutions to these problems. The wallet and RFID tags need ubiquitous encryption and have to have a protocol that convers both ownership and control over to the person who buys an item. To perform a checkout, you must first 'prime' your wallet by telling it you are about to make a purchase (a button, or a pin number will probably do here). You then walk through the scanner. Each of your RFID tags is currently owned by the store, and is willing to talk to a machine owned by the same store. During the buying process the wallet hands out your ownership ID, and the tags get re-encrypted with that. From then on, they only respond if 1) given a law enformcement query, in which case all they say is their owner id or 2) given a query signed by you, they will tell you what they are, where they're from, etc.
Now, the most a crook can do is steal a police query code, and find out you have RFID tags. They won't be able to tell if you have a B&O Stereo in your car, or if that's a can of peas responding. On the other hand, when you get home, your household system has your ID and so can scan your buys automatically into your inventory, and update your shopping lists accordingly. Now that the RFID tags are working for you, you can have your kitchen list the recipes you have all of the ingredients for, and help decide on what to cook for supper. You can find that rubber ball that the dog ran off with, because it will chirp out a 'here I am' in response to your queries. THIS is a consumer convenience factor that I would love to have. All they need to do is put the propper encryption protocols in the RFID tags. I won't hold my breath waiting.
The problem boils down to one of ownership. Once you have bought a product, and its embedded RFID tag, you now OWN that product and tag, and they should do what YOU ask them to do, not the company that made them. So, while you're in the store, and the product still belongs to the company, there is an argument that they should be able to find out if you bother to read the packaging, how many times you switch choices on a product, which products you pick up automatically, and so on. This demographic information is gold to them, and were it not for the expense of trained observers, they could easily get it other ways.
The problem comes when you go through the checkout scanner. Modern RFID systems simply update the tags to note that the object is paid for, and deduct the purchase amount from your electronic wallet. The tags remain active, and anyone can scan them from then on. This is a MAJOR problem. You can imagine a corporate sniffer truck patrolling the streets at night and compiling detailed information on product penetration by neighborhood. This is the kind of info that makes big companies drool. But, you can also imagine high-tech thieves doing the same thing and figuring out which houses have the best break-in potential, based on the total value of RFID enabled luxury goods. Muggers and carjackers will have the benefit of knowing what people are carrying and what's in the trunk of a car without doing anything but using a scanner. Potentially worse, it opens the door for a new kind of pickpocket who never has to touch you. He just walks by with a device that says to your wallet 'Hi, I'm the ACME checkout scanner, you just bought a mink coat!', and your wallet will hand him the money.
Now, there are simple solutions to these problems. The wallet and RFID tags need ubiquitous encryption and have to have a protocol that convers both ownership and control over to the person who buys an item. To perform a checkout, you must first 'prime' your wallet by telling it you are about to make a purchase (a button, or a pin number will probably do here). You then walk through the scanner. Each of your RFID tags is currently owned by the store, and is willing to talk to a machine owned by the same store. During the buying process the wallet hands out your ownership ID, and the tags get re-encrypted with that. From then on, they only respond if 1) given a law enformcement query, in which case all they say is their owner id or 2) given a query signed by you, they will tell you what they are, where they're from, etc.
Now, the most a crook can do is steal a police query code, and find out you have RFID tags. They won't be able to tell if you have a B&O Stereo in your car, or if that's a can of peas responding. On the other hand, when you get home, your household system has your ID and so can scan your buys automatically into your inventory, and update your shopping lists accordingly. Now that the RFID tags are working for you, you can have your kitchen list the recipes you have all of the ingredients for, and help decide on what to cook for supper. You can find that rubber ball that the dog ran off with, because it will chirp out a 'here I am' in response to your queries. THIS is a consumer convenience factor that I would love to have. All they need to do is put the propper encryption protocols in the RFID tags. I won't hold my breath waiting.
