RFID Gazette

Yet More Anti-RFID Envelope Makers
National Envelope Corporation is the latest company to go after the potentially lucrative anti-RFID envelope and wallet market with their Smart Card Guard products. The envelopes can be used to protect contactless credit cards, ID cards, and e-passports. [via Contactless News]

A Smart RFID Mirror
Paxar is currently showing off its smart mirror at a show in Miami, Florida. The mirror, typically to be used in retail clothing stores, gives customers information about a tagged item of clothing. [via RFID Update]

Free RFID Discovery Service
Affilias is offering a service to companies that want to share RFID EPC data over the Internet. What information is to be shared can be configured on a per subscriber basis. Affilias calls the service ESDS (Extensible Supply-Chain Discovery Services) and hopes it'll become an industry standard. [via RFID Journal]

To date, two states - Wisconsin and now North Dakota -  have banned forced human RFID implants. Except that there's no way that'll stop determined employers. Jeremy Duffy offers an explanation of how organizations might circumvent such laws. One way is by suggesting that implantation is voluntary but to then either punish those that don't "volunteer" or reward those that do. I've worked for enough bad bosses in my life to know the tactics companies use to make you do what they want, or to conoct ways to make you quit if you don't comply. There's no reason why the same sort of emotional blackmail will not happen in regards to RFID implantation.

In California, the issue is more about the use of RFID in certain ways by public entities. An elementary school there has tried to implement an RFID program to monitor the whereabouts of students. To deter this sort of use, the California Senate passed a bill 28-5 to prevent public schools from mandatory RFID systems for monitoring students. The bill must still be passed by the State Assembly.

[Commentary] Apparently, all you need to do to skim data from a certain type of RFID chip used in e-passports and credit cards is $20 worth of equipment available on eBay and the know how. Except that security researcher Chris Paget isn't allowed to say how the flaw works, due to a claim by a chip maker that he'd be infringing on various rights. They stopped Paget from talking at the Black Hat conference in February, and they're still trying to do so now.

Very interesting way of trying to defeat detractors, but instead helping, those who feel consumers should be aware of such security flaws will probably mistrust the manufacturer now. (I unfortunately do not know who this is - see below.) Alienating more people is not what the RFID industry needs; it's about awareness. It might be time get new lawyers and PR people.

[UPDATE: I mistakenly indicated that IOActive is the chipmaker in the above article. Correction made, and my sincere apologies for the error.]

[editorial] In a series of proto-cyberpunk short stories and novellas that I wrote in 2002, set in an alternate, near-future Earth country called the United States of North America (Canada and the US), a roving, microchipped band of digital rebels escape from a USNA government that is essentially a dictatorship pretending to be patriotic. Paper is outlawed, thinking for yourself is highly frowned upon, and everyone is being microchipped "for their safety." (By which I mean RFID chips, though I never refer to RFID.)

These rebels have "underground" meeting places where chips are either removed or disabled, and from where their "subversive" activities are planned. These are the true patriots for freedom and justice, but they are looked upon as hackers and criminals, particularly because they disable the RFID microchips. From their perspective, they do this because they feel the chips are a threat to their privacy and general well-being, and that control of the chips can be subverted by malicious parties - counter to this fictional government's claim that the chips are safe.

Well, truth may be stranger than fiction. According to a security researcher in the UK, Adam Laurie, implanted RFID chips can be hacked by malicious parties and thus controlled. Laurie cracked codes for an RFID id card, a livestock chip, and a chip that a volunteer from the audience had previously had implanted.

You can argue that these demonstrations are not sufficient to be concerned about RFID implants, but obviously I'm going to disagree. As a "proto-cyberpunk" writer, I make it a point to write fiction that considers worst case scenarios of the use of technology. Most of my proto-cyberpunk stories are strongly influenced by the work of science fiction author Philip K. Dick, long-deceased and the author of the novels that were turned into Blade Runner, Total Recall, Minority Report, and others. They are very dystopian, and not afraid to speculate on the "what might be" aspect of world politics (see The Man In The High Castle) and the misuse of technology.

I'm not saying that my stories equal Dick's, but they are definitely written in the same spirit. That said, I see RFID as both a blessing and a curse. I am of the staunch opinion that just because something sounds like a conspiracy theory does not make it false. RFID is unfortunately an ideal technology for both very good and very evil - quite possibly more so than any technology in history has ever been. In the wrong hands, it will be misused under the guise of self-preservation. And any proof of that possibility is something that we all need to take note of.

A glimpse of the TV show Las Vegas would suggest to you that security for casinos there are high-tech, marvellous operations. Well it just might be true. A surveillance tech company called Third Eye has a new RF-based security system, SATS (Security Alert Tracking System) based on a wristband biosensor (from SPO Medical) that monitors employee's heart rate. If the rate suddenly increases, management is alerted by an RF signal from the wristband.

The premise is that if a casino employee's heart starts suddenly beating rapidly, they are likely under stress. This could be due to some emergency such as a robbery, or possibly because the employee is planning a theft.

RFID has some very important applications in health care, and this biosensor is no exception. But the idea that every casino employee would have to wear these wristbands, in case they just might be planning a theft, could turn into a Minority Report-like situation. The movie stars Tom Cruise and is based on the Philip K. Dick novel of the same name. The idea is that law enforcement officers can stop crimes before they start by arresting future perpetrators, based on technology that can read the latter's thoughts and determine that will/may commit a crime.

The SPO Medical wristband in and of itself is not my issue but rather Third Eye's intended use of it by casino clients. It seems to move life into the realm of guilty until proven innocent. An odd thing for a company whose name is borrowed from a spiritual concept of the inward eye of self-enlightenment.

Law makers in the US and EU have been considering regulating the use of RFID in their respective districts. The European Union commissioner backed off, deciding to let the technology mature before imposing regulations.

In Washington state, RFID legislation didn't make the Floor. It sought to impose rules on how RFID would be deployed and used to collect personal data. In Wisconsin, a new bill was just passed that prohibits US currency and documents to be embedded with chips. Previously, the state passed legislation banning forced chip implants.

Implants in particular are going to be a hot law issue in the years to come, Companies like VeriChip have been trying persuade anyone and everyone to implant, including soldiers, and diabetics, and have used them on corpses during disaster recovery.

Finally, someone with a lot more influence in the RFID industry than I said it: VeriChip implant unnecessary and a little creepy [Spychips]

Thanks to RFID Journal's Editor and Founder Mark Roberti for saying what had to be said. I've been pretty vocal about the questionable use of implanted RFID chips, a la VeriChip, and have repeatedly said that some wearable object with an RFID chip is just as good. Which is what Mark Roberti says as well.

On the other hand, Roberti also criticizes media for bad press regarding implants. I assume I am such a person. Or maybe not. Regardless, I see absolutely nothing wrong with making people aware of useless or offensive applications of RFID.

I could be misunderstanding, though Roberti didn't say he's against monitoring people with RFID, as Liz McIntyre points out at SpyChips. In fact, you have to read his article and decide for yourself. Nothing against him personally, but while he says it's creepy and isn't a big fan of implanting people, there could be some benefits of doing so.

From my viewpoint, all power to anyone who wants to willingly have an RFID chip implanted in themselves, but I'll continue to maintain that no one has any right to force an implant on anyone for any reason.

VeriChip's recent poor IPO performance would suggest that not many people think there's much of a market for living human implants. (VeriChips were used to identify the dead during disaster recovery in New Orleans, after Hurricane Katrina.)

In one of my random updates about VeriChip, I'm unpleased to report that the chairman of VeriChip's parent company still hasn't had himself implanted with an RFID chip - as far as I know - despite claiming he would do so, what, about two years ago? Now, if you've kept up with the RFID industry, you might know that VeriChip is planning an IPO (which they filed for a year ago). And this in the midst of poor performance for some companies in the industry and the generally accepted view that most human beings would never willingly allow themselves to be implanted. Feel free to disagree, but in my opinion, forced implanting is one of the worst applications of RFID, not to mention a travesty of personal privacy, regardless of the political BS being fed to us. Besides, there are so many useful, legitimate, non-infringing applications.

I haven't followed the IPO but I'm thinking they'll have a very hard time with it. (Even VeriChip, in their SEC filing, stated that many patients would be unwilling. Apparently a lot of doctors are uncomfortable with implanting their patients - thank goodness.) Nevertheless, they don't seem to be having any problem implanting 222 people in total with RFID chips, for a sales total of about US$100K. [Speaking of implanting, one of the character's in this week's episode of Smallville is abducted and has a tiny GPS chip implanted in his/her shoulder (don't want to spoil it). Though at first, I thought it might be an RFID chip.]

Singer Nelly Furtado appeared on last night's CSI:NY franchise as an amazingly successful shoplifter at high-priced New York boutiques. Towards the very end of the episode, one of the CSIs found a device in a purse they confiscated from Furtado's character. And guess what? It was a "credit card scanner" which, according to two other CSI characters is "based on RFID", "works remotely" and "from three feet".

I'm guessing that the writing team read that New York Times article about the inherent security flaws in RFID-based credit cards, which I've discussed a few times. No doubt the episode was shot months ago. Since the NY Times article, credit card companies have skirted around the issues or outright denied them, but have said that their cards (meaning the new generation) are secure and have new security features.

Still, that's not going to stop speculation from TV shows and movies. RFID tech was also mentioned in Law + Order: SVU a few months back.

A couple of weeks ago, there were a couple of articles around the blogosphere talking about how to disable the RFID chip in your new e-passport. Engadget has a great photograph of a simple, low-tech option. Now, while one article said that a passport is still valid even with a disabled chip, The Inquirer says that a tampered passport might get you "25 years in prison and a special customs search with rubber gloves.

Damned if you do and damned if you don't. The security issues have yet to be resolved and might be worse than formerly thought. Two European tech consultants found that cloned e-passport data can be purchased on the Internet. Not only that, the RFID reader they bought on eBay had a blank chip and software for cloning and copying the data onto the chip.