RFID Gazette

This should prove interesting. ComputerWeekly that 3 of 27 countries participating in the US Visa Waiver Program missed the deadline to introduce the new RFID-enabled e-Passports, which security experts question the safety of. The countries, however, are very small (Andorra, Brunei, Liechtenstein).

According to Wikipedia, Andorra is known as a tax haven and has the highest life expectancy in the world (83.51 years). Brunei is officially the Sultanate of Brunei, once very powerful. Liechtenstein is doubly landlocked - it and Uzbekistan are the only two countries that are - and is a winter sports resort, so it lacks in heavy urban areas.

The deadline was Oct 26, 2006. Due to this missed deadline, citizens from these countries can only visit the US if the apply for and receive a visa.

In my post Can RFID track people?, I talked about "after the fact trail analysis", where companies can at least see where their employees have been - if not track them - using contactless employee pass cards. It isn't a real-time location system (RTLS). To do that with RFID, without using GPS technology. Or at least specialized hybrid RFID and Wi-Fi technology.

Now contactless cards generally have too short a read range, but I'm hypothesizing that you can track a society's inhabitants using RFID and Wi-Fi. Let's ignore the logistics of programming, the cost of technology, and the sheer computing power needed. Say we want to focus on a tracking a single person. Here's the hypothetical scenario. The fictional society in question has a tight-knit grid of RFID scanners, and everyone wears an RFID wristband/ watch with Wi-Fi communication as well. Each wristwatch is coded with a unique value that identifies the person wearing it. It could be government tax id, such as the SSN - Social Security Number - or what have you.

Think that there would be too many wristwatches to track simultaneously? Some of the new RFID tech being used to handle bins of drugs or other product can read thousands of tags per minute. But in this case, you are trying to track a single person, a single code. Anything else can be ignored. So, continuing with the scenario, you have a person passing a scanner every few feet. Somewhere in some control room, that information can be filtered for one person/ code.

What results is a near real-time "trail" of where that person has been. From this, relatively simply mathematics can be used to study the person's "trail vector(s)" and determine where they might be going. Then a force of "robo cops" outfitted with wireless technology, HUD (Heads-Up Display) goggles, wearable computers, Bluetooth earpieces, etc., could be notified and move to intercept the person.

Now of course, I took a lot of liberties assuming this and that above. And since the devil is in the details, it's those assumptions that have to be resolved for such a science fictional scenario. But I stand by my position that radio frequency technology CAN be used to track a single someone provided the technical and financial conditions are satisified. And it's the ability, not necesarily the actuality, that is frightening.

MasterCard was awarded the honors of 2006 Frost & Sullivan Company of the Year for its PayPass contactless payment technology. The technology is being used in the new contactless credits cards from Mastercard. [via Contactless News]

MasterCard was one of the companies listed in a recent NY Times article about the findings of two US researchers regarding the security flaws in 20 contactless credit cards tested. The researchers found that not only could they "skim" important information off the cards while they were still in their envelopes, they could do so with a homemade reader, which cost US$150 to make. They also determined that a smaller reader could be made for only $50 and read information through a mailbox, from a distance of a few feet.

Several credit card companies have claimed that any information skimmed off the cards tested cannot be used successfully to make purchases. Although the whole issue begs the question of why the cards are not mailed with an anti-RF sleeve to at least give them impression that they are protecting consumers from all possibilities of fraud.

Digital Angel Corp, sister company of VeriChip - makers of the controversial implantable RFID chip - have come up with more implantable technology. This chip is glucose-sensing, and thus is designed for diabetics. Digital Angel also scored a patent for the chip, which is injectable by syringe.

After the chip is implanted, no typical painful finger pricks are needed to read body glucose level. The implanted chip transmits the information to a scanner. The chips are passive, so no battery is required.

According to the press release, there are 230 million people worldwide with diabetes - a huge market for Digital Angel and VeriChip Corp. It's becoming an epidemic in humans and apparently is also a major disease for livestock.

The armchair scientist in me thinks, "Wow, this is an incredible leap in diabetes management." But the VeriChip skeptic/ cynic in me thinks, "Wow, they figured out a way to 'legitimately' convince more people to implant themselves." My maternal grandfather, when he was alive, was a simple village physician who sometimes got paid in chickens and eggs. He was a humble, honest man. And he was borderline diabetic, as I am too. Yet he never once took any medication for it. He controlled his diet very strictly and managed to keep his diabetes fully in check. I struggle with mine, because I am not as disciplined as he was, but have little trust in allopathic ("Western") medicine, despite my grandfather being a doctor.

I also happen to know more diabetics these days than I've known previously in my entire life. The majority of them have to take daily needles; some take pills, and others, still, have lost limbs or even died in comas. It's a terrible, painful disease that has lots unfortunate side effects, including, sometimes, a weird sense of denial of the situation. Not all diabetics are disciplined enough to take their medication. In fact, up to 50% of patients for any illness do not take their medication as directed.

That said, I'd hate to knock anything that might help diabetics, but as per usual, I am reluctant to willingly accept RFID that is implanted in our bodies, no matter what the purpose. But that's just me. (I'm not a full-blown Luddite; just a hybrid.) There is, however, an NFC (Nearly Field Communications) RFID-based solution for diabetics by NXP (formerly Philips Semiconductors) that does not require a chip to be implanted. Though it does require inserting a small tube into the belly area, and finger-pricking for blood droplets is still part of the daily regimen. Both products are prototoypes and, as I understand it, still require US FDA approval. So it may be a few years to reach the market.

This is a debate that I cannot possibly settle, certainly not in a few paragraphs. But let me try. Some of my previous posts have "suggested" the possibility of tracking employees. They've drawn some heated comments as a result. I feel it's important to explain myself, not to save face but to explain exactly what I mean, and to prove, hypothetically, that is in fact possible to track people. However, I am talking of a very general form of tracking, which not only might not be in real-time, but would also be very rough.

To wit, consider this hypothetical scenario. Assume you have a closed environment, such as a large company that has RFID readers installed at doorway access points at regular intervals. Every employee is issued a contactless card that has an unique code. An employee leaves his cubicle to go somewhere, say lunch. The choices are the cafeteria at the far end of the giant complex, or out somewhere. In either case, the employee passes through two or three access points before his path diverges, depending on his destination. Each time through an access point, the time and the id of the card is logged. If the employee goes through more than one access point, which is likely, there is a log of his "trail". A very sparse log, but a log nonetheless. With that log, his boss can tell how long he took for lunch, whether he ate at the cafeteria, whether he stopped off at some lab along the way, etc., etc.

True, this isn't a real-time location system (RTLS), but it offers after-the-fact tracking of sorts, an employee trail, if you will. Guy J Kewney has a well-written post from March which says RFID is hard to get right, so don't worry about "imaginary Sci-Fi scenarios with Big Brother spies..." I respectfully say that while that may be true, it misses the point. RFID/ contactless technology does have the ability to give its controllers more information about you than maybe you want them to have. The question is, how will the information be used? Hopefully end users will be respectful with information they collect.

As I write this, I'm watching the season premiere of the T&A jiggle show Las Vegas, which has a healthy dose of drama thrown in. It suddenly struck me that had this episode been written a few months from now, how different it might have been. One of the main characters, Ed Deline - played by James Caan - is a casino boss. He's also a former CIA operative , or something to that effect.

Shortly after being shot and having a heart attack scare only a few hours before his daughter's wedding, he's visited in the hospital by two members of the CIA. In his normal bullheadedness, he takes off to London. Fast forward to a scene of him in a bank, where he's greeted by a different name. He then opens a safe-deposit box that has a couple of stacks of British Pounds and what appears to be a couple of dozen passports. Tossing his passport into the box, he pulls out another one. Fast forward. He gets off a plane, hands over a passport. The uniformed customs agent opens it to reveal a picture of Deline, but greets him with a different name.

Now if you haven't already figured out what I'm getting at, here it is. If e-passports get implemented worldwide, or at least in the countries that are trading partners of the United States, as the current administration wants, then scriptwriters need a whole new education in e-passports. Most spy stories would cease to make sense to anyone who knows about an e-passport. Granted, having a passport does not mean that you would be visiting a country where they can actually read the RFID chip. As well, when you are a former military operative, you probably have ways to get fake passports with fake data on the RFID chip. At least in fiction.

The oddest thing about this episode, however, is that the show has an extremely high-tech bent, and yet they completely ignored the concept of an e-passport. Maybe scriptwriters are amongst those who are hoping the e-passport doesn't go through - despite the unlikelihood of that, even with all the supposed evidence that there are some serious privacy and security flaws.

Payments News has an embedded YouTube video demonstrating the privacy holes in contactless credit cards. The video is by the same researchers that found that they could read credit card numbers and expiration dates off of the RFID tags on 20 contactless credit cards directly through their mailer envelopes. Their research was covered in the New York Times a few days ago. Note that it's rather difficult to tell what's going on in the video.

Earlier this year, other security researchers in Europe and elsewhere found that they could also skim information from an RFID tag in an e-passport and use them to trigger an explosive. The US and several countries in Europe started issuing ICAO-compliant e-passports in August. Both the credit cards and the passports have spawned a mini-industry in protective sleeves and wallets, which work on the principle of a Faraday Cage that blocks RF signals.

A number of bookstores in Europe are following the lead of libraries in an effort to tag their books to manage their supply chain and assets. While the core functionality is the same, bookstores have a slightly different purpose for tagging than libraries. The Dutch bookstore chain BGN recently started tagging their books and expect their return on investment to manifest in only 14 months.

Selexyz, the largest bookseller in the Netherlands, is doing the same thing, with the intent to control their restocking efforts and reduce labor costs. They've found that their special kiosks that allow customers to perform natural language searches for books has resulted in a 50% increase in sales. Accuracy in their processes has been 100%, except where manual processes are still being used.

Because of this success of this RFID project, they plan to follow suit in all of their stores by year-end 2007. Since big bookstores came into existence, they've not only cut earnings for the average author but also for themselves and publishers. If RFID can reduce costs for book chains, almost everyone in the loop wins (except any employees displaced as a result).

Studying animal populations is usually the domain of statisticians and wildlife researchers, but a group of computer scientists have received funding for a three-year project to tag badgers, monitor them, and study their populations. All to test out a new technology called MEMS (micro-electro-mechanical systems). MEMS tech also incorporates RFID tags, which are then monitored by a sensor network. [via Science Daily]

Radio frequency technology has been used to tag and study "home ranges" of animal population since approximately the 1960s. (A home range, as drawn on a map, is essentially the boundaries of an area where a single animal or a group limits their movement to, over a period of time. Home range monitoring is also an early application of GIS - Geographical Information Systems.) This particular project uses advanced technology and a different methodology for data collection. In other animal applications, RFID has also helped cattle ranchers recover rustled cattle.

RFID Cannes-Can
A hospital in Cannes, home of the famous French film festival, is using RFID in their laundry operations to manage hospital garments. Over 36,000 garments use TAGSYS tags that can repeatedly withstand water, heat and chemicals. Other hospitals in the area also send their garments to the same laundry. Information in each tag tells laundry staff where the garment came from and how many are in stock, amongst other things. [via PR Web/ ] Hospitals are already using radio frequency tags and systems for patient records management and other applications.

Europeans Wary Of RFID
A survey by the European Commission suggests that over of EU (European Union) citizens are strongly in support of de-activating radio frequency tags on consumer goods at the point of purchase. Two-thirds of survey respondents feel there should be more data protection and privacy legislation, especially if RFID use grows in the EU. This is something the Commission will have to take in account, especially since other research shows big potential in Europe for RF technology, despite the narrow band for RFID tech allocated by ETSI (European Telecommunications Standards Institute).

Take The First Step
For those companies not yet using RFID, take some risks and jump in, learn to innovate. For those already using RFID, share your successes in a community fashion. That's the advice from representatives of RFID early-adopter companies like Wal-Mart and Procter & Gamble, speaking at the EPCglobal US's third annual user conference. [via RFID Journal]