RFID Gazette

To date, two states - Wisconsin and now North Dakota -  have banned forced human RFID implants. Except that there's no way that'll stop determined employers. Jeremy Duffy offers an explanation of how organizations might circumvent such laws. One way is by suggesting that implantation is voluntary but to then either punish those that don't "volunteer" or reward those that do. I've worked for enough bad bosses in my life to know the tactics companies use to make you do what they want, or to conoct ways to make you quit if you don't comply. There's no reason why the same sort of emotional blackmail will not happen in regards to RFID implantation.

In California, the issue is more about the use of RFID in certain ways by public entities. An elementary school there has tried to implement an RFID program to monitor the whereabouts of students. To deter this sort of use, the California Senate passed a bill 28-5 to prevent public schools from mandatory RFID systems for monitoring students. The bill must still be passed by the State Assembly.

[Commentary] Apparently, all you need to do to skim data from a certain type of RFID chip used in e-passports and credit cards is $20 worth of equipment available on eBay and the know how. Except that security researcher Chris Paget isn't allowed to say how the flaw works, due to a claim by a chip maker that he'd be infringing on various rights. They stopped Paget from talking at the Black Hat conference in February, and they're still trying to do so now.

Very interesting way of trying to defeat detractors, but instead helping, those who feel consumers should be aware of such security flaws will probably mistrust the manufacturer now. (I unfortunately do not know who this is - see below.) Alienating more people is not what the RFID industry needs; it's about awareness. It might be time get new lawyers and PR people.

[UPDATE: I mistakenly indicated that IOActive is the chipmaker in the above article. Correction made, and my sincere apologies for the error.]

The Boston Marathon has announced that they'll be using RFID technology that allows monitoring of athletes' whereabouts. This is partly for the purposes of sending wireless or email alerts to friends and family of runners. [via PC World]

They are not the first race to use RFID, but it wouldn't suprise me if more marathons converted to this. (Many sports - such as baseball, golf, soccer, car racing, parkour - are finding interesting ways to use RFID.) Marathon fans often want to watch but cannot be at the event. RFID allows for near real-time monitoring, as well as ensuring that only registered athletes are participating. For the Boston Marathon, RFID tags are slipped over shoelaces before they're tied.

Car sharing services have existed for years in North America in many large and even some small cities. But Zipcar is a service with a difference: they use RFID contactless cards to open the doors, making it much easier to schedule more efficient sharing. The other difference is that Zipcar is the first car sharing service to go international. Besides service offerings in US cities, they are in Toronto, Canada, and , Vancouver.

Cars have had RFID tech in various components including door keys for many years now - even if consumers are not aware of this fact. However, the Zipcar technology means the ability to produce multiple keys per car.

This is actually an ideal time to get into Vancouver, what with the Winter Olympics coming in 2010 and a cramped road infrastructure. Visitors to the games are going to want to rent vehicles, especially since the events are actually spread out over at least two sites. Vancouver area's roads supposedly cannot take a surge in vehicles. So a service like this might be a boon to everyone, especially if they're set up to handle short-term use.

[editorial] In a series of proto-cyberpunk short stories and novellas that I wrote in 2002, set in an alternate, near-future Earth country called the United States of North America (Canada and the US), a roving, microchipped band of digital rebels escape from a USNA government that is essentially a dictatorship pretending to be patriotic. Paper is outlawed, thinking for yourself is highly frowned upon, and everyone is being microchipped "for their safety." (By which I mean RFID chips, though I never refer to RFID.)

These rebels have "underground" meeting places where chips are either removed or disabled, and from where their "subversive" activities are planned. These are the true patriots for freedom and justice, but they are looked upon as hackers and criminals, particularly because they disable the RFID microchips. From their perspective, they do this because they feel the chips are a threat to their privacy and general well-being, and that control of the chips can be subverted by malicious parties - counter to this fictional government's claim that the chips are safe.

Well, truth may be stranger than fiction. According to a security researcher in the UK, Adam Laurie, implanted RFID chips can be hacked by malicious parties and thus controlled. Laurie cracked codes for an RFID id card, a livestock chip, and a chip that a volunteer from the audience had previously had implanted.

You can argue that these demonstrations are not sufficient to be concerned about RFID implants, but obviously I'm going to disagree. As a "proto-cyberpunk" writer, I make it a point to write fiction that considers worst case scenarios of the use of technology. Most of my proto-cyberpunk stories are strongly influenced by the work of science fiction author Philip K. Dick, long-deceased and the author of the novels that were turned into Blade Runner, Total Recall, Minority Report, and others. They are very dystopian, and not afraid to speculate on the "what might be" aspect of world politics (see The Man In The High Castle) and the misuse of technology.

I'm not saying that my stories equal Dick's, but they are definitely written in the same spirit. That said, I see RFID as both a blessing and a curse. I am of the staunch opinion that just because something sounds like a conspiracy theory does not make it false. RFID is unfortunately an ideal technology for both very good and very evil - quite possibly more so than any technology in history has ever been. In the wrong hands, it will be misused under the guise of self-preservation. And any proof of that possibility is something that we all need to take note of.

Amal Graafstra, author of the book RFID Toys, is one of the first people to implant himself with an RFID chip. His first chip was in one hand, and he later implanted a second chip in the other hand. As he's said a few times, he doesn't need to carry around keys.

If you want to know more about why he did it, read [via Trossen Robotics]. I've always maintained that while I don't believe in forced implants, I have no problem with someone who willingly gets implanted or even does it themselves. I have friends/ acquaintances who have done other types of body modifications, including implants of small balls, horns or other shapes. That said, I'd go for other types of implants/ piercings or tattoos and scarifications, etc., before I'd ever get an RFID implant.

Finally, someone with a lot more influence in the RFID industry than I said it: VeriChip implant unnecessary and a little creepy [Spychips]

Thanks to RFID Journal's Editor and Founder Mark Roberti for saying what had to be said. I've been pretty vocal about the questionable use of implanted RFID chips, a la VeriChip, and have repeatedly said that some wearable object with an RFID chip is just as good. Which is what Mark Roberti says as well.

On the other hand, Roberti also criticizes media for bad press regarding implants. I assume I am such a person. Or maybe not. Regardless, I see absolutely nothing wrong with making people aware of useless or offensive applications of RFID.

I could be misunderstanding, though Roberti didn't say he's against monitoring people with RFID, as Liz McIntyre points out at SpyChips. In fact, you have to read his article and decide for yourself. Nothing against him personally, but while he says it's creepy and isn't a big fan of implanting people, there could be some benefits of doing so.

From my viewpoint, all power to anyone who wants to willingly have an RFID chip implanted in themselves, but I'll continue to maintain that no one has any right to force an implant on anyone for any reason.

VeriChip's recent poor IPO performance would suggest that not many people think there's much of a market for living human implants. (VeriChips were used to identify the dead during disaster recovery in New Orleans, after Hurricane Katrina.)

Privacy advocates are no doubt beaming as the opposition to a US National Driver's License spreads to at least seven states, sparked by Maine's initial opposition. Issuance of the RFID-based licenses is part of the Real I.D. Act of 2005, which was backed by the House of Representatives, and is to be implemented in 2008.

While Maine is being credited for triggering the new revolt against the National Driver's License, New Hampshire objected back in April of 2006. State legislators voted against it, despite N.H. being a Republican-run state. Maine's legislature voted against it last month, followed by Georgia and several western states expected to pass laws soon.

Talk is of as many as fourteen states objecting in the form of legislation against Real ID. However, I'm wondering if this would have happened had Democrats not gained their victory in Washington recently. If a Democrat takes the Oval Office in 2008, will the whole project be scrapped? Under it's strict guidelines, citizens of states that don't use it may not be able to travel or even open bank accounts. It's general stance seemingly goes against American tradition, which is to let each decide on certain matters.

A couple of weeks ago, there were a couple of articles around the blogosphere talking about how to disable the RFID chip in your new e-passport. Engadget has a great photograph of a simple, low-tech option. Now, while one article said that a passport is still valid even with a disabled chip, The Inquirer says that a tampered passport might get you "25 years in prison and a special customs search with rubber gloves.

Damned if you do and damned if you don't. The security issues have yet to be resolved and might be worse than formerly thought. Two European tech consultants found that cloned e-passport data can be purchased on the Internet. Not only that, the RFID reader they bought on eBay had a blank chip and software for cloning and copying the data onto the chip.

Silicon wrote earlier in the week that the UK ID card database, NIR (National Identity Register), has been ditched. This includes dropping the plan for iris-scan biometrics. There are still three systems sharing the same information; it just won't be one big database. Fingerprint and facial biometrics are also still part of the national ID plan, which will see the first cards being issued in 2009, with mass issuance in 2010.

This is an interesting turn for the UK, which some civil liberties group Privacy International has ranked as being as bad as China in Russia in terms of surveillance. Though this turnabout is still in risk of failure. I'm speculating here and am somewhat uninformed, but I'm wondering if this change of direction has anything to do with the fact the current Prime Minister Tony Blair's term is ending soon. Despite being a Labour Party leader, he took a very right-wing leaning.