the BOUNCE - Maximizing Your Career Trajectory - AICPA EDGE Conference
0248746Uitterhoeve_RFID.doc
-
Upload
petersam67 -
Category
Business
-
view
2.010 -
download
0
Transcript of 0248746Uitterhoeve_RFID.doc
Radio Frequency IDentification: an overview
1
Abstract: Radio Frequency Identification is a technology which is rapidly rising in society today. It is facing major challenges from privacy groups and various security concerns; there seem to be some critical vulnerabilities in RFID systems that need addressing. At the same time, RFID can be acknowledged as an aspect of the societies of control as described by Gilles Deleuze. As the social practices for the technology are being shaped, people are encouraged to monitor its progress, or preferably participate in it.
Length: 5666 words
Keywords: RFID chips, surveillance, protocol, privacy, security.
Nieuwe Media Analyse
Docent: Jan Simons
Universiteit van Amsterdam
11 Januari 2007
Pepijn Uitterhoeve
Studentnummer: 0248746
2
Table of Contents1. Introduction......................................................................................................................................42. Contemporary uses of RFID in every day life..................................................................................53. RFID security, privacy and vulnerability issues...............................................................................8
3.1 RFID Security............................................................................................................................93.2 RFID vulnerabilities................................................................................................................103.3 RFID Privacy...........................................................................................................................123.4 Solutions to privacy and security problems.............................................................................15
4. RFID's place within the Networked Society..................................................................................175. Conclusion......................................................................................................................................206. Bibliography...................................................................................................................................21
3
1. Introduction
Radio Frequency IDentification chips, or RFID chips1, are silicon chips
containing an antenna. They are used to identify whatever they are attached
to. RFID chips can be divided into active and passive tags – active tags vary
from the size of a brick to the size of a coin – they carry an internal power
source and are capable of constantly transmitting their information, as well as
harbouring other functions such as pressure and temperature meters. Passive
tags, which are cheaper and more common, range from the size of a coin to
the size of a grain of sand. The price for standard passive RFID tags is
currently about twenty-five US cents. Industry is working hard to push the
price down to five cents per tag. RFID chips are part of larger RFID systems,
which contain readers and back-end databases. RFID is widely expected to
replace the bar code system.
In this essay I will explore the questions “How is RFID used and what is
its status in contemporary society?”
I will try to answer these by listing many of RFID's current uses in the
second chapter, exploring in detail the technical and privacy issues in the
third chapter and placing RFID in a broader philosophical/historical context in
the fourth chapter. I will use the conclusion to evaluate RFID's contemporary
status.
1 The terms “RFID chips” and “RFID tags” will be used interchangeably.
4
2. Contemporary uses of RFID in every day life
Radio Frequency Identification as a technology is not new. It was used in the
Second World War to identify aircraft, i.e. in the identification Friend or Foe
(IFF) systems. That way, people behind the radar screen could tell which
planes belonged to which side. Nowadays it is used primarily in commercial
logistics. Critics generally agree that RFID used in the supply chains of
companies are no threat to anyone's privacy, though there are still security
issues that need dealing with and these will be addressed in the next chapter.
The METRO Group Future Store Initiative produced a number of
promotional videos describing the usefulness of RFID in logistics in relation to
speed and accuracy.2 RFID quite conclusively has the potential to automate a
lot of functions in the supply chain process that have to be done by hand. The
listing, verification, counting, checking, and sorting of products can be done
automatically due to the ability of an RFID system to read hundreds of tags
per second which each one specifying a products' type, manufacturer and
destination.
RFID has also been used to track livestock and wildlife3 as well as the
identification of lost pets. In the case of livestock and wildlife active tags are
used which can transmit data over long distances. In the case of livestock,
these tags can help rounding them up, but also help in determining their
health by analysing their movements. Researchers can use RFID tags on
wildlife to study their migrations and behaviour. “Chipped” pets can be
identified and recovered more quickly due to the chips which identify
themselves and could even contain contact information of their owners.
Inmates in California, Michigan, Ohio and Illinois are made to wear
bracelets containing active RFID tags to allow them to be tracked. Their tags
are part of an intricate security system that raises alarms whenever an inmate
is where he or she is not supposed to be. As such, the system allows for
greater control and management of prisoners.4
2 http://youtube.com/watch?v=4Zj7txoDxbE3 Texas Instruments supply technology for these purposes: http://www.ti.com/rfid/shtml/apps-anim-tracking.shtml4 Swedberg, Claire. 'L.A. County Jail to Track Inmates'. May 16th, 2005.
5
RFID is used in toll systems in various states in the US.5 E-ZPass is the
most well known case; RFID tags are placed inside the windshield or mounted
on the front licence plate of a vehicle. Toll booths register when a tagged car
passes and the toll fee is subtracted from the driver's account. In some
systems cars don't even have to slow down; as a result, there is no traffic
congestion due to manual toll collection.6
Some security systems are based on RFID technology. Readers installed
next to doors determine who can pass or not by means of reading 'smart
cards' equipped with RFID chips. Some cars will only unlock or start if the
appropriate RFID tag is nearby. In one case, a couple unlock their car and
their apartment by RFID chips implanted in their hands.7
RFID has been implanted into humans in several other cases. A well
known instance is the RFID system used at the Baja Beach Club in Barcelona.8
VIP members use an implanted chip, produced by Advanced Digital Solutions,
to gain access to the club and to pay for their drinks. Another example of
RFID embedded under the skin is VeriMed9, a chip designed to improve
hospital workings by allowing personnel to quickly identify people who due to
their condition are unable to identify themselves. The tags would also contain
information about the patient's medical conditions, allowing medical
personnel to take appropriate action.
Dollar and Euro bills may also already contain RFID tags. In this case it
is to prevent money laundering and counterfeiting. There are several
reports10111213 stating that the technology is ready and the demand by banks
and governments is there, however there are no official statements that RFID
http://www.rfidjournal.com/article/articleview/1601/5 RFid Gazette. 'RFID Found At Highway Toll Booths' March 23rd, 2005.
http://www.rfidgazette.org/2005/03/rfid_found_at_h.html6 Wikipedia contributors. 'E-Zpass'. Accessed at 10-1-2007. http://en.wikipedia.org/wiki/E-ZPass7 Excerpt from Good Morning America: http://youtube.com/watch?v=yQo4mGTCALE8 Losowski, Andrew. 'I've got you under my skin.' June 10th, 2004.
http://technology.guardian.co.uk/online/story/0,3605,1234827,00.html9 VeriMed Patient Identification. http://www.verimedinfo.com/intro.html10 Yoshida, Junko. 'Euro bank notes to embed RFID chips by 2005'. December 19th 2005.
http://www.eetimes.com/story/OEG20011219S001611 Sun Microsystems. 'RFID Streamlines Processes, Saves Tax Dollars'. 2003.
http://www.sun.com/br/government_1216/feature_rfid.html12 Williams, Martyn. 'RFID tags make it into bank notes.' September 2nd 2003.
http://www.techworld.com/news/index.cfm?fuseaction=displaynews&NewsID=41213 Yong-Young, Kim. 'Radio ID chips may track bank notes'. May 22nd 2003. http://news.com.com/2100-1017-
1009155.html
6
has indeed been implemented in bank notes. There has been a controversy
regarding exploding twenty dollar bills when microwaved14 and a CNN
report15 which states that a number of adjustments to the bank notes are kept
secret, however there is no conclusive evidence of RFID in newly printed
currency.
An active RFID chip is used in certain Nike sneakers to monitor how
much distance you have covered, how many calories you have burned and a
few other relevant statistics to joggers. The chip feeds data to an iPod as you
run. Interestingly enough, a few researchers of the University of Washington
have managed to track a person wearing these sneakers from up to sixty feet
away.16 The next chapter will look deeper into these issues surrounding
privacy.
Public transportation in various countries sometimes make use of RFID
tags. Oyster Cards in London, for instance, enable people to “pay as you go”.
The RFID knowledge base of idtechex.com17 contains over three hundred case
studies regarding RFID used in public transport worldwide.
The main issue that is currently surrounded with a lot of controversy is
the implementation of RFID in the process of human identity verification.
RFID tags have been inserted into passports, both in the United Kingdom and
the United States, containing the name, date of birth and digital photo of the
carrier. The chips are used in these passports to combat counterfeiting. In
order to comply with a large amount of criticism and pressuring from privacy
concern groups, the RFID system in and around US passports carry a lot of
security measures to prevent any potential abuse. One of the measures is
Basic Access Control, which is a password lock to the data contained on the
chip that can only be read by authorized readers. Another measure is material
used in the passport's cover that shields the RFID tag when the booklet is
closed, preventing any unauthorized reading except during passport checking
14 Watson, Steve. 'Debunkers Attempt To Discredit Prison Planet/Infowars Over Exploding $20 Bills Story' March 18th
2004. http://www.prisonplanet.com/180304_RFID_article.html15 Freedman, Jonah. 'The (new) color of money'. March 5th 2003.
http://money.cnn.com/2003/03/05/news/money/index.htm16 Saponas, T.S, Jonathan Lester, Carl Hartung, Tadayoshi Kohno. 'Devices That Tell On You: The Nike+iPod Sport
Kit'. November 30th 2006,University of Washington, Seattle. http://www.cs.washington.edu/research/systems/nikeipod/tracker-paper.pdf
17 IDTechEx. The RFID Knowledgebase. http://rfid.idtechex.com/knowledgebase/en/casestudy.asp?freefromsection=122
7
at the airport. Many security experts are still sceptical about the security of
the passport, however.18
18 The Wall Street Journal. 'Are E-Passports more secure?' September 29th, 2006. http://online.wsj.com/public/article/SB115938787873075826-6AbUpMIaJVCS1i_UBVoGrWP867k_20070929.html
8
3. RFID security, privacy and vulnerability issues
The widespread usage of RFID has not gone unnoticed. Privacy groups have
pounced and held on to the issue with remarkable tenacity, and in the case of
the US passports it has had a significant effect, namely the incorporation of
security measures regarding its RFID system. Most of these privacy groups
hold the opinion that RFID chips should not be used in conjunction with
human identification or tracking. Some of them insist in calling the tags
“spychips” and stress that governments and corporations plan to use them to
track people.19 The two most basic properties of RFID technology on which
most concerns are based are:
the fact that tags can be read at a distance, without contact
the fact that any reader can access any tag without knowledge of the tag's
owner.
There are basically two kinds of RFID uses that are contested: one is the use
of direct identification of individuals, i.e. tying a unique number to a person
that serves as proof of their identity, usually in combination with biometrics.
This implementation of RFID would serve a government the most in terms of
keeping tabs on its population. The other, more imminent use is the universal
tagging of consumer products, causing the fear that corporations will track
customers or build up profiles regarding their preferences. Subsequently
people carrying tagged items could be tracked outside of the store, the unique
ID of the tag becoming a momentary identifier for the person carrying the
item. Of course, the combination of both uses could result in any number of
horrible Orwellian scenarios, when your whereabouts and specific
consumption would be permanently captured in databases and you would be
subject to complete monitoring of all aspects of your life by the powers that
be.
19 Democracy Now! 'How Major Corporations and Government Plan to Track your Every Move with Radio Frequency Identification' Transcript of an interview with Liz McIntyre. March 1st, 2006. http://www.democracynow.org/article.pl?sid=06/03/01/1447202
9
Besides these privacy issues, there are concerns for security. RFID
implementation as it is now is susceptible to corporate espionage as well as
sabotage. Most current RFID systems in use today are remarkably insecure.
Cloning, skimming, eavesdropping, disabling, viruses and Denial of Service
attacks are all part of the (potential) hazards facing RFID technology. And
although the Food and Drug Administration has approved VeriChip's
implantable chips, it does assert several potential health risks:
“adverse tissue reaction; migration of implanted transponder; compromised information security; failure of implanted transponder; failure of inserter; failure of electronic scanner; electromagnetic interference; electrical hazards; magnetic resonance imaging incompatibility; and needle stick.”20
In the next section I will provide an overview of all the security-related issues,
after which I will discuss the privacy issues more in depth.
3.1 RFID Security
Simon Garfinkel, Ari Juels and Ravi Pappu have written a comprehensive
paper21 on RFID flaws and suggested solutions. They identify four threats
unprotected RFID technology can pose to companies who use it in their
supply chain:
Corporate Espionage Threat
Competitive Marketing Threat
Infrastructure Threat
Trust Perimeter Threat
These threats mostly stem from RFID's property to be remotely read by
anyone. Corporate espionage, for instance, gains from unprotected RFID
20 Tillman, Donna-Bea. 'Evaluation of Automatic Class III Designation VeriChip(TM) Health Information Microtransponder System'. October 12th, 2004. http://www.sec.gov/Archives/edgar/data/924642/000106880004000587/ex99p2.txt
21 Garfinkel, Simon, Ari Juels, Ravi Pappu. 'RFID Privacy: An Overview of Problems and Proposed Solutions'. June 2005. http://www.simson.net/clips/academic/2005.IEEE.RFID.pdf
10
systems in the way that unauthorized readers can remotely harvest data
regarding a company's supply chain, which is confidential information. Since
pallets or objects are tagged with unique numbers competitors are able to
gather large volumes of data in a clandestine way. The Competitive Marketing
Threat extends this type of espionage to customer behaviour data, which
could be obtained by remotely gathering data as customers select tagged
items and purchase them, maybe tracking them to other stores and observe
their preferences there. The harvested data can then be used as a basis for
marketing schemes. Infrastructure threats concern corporate sabotage. While
this phenomenon is not unique to RFID, the wireless properties of RFID
combined with the fact that any reader would read any tag does open up new
vectors of attack. Viruses could be transmitted via corrupted RFID tags, as
well as other kinds of disruption and false information. The radio frequency on
which a particular warehouse would employ RFID technology could also be
jammed. Lastly, the Trust Perimeter Threat concerns the large volume of
digitally stored data that comes along with RFID automated warehouses,
which can be open to attack. Though this is not specific to RFID technology,
the changeover from manual to automated control over logistic processes in
the distribution chain increases the reliance on databases and makes them
increasingly more a viable target for attack. The following schematic shows
potential security vulnerabilities at different thresholds and should be kept in
mind for the following paragraphs.
11
3.2 RFID vulnerabilities
There are a number of specific techniques which open up avenues to
disrupt, destroy, fool or take advantage of RFID systems. While there are no
known legal cases in which people have exploited RFID's weaknesses in
society, hackers, scientists and security experts have been able to
demonstrate ways in which systems currently in use can be sabotaged or
circumvented.
Cloning RFID chips is one of the chief security concerns. As it is,
Jonathan Westhues has conclusively demonstrated2223 that the implantable
RFID chips from VeriChip contain no security measures whatsoever. You can
clone someone's implanted chip just by sitting near them in the subway or
walking past them on the street using a small portable device. After this tag
22 Westhues, Jonathan. 'Demo: Cloning a Verichip' Updated July 2006. http://cq.cx/verichip.pl23 ABC7 News Report from Sacramento, California. http://youtube.com/watch?v=4jpRFgDPWVA
12
has been cloned all systems linked to the ID of the original chip can be
accessed freely by mimicking the original chip with the device. If one uses
RFID as a digital key, a digital copy can almost be made effortlessly and
without knowledge of the holder unless security measures are taken to
prevent unauthorized reading.
Another telling example is the RFID Guardian24 project initiated by
Melanie Rieback from the Vrije Universiteit Amsterdam. This device is able to
jam or mimic specific RFID tags, which would also enable it to grant you
unauthorized access to RFID secured spaces. Since the device is actively
powered it is able to transmit its signal over larger distances as well, boosting
its jamming and mimicking functions. Additional features of the Guardian
include authentication, key management, access control and auditing.
The RFID Guardian research team has also produced a number of
academic papers on RFID, of which one describes in detail the havoc a
malicious RFID chip can cause to RFID middleware.25 By this, the authors
mean RFID readers, application servers and back-end databases. The paper
shows convincingly that despite the limited resources of a passive RFID tag it
is possible to program them with very simple lines of code which would serve
as instructions for back-end databases. These instructions could range from
shutting down the system to deleting the entire database. As with regular
computer viruses, code can also be written in a way that the virus self-
propagates, thus overloading the database. Such RFID 'malware' can cripple
entire RFID networks without appropriate middleware protection. The reason
that this type of attack poses a significant threat is because few people would
expect an attack from a simple tag. Since RFID borrows from established
internet protocols such as URI, HTTP, DNS and XML it suffers the same
weaknesses. This is why RFID systems should have internal security measures
against potential exploits.
Eavesdropping is another problem specific to RFID. Since activity from
RFID readers has a far greater range than responses from passive tags,
people could pick up these signals and figure out the unique ID of tags that
24 RFID Guardian Project, located at http://www.rfidguardian.org/25 Rieback, Melanie, Bruno Crispo, Andrew Tanenbaum. 'Is Your Cat Infected with a Computer Virus?' March 2006.
http://www.cs.vu.nl/~melanie/rfid_guardian/papers/percom.06.pdf
13
have been read. With this data, tracking of objects or people could be done
from a 30 feet. It is particularly useful in the case of corporate espionage.26
Also, by replaying a transmission between RFID tag and reader one could fool
a reader and gain unauthorized access to certain locations.
Denial of Service (D0S) attacks could jam a radio frequency, rendering a
whole system inoperable. Another, more benevolent form is the blocking of
RFID tags with protective material to prevent them from being read by any
reader. This is the easiest way to protect yourself in regards to privacy issues,
as long as you know the whereabouts of all the tags you are carrying.
Skimming of RFID chips means that the perpetrator tries to access the
data available on a chip, or at least obtain the chip's unique ID. One particular
fear associated with this technique is that terrorists could fairly easily
determine the nationality of a passport holder by skimming its chip.
Consequently, a bomb could be set to detonate whenever someone with a US
ID passes by. Critics272829 have argued that if the new US passports are only
slightly opened the RFID chips within will be susceptible to unauthorized
reading, and claim this is a substantial security threat.
3.3 RFID Privacy
As mentioned before, the two main concerns against the usage of RFID in
conjunction with humans are the ability of government to track people's
movements and the ability of corporations to track and profile people. A third
one is less often invoked but not less important – the ability of criminals or
terrorists to determine targets based on what appears on RFID displays. In
this section I will quote the paper of Garfinkel, Juels and Pappu again to
provide an overview of possible privacy threats regarding RFID technology.
26 RSA Laboratories. 'Securing RFID tags from eavesdropping.' Accessed January 11th 2007. http://www.rsasecurity.com/rsalabs/node.asp?id=2118
27 The Wall Street Journal. 'Are E-Passports more secure?' September 29th, 2006. http://online.wsj.com/public/article/SB115938787873075826-6AbUpMIaJVCS1i_UBVoGrWP867k_20070929.html
28 Flexilis. 'RFID e-Passport Vulnerability.'. 2006, http://www.flexilis.com/epassport.php29 Yoshida, Junko. 'Tests reveal e-passport security flaw '. August 30th, 2004.
http://www.eetimes.com/showArticle.jhtml?articleID=45400010
14
The above picture displays a number of privacy threats of concern to
consumers of RFID tagged products. The first item compromising privacy is
the Action Threat. This is related to anti-shoplifting efforts where tagged
items are monitored by cameras and pictures are taken from people once they
pick up one of these items. If the person with the item doesn't check out at the
register, s/he may be considered a shoplifter. A well known example of this is
the controversial case of tagged packages of Gillette razorblades at a TESCO
supermarket in the United Kingdom30, which spawned a Boycott Gillette
website.31
The Association, Location and Preference threats are closely interlinked.
It is the mainstay of privacy concerns. The Association Threat means that
even though one does not know the exact identity of a person, a tagged item
with a unique code could serve as an identifier. Readers hidden at different
30 Indymedia.org.uk. 'TESCO tags Cambridge Shoppers'. August 9th, 2003. http://www.indymedia.org.uk/en/2003/08/275490.html
31 http://www.boycottgillette.com/
15
locations (throughout a store) compile the Location Threat, allowing the
person to be tracked covertly, building up a database of a consumer's
activities. Lastly the Preference Threat means that by reading all the tags on
some person one could gain knowledge about this person's consumption
behaviour, which can lead to effects such as individually targeted marketing
(as can be seen in the film Minority Report) but it can also potentially enable
thieves to assert the value of the stuff you are carrying and thus determining
whether you are a worthy target or not. Here is a picture displaying the fears
associated with the mentioned threats:
This is called 'inventorying'.
The last three privacy threats regard tracking and monitoring.
Regardless of associating tags with individuals, a set of tags will form a
'constellation' around a person. Without knowing someone's identity, one
could simply track these constellations, enabling the Constellation Threat.
The Transaction Threat applies when RFID tags transfer from one
16
constellation to another, which obviously means that a transaction has
happened. Finally, the Breadcrum Threat is a side-effect of the Association
Threat: once a tag's unique ID has been tied to a person, another person who
obtains the tag could carry out illegal activities and the original owner could
be blamed, or at least suspected. This would be particularly nasty if powerful
bodies would indeed monitor people on the basis of RFID tags worn around a
person.
3.4 Solutions to privacy and security problems
The simplest solution to all these problems would simply to not use RFID. This
is not realistic however since billions of RFID tags are already used around
society. According to Mark Roberti32, between twenty and fifty million
Americans already carry RFID chips around.
There are a number of technical and political solutions proposed33 (and
in many cases implemented) and I will attempt to list as many as writing
space permits below.
Digital signatures on chips have been implemented in the US passports.
This is a measure against forging, but not against copying or reading. It
can only serve as an alarm mechanism if two identical chips are observed
in a network at the same time.
Encryption is an industry favourite. This usually concerns reader-to-chip
communication however, since the tags themselves don't have enough
resources to perform meaningful encryption. Even if encryption would be
possible on future generation tags, their costs would be driven up
dramatically and companies would default to the cheaper, lesser secure
chips.
Killing tags would certainly solve a lot of problems. West End
32 Garfinkel, Simon, Ari Juels, Ravi Pappu. 'RFID Privacy: An Overview of Problems and Proposed Solutions'. June 2005. http://www.simson.net/clips/academic/2005.IEEE.RFID.pdf
33 Juels, Ari. 'RFID Security and Privacy: A Research Survey.' September 28th, 2005. http://www.rsasecurity.com/rsalabs/staff/bios/ajuels/publications/pdfs/rfid_survey_28_09_05.pdf
17
Laboratories is developing a 'tag zapper'34 which can be used to disable
RFID tags after a purchase. However, killing tags (whether manually or at
checkout) may be undesirable in case of potential benefits tagged items
may have.
Password protection could work, since a tag would remain unreadable
until a reader sends the appropriate password to it. However, given the
volume of tags and their possible usage in various RFID systems, there
could be a massive password management crisis.
One of the more feasible techniques seems to be giving tags a set of
pseudonyms. This means that tags will cycle through serial numbers each
time they are read, which would make things very confusing for
unauthorized readers. Authorized readers would be able to identify tags as
they possess a list of all possible numbers per tag.
Blocker tags would 'spam' any reader with confusing information,
enabling only authorized readers to harvest data from a tag. Some
determined readers are able to bypass this, however.
To get to know more about the technical specifics of these solutions I suggest
reading RFID Security and Privacy: A Research Survey by Ari Juels.
Another approach to improve consumer privacy is the incorporation of
'RFID rights' into official policy. Simon Garfinkel has proposed a simple RFID
“Bill of Rights”35 addressing this issue. He writes that consumers should have:
The right to know whether products contain RFID tags.
The right to have RFID tags removed or deactivated when they purchase
products.
The right to use RFID-enabled services without RFID tags.
The right to access an RFID tag's stored data.
The right to know when, where and why the tags are being read.
Measures like these would go a long way in protecting the privacy of people
34 WhyNot.net. 'Zapper Detects, Destroys Unwanted RFID Chips'. April 4th, 2005. http://www.infowars.com/articles/bb/rfid_zapper_detects_destroys_rfid_chips.htm
35 Garfinkel, Simon. 'An RFID Bill of Rights'. October 2002. http://www.technologyreview.com/Infotech/12953/
18
from RFID's pervasive potentials.
19
4. RFID's place within the Networked Society
Heather Cameron wrote in her paper 'CCTV and (In)dividuation'36 about the
background of surveillance and tracking in contemporary society. She
discusses Michel Foucault's concept of governmentality (Gouvernementalité).
What this constitutes is the way in which people govern themselves in relation
to private relationships, institutions and the relationship of the citizen to the
state. Foucault recognizes a shift in understanding and definition of
leadership between Greek and Judeo-Christian texts. While the former
encourages leaders to strive for immortality and greatness, the latter invokes
the metaphor of the 'shepherd'. The shepherd holds power over the flock, not
the land. The shepherd creates the flock by bringing individual sheep
together. The shepherd looks after each sheep as an individual, recognizing
the value of each. The shepherd acts out of a sense of devotion or duty (rather
than immortality). Finally, the shepherd keeps watch over the sheep and takes
care of them. However, in the sheep metaphor the shepherd cannot
communicate with his flock, so he has to take steps to find out about the inner
lives of his followers rather than wait for them to inform him. Foucault used
this metaphor to track changes in power relations in the emergence of the
modern state, and calls it “Pastoral Power”. Pastoral power established itself
firmly in the so called 'disciplinary societies', dating between eighteenth and
mid-twentieth centuries. People are controlled through a variety of closed
environments for each stage of life. From the family to the school to the
barracks to the factory, with occasional trips to the hospital or sometimes
even the prison, people were organized into these enclosed institutions to
maximize efficiency and oversight. After World War II however, the
disciplinary societies were making way for what Gilles Deleuze calls the
societies of control.37
In the societies of control, boundaries between institutions are fading.
36 Cameron, Heather. 'CCTV and (In)dividuation'. 2004. http://www.surveillance-and-society.org/articles2(2)/individuation.pdf
37 Deleuze, Gilles. 'Postscript on the Societies of Control' Originally appearing in L'autre Journal, May 1st, 1990. http://www.nadir.org/nadir/archiv/netzkritik/societyofcontrol.html
20
Schools are gradually being replaced by perpetual training in corporations,
the enclosed space of the hospitals is being challenged by day care and
neighbourhood clinics. The powers that be have shifted from exposing the
deep motivation of individuals to scanning the surface, looking for bits of
relevant data. There is no longer a distinction between the mass and the
individual - individuals have become 'dividuals', strings and samples of data
and group identifiers which only have relevance and meaning in specific
situations, such as at the entry and exits of places and at, borders and
government buildings, where people are scanned for risk or threat
assessment. Cameron says:
“RFID tags represent a move towards smaller and smaller units of tracking. These tags are also programmed with certain information which can be particular to each tag. As Foucault’s flock was broken into individual trackable and predictable sheep and then regrouped at will, the development of these tags opens the possibility of a more detailed and intimate control. This makes Deleuze’s point that the current historical framework is not interested in unique individuals confessing their truth but connected units being scanned for their code.”38
Governments and corporations are undoubtedly interested in any means by
which they can identify people's behavioural or preference patterns. RFID, as
shown earlier, has this potential. A widespread implementation of this
technology could give the powers that be the measure of control and
surveillance they seek. It would vastly increase their abilities to sort and
classify.
RFID and biometrics are closely linked in relation to Deleuze's argument
of the dividual. Gillian Fuller39 discusses how biometrics enter (in)dividuals
into databases. Digital storage of people's identity means that there is a shift
in emphasis on the visual to emphasis on fragmented pieces of data. Where
people used to be identified by comparing a photograph to a face, it is now a
matter of matching algorithmic patterns. The linear image of the whole of the
body has made way for a mass of isolated bits of data. Your body has become
38 Cameron, Heather. 'CCTV and (In)dividuation'. 2004. http://www.surveillance-and-society.org/articles2(2)/individuation.pdf
39 Fuller, Gillian. 'Perfect Match: Biometrics and Body Patterning in a Networked World'. Fibreculture Journal, 2003, volume 1 NO 1. http://journal.fibreculture.org/issue1/issue1_fuller.html
21
your password. We are no longer confined to the factory or the school, but are
moving “through the free-floating controls of open systems”40. Access is
granted or denied at various thresholds; control has retreated to exit and
entry points:
“This is where the strength of biometrics lies – not in the vision modes of the disciplinary technologies of surveillance – rather in the scanning technologies of logistical life where movement is not tracked in linear flows but logged on at various thresholds. “41
Fuller mentions the term 'protocol' a number of times in her essay. I would
like to expand on this term using arguments from Alexander Galloway's book
“Protocol”.42
Galloway explains how in a large distributed network such as the
internet, which superficially seems like an anarchical, chaotic and free system
there is an underlying standardizing force which exercises complete control.
This is protocol. Protocol is more than a framework of rules; it's the most
logical way of doing things:
“Protocol is like the trace of footprints left in snow, or a mountain trail whose route becomes fixed only after years of constant wear. One is always free to pick a different route. But protocol makes one instantly aware of the best route – and why wouldn't one want to follow it?”43
One can understand RFID and the danger of it being implemented into society
on these terms. Not only does RFID follow protocol itself, it is also a very
“protocological” technology in that it too regulates and structures the flow of
objects or people. Like the headers on data packets in computer networks,
RFID in supply chains serves as the headers on products, containing
information about their type, origin and destination. Where TCP/IP and such
protocols regulate data flow in computer networks, technologies like RFID
and biometrics are moving towards regulating the flow of people and goods in
society. Technologies like these may ensure in the future that no product or
40 Fuller.41 Fuller.42 Galloway, Alexander. 'Protocol: how control exists after decentralization.' MIT press, Cambridge MA, 200443 Galloway, p.244
22
person will be able to go where it is not supposed to be.
One of Galloway's arguments about protocol is that it is voluntarily. You
do not have to use it. For instance, you do not have to have RFID
transponders in your car on toll highways. You are free to stand in line at the
toll booth. It simply makes more sense however to install such a device
because it saves a lot of time and effort.
23
5. Conclusion
RFID is a technology that is on the rise, one everyone will have to deal with as
more and more companies invest in it, price and production costs drop and
technological advancements continue. RFID investment in 2005 reached an
estimate of five hundred million dollars and it is expected to rise up to three
billion dollars by 2010.44 As it stands, RFID could present significant threats
to people's privacy, for which corporations and government agencies show
distressingly little concern. But “RFID as protocol” is still a work in progress.
Corporations, security companies, government agencies, privacy groups and
academics are arguing and competing on how or whether society should
implement the technology on a large scale. In this process, any person with
the motivation and interest has the ability to jump into the fray.
RFID technology will continue to evolve and improve as the technology
moves more and more into the spotlight. Current issues about technological
limitations may soon be resolved, but RFID principles will remain the same, as
likely will the ethical debate about RFID usage. More studies delving deeper
into the technology's potential will undoubtedly yield new possibilities and
problems, and as such it is important for academics to keep an eye on RFID
developments in society, as well as conducting their own investigations.
44 ZDNetUK. 'RFID may become a $3bn business by 2010'. December 14th, 2005. http://news.zdnet.co.uk/emergingtech/0,1000000183,39241887,00.htm
24
6. Bibliography
Book and articles
Cameron, Heather. 'CCTV and (In)dividuation'. 2004. http://www.surveillance-and-society.org/articles2(2)/individuation.pdf
Deleuze, Gilles. 'Postscript on the Societies of Control' Originally appearing in L'autre Journal, May
1st, 1990. http://www.nadir.org/nadir/archiv/netzkritik/societyofcontrol.html
Fuller, Gillian. 'Perfect Match: Biometrics and Body Patterning in a Networked World'. Fibreculture Journal, 2003, volume 1 NO 1. http://journal.fibreculture.org/issue1/issue1_fuller.html
Galloway, Alexander. 'Protocol: how control exists after decentralization.' MIT press, Cambridge MA, 2004
Garfinkel, Simon, Ari Juels, Ravi Pappu. 'RFID Privacy: An Overview of Problems and Proposed Solutions'. June 2005. http://www.simson.net/clips/academic/2005.IEEE.RFID.pdf
Juels, Ari. 'RFID Security and Privacy: A Research Survey.' September 28th, 2005. http://www.rsasecurity.com/rsalabs/staff/bios/ajuels/publications/pdfs/rfid_survey_28_09_05.pdf
Rieback, Melanie, Bruno Crispo, Andrew Tanenbaum. 'Is Your Cat Infected with a Computer Virus?' March 2006. http://www.cs.vu.nl/~melanie/rfid_guardian/papers/percom.06.pdf
Saponas, T.S, Jonathan Lester, Carl Hartung, Tadayoshi Kohno. 'Devices That Tell On You: The Nike+iPod Sport Kit'. November 30th 2006,University of Washington, Seattle. http://www.cs.washington.edu/research/systems/nikeipod/tracker-paper.pdf
News reports, videos and miscellaneous
DTechEx. The RFID Knowledgebase. Accessed on January 11th 2007 http://rfid.idtechex.com/knowledgebase/en/casestudy.asp?freefromsection=122
Democracy Now! 'How Major Corporations and Government Plan to Track your Every Move with
Radio Frequency Identification' Transcript of an interview with Liz McIntyre. March 1st, 2006. http://www.democracynow.org/article.pl?sid=06/03/01/1447202
Flexilis. 'RFID e-Passport Vulnerability.' 2006, http://www.flexilis.com/epassport.php
Freedman, Jonah. 'The (new) color of money'. March 5th 2003. http://money.cnn.com/2003/03/05/news/money/index.htm
Garfinkel, Simon. 'An RFID Bill of Rights'. October 2002. http://www.technologyreview.com/Infotech/12953/
25
Indymedia.org.uk. 'TESCO tags Cambridge Shoppers'. August 9th, 2003. http://www.indymedia.org.uk/en/2003/08/275490.html
Losowski, Andrew. 'I've got you under my skin.' June 10th, 2004. http://technology.guardian.co.uk/online/story/0,3605,1234827,00.html
RFid Gazette. 'RFID Found At Highway Toll Booths' March 23rd, 2005. http://www.rfidgazette.org/2005/03/rfid_found_at_h.html
RFID Guardian Project. Accessed on January 11th, 2007. http://www.rfidguardian.org/
RSA Laboratories. 'Securing RFID tags from eavesdropping.' Accessed January 11th 2007. http://www.rsasecurity.com/rsalabs/node.asp?id=2118
Sun Microsystems. 'RFID Streamlines Processes, Saves Tax Dollars'. 2003. http://www.sun.com/br/government_1216/feature_rfid.html
Swedberg, Claire. 'L.A. County Jail to Track Inmates'. May 16th, 2005. http://www.rfidjournal.com/article/articleview/1601/
Texas Instruments. 'Animal Tracking with RFID Raises Resource Management to a New Level' Accessed on January 10th, 2007
http://www.ti.com/rfid/shtml/apps-anim-tracking.shtml
Tillman, Donna-Bea. 'Evaluation of Automatic Class III Designation VeriChip(TM) Health
Information Microtransponder System'. October 12th, 2004. http://www.sec.gov/Archives/edgar/data/924642/000106880004000587/ex99p2.txt
The Wall Street Journal. 'Are E-Passports more secure?' September 29th, 2006. http://online.wsj.com/public/article/SB115938787873075826-6AbUpMIaJVCS1i_UBVoGrWP867k_20070929.html
VeriMed Patient Identification. Accessed on January 11th, 2007. http://www.verimedinfo.com/intro.html
Watson, Steve. 'Debunkers Attempt To Discredit Prison Planet/Infowars Over Exploding $20 Bills
Story' March 18th 2004. http://www.prisonplanet.com/180304_RFID_article.html
Westhues, Jonathan. 'Demo: Cloning a Verichip' Updated July 2006. http://cq.cx/verichip.pl
WhyNot.net. 'Zapper Detects, Destroys Unwanted RFID Chips'. April 4th, 2005. http://www.infowars.com/articles/bb/rfid_zapper_detects_destroys_rfid_chips.htm
Wikipedia contributors. 'E-Zpass'. Accessed on January 10th, 2007. http://en.wikipedia.org/wiki/E-ZPass
Williams, Martyn. 'RFID tags make it into bank notes.' September 2nd 2003. http://www.techworld.com/news/index.cfm?fuseaction=displaynews&NewsID=412
Yong-Young, Kim. 'Radio ID chips may track bank notes'. May 22nd 2003.
26
http://news.com.com/2100-1017-1009155.html
Yoshida, Junko. 'Euro bank notes to embed RFID chips by 2005'. December 19th 2005. http://www.eetimes.com/story/OEG20011219S0016
Yoshida, Junko. 'Tests reveal e-passport security flaw '. August 30th, 2004. http://www.eetimes.com/showArticle.jhtml?articleID=45400010
http://youtube.com/watch?v=4Zj7txoDxbE --- Corporate promotional video for RFID in the supply chainhttp://youtube.com/watch?v=yQo4mGTCALE --- Excerpt from Good Morning America
http://youtube.com/watch?v=4jpRFgDPWVA --- ABC7 News Report from Sacramento, California.
ZDNetUK. 'RFID may become a $3bn business by 2010'. December 14th, 2005. http://news.zdnet.co.uk/emergingtech/0,1000000183,39241887,00.htm
Pictures
Picture page 10 – an RFID system diagram – from Garfinkel, Simon, Ari Juels, Ravi Pappu. 'RFID Privacy: An Overview of Problems and Proposed Solutions
Picture page 13 – an overview of RFID security and privacy threats – from Garfinkel, Simon, Ari Juels, Ravi Pappu. 'RFID Privacy: An Overview of Problems and Proposed Solutions
Picture page 14 – Scanning tags on the future consumer – from Juels, Ari. 'RFID Security and Privacy: A Research Survey.'
27