Radio Frequency IDentification: an overview

1

Abstract: Radio Frequency Identification is a technology which is rapidly rising in society today. It is facing major challenges from privacy groups and various security concerns; there seem to be some critical vulnerabilities in RFID systems that need addressing. At the same time, RFID can be acknowledged as an aspect of the societies of control as described by Gilles Deleuze. As the social practices for the technology are being shaped, people are encouraged to monitor its progress, or preferably participate in it.

Length: 5666 words

Keywords: RFID chips, surveillance, protocol, privacy, security.

Nieuwe Media Analyse

Docent: Jan Simons

Universiteit van Amsterdam

11 Januari 2007

Pepijn Uitterhoeve

Studentnummer: 0248746

Pepijn.uitterhoeve@student.uva.nl

2

Table of Contents1. Introduction......................................................................................................................................42. Contemporary uses of RFID in every day life..................................................................................53. RFID security, privacy and vulnerability issues...............................................................................8

3.1 RFID Security............................................................................................................................93.2 RFID vulnerabilities................................................................................................................103.3 RFID Privacy...........................................................................................................................123.4 Solutions to privacy and security problems.............................................................................15

4. RFID's place within the Networked Society..................................................................................175. Conclusion......................................................................................................................................206. Bibliography...................................................................................................................................21

3

1. Introduction

Radio Frequency IDentification chips, or RFID chips1, are silicon chips

containing an antenna. They are used to identify whatever they are attached

to. RFID chips can be divided into active and passive tags – active tags vary

from the size of a brick to the size of a coin – they carry an internal power

source and are capable of constantly transmitting their information, as well as

harbouring other functions such as pressure and temperature meters. Passive

tags, which are cheaper and more common, range from the size of a coin to

the size of a grain of sand. The price for standard passive RFID tags is

currently about twenty-five US cents. Industry is working hard to push the

price down to five cents per tag. RFID chips are part of larger RFID systems,

which contain readers and back-end databases. RFID is widely expected to

replace the bar code system.

In this essay I will explore the questions “How is RFID used and what is

its status in contemporary society?”

I will try to answer these by listing many of RFID's current uses in the

second chapter, exploring in detail the technical and privacy issues in the

third chapter and placing RFID in a broader philosophical/historical context in

the fourth chapter. I will use the conclusion to evaluate RFID's contemporary

status.

1 The terms “RFID chips” and “RFID tags” will be used interchangeably.

4

2. Contemporary uses of RFID in every day life

Radio Frequency Identification as a technology is not new. It was used in the

Second World War to identify aircraft, i.e. in the identification Friend or Foe

(IFF) systems. That way, people behind the radar screen could tell which

planes belonged to which side. Nowadays it is used primarily in commercial

logistics. Critics generally agree that RFID used in the supply chains of

companies are no threat to anyone's privacy, though there are still security

issues that need dealing with and these will be addressed in the next chapter.

The METRO Group Future Store Initiative produced a number of

promotional videos describing the usefulness of RFID in logistics in relation to

speed and accuracy.2 RFID quite conclusively has the potential to automate a

lot of functions in the supply chain process that have to be done by hand. The

listing, verification, counting, checking, and sorting of products can be done

automatically due to the ability of an RFID system to read hundreds of tags

per second which each one specifying a products' type, manufacturer and

destination.

RFID has also been used to track livestock and wildlife3 as well as the

identification of lost pets. In the case of livestock and wildlife active tags are

used which can transmit data over long distances. In the case of livestock,

these tags can help rounding them up, but also help in determining their

health by analysing their movements. Researchers can use RFID tags on

wildlife to study their migrations and behaviour. “Chipped” pets can be

identified and recovered more quickly due to the chips which identify

themselves and could even contain contact information of their owners.

Inmates in California, Michigan, Ohio and Illinois are made to wear

bracelets containing active RFID tags to allow them to be tracked. Their tags

are part of an intricate security system that raises alarms whenever an inmate

is where he or she is not supposed to be. As such, the system allows for

greater control and management of prisoners.4

2 http://youtube.com/watch?v=4Zj7txoDxbE3 Texas Instruments supply technology for these purposes: http://www.ti.com/rfid/shtml/apps-anim-tracking.shtml4 Swedberg, Claire. 'L.A. County Jail to Track Inmates'. May 16th, 2005.

5

RFID is used in toll systems in various states in the US.5 E-ZPass is the

most well known case; RFID tags are placed inside the windshield or mounted

on the front licence plate of a vehicle. Toll booths register when a tagged car

passes and the toll fee is subtracted from the driver's account. In some

systems cars don't even have to slow down; as a result, there is no traffic

congestion due to manual toll collection.6

Some security systems are based on RFID technology. Readers installed

next to doors determine who can pass or not by means of reading 'smart

cards' equipped with RFID chips. Some cars will only unlock or start if the

appropriate RFID tag is nearby. In one case, a couple unlock their car and

their apartment by RFID chips implanted in their hands.7

RFID has been implanted into humans in several other cases. A well

known instance is the RFID system used at the Baja Beach Club in Barcelona.8

VIP members use an implanted chip, produced by Advanced Digital Solutions,

to gain access to the club and to pay for their drinks. Another example of

RFID embedded under the skin is VeriMed9, a chip designed to improve

hospital workings by allowing personnel to quickly identify people who due to

their condition are unable to identify themselves. The tags would also contain

information about the patient's medical conditions, allowing medical

personnel to take appropriate action.

Dollar and Euro bills may also already contain RFID tags. In this case it

is to prevent money laundering and counterfeiting. There are several

reports10111213 stating that the technology is ready and the demand by banks

and governments is there, however there are no official statements that RFID

http://www.rfidjournal.com/article/articleview/1601/5 RFid Gazette. 'RFID Found At Highway Toll Booths' March 23rd, 2005.

http://www.rfidgazette.org/2005/03/rfid_found_at_h.html6 Wikipedia contributors. 'E-Zpass'. Accessed at 10-1-2007. http://en.wikipedia.org/wiki/E-ZPass7 Excerpt from Good Morning America: http://youtube.com/watch?v=yQo4mGTCALE8 Losowski, Andrew. 'I've got you under my skin.' June 10th, 2004.

http://technology.guardian.co.uk/online/story/0,3605,1234827,00.html9 VeriMed Patient Identification. http://www.verimedinfo.com/intro.html10 Yoshida, Junko. 'Euro bank notes to embed RFID chips by 2005'. December 19th 2005.

http://www.eetimes.com/story/OEG20011219S001611 Sun Microsystems. 'RFID Streamlines Processes, Saves Tax Dollars'. 2003.

http://www.sun.com/br/government_1216/feature_rfid.html12 Williams, Martyn. 'RFID tags make it into bank notes.' September 2nd 2003.

http://www.techworld.com/news/index.cfm?fuseaction=displaynews&NewsID=41213 Yong-Young, Kim. 'Radio ID chips may track bank notes'. May 22nd 2003. http://news.com.com/2100-1017-

1009155.html

6

has indeed been implemented in bank notes. There has been a controversy

regarding exploding twenty dollar bills when microwaved14 and a CNN

report15 which states that a number of adjustments to the bank notes are kept

secret, however there is no conclusive evidence of RFID in newly printed

currency.

An active RFID chip is used in certain Nike sneakers to monitor how

much distance you have covered, how many calories you have burned and a

few other relevant statistics to joggers. The chip feeds data to an iPod as you

run. Interestingly enough, a few researchers of the University of Washington

have managed to track a person wearing these sneakers from up to sixty feet

away.16 The next chapter will look deeper into these issues surrounding

privacy.

Public transportation in various countries sometimes make use of RFID

tags. Oyster Cards in London, for instance, enable people to “pay as you go”.

The RFID knowledge base of idtechex.com17 contains over three hundred case

studies regarding RFID used in public transport worldwide.

The main issue that is currently surrounded with a lot of controversy is

the implementation of RFID in the process of human identity verification.

RFID tags have been inserted into passports, both in the United Kingdom and

the United States, containing the name, date of birth and digital photo of the

carrier. The chips are used in these passports to combat counterfeiting. In

order to comply with a large amount of criticism and pressuring from privacy

concern groups, the RFID system in and around US passports carry a lot of

security measures to prevent any potential abuse. One of the measures is

Basic Access Control, which is a password lock to the data contained on the

chip that can only be read by authorized readers. Another measure is material

used in the passport's cover that shields the RFID tag when the booklet is

closed, preventing any unauthorized reading except during passport checking

14 Watson, Steve. 'Debunkers Attempt To Discredit Prison Planet/Infowars Over Exploding $20 Bills Story' March 18th

2004. http://www.prisonplanet.com/180304_RFID_article.html15 Freedman, Jonah. 'The (new) color of money'. March 5th 2003.

http://money.cnn.com/2003/03/05/news/money/index.htm16 Saponas, T.S, Jonathan Lester, Carl Hartung, Tadayoshi Kohno. 'Devices That Tell On You: The Nike+iPod Sport

Kit'. November 30th 2006,University of Washington, Seattle. http://www.cs.washington.edu/research/systems/nikeipod/tracker-paper.pdf

17 IDTechEx. The RFID Knowledgebase. http://rfid.idtechex.com/knowledgebase/en/casestudy.asp?freefromsection=122

7

at the airport. Many security experts are still sceptical about the security of

the passport, however.18

18 The Wall Street Journal. 'Are E-Passports more secure?' September 29th, 2006. http://online.wsj.com/public/article/SB115938787873075826-6AbUpMIaJVCS1i_UBVoGrWP867k_20070929.html

8

3. RFID security, privacy and vulnerability issues

The widespread usage of RFID has not gone unnoticed. Privacy groups have

pounced and held on to the issue with remarkable tenacity, and in the case of

the US passports it has had a significant effect, namely the incorporation of

security measures regarding its RFID system. Most of these privacy groups

hold the opinion that RFID chips should not be used in conjunction with

human identification or tracking. Some of them insist in calling the tags

“spychips” and stress that governments and corporations plan to use them to

track people.19 The two most basic properties of RFID technology on which

most concerns are based are:

the fact that tags can be read at a distance, without contact

the fact that any reader can access any tag without knowledge of the tag's

owner.

There are basically two kinds of RFID uses that are contested: one is the use

of direct identification of individuals, i.e. tying a unique number to a person

that serves as proof of their identity, usually in combination with biometrics.

This implementation of RFID would serve a government the most in terms of

keeping tabs on its population. The other, more imminent use is the universal

tagging of consumer products, causing the fear that corporations will track

customers or build up profiles regarding their preferences. Subsequently

people carrying tagged items could be tracked outside of the store, the unique

ID of the tag becoming a momentary identifier for the person carrying the

item. Of course, the combination of both uses could result in any number of

horrible Orwellian scenarios, when your whereabouts and specific

consumption would be permanently captured in databases and you would be

subject to complete monitoring of all aspects of your life by the powers that

be.

19 Democracy Now! 'How Major Corporations and Government Plan to Track your Every Move with Radio Frequency Identification' Transcript of an interview with Liz McIntyre. March 1st, 2006. http://www.democracynow.org/article.pl?sid=06/03/01/1447202

9

Besides these privacy issues, there are concerns for security. RFID

implementation as it is now is susceptible to corporate espionage as well as

sabotage. Most current RFID systems in use today are remarkably insecure.

Cloning, skimming, eavesdropping, disabling, viruses and Denial of Service

attacks are all part of the (potential) hazards facing RFID technology. And

although the Food and Drug Administration has approved VeriChip's

implantable chips, it does assert several potential health risks:

“adverse tissue reaction; migration of implanted transponder; compromised information security; failure of implanted transponder; failure of inserter; failure of electronic scanner; electromagnetic interference; electrical hazards; magnetic resonance imaging incompatibility; and needle stick.”20

In the next section I will provide an overview of all the security-related issues,

after which I will discuss the privacy issues more in depth.

3.1 RFID Security

Simon Garfinkel, Ari Juels and Ravi Pappu have written a comprehensive

paper21 on RFID flaws and suggested solutions. They identify four threats

unprotected RFID technology can pose to companies who use it in their

supply chain:

Corporate Espionage Threat

Competitive Marketing Threat

Infrastructure Threat

Trust Perimeter Threat

These threats mostly stem from RFID's property to be remotely read by

anyone. Corporate espionage, for instance, gains from unprotected RFID

20 Tillman, Donna-Bea. 'Evaluation of Automatic Class III Designation VeriChip(TM) Health Information Microtransponder System'. October 12th, 2004. http://www.sec.gov/Archives/edgar/data/924642/000106880004000587/ex99p2.txt

21 Garfinkel, Simon, Ari Juels, Ravi Pappu. 'RFID Privacy: An Overview of Problems and Proposed Solutions'. June 2005. http://www.simson.net/clips/academic/2005.IEEE.RFID.pdf

10

systems in the way that unauthorized readers can remotely harvest data

regarding a company's supply chain, which is confidential information. Since

pallets or objects are tagged with unique numbers competitors are able to

gather large volumes of data in a clandestine way. The Competitive Marketing

Threat extends this type of espionage to customer behaviour data, which

could be obtained by remotely gathering data as customers select tagged

items and purchase them, maybe tracking them to other stores and observe

their preferences there. The harvested data can then be used as a basis for

marketing schemes. Infrastructure threats concern corporate sabotage. While

this phenomenon is not unique to RFID, the wireless properties of RFID

combined with the fact that any reader would read any tag does open up new

vectors of attack. Viruses could be transmitted via corrupted RFID tags, as

well as other kinds of disruption and false information. The radio frequency on

which a particular warehouse would employ RFID technology could also be

jammed. Lastly, the Trust Perimeter Threat concerns the large volume of

digitally stored data that comes along with RFID automated warehouses,

which can be open to attack. Though this is not specific to RFID technology,

the changeover from manual to automated control over logistic processes in

the distribution chain increases the reliance on databases and makes them

increasingly more a viable target for attack. The following schematic shows

potential security vulnerabilities at different thresholds and should be kept in

mind for the following paragraphs.

11

3.2 RFID vulnerabilities

There are a number of specific techniques which open up avenues to

disrupt, destroy, fool or take advantage of RFID systems. While there are no

known legal cases in which people have exploited RFID's weaknesses in

society, hackers, scientists and security experts have been able to

demonstrate ways in which systems currently in use can be sabotaged or

circumvented.

Cloning RFID chips is one of the chief security concerns. As it is,

Jonathan Westhues has conclusively demonstrated2223 that the implantable

RFID chips from VeriChip contain no security measures whatsoever. You can

clone someone's implanted chip just by sitting near them in the subway or

walking past them on the street using a small portable device. After this tag

22 Westhues, Jonathan. 'Demo: Cloning a Verichip' Updated July 2006. http://cq.cx/verichip.pl23 ABC7 News Report from Sacramento, California. http://youtube.com/watch?v=4jpRFgDPWVA

12

has been cloned all systems linked to the ID of the original chip can be

accessed freely by mimicking the original chip with the device. If one uses

RFID as a digital key, a digital copy can almost be made effortlessly and

without knowledge of the holder unless security measures are taken to

prevent unauthorized reading.

Another telling example is the RFID Guardian24 project initiated by

Melanie Rieback from the Vrije Universiteit Amsterdam. This device is able to

jam or mimic specific RFID tags, which would also enable it to grant you

unauthorized access to RFID secured spaces. Since the device is actively

powered it is able to transmit its signal over larger distances as well, boosting

its jamming and mimicking functions. Additional features of the Guardian

include authentication, key management, access control and auditing.

The RFID Guardian research team has also produced a number of

academic papers on RFID, of which one describes in detail the havoc a

malicious RFID chip can cause to RFID middleware.25 By this, the authors

mean RFID readers, application servers and back-end databases. The paper

shows convincingly that despite the limited resources of a passive RFID tag it

is possible to program them with very simple lines of code which would serve

as instructions for back-end databases. These instructions could range from

shutting down the system to deleting the entire database. As with regular

computer viruses, code can also be written in a way that the virus self-

propagates, thus overloading the database. Such RFID 'malware' can cripple

entire RFID networks without appropriate middleware protection. The reason

that this type of attack poses a significant threat is because few people would

expect an attack from a simple tag. Since RFID borrows from established

internet protocols such as URI, HTTP, DNS and XML it suffers the same

weaknesses. This is why RFID systems should have internal security measures

against potential exploits.

Eavesdropping is another problem specific to RFID. Since activity from

RFID readers has a far greater range than responses from passive tags,

people could pick up these signals and figure out the unique ID of tags that

24 RFID Guardian Project, located at http://www.rfidguardian.org/25 Rieback, Melanie, Bruno Crispo, Andrew Tanenbaum. 'Is Your Cat Infected with a Computer Virus?' March 2006.

http://www.cs.vu.nl/~melanie/rfid_guardian/papers/percom.06.pdf

13

have been read. With this data, tracking of objects or people could be done

from a 30 feet. It is particularly useful in the case of corporate espionage.26

Also, by replaying a transmission between RFID tag and reader one could fool

a reader and gain unauthorized access to certain locations.

Denial of Service (D0S) attacks could jam a radio frequency, rendering a

whole system inoperable. Another, more benevolent form is the blocking of

RFID tags with protective material to prevent them from being read by any

reader. This is the easiest way to protect yourself in regards to privacy issues,

as long as you know the whereabouts of all the tags you are carrying.

Skimming of RFID chips means that the perpetrator tries to access the

data available on a chip, or at least obtain the chip's unique ID. One particular

fear associated with this technique is that terrorists could fairly easily

determine the nationality of a passport holder by skimming its chip.

Consequently, a bomb could be set to detonate whenever someone with a US

ID passes by. Critics272829 have argued that if the new US passports are only

slightly opened the RFID chips within will be susceptible to unauthorized

reading, and claim this is a substantial security threat.

3.3 RFID Privacy

As mentioned before, the two main concerns against the usage of RFID in

conjunction with humans are the ability of government to track people's

movements and the ability of corporations to track and profile people. A third

one is less often invoked but not less important – the ability of criminals or

terrorists to determine targets based on what appears on RFID displays. In

this section I will quote the paper of Garfinkel, Juels and Pappu again to

provide an overview of possible privacy threats regarding RFID technology.

26 RSA Laboratories. 'Securing RFID tags from eavesdropping.' Accessed January 11th 2007. http://www.rsasecurity.com/rsalabs/node.asp?id=2118

27 The Wall Street Journal. 'Are E-Passports more secure?' September 29th, 2006. http://online.wsj.com/public/article/SB115938787873075826-6AbUpMIaJVCS1i_UBVoGrWP867k_20070929.html

28 Flexilis. 'RFID e-Passport Vulnerability.'. 2006, http://www.flexilis.com/epassport.php29 Yoshida, Junko. 'Tests reveal e-passport security flaw '. August 30th, 2004.

http://www.eetimes.com/showArticle.jhtml?articleID=45400010

14

The above picture displays a number of privacy threats of concern to

consumers of RFID tagged products. The first item compromising privacy is

the Action Threat. This is related to anti-shoplifting efforts where tagged

items are monitored by cameras and pictures are taken from people once they

pick up one of these items. If the person with the item doesn't check out at the

register, s/he may be considered a shoplifter. A well known example of this is

the controversial case of tagged packages of Gillette razorblades at a TESCO

supermarket in the United Kingdom30, which spawned a Boycott Gillette

website.31

The Association, Location and Preference threats are closely interlinked.

It is the mainstay of privacy concerns. The Association Threat means that

even though one does not know the exact identity of a person, a tagged item

with a unique code could serve as an identifier. Readers hidden at different

30 Indymedia.org.uk. 'TESCO tags Cambridge Shoppers'. August 9th, 2003. http://www.indymedia.org.uk/en/2003/08/275490.html

31 http://www.boycottgillette.com/

15

locations (throughout a store) compile the Location Threat, allowing the

person to be tracked covertly, building up a database of a consumer's

activities. Lastly the Preference Threat means that by reading all the tags on

some person one could gain knowledge about this person's consumption

behaviour, which can lead to effects such as individually targeted marketing

(as can be seen in the film Minority Report) but it can also potentially enable

thieves to assert the value of the stuff you are carrying and thus determining

whether you are a worthy target or not. Here is a picture displaying the fears

associated with the mentioned threats:

This is called 'inventorying'.

The last three privacy threats regard tracking and monitoring.

Regardless of associating tags with individuals, a set of tags will form a

'constellation' around a person. Without knowing someone's identity, one

could simply track these constellations, enabling the Constellation Threat.

The Transaction Threat applies when RFID tags transfer from one

16

constellation to another, which obviously means that a transaction has

happened. Finally, the Breadcrum Threat is a side-effect of the Association

Threat: once a tag's unique ID has been tied to a person, another person who

obtains the tag could carry out illegal activities and the original owner could

be blamed, or at least suspected. This would be particularly nasty if powerful

bodies would indeed monitor people on the basis of RFID tags worn around a

person.

3.4 Solutions to privacy and security problems

The simplest solution to all these problems would simply to not use RFID. This

is not realistic however since billions of RFID tags are already used around

society. According to Mark Roberti32, between twenty and fifty million

Americans already carry RFID chips around.

There are a number of technical and political solutions proposed33 (and

in many cases implemented) and I will attempt to list as many as writing

space permits below.

Digital signatures on chips have been implemented in the US passports.

This is a measure against forging, but not against copying or reading. It

can only serve as an alarm mechanism if two identical chips are observed

in a network at the same time.

Encryption is an industry favourite. This usually concerns reader-to-chip

communication however, since the tags themselves don't have enough

resources to perform meaningful encryption. Even if encryption would be

possible on future generation tags, their costs would be driven up

dramatically and companies would default to the cheaper, lesser secure

chips.

Killing tags would certainly solve a lot of problems. West End

32 Garfinkel, Simon, Ari Juels, Ravi Pappu. 'RFID Privacy: An Overview of Problems and Proposed Solutions'. June 2005. http://www.simson.net/clips/academic/2005.IEEE.RFID.pdf

33 Juels, Ari. 'RFID Security and Privacy: A Research Survey.' September 28th, 2005. http://www.rsasecurity.com/rsalabs/staff/bios/ajuels/publications/pdfs/rfid_survey_28_09_05.pdf

17

Laboratories is developing a 'tag zapper'34 which can be used to disable

RFID tags after a purchase. However, killing tags (whether manually or at

checkout) may be undesirable in case of potential benefits tagged items

may have.

Password protection could work, since a tag would remain unreadable

until a reader sends the appropriate password to it. However, given the

volume of tags and their possible usage in various RFID systems, there

could be a massive password management crisis.

One of the more feasible techniques seems to be giving tags a set of

pseudonyms. This means that tags will cycle through serial numbers each

time they are read, which would make things very confusing for

unauthorized readers. Authorized readers would be able to identify tags as

they possess a list of all possible numbers per tag.

Blocker tags would 'spam' any reader with confusing information,

enabling only authorized readers to harvest data from a tag. Some

determined readers are able to bypass this, however.

To get to know more about the technical specifics of these solutions I suggest

reading RFID Security and Privacy: A Research Survey by Ari Juels.

Another approach to improve consumer privacy is the incorporation of

'RFID rights' into official policy. Simon Garfinkel has proposed a simple RFID

“Bill of Rights”35 addressing this issue. He writes that consumers should have:

The right to know whether products contain RFID tags.

The right to have RFID tags removed or deactivated when they purchase

products.

The right to use RFID-enabled services without RFID tags.

The right to access an RFID tag's stored data.

The right to know when, where and why the tags are being read.

Measures like these would go a long way in protecting the privacy of people

34 WhyNot.net. 'Zapper Detects, Destroys Unwanted RFID Chips'. April 4th, 2005. http://www.infowars.com/articles/bb/rfid_zapper_detects_destroys_rfid_chips.htm

35 Garfinkel, Simon. 'An RFID Bill of Rights'. October 2002. http://www.technologyreview.com/Infotech/12953/

18

from RFID's pervasive potentials.

19

4. RFID's place within the Networked Society

Heather Cameron wrote in her paper 'CCTV and (In)dividuation'36 about the

background of surveillance and tracking in contemporary society. She

discusses Michel Foucault's concept of governmentality (Gouvernementalité).

What this constitutes is the way in which people govern themselves in relation

to private relationships, institutions and the relationship of the citizen to the

state. Foucault recognizes a shift in understanding and definition of

leadership between Greek and Judeo-Christian texts. While the former

encourages leaders to strive for immortality and greatness, the latter invokes

the metaphor of the 'shepherd'. The shepherd holds power over the flock, not

the land. The shepherd creates the flock by bringing individual sheep

together. The shepherd looks after each sheep as an individual, recognizing

the value of each. The shepherd acts out of a sense of devotion or duty (rather

than immortality). Finally, the shepherd keeps watch over the sheep and takes

care of them. However, in the sheep metaphor the shepherd cannot

communicate with his flock, so he has to take steps to find out about the inner

lives of his followers rather than wait for them to inform him. Foucault used

this metaphor to track changes in power relations in the emergence of the

modern state, and calls it “Pastoral Power”. Pastoral power established itself

firmly in the so called 'disciplinary societies', dating between eighteenth and

mid-twentieth centuries. People are controlled through a variety of closed

environments for each stage of life. From the family to the school to the

barracks to the factory, with occasional trips to the hospital or sometimes

even the prison, people were organized into these enclosed institutions to

maximize efficiency and oversight. After World War II however, the

disciplinary societies were making way for what Gilles Deleuze calls the

societies of control.37

In the societies of control, boundaries between institutions are fading.

36 Cameron, Heather. 'CCTV and (In)dividuation'. 2004. http://www.surveillance-and-society.org/articles2(2)/individuation.pdf

37 Deleuze, Gilles. 'Postscript on the Societies of Control' Originally appearing in L'autre Journal, May 1st, 1990. http://www.nadir.org/nadir/archiv/netzkritik/societyofcontrol.html

20

Schools are gradually being replaced by perpetual training in corporations,

the enclosed space of the hospitals is being challenged by day care and

neighbourhood clinics. The powers that be have shifted from exposing the

deep motivation of individuals to scanning the surface, looking for bits of

relevant data. There is no longer a distinction between the mass and the

individual - individuals have become 'dividuals', strings and samples of data

and group identifiers which only have relevance and meaning in specific

situations, such as at the entry and exits of places and at, borders and

government buildings, where people are scanned for risk or threat

assessment. Cameron says:

“RFID tags represent a move towards smaller and smaller units of tracking. These tags are also programmed with certain information which can be particular to each tag. As Foucault’s flock was broken into individual trackable and predictable sheep and then regrouped at will, the development of these tags opens the possibility of a more detailed and intimate control. This makes Deleuze’s point that the current historical framework is not interested in unique individuals confessing their truth but connected units being scanned for their code.”38

Governments and corporations are undoubtedly interested in any means by

which they can identify people's behavioural or preference patterns. RFID, as

shown earlier, has this potential. A widespread implementation of this

technology could give the powers that be the measure of control and

surveillance they seek. It would vastly increase their abilities to sort and

classify.

RFID and biometrics are closely linked in relation to Deleuze's argument

of the dividual. Gillian Fuller39 discusses how biometrics enter (in)dividuals

into databases. Digital storage of people's identity means that there is a shift

in emphasis on the visual to emphasis on fragmented pieces of data. Where

people used to be identified by comparing a photograph to a face, it is now a

matter of matching algorithmic patterns. The linear image of the whole of the

body has made way for a mass of isolated bits of data. Your body has become

38 Cameron, Heather. 'CCTV and (In)dividuation'. 2004. http://www.surveillance-and-society.org/articles2(2)/individuation.pdf

39 Fuller, Gillian. 'Perfect Match: Biometrics and Body Patterning in a Networked World'. Fibreculture Journal, 2003, volume 1 NO 1. http://journal.fibreculture.org/issue1/issue1_fuller.html

21

your password. We are no longer confined to the factory or the school, but are

moving “through the free-floating controls of open systems”40. Access is

granted or denied at various thresholds; control has retreated to exit and

entry points:

“This is where the strength of biometrics lies – not in the vision modes of the disciplinary technologies of surveillance – rather in the scanning technologies of logistical life where movement is not tracked in linear flows but logged on at various thresholds. “41

Fuller mentions the term 'protocol' a number of times in her essay. I would

like to expand on this term using arguments from Alexander Galloway's book

“Protocol”.42

Galloway explains how in a large distributed network such as the

internet, which superficially seems like an anarchical, chaotic and free system

there is an underlying standardizing force which exercises complete control.

This is protocol. Protocol is more than a framework of rules; it's the most

logical way of doing things:

“Protocol is like the trace of footprints left in snow, or a mountain trail whose route becomes fixed only after years of constant wear. One is always free to pick a different route. But protocol makes one instantly aware of the best route – and why wouldn't one want to follow it?”43

One can understand RFID and the danger of it being implemented into society

on these terms. Not only does RFID follow protocol itself, it is also a very

“protocological” technology in that it too regulates and structures the flow of

objects or people. Like the headers on data packets in computer networks,

RFID in supply chains serves as the headers on products, containing

information about their type, origin and destination. Where TCP/IP and such

protocols regulate data flow in computer networks, technologies like RFID

and biometrics are moving towards regulating the flow of people and goods in

society. Technologies like these may ensure in the future that no product or

40 Fuller.41 Fuller.42 Galloway, Alexander. 'Protocol: how control exists after decentralization.' MIT press, Cambridge MA, 200443 Galloway, p.244

22

person will be able to go where it is not supposed to be.

One of Galloway's arguments about protocol is that it is voluntarily. You

do not have to use it. For instance, you do not have to have RFID

transponders in your car on toll highways. You are free to stand in line at the

toll booth. It simply makes more sense however to install such a device

because it saves a lot of time and effort.

23

5. Conclusion

RFID is a technology that is on the rise, one everyone will have to deal with as

more and more companies invest in it, price and production costs drop and

technological advancements continue. RFID investment in 2005 reached an

estimate of five hundred million dollars and it is expected to rise up to three

billion dollars by 2010.44 As it stands, RFID could present significant threats

to people's privacy, for which corporations and government agencies show

distressingly little concern. But “RFID as protocol” is still a work in progress.

Corporations, security companies, government agencies, privacy groups and

academics are arguing and competing on how or whether society should

implement the technology on a large scale. In this process, any person with

the motivation and interest has the ability to jump into the fray.

RFID technology will continue to evolve and improve as the technology

moves more and more into the spotlight. Current issues about technological

limitations may soon be resolved, but RFID principles will remain the same, as

likely will the ethical debate about RFID usage. More studies delving deeper

into the technology's potential will undoubtedly yield new possibilities and

problems, and as such it is important for academics to keep an eye on RFID

developments in society, as well as conducting their own investigations.

44 ZDNetUK. 'RFID may become a $3bn business by 2010'. December 14th, 2005. http://news.zdnet.co.uk/emergingtech/0,1000000183,39241887,00.htm

24

6. Bibliography

Book and articles

Cameron, Heather. 'CCTV and (In)dividuation'. 2004. http://www.surveillance-and-society.org/articles2(2)/individuation.pdf

Deleuze, Gilles. 'Postscript on the Societies of Control' Originally appearing in L'autre Journal, May

1st, 1990. http://www.nadir.org/nadir/archiv/netzkritik/societyofcontrol.html

Fuller, Gillian. 'Perfect Match: Biometrics and Body Patterning in a Networked World'. Fibreculture Journal, 2003, volume 1 NO 1. http://journal.fibreculture.org/issue1/issue1_fuller.html

Galloway, Alexander. 'Protocol: how control exists after decentralization.' MIT press, Cambridge MA, 2004

Garfinkel, Simon, Ari Juels, Ravi Pappu. 'RFID Privacy: An Overview of Problems and Proposed Solutions'. June 2005. http://www.simson.net/clips/academic/2005.IEEE.RFID.pdf

Juels, Ari. 'RFID Security and Privacy: A Research Survey.' September 28th, 2005. http://www.rsasecurity.com/rsalabs/staff/bios/ajuels/publications/pdfs/rfid_survey_28_09_05.pdf

Rieback, Melanie, Bruno Crispo, Andrew Tanenbaum. 'Is Your Cat Infected with a Computer Virus?' March 2006. http://www.cs.vu.nl/~melanie/rfid_guardian/papers/percom.06.pdf

Saponas, T.S, Jonathan Lester, Carl Hartung, Tadayoshi Kohno. 'Devices That Tell On You: The Nike+iPod Sport Kit'. November 30th 2006,University of Washington, Seattle. http://www.cs.washington.edu/research/systems/nikeipod/tracker-paper.pdf

News reports, videos and miscellaneous

DTechEx. The RFID Knowledgebase. Accessed on January 11th 2007 http://rfid.idtechex.com/knowledgebase/en/casestudy.asp?freefromsection=122

Democracy Now! 'How Major Corporations and Government Plan to Track your Every Move with

Radio Frequency Identification' Transcript of an interview with Liz McIntyre. March 1st, 2006. http://www.democracynow.org/article.pl?sid=06/03/01/1447202

Flexilis. 'RFID e-Passport Vulnerability.' 2006, http://www.flexilis.com/epassport.php

Freedman, Jonah. 'The (new) color of money'. March 5th 2003. http://money.cnn.com/2003/03/05/news/money/index.htm

Garfinkel, Simon. 'An RFID Bill of Rights'. October 2002. http://www.technologyreview.com/Infotech/12953/

25

Indymedia.org.uk. 'TESCO tags Cambridge Shoppers'. August 9th, 2003. http://www.indymedia.org.uk/en/2003/08/275490.html

Losowski, Andrew. 'I've got you under my skin.' June 10th, 2004. http://technology.guardian.co.uk/online/story/0,3605,1234827,00.html

RFid Gazette. 'RFID Found At Highway Toll Booths' March 23rd, 2005. http://www.rfidgazette.org/2005/03/rfid_found_at_h.html

RFID Guardian Project. Accessed on January 11th, 2007. http://www.rfidguardian.org/

RSA Laboratories. 'Securing RFID tags from eavesdropping.' Accessed January 11th 2007. http://www.rsasecurity.com/rsalabs/node.asp?id=2118

Sun Microsystems. 'RFID Streamlines Processes, Saves Tax Dollars'. 2003. http://www.sun.com/br/government_1216/feature_rfid.html

Swedberg, Claire. 'L.A. County Jail to Track Inmates'. May 16th, 2005. http://www.rfidjournal.com/article/articleview/1601/

Texas Instruments. 'Animal Tracking with RFID Raises Resource Management to a New Level' Accessed on January 10th, 2007

http://www.ti.com/rfid/shtml/apps-anim-tracking.shtml

Tillman, Donna-Bea. 'Evaluation of Automatic Class III Designation VeriChip(TM) Health

Information Microtransponder System'. October 12th, 2004. http://www.sec.gov/Archives/edgar/data/924642/000106880004000587/ex99p2.txt

The Wall Street Journal. 'Are E-Passports more secure?' September 29th, 2006. http://online.wsj.com/public/article/SB115938787873075826-6AbUpMIaJVCS1i_UBVoGrWP867k_20070929.html

VeriMed Patient Identification. Accessed on January 11th, 2007. http://www.verimedinfo.com/intro.html

Watson, Steve. 'Debunkers Attempt To Discredit Prison Planet/Infowars Over Exploding $20 Bills

Story' March 18th 2004. http://www.prisonplanet.com/180304_RFID_article.html

Westhues, Jonathan. 'Demo: Cloning a Verichip' Updated July 2006. http://cq.cx/verichip.pl

WhyNot.net. 'Zapper Detects, Destroys Unwanted RFID Chips'. April 4th, 2005. http://www.infowars.com/articles/bb/rfid_zapper_detects_destroys_rfid_chips.htm

Wikipedia contributors. 'E-Zpass'. Accessed on January 10th, 2007. http://en.wikipedia.org/wiki/E-ZPass

Williams, Martyn. 'RFID tags make it into bank notes.' September 2nd 2003. http://www.techworld.com/news/index.cfm?fuseaction=displaynews&NewsID=412

Yong-Young, Kim. 'Radio ID chips may track bank notes'. May 22nd 2003.

26

http://news.com.com/2100-1017-1009155.html

Yoshida, Junko. 'Euro bank notes to embed RFID chips by 2005'. December 19th 2005. http://www.eetimes.com/story/OEG20011219S0016

Yoshida, Junko. 'Tests reveal e-passport security flaw '. August 30th, 2004. http://www.eetimes.com/showArticle.jhtml?articleID=45400010

http://youtube.com/watch?v=4Zj7txoDxbE --- Corporate promotional video for RFID in the supply chainhttp://youtube.com/watch?v=yQo4mGTCALE --- Excerpt from Good Morning America

http://youtube.com/watch?v=4jpRFgDPWVA --- ABC7 News Report from Sacramento, California.

ZDNetUK. 'RFID may become a $3bn business by 2010'. December 14th, 2005. http://news.zdnet.co.uk/emergingtech/0,1000000183,39241887,00.htm

Pictures

Picture page 10 – an RFID system diagram – from Garfinkel, Simon, Ari Juels, Ravi Pappu. 'RFID Privacy: An Overview of Problems and Proposed Solutions

Picture page 13 – an overview of RFID security and privacy threats – from Garfinkel, Simon, Ari Juels, Ravi Pappu. 'RFID Privacy: An Overview of Problems and Proposed Solutions

Picture page 14 – Scanning tags on the future consumer – from Juels, Ari. 'RFID Security and Privacy: A Research Survey.'

27