Good god…the State Department is planning on putting RFIDs in passports. Note to self: must get valid passport before spring…
Posts Tagged ‘rfid’
RFIDs in passports
Friday, October 22nd, 2004Don’t forget your RFID
Monday, August 23rd, 2004I was reading an article in the hardcopy version of New Scientist (couldn’t find the article online to link to) about a new application of RFID — a watch that you could program with important items that you couldn’t leave the home or office without. You’d tag your keys, pager, cell phone, etc with small RFID stickers. The actual reader is too large to fit into a watch so you would have to install an RFID reader in the doorway of your house, or take advantage of RFID readers we already come in contact with out in the wild — like the card reader at work that lets you in the door. The readers would ping the tags, the watch would decode that data and buzz an alarm if you tried to leave your house without your house keys or tried to leave work without your pager.
Just imagine the wonderful uses of the forgetfulness watch — your wife could tag your wedding ring, the grocery list, your small child. Your boss could tag your laptop, the technical documents he wants you to read, the resumes you’re supposed to sift through, your pager, cellphone, and blackberry. Every time you’d tried to exit a building, your watch would go off in a beeping frenzy alerting everyone to the fact that yes, you are leaving some important piece of yourself behind. No, you cannot be trusted to take responsibility for your own things; yes, you are shirking some duty or another. You’d really be better off forgetting the damn watch.
I can’t wait to get an RFID reader. Imagine the fun things you’d find out about the people around you.
Implanting RFID
Tuesday, July 27th, 2004Short little article about a pilot project in a New York hospital tagging patients with RFIDs. The RFID tag holds name, date of birth, sex and a medical record number. Doctors and staff carry around RFID readers, tablet PCs and have wifi access to the medical network. Seems like a lot of shit to be carrying around. And what about the privacy and security issues with wifi access to medical records?
The funny bit is at the end where they make mention of other RFID tagging projects including a Mexico City one where they implant people with RFIDs, just like they do with dogs and cats! And the related article about Mexicans afraid of being kidnapped getting chipped is hilarious.
Medical privacy
Tuesday, June 8th, 2004At lunch today a couple of the guys were talking about hospital visits and how the staff log everything. Who visited when and did they bring flowers, did they hold the baby, was there any conflict or arguing? And more than one person claimed this was true. A perfunctory search on google yielded nothing to back up these personal anecdotes, but I’m going to go on the assumption that is true. Someone mentioned that a resident friend of his told him he had to write everything down because you, as a doctor, didn’t ever want to be accused of not knowing something or not remembering something that might have been critical to a patient’s welfare. Doctors get sued for malpractice all the time. They pay outrageous amounts of money for malpractice insurance. I can see why you’d want to take careful notes about everything you possibly could.
But it raises a really interesting privacy issue, too. Medical records should be “sacred secrets”, shared only with other professionals when absolutely needed. But if doctors and nurses are actually taking such copious and detailed notes — it’s not just your medical records, it’s also personal data in those files. HIPAA (Health Insurance Portability and Accountability Act), which went into effect on April 14, 2003, set national standards for maintaining the privacy of health information, but is limited to the information maintained by health care providers, health plans and health clearinghouses only if they transmit it in electronic form. And it doesn’t actually prevent medical information from being shared for marketing purposes, or sharing between doctors without explicit consent, or providing information to the public and the media (unless the patient explicitly opts out), and we don’t have the power to sue if these regulations are grossly violated. Doesn’t seem like a whole lot of privacy, does it? <HIPAA Myths, HIPAA Basics>
I was just reading an article last night about how HIPAA could hinder information flow — even if you’ve made legal provisions for someone to act in your stead if you become completely incapacitated or incompetent. If you don’t make explicit HIPAA clauses in your legal documents, the distribution of your money and tangible goods, or your requested medical wishes, might not be honored because without the medical information there is no way for your wife or child or other designated stand in to prove that you are in the condition you’ve claused in your will.
And it made me wonder how soon after a lawsuit occurred challenging these difficulties, would someone try to alter the minimal standards of medical privacy we currently have. Privacy is such a hard thing to try to maintain. If we really care about our privacy, we have to make a conscious and concerted effort to try to safeguard it. And it’s easy to give up because convenience is always the pay off for giving up some privacy. I’m just as guilty of it as anyone else.
And the threats to privacy only get worse as technology ever increasingly becomes more advanced. Cameras are everywhere. RFIDs are prevalent and soon to become much more so (big business is already touting the high returns on investment in RFID), unencrypted email, wireless networks, data mining and caching. Not to mention threats to homeland security and the rights we’ve lost with the PATRIOT Act. It just doesn’t end.
Inking metallic patterns, cheaper RFID tags
Monday, June 7th, 2004Interesting article about an ink produced by QinetiQ and Sun Chemical that allows you to draw patterns and “grow” metal. Useful, of course, for RFID tags. It’s supposed to be cheaper, faster, and more environment friendly. RFID Journal article; QinetiQ press release.
RSA security chief scientist on RFID
Wednesday, June 2nd, 2004QA with Burt Kaliski. He makes good, rational points. He doesn’t say much that’s new in the RFID conversation, however he makes mention of something that I haven’t heard any discussion about yet — that deactivating the RFID tag also disables benefits of the tag. Currently privacy advocates believe that having the ability to disable the tag at will is a good thing. And while it may be a good thing now for privacy, I agree with Kaliski that there has to be another way to safeguard privacy and still be able to take advantage of the technology. If killing the tags is the only way to ensure my privacy, then my dreams of a smart fridge are never going to be realized.
RFID re-emerges
Saturday, May 29th, 2004It seems like RFID news has been quiet until recently. So far there hasn’t been any talk of federal regulation of RFIDs, but now the U.S. Federal Trade Commission has scheduled a June 21st workshop to discuss RFID and the effect on consumers. Written comments about the uses of RFID will be accepted until July 9th.
I’m not a huge fan of government regulation, but think it’s a good sign that the debate about RFIDs continues to grow. Other recent news includes the RFID News “Ask the Experts” about RFID which interviews five different people from CASPIAN, HP, EPCglobal, EPIC, and Verisign. I love Katherine Albrecht’s quote (which was also posted on slashdot):
“In most cases, asking how a company exploring item-level RFID tagging can protect their customers’ privacy is like asking a fox how he can best ensure the safety of your chickens.”
Though I disagree with her that “unless they have a financial or professional stake in RFID’s success”, people aren’t going to like the technology. I think the technology is interesting and could be very useful. In the tech ubiquitous home, RFIDs would be a great addition — I think the refrigerator example exemplifies this — a computer in your refrigerator door that tells you when your milk is low and displays recipes based on the contents of your fridge. We’re quite a ways from that, and a lot of standards and policies need to be figured out in order to both safeguard privacy and allow us this convenience, but I personally would love a smart fridge.
The links off of Albrecht’s interview are a great way to introduce yourself to the reasons why we need these discussions if you aren’t already familiar with them.
On the other hand, Jack Grasso of the EPCglobal (a non-profit organization; EPC = Electronic Product Code), claims that consumers “overwhelmingly support the use of RFID for the benefits they expect to recieve from the technology”. But of course if you ask people if they want safer prescriptions or fresher produce, people are going to say yes. If they don’t understand more than that about RFID technology, they’re not fair questions to ask. And the group that did that study also just launched a joint RFID venture with Sun. They’re not unbiased. The study (which is incorporated in a pamphlet informing and encouraging businesses to better market RFID) by Capgemini (formerly Cap Gemini Ernst and Young) contains quotes like “consumer buy-in is essential given the current public debate”, “This finding indicates that many consumers have not yet formed an opinion about RFID, providing an opportunity for businesses to position RFID in a favorable light”, and “If the industry fails to educate consumers, that role will default to consumer advocacy groups”.
Cédric Laurant, of EPIC, also makes mention of the probable publicity campaign that business interests will likely undertake to make item level RFID palatable and even desirable to the average consumer. He also has a detailed list of the ways in which item level RFID tagging can be deployed in a consumer friendly manner.
RFID forum
Friday, March 5th, 2004The RFID forum was interesting. It was a mixed panel of librarians, privacy advocates, and a techie grad student from Berkeley. I’ve never been to a public meeting like this — the San Francisco Library Commission was there listening to the panel. No action was taken this evening, and no action has been taken so far on the RFID issue except to move forward in considering it.
They have also already put away money for this project — the first year’s funding for the RFID implementation has already been put away. It’s not in their operating budget, but if they decide to move forward with this they will move that money into their operating budget and ask for additional money.
The interesting thing for me was the human issue. I’m fascinated by this topic, but I have always looked at it from a technical and privacy issues stand point. I think, of course, about the impact it will have on people as a whole, but have never thought about individuals on a personal basis. The representatives of the libraries emphasized over and over again the costs — both financial and emotional — of the repetitive motion injuries their employees suffer. I did not write down the numbers of those affected, but it seemed a significant portion (of at least Berkeley’s) library’s funds went into workers’ compensation and / or disability. You tell could from the way the library represenatives spoke, most notably Jackie Griffin, director of the Berkeley Public Library, how emotionally committed they were to their library and the people who worked there. They are also focused on improving the services they provide and are passionate about it.
They, as librarians, are also passionate about protecting our privacy. But being involved as deeply as they are in their respective libraries, they are emotionally vested to improve their services and make work easier and less risky for their employees. It’s very easy to understand why using an RFID system would be advantageous for the SF Public Library — library staff wouldn’t have to scan every book for patrons when checking out. Patrons would check themselves out instead (actually increasing privacy by minimizing third party interaction and viewing of personal data). Managing inventory would be simpler — they claim they can just take a wand (reader) to a stack of books lying on a table and easily find books that aren’t on the shelves when other people want them.
While it all sounds great, I’m wondering how realistic it is that it will work as they think it will. One of the librarians mentioned that the wand reader worked less ideally than the vendor made it sound — tagged books had to be read at a very close distance, and had to be oriented in the same direction in order to read multiple books. What about checking out stacks of books at one time when patrons leave? I bet we’ll still have to scan the books one by one. Which is fine with me. But then, why not improve the current self check out machines? When asked about the self check out machine they currently had their complaints were that it was slow, you had to scan books one at a time, and video and other media had to be handled differently and could not be scanned. Improving those machines would free up librarians to service patrons, cut down on repetitive stress issues, and cost less than upgrading the entire system to use RFIDs.
I understand that it’s more complicated than simply upgrading and improving those machines, though — there’s still the repetitive stress from placing the anti-theft device in every single book, and the issue with shelving and finding books. But RFIDs, while innocuous now, have incredible potential to defrock us of our privacy. Cheerleaders for RFID technology say that our hypothetical concerns are unrealistic and overly paranoid, but there will easily come a time when technology is such that our concerns will not be hypothetical. And there may come a time when they are not overly paranoid either — and if that time comes, I don’t want to have in place the technologies that will make me a vulnerable citizen under an overly watchful eye.
Today’s events
Thursday, March 4th, 2004SFGate has an article about how the SF Public library wants to put RFIDs in all its books (complete with quote and picture of Lee Tien :). There’s an RFID forum tonight at the library from 6-8 that I’ll probably attend (though the last time I said I’d be somewhere — Tuesday’s SFOBUG — I didn’t end up going).
Also — the Asian film festival starts tonight! You can finally see the Hero (Flash site) on the big screen!! It’s the opening film tonight. It’s an amazingly beautiful and tuoching film. There’s also a wonderful Korean film I think I’m going to recommend my mother see about a woman who doesn’t let her husband suck the life out of her.
Misc super Tuesday notes…
Tuesday, March 2nd, 2004Rosetta finally successfully launched today!
And on slashdot this morning, there is an interesting story about exploding twenties. I’m not quite sure what to think of it because from what I understand, U.S. currency does not contain RFIDs. Though supposedly if you microwave the tags, they are expected to explode. And currently RFID signals are weak enough to be possibly shielded by aluminum foil. However, I think I’ll need to do more research in order to figure out the veracity of the claims.
Also, don’t forget to vote if you are so inclined. I will be stepping out sometime today to cast my ballot, too.
And Seth Schoen’s speaking at SFOBUG this evening. I will be in attendence. He’ll be speaking on trusted computing.
Another retailer backs off RFIDs
Monday, March 1st, 2004Metro AG (the fifth largest retailer in the world) has decided to drop the use of RFIDs (radio frequency identification tags) in their customer loyalty cards in one of its Germany stores where the group is testing several new retail technologies (they’re still going to use them for tracking inventory). They’re the third major retailer to do so — Benetton and Wal-Mart caved to pressure last year and modified their RFID strategies.
I believe plans are still intact for plugging RFIDs into casino chips and EU and Austrailian banknotes. And while useful for managing theft, it’s also useful for tracking gambling habits, figuring how much money you’ve got in your pocket (being a thief just got easier — know exactly who to target and how much you’ll get), and checking out your purchases (say goodbye to the anonymity of cash transactions). And while all this is hypothetical and technologically more difficult than it first appears, we don’t want to let the technology outpace our debate so that when it does become a viable possibility we’re still sitting on our hands wondering how we want to deal with it.
