OT: RFID & Privacy - long (was Re[2]: [ale] Radio-frequency identification (RFID) chips)

Wed Jan 7 17:48:30 EST 2004

Your memory serves correct.  Below my signature is the Politech list
email in its entirety which relates to this.  Also a completely
related article by Politech's owner Declan McCullagh is here:
<http://news.com.com/2010-1069-980325.html>

Additionally, I have a pretty good article from howstuffworks.com
from a few years back.  The articles are now numerous, and quite
insightful.  Really good reading!
<http://www.howstuffworks.com/search.php>

Here is a thought to brighten your day...  Hypothetical retailer "W"
implants a rugged RFID device in an article of clothing.  A customer,
let's call her "M", checks out and pays with likely a check card,
credit card, or check.  The RFID reader reads the device and logs it
to "M"'s profile.  "W" already has a good profile on customer "M",
and knows her purchasing habits.  Now "W" wants to know how "M"
interacts with the merchandise and the store layout.  So rather than
disable the RFID device, the reader/writer implants the customer's
UID in the clothing's RFID creating an RFUID.

A few days later, "M" visits a "W" store (whether it is the same one,
it doesn't matter) and proceeds to shop.  Overhead, powerful RFID
readers pick "M" up as she enters the vestibule.  The RFID device,
embedded in her clothing and previously loaded with her UID, readily
gives up its payload to the reader.  Like cell towers, the various
readers positioned around the store pick up "M"'s RFIUD as she
meanders between the shelves and stacks of goods.  As she fills her
cart with merchandise, the cart's RFUID is also tracked and attached
to "M"'s session log along with the RFID of the merchandise.  More
interestingly, "W"'s RFID system watches her as she looks at items
and either returns them to the shelf, or deposits them in her cart,
ultimately to check out.

I'd go on, but you get the big Orwellian picture.  ;c)

Cheers,
Robert Reese~

POLITECH ARTICLE: 

[Politech] Wal-Mart and P&G accused of secret RFID testing [priv]
- ---

Date: Tue, 11 Nov 2003 01:58:34 -0600
From: Andrew Edelstein <andrew at pure-chaos.com>
To: declan at well.com
Subject: [Fwd: [priv] [Fwd: Scandal: Wal-Mart, P&G Involved in Secret
RFID
  Testing]]

FOR IMMEDIATE RELEASE

November 10, 2003

*Scandal: Wal-Mart, P&G Involved in Secret RFID Testing *
/American consumers used as guinea pigs for controversial technology/

Wal-Mart and Procter & Gamble conducted a secret RFID trial involving
Oklahoma consumers earlier this year, the Chicago Sun Times revealed
on
Sunday. Customers who purchased P&G's Lipfinity brand lipstick at the
Broken Arrow Wal-Mart store between late March and mid-July
unknowingly
left the store with live RFID tracking devices embedded in the
packaging. Wal-Mart had previously denied any consumer-level RFID
testing in the United States.

"It proves what we've been saying all along," says Katherine
Albrecht,
Founder and Director of Consumers Against Supermarket Privacy
Invasion
and Numbering (CASPIAN). "Wal-Mart, Procter & Gamble and others have
experimented on shoppers with controversial spy chip technology and
tried to cover it up. Consumers and members of the press should be
upset
to learn that they've been lied to."

The Sun Times also reported that a live video camera trained on the
shelf allowed Procter & Gamble employees, sometimes hundreds of miles
away, to observe the Lipfinity display and consumers interacting with
it.

"This trial is a perfect illustration of how easy it is to set up a
secret RFID infrastructure and use it to spy on people," says
Albrecht.
"The RFID industry has been paying lip service to privacy concerns,
calling for notice, choice and control. But companies like P&G,
Wal-Mart
and Gillette have already violated all three tenets when they thought
nobody was looking. This is exactly why we oppose item-level RFID
tagging and have called for mandatory labeling legislation."

The Lipfinity tests were conducted while Wal-Mart and Procter &
Gamble
were sponsors of the MIT Auto-ID Center, a consortium of over 100
corporations and government agencies founded in 1999. Auto-ID Center
activities were supervised by a Board of Overseers, which included
both
Wal-Mart and Procter & Gamble, along with the Uniform Code Council
(UCC), the standards body that oversees the bar code. The UCC (along
with EAN International) took over commercial functions from the
Auto-ID
center on November 1 of this year.

"Given the players, the Wal-Mart Lipfinity trial probably isn't an
isolated incident," says CASPIAN spokeswoman Liz McIntyre. "UCC and
Auto-ID Center documents suggest that other products, including
Huggies
baby wipes, Pantene shampoo, Caress soap, Purina Dog Chow and Right
Guard deodorant were also slated for live RFID field trials. Coca
Cola,
Kraft, Kodak and Johnson & Johnson products are also implicated.
However, it may be difficult for consumers to learn the extent of
those
trials in the current climate of secrecy and denials."

(Links to documentation provided below.)

Disclosure of the Broken Arrow trial is only the latest scandal to
hit
the privacy plagued RFID industry. Early this year, CASPIAN called
for a
worldwide boycott of Italian clothing manufacturer Benetton when the
company announced plans to equip women's undergarments with live RFID
tracking tags (see http://www.boycottbenetton.org). This summer,
CASPIAN
uncovered an RFID-enabled Gillette "smart shelf" in a Brockton,
Massachusetts Wal-Mart and helped disclose Gillette's scheme to
secretly
photograph consumers picking up Mach3 razor blades in UK Tesco stores
(see http://www.boycottgillette.com/spychips.html). The group also
revealed confidential industry plans to "pacify" consumers and
"neutralize opposition" in the hope that consumers will be
"apathetic"
and "resign themselves to the inevitability" of RFID product tagging
(see: http://www.nocards.org/press/pressrelease07-07-03_1.shtml).

CASPIAN encourages consumers to contact Wal-Mart, P&G and the UCC to
voice their opinion about the use of RFID spy chips in consumer
products. Contact information for these companies is provided on the
group's RFID website at http://www.spychips.com.

For links to documents implicating other consumer products in
item-level
tagging trials, see:

"/The EPC Network, RFID and data/" at
http://www.autoid.org/SC31/clr/200305_3822_UConnect%20I4.pdf
mirrored at: http://www.cryptome.org/rfid/ucc-rfid.pdf

"/EPC Field Test/" at http://cryptome.org/rfid/field_test_nov02.pdf

"/Lessons Learned in the Real World/" (note, for example, pages 25 &
26)
at http://cryptome.org/rfid/rfid-field-test.pdf

Consumers Against Supermarket Privacy Invasion and Numbering
(CASPIAN)
is a grass-roots consumer group fighting retail surveillance schemes
since 1999. With members in all 50 U.S. states and over 20 nations
across the globe, CASPIAN seeks to educate consumers about marketing
strategies that invade their privacy and to encourage
privacy-conscious
shopping habits across the retail spectrum.

The Chicago Sun Times article is online at:
http://www.suntimes.com/output/business/cst-nws-spy09.html
<http://www.suntimes.com/output/business/cst-nws-spy09.html.>

==========================================================

We encourage you to duplicate and distribute this message to others.

==========================================================

To subscribe or unsubscribe to the CASPIAN mailing list, click the
following link or cut and paste it into your browser:
http://www.nocards.org/cgi/mojo/mojo.cgi

If you have difficulty with the web-based interface, you may also
subscribe or unsubscribe via email by writing to:
admin at nocards.org <mailto:admin at nocards.org>

==========================================================

For CASPIAN's overview of RFID product identification and tracking
technology, please see:  http://www.stoprfid.org/rfid_overview.htm
<http://www.BoycottGillette.com/aboutrfid.html>

_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBP/yKz7w8BOWncaQMEQLKSgCdGIrY3bbjCYEawisJgGlS4U9s9UEAnAlW
f0KqUh/B7MM6SwY9DfpSLj1h
=EHEr
-----END PGP SIGNATURE-----

Type: DH/DSS 4096/1024 AES-256
Key ID: 0xA771A40C
Fingerprint: CAE2 81CA A7CD 6681 341C  E3A9 BC3C 04E5 A771 A40C