Security

What to do about RFID chips in your wallet

Have you wondered about the security implications of RFID chips in your driver's license, credit cards, and passport? The growing prevalence of RFID transponders in these items, and others, can raise security concerns. You should know what issues arise, and what you can do about them.

Anyone who has read Cory Doctorow's Little Brother -- mentioned in a previous article, Five good security reads -- should already have some inkling of how RFID technologies can become liabilities. While the events of Doctorow's novel are unlikely to occur in the immediate future, there are potential dangers to poorly implemented RFID policies that can affect you right now.

Between the RFID chips in new US passports and similar measures required by Department of Homeland Security regulations persuant to the Real ID Act of 2005, US citizens could very soon be walking advertisements of their own personal information. Even the crudest uses of such information -- just detecting specific classes of people based on the gross RF transponder characteristics of a given nation's passports, such as detecting the presence of US citizens based on the manner in which data is encoded on passport RFID chips -- can lead to significant security problems. It has been suggested, for instance, that a person's nationality, detected in proximity to an explosive device, could be used to trigger the device. It's a simple way for a terrorist to make sure a bomb targets at least one person of a targeted nationality.

This isn't merely the domain of expensive projects by professionals. Hobbyists can acquire and learn to use RFID "experimentation" kits for under $100. Blaming the purveyors of such tools would be the height of foolishness, of course, considering the many legitimate and commercial uses for them; for instance, I may buy an RFID reader in the foreseeable future to test for specific types of radio frequency emission "leakage" as part of a proposed business endeavor, and if I don't have to pay more than $100 to get it, I won't. Since the business endeavor centers around providing increased personal data security for customers, trying to regulate the distribution of such tools could potentially hurt security for a lot of people -- especially since those who would purchase a legally available kit to use for nefarious purposes won't be put off for long by making the acquisition of such a device illegal. Lawbreakers are, by definition, not deterred by laws.

There are some things you can do all by yourself to reduce your vulnerability to the dangers of RFID chips in your wallet. They range in effectiveness from "maybe effective, sometimes" all the way to essentially impervious to circumvention. A few solutions that rely to some extent on the ideas of physicist Michael Faraday, who built the world's first Faraday cage circa 1836, follow. I list them in order from the most easily employed to the most difficult -- and, perhaps coincidentally, from the least effective to the most effective.

  1. If you bundle cards with RFID transponders in them closely, perhaps by stacking them together and wrapping a rubber band or elastic hair tie around them, the radio frequency emissions of each RFID chip may interfere with those of the others (producing, obviously, RFI). This is far from fool-proof, of course, and a good RFID reader held close enough can sort out the signals.
  2. Most of you being IT professionals, you have probably encountered the anti-static bags in which many hard drives and PCI expansion cards are delivered. Simply wrapping the RFID-chipped items in one of these bags can significantly reduce the likelihood that your data can be read remotely. It's not the most professional looking solution, but it may work for you in a pinch.
  3. You could wrap these items in aluminum foil, which serves as a more effective masking medium than you're likely to get out of anti-static bags. Unfortunately, foil rips easily and can be a pain to wrap, unwrap, and rewrap over the course of the day every time you want to pay for something with your PayPass Mastercard. Perhaps worse than the inconvenience is the funny looks you could get, and the inevitable joke from someone who may identify you with the "tinfoil hat crowd".
  4. Constructing your own Faraday wallet using common materials like duct tape and aluminum foil is entirely possible. It requires setting aside some time to do so, however, and may require more than one try to get it right. Such a project should be tested afterward, as well, such as by placing a PayPass Mastercard in it (alone) and trying to use it from within the wallet to determine whether the payment point reader can detect the RFID chip -- or, better yet, by getting an RFID "experimentation" kit and testing it properly.
  5. Finally, of course, you could try disabling the RFID chips. It has been suggested this could be accomplished by microwaving any items you suspect contain the chips, but that route is fraught with danger, not only to your microwave oven but also to the item whose RFID chips you want to disable. By all accounts, the things tend to "explode", or at least pop with sparks and occasional small flames, when microwaved.

The right way to handle it is to never get yourself in the position of having to deal with it at all. You can urge your State and Federal legislative representatives to oppose or revoke measures that introduce more dangerous RFID technology into your life. There are proper uses for this technology, such as inventory tracking in warehouses, keeping track of the movements of participants in a race more exactly than by the human eye so that precise timing can be tracked, and research studies where the movements of subjects must be tracked. Unprotected, constant RFID broadcast in passports and driver's licenses is just a recipe for security disaster.

Worried about security issues? Who isn't? Delivered each Tuesday, TechRepublic's IT Security newsletter gives you the hands-on advice you need for locking down your systems and making sure they stay that way. Automatically sign up today!

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

211 comments
PrinceGaz
PrinceGaz

We're not talking about doing a Brainiac (UK TV programme where they put large volatile materials in microwave ovens), or even Mythbusters. The RFID circuitry will atract microwave radiation, and at the field-strength inside a microwave oven will most certainly be burned out almost instantanelously, but there is no risk in doing so assuming the thing with the RFID chip is not on an inflammable material (just put it on a normal plate, as if you were cooking any normal food item. If you're really worried about it, wrap it in newspaper (the newspaper won't absorb the microwaves but would absorb any potential explosion from the tiny RFID component) then give it a good microwave blast. It's worth noting that an RFID chip alone does not count as any sort of cookable item, so for the good of the oven, it is best to fry an RFID chip with a small cup of water also in the oven which will absorb most of the energy, but still allow the RFID chip to be subjected to the very high EM surges.

aroc
aroc

Has the FDA approved this for exposure to reproductive organs? I suppose this would apply mainly to men since women tend to keep cards in purses usually not kept against their bodies constantly like a man does a wallet. However, there is usually much more concern with exposure of eggs in the ovaries and of developing babies in the womb, so it should have gotten FDA attention (or some similar agency?). Anyway, I'm going for something aluminum-based for my health in both senses (done making babies - the grandkids are my focus now - but still don't need any "weird developments", or explosions ;-)

smonrad
smonrad

Last week I purchased an RFID blocker wallet from the local stationery store, Patrick's in downtown San Francisco, so someone is doing something. Not big enough for a passport, though. Steve Monrad

Oz_Media
Oz_Media

Instead of lining your pockets with tinfoil, making a special wallet or buying one from Think Loser, why not try the simplest and easiest method of subduing your paranoia? But an aluminum BUSINESS CARD HOLDER for your cards. Your money isn't RFID encoded so your wallet is safe, why not just store your ever so dangerous cards in an aluminum business card holder? Fits in the pocket easy, costs $2, and lasts a long time. RFID acanners will not be able to read through it. RFID and aluminum are enemies, tin cans with liquid are still the hurdle they are out to beat.

ian_fleming007
ian_fleming007

I've been using the wallet and passport case from RFID Blockr http://www.rfidblockr.com They are both very sleek and the lining is actually a fine copper mesh that is perfectly integrated into the lining. I've tried DIFR wear's in the past but the lining was tin foil and could hear it bend and crack each time I opened the wallet.

Oz_Media
Oz_Media

Yeah, they have aluminum antennas. Aluminum foil + microwave, pretty easy to figure out. RFID is not some secret technology, we've been using a similar form of RFID for decades now. However, the existing barcoding system is far easier to fool, far easier to use against someone and far cheaper to implement. Why freak out over a new version of what we already have just because it can be read through SOME leather and cloth products?

apotheon
apotheon

Wasn't Oz saying that wasn't possible?

w2ktechman
w2ktechman

good thing mine is in an RFID wallet :D

Oz_Media
Oz_Media

They are EXTREMELY low powered, in fact that's why it is NOT as easy to read from a distance as some seem to believe. The FCC and other regulating bodies have approved RFId tags that fit withing the stringent guidelines of low voltage/low powered devices. In ideal conditions they are pretty good but even tilting a fixed RFID scanner, as used in airports, will cause many misreads. the technology has along way to come yet, but is getting better.

Oz_Media
Oz_Media

If it was more than $2.00 why didn't you just buy a business card case? that's what most paranoids are doing these days. The best I've heard of from a duct tape or foil lined wallet is that it CAN reduce the read RANGE of a scanner, but not stop it. If you walk through by scanner you are still scanned and read properly. I'd say you bought a pet rock, or perhaps an alien signal descrambling device. I wonder if the DoD knows that they are using 'secure' technology is thwatred by a secret wallet? :D I know a guy who makes a living going out to scan cars for bugs. He is hired by politicians, radio broadcasters and high profile businessmen who want to make sure they aren't being tracked or listened to. In 7 years he has ofund two devices on cars he scans. But the people STIL call him out to teh airport, to their parking spaces etc all the tie and pay top dollar for his services. They think it is actually worthwhie and they get peace of mind in believing they aren't being followed. Would you KNOW if your Id was scanned whether in that wallet or not? Nope, but you get a FEELING of security out of it, which is enough for them to sell I suppose. As for an aluminum business card holder for your credit cards and DL, you can lay it right beside a reader and it will simply not be read at all, no data found.

nick
nick

Enough said

Oz_Media
Oz_Media

Just watch out, if Britain needs butter again, you'll be buying that technology yourselves. LOL :D Sucks to be in the UK if this goes through, yeah especially if you a a child of a cabinet minister who is now granted access to buildings without using a pass card! Heaven forbid! It will nto last, RFID technlogy is not that advaced yet. It would last a few months, maybe a year with the current state of tag technology. 'kin paranoids, gotta love you guys for your heart though!

apotheon
apotheon

The fact something that already exists presents a potential security vulnerability doesn't mean that something more recent [b]doesn't[/b] also present a potential security vulnerability. The fact barcodes have been around longer doesn't obviate the danger of misapplied RFID technology.

The Scummy One
The Scummy One

ignoring any and all possible risks and inviting danger by doing nothing is though. Kind of like someone who browses without any kind of protection, verses someone with a virus scanner, vs. someone with a firewall, AV scanner, and spyware scanner. Who is more protected, and who is gonna get f**ked (most likely)?

The Scummy One
The Scummy One

6 months old. Which really doesnt mean much because often it can take a few years for something like this to go through and be implemented. I didnt really look into it after this article, expecting someone to post an update or the like if there was one. Also, I posted it just to show that some people actually are trying to embrace this technology, and try to push it on others. More of a eye opener so to speak.

apotheon
apotheon

Your entire post was an appeal to ridicule fallacy. Keep up the good work.

Oz_Media
Oz_Media

It is FAR more of a threat than RFID paranoia. With 99.999% of trackign tags still using barcodes, RFID has a VERY minscule market and even smaller actual application, kind alike gettign hit by lightning (RFID) compared to being in a car accident (bar codes). How is that a reason for concern? Were you as concerned when barcodes were implemented? Seeiong as bar codes and scanners are in mass widespread use all over the world, at a mere fraction of teh cost of RFID, why did you not include barcodes in your post too? Now if we are lookign at POTENTIAL threat, barcodes pose a MUCH greater potential threat to us than RFID use. Getting back to lightning, being so concerned about RFID tags, is about as sensible as posting about the dangers of being truck by lightning. I know you have been on the RFIED bandwagon for a while now, I just wonder why you are so focused on a better, more expensive and more controllable technology than what is already in existence. Where are your posts about the personal dangers of barcode use? I can get yuo set up with a wireless scanner capable of reading even PDF barcodes (those fingerprint like barcodes) and matching tags you can print yourself at home for less than $350.00. Teh equivalalent in RFID you are looking at $4000.00+ for a reader and printer/encoder without tags. Is RFID REALLY he problem? Nope, but some people would like you to think so anyway.

mcarr
mcarr

Oz, (Denoting the unit of common sense that he aspires to...) "As for laws changing, teh US has been pushing to get our privacy laws changed for decades now, to no avail as it is basic rights for Canadians and not a single suprmem court judge has ever even given such requests a second though." The "it's never happened before so it will never happen in the future" defense seems popular with you. Just because you've never been hit by a car, I wouldn't suggest walking on the freeway. "Cameras used in the UK are NOT, I repeat are NOT, monitored by the police and are only used by an independant company to track people when illegal activity is seen." Yet you feel that the absolute and robust tracking that *will* be available using RFID technology is less likely to be abused than one that relies on a human recognizing a face? You must be kidding. "Then what were you prattling on about?..... Oh yeah, my alien awareness issues. Yeah, the sky is falling, isn't it?" You're a half-wit and a lightweight and I've wasted enough time on your silly antics.

Oz_Media
Oz_Media

As for laws changing, teh US has been pushing to get our privacy laws changed for decades now, to no avail as it is basic rights for Canadians and not a single suprmem court judge has ever even given such requests a second though. I'm not saying they won't ever change, but that it will take a LOT of work and MANY years before anything even SIMILAR to people tracking by RFID is deemed legal in Canada, this I promise you. Cameras used in the UK are NOT, I repeat are NOT, monitored by the police and are only used by an independant company to track people when illegal activity is seen. If a police offices requests that the 'watchdog' follows somebody, the 'watchdog' can only do so few a very short (predetermined) period of time. If illegal or suspicious activity 9which is also very clearly defined) is not seen, the MUST stop monitoring. If it isn't stopped, the tape is deemed inadmissible in court. Big brother in teh UK is actually very closely monitored by several third party's who opposed its use to begin with and now operate their own watchdogs to track the watchdogs. they DID try to implement a similar system here, but it failed due to our privacy rights, no matter how closely aligned with the UK Canada is, it is not THAT close. Then what were you prattling on about?..... Oh yeah, my alien awareness issues. Yeah, the sky is falling, isn't it? Whatever, epople that don't fully understand technology will always fear it. Fearing the unknown is what makes some people human, they simply wouldn't know how to survive withotu questioning every aspect of being. Then there are those who simply don't understand crime, who don't see that there are easier ways of doing what RFID does, for less money and with less effort, but lets all fear the unknown instead. Why focus on today's insecure reality when we can fear what may come tomorrow? Tracking people? Yeah we can't do that today! Good thing they have RFID to infiltrate our lives. You express trackign concerns, well you can be tracked today with great ease an accuracy, yet you do not fear that technology, do you? I promise that if I followed you for a day, I could obtain your Dl number, credit card info. birth date, adddress, phone number etc. for free and with little or no effort.

mcarr
mcarr

Is it Big Brother that I fear? Yes, that's one concern. Surely you don't recognize that this is one potential abuse of RFID information? Look at the Homeland Security laws in the US - how easy would RFID make it for them? Don't bother telling me about the laws in Canada protecting you - new laws are passed every day. The camera security in the UK is hardly supportive of your position - it's a great case in point. There has been plenty of debate over their invasion of people's privacy, but the thing that placates people is the idea that they will only be picked out and identified in the event that the police are looking for them, so only criminals have anything to fear. Facial recognition by computer is never going to be perfected to the absolute identification that RFID offers. That's a very significant advance over the current system, no? It's also the reason that security cameras aren't more prevalent - they're a relatively inefficient way of tracking people. Branding anyone who sees this from a different perspective than you do as "paranoid" and one who is "suggesting that the entire populace is to be injected with RFID dust while sleeping and then tracked for life" is why you don't seem to be getting traction. Your talk of aliens beaming us up shows you to be more interested in an ad hominem approach rather than reasoned discussion. Very lame, really.

Oz_Media
Oz_Media

RFID tags COULD be developed for use as you suggested, perhaps in some other countries that don't believe in people's privacy but in Canada we have pretty tight privacy rights and a massive set of laws supporting them. The US government has tried to get us to change our rights for years so that they can track and prosecute Canadians but judges won't bbudge on it an politicians have and will always defend it to avoid complete mass outrage across the country. But you suggest that there will be scanners around schools, invading childrens privacy, scanners in public parks, invading Joe Citizen's privacy etc. They have had camera security available for decades, as is used in UK cities 'Big Brother' (which is nowhere near what some people fear it is). Paranoid? Why aren't security cameras widely used around city schools, public parks etc. already? Would it be an invasion of privacy that people simply wouldn't accept? What if a pedophile went out of the house without his ID or even better, what if he isn't completely retarded and carried his ID in a metal case or tinfoil wallet from Think Geek? Are you suggesting that the entire populace is to be injected with RFID dust while sleeping and then tracked for life? Will it be the aliens that consire with our governments that beam us up at night and insert RFID chips with 'the probe'? When you start thinking in a more realistic way, you'll start to make sense I'm sure. As for now you are speaking with rash speculation and paranoia.

w2ktechman
w2ktechman

It is better to protect ourselves BEFORE the powers at be screw us over again! Besides, look what happened with our personal identification (SS#'s). Now, just about anything I want to do requires my SS#. How long before any ttracking tool is 'needed' by marketers, and the ability is granted to them to track everyone, and to put everyone on a single database for everything? Yes, I am still getting the wallet -- and putting up a reminder to periodically check around at other rfid programs being pushed out! Thanks for both the posts mcarr

mcarr
mcarr

RFID identifies the movements on an entity (aka person) throughout the day. Say an entity is shown to have been in the vicinity of a school, then at a brothel, then later in the day at a public park, then at a different school in the afternoon. A clever government software application decides that I should be flagged for investigation as a pedophile, even though my movements were lawful and legitimate - I dropped off a child at school, went for a quick root, walked my dog and picked up another child in the afternoon. Someone decides that I should be identified and investigated. It all comes to nothing, but somewhere I end up on a database as once having been identified as a pedophile... I'm entitled to expect some degree of anonymity whilst I carry out a law-abiding existence. I'm not doing anything wrong, so I expect not to be tracked. You say I'm not entitled to my privacy? You're wrong - that's all. It's my decision, thanks very much.

Oz_Media
Oz_Media

You can't really use a debit number online for anything but I'm pretty sure you can set up a PayPal account and give free porn to all the neighbourhood kids for a few months. :D A good sleuth would be able to conduct idnetity theft but even then there are far easier ways to commit these crimes. That's my point with RFID too, while it is NOT infallible, as I happily acknowledge, it is that MORE data can be obtained about people through FAR easier methods than trying to work out encryption and keys and databse hacking to get info on someone. Tags can be scanned if you have the keycode to shake hands with the tag but then what? a scrambled number, descramble it and then what? ANOTHER DAMN number, hack the database and THEN you populate field with information. Man, that's a lot of work for ANY theif, even highly oganized crime syndicates wouldn't bother with that much BS, why bother? You've already noted just one of many ways that identity can be obtained, a hell of a lot easier too I might say! :)

The Scummy One
The Scummy One

often times I go to the ATM (at the bank) and someone has left their receipt sitting there. At this ATM, it asks if you want a receipt and beeps until it is taken -- lol Talk about not protecting data (bank account #'s and all)! Last week I pulled out a little and there was a receipt for someone with $30,000 in their account, bank account # just sitting right there. I threw it away for the fool, however I wonder if that was the best thing to do, maybe this dumba$$ needs to lose it to get a clue! Anyway, I would likely do the same thing next time too.

Oz_Media
Oz_Media

I don't enter my pin number in sight of others, I don't lend out my cards or offer my poin or numbers to others, I don't leave my wallet on a store counter, I protect my passport etc. The whole RFID thing is pure paranoia created by media that has half teh information though. as i have said many times now, how many people put as much effort into their existing ID and cards? They can also be read withotu yoru knowledge, the information that they happily offer up every time it is scanned can be misused in the most horrible ways. these scams are proven and VERY common, and yet there is no hysteria over it. The reason being is that it is not new, everyone knows that there are major security risks wioth MagStripes and BarCodes ,but they also don't care. Put it into a tech magazine and hype it up and all of a sudden people are putting on teh tinfoil hats to stop the alien invaders from reading their minds. Again, people are going on abotu how to secure your wallet, buying duct tape or tinfoil lined wallets, that really don't work anyway,etc. All you need, if you really don't want your card scanned, making everyone else wait to board or pass through because YOU are paranoid, is a cheap business card case $2.00 to put such horribly invasive cards in. Done deal, next?

neilb
neilb

Sorry, Scummy, but the whole point of the push for ID cards over here is (we're told) to track illegal and other immigrants and terrorists. Most new-borns aren't in those categories so nobody is bothered about tracking them. Yet. :D

Oz_Media
Oz_Media

ZZZZZZZZZZZZZzzzzzzzzzzzzzzzzzzz...hmph, hu, wha? Oh, ZZZZZZzzzzzzzzzzzzzzzzzzzzzzz

apotheon
apotheon

You did, indeed, keep up the "good" work, and continue with the appeal to ridicule fallacies.

Oz_Media
Oz_Media

ZZZZZZZZZZZZzzzzzzzzzzzz

apotheon
apotheon

"[i]While you harp on me for not comprehending your post, you offer more crap that shows you didn't understand or read my post.[/i]" Once again, you've read [b]into[/b] what I said. I didn't "harp on" you for failing to comprehend what I said. I pointed out that you read into what I said rather than simply reading it. In short, you assumed meaning that wasn't there rather than just looking for the meaning that [b]was[/b] there. "[i]YOu also avoided answergin a question by offering an example that was in no way similar to teh original question posed.[/i]" No -- I responded to [b]exactly[/b] the question you asked. If you intended your question to carry different meaning, you should have said something that conveyed that meaning, rather than simply assuming that everybody thinks the same way you do and will infer the meaning you intend but don't explicitly share with others. That's basically the same problem I see with your responses to me, if I assume for the moment your errors are accidental rather than malicious: you seem to assume others think exactly like you (only with less facility, judging by your all too common insults). Thus, you seem to assume that there's intended meaning that is not, in fact, in evidence. "[i]I gave you examples of two systems: HYPOTHETICALLY, which would you rather try to work around?[/i]" Ah. That's different. Why didn't you ask that in the first place? I quoted your original question for you, so even if you edit it later the evidence is there: you didn't ask that question. You asked a different question. Now that you've clarified what you want, I'll answer what you've now made clear you wanted to ask. The answer: All else being equal, I would prefer to try to make use of the system that yields the greatest rewards for my time, money, and effort. Considering the ease with which a means of skimming an RF broadcast system can scale up to more individual security breaches, as compared with the difficulty of scaling with something highly directional and more circumstantially difficulty to predict such as barcodes, I'd choose the RF broadcast system. It's about economies of scale. A greater initial investment yields greater rewards in the long term. "[i]This is NOT the same as saying when will you stop hittong your wife, which implies you currently hit your wife.[/i]" It seems you have difficulty with similes. I'll try to make it clearer for you: "Have you stopped hitting your wife yet?" This implies that someone is hitting his wife. "Which system will you try to infiltrate?" This implies that someone plans to "infiltrate" a "system". Do you see how that works? Let me know if you need me to break down the grammar in detail, for you. "[i]I've wasted days with your absolute lies[/i]" I'm sure you can run around in circles on the rest of the accusations in that sentence, but let's just stick with the "lies" for a moment. Quote my "lies". Prove there are intentional untruths. Go for it. Be my guest. "[i]So I will surmise, when it comes to RFID, Aptheon/Chad has the ultimate knowledge from reading and summarizing technical articles he has read. (mind you, to someone that actually works in the industry, has developed and tested such systems, you are just a simpleton with IDEAS and fabricated concepts based on warped facts).[/i]" 1. You don't know what level of knowledge I have, or where I got it. In fact, I have worked on RFID system deployment projects. I prefer to restrict my statements to independently verifiable information, however, so I haven't tried your tactic of claiming special knowledge and expecting everyone to just believe me. 2. You claim special knowledge of RFID technologies, but evidence of that is not forthcoming. You prefer to bludgeon us with your claims of authoritative knowledge rather than providing anything independently verifiable. Is it any wonder several people here aren't just taking your word for anything? "[i]Now I just can't wait to see what you read about the three headed alien baby that Jennifer Anniston just gave birth to.[/i]" Despite how liberally you sprinkle your comments with appeal to ridicule (like that quoted statement), argumentum ad hominem, and appeal to authority fallacies, you seem unwilling or unable to recognize how trollish some of your statements are. Is it willful ignorance, or do you lack connotative understanding of the term "troll" in an Internet discussion context?

Oz_Media
Oz_Media

While you harp on me for not comprehending your post, you offer more crap that shows you didn't understand or read my post. YOu also avoided answergin a question by offering an example that was in no way similar to teh original question posed. I gave you examples of two systems: HYPOTHETICALLY, which would you rather try to work around? This is NOT the same as saying when will you stop hittong your wife, which implies you currently hit your wife. No wonder it doesn't work with you, you just don't get it. Enough, I've wasted days with your absolute lies, character genaralizations, trolling and third party draws. So I will surmise, when it comes to RFID, Aptheon/Chad has the ultimate knowledge from reading and summarizing technical articles he has read. (mind you, to someone that actually works in the industry, has developed and tested such systems, you are just a simpleton with IDEAS and fabricated concepts based on warped facts). Now I just can't wait to see what you read about the three headed alien baby that Jennifer Anniston just gave birth to.

Oz_Media
Oz_Media

I was being nice by thinking you munderstood. But seeing as you are sure you did understand, and still claim that I said "RFID was not vulnerable", then you are just a liar, as I did not say that at all, not ONCE. You said [i]"You have consistently said that RFID is not vulnerable! [i]Which I haven't, liar.[/i] In the very next paragraph after you assessed me as having "comprehension difficulties" you stated that "RFID is NOT the intrusive, covert technology people think it is and that it is less vulnerable than systems we already use today". Come on!"[/i] You contradict yourself in that paragraph alone, proving beyond a shadow of a doubt that you have NOT understood what you read and have comprehension issues. I said "...people think it is and that it is less vulnerable than systems we already use today" How is that, in ANY way at all, the same as saying RFID is not vulnerable? Answer: it isn't. You misunderstood or didn't comprehend what you read or, if you prefer, you simply lied. My point, and I'll type slower so that you can keep up, we have FAR MORE VULNERABLE SYSTEMS IN PLACE TODAY AND HAVE DONE FOR DECADES! Another try: RFID IS vulnerable, but not as vulnerable as your wallet full of insecure ID that you carry today. Get it yet? I bloody well hope so, if you are employed to do anything other than breathe. You lied, I did not say anything that you CLAIM I have said. YOU eiethr lied or misunderstood what I had said, getting it yet? With or without your knowledge? SO when you pass throug a checkpoint at an airport, you don't know you are being tracked, followed, watched by the airport authority? How about the people you DON'T know are watching yuo? If I am reading the concerns correctly, people fear what they DON'T know is being captured. Well RFID tracking systems are very obvious, they are nto covert and need to be properly positioned , you need to walk between pillars that are reasonably close together and withtou any interference. Pretty 'kin obvious if you ask me. The only difference is that you are currently asked for your ID and it is manually scanned, instead of walking between RFID tagged pillars, yeah they need tags by law as they emit RF, darn. But the FEAR being expressed is toward some unknown person having a magical RFID scanner that poicks up a directional signal from a specifric person in a lineup, tricky buggers are smarter than the governments who make the stuff! In such a casem you would have no idea if tha card you pulled out had been scanned by anyone else either, so your current ID is NOT more secure, in fact it can be scanned from a greater distance than RFID can. I can scan a badcoded IS from 40' away with great accuracy, and there is no encryption used in barcodes on ID. Once again, it is EASIER to get tour info NOW than it is with RFID. Pulling your card out or passport is NOT more secure than having it scanned whil in your coat pocket. You are better off NOT having to pull it out to show somebody, your fear of the 'unknown scan' is not warranted nor logical. [i]"Clearly the inconsistency across international borders makes the technology vulnerable"[/i] Yes and they are also in need of better security excryption etc., which is a constant work in progress, but it still beats what we already use today. I have yet to say otherwise, you just seem to assume I think otherwise; your a crafty little mindreader you are, even if you are wrong. Forging chips can be done, again I have not said otherwise, but it is easier to forge the barcode or MagStripe we use today. So it needs to be visible? So what, that's not hard, people use cards all the time. Did you get a special wallet and write to the governnment to show your displeasure in their using ATM cards? Why not? The biggest scam they have done yet is by installing readers into ATM machines within the banks themselves so that every card passed through can be duplicated in a matter of seconds. Don't you feel better that you scanned yoru own card now? Wouldn't it have been better to have it read by an RFID pillar instead of a device which is easily modified by an outsider? RFID has a long way to fall before it is anywhere near as vulnerable and attacked as our information is today. This does NOT mean that it is not vulnerable. Criminals always choose the easy path, not the hard one.

apotheon
apotheon

"[i]you state that costs will NOT drop past a certain point as it is simple economics.[/i]" This is not what I said. I discussed rate of commoditization and rate of cost changes, as well as relation of cost to price, with special attention on the part that inflation plays. Please try reading my previous statements again, with this in mind, if you really think I said something about how prices won't "drop past a certain point". Then, when you're done, perhaps you can argue against what I said rather than something I never said. "[i]You area complete joke, you make no sense you constantly contradict yourself.[/i]" I suppose it might seem that way if you [b]read into[/b] what I say, rather than simply reading it. "[i]The other is more secure, changes all the time and costs many times more money.[/i]" Are you aware that when a technology "changes all the time" it is more susceptible to developing new vulnerabilities? What, exactly, makes you think that RFID is magically immune to significant vulnerabilities, anyway? Never mind, don't answer that. It was a rhetorical question, intended to illustrate a point to spectators who are willing to actually read rather than just skim for excuses to call people names. "[i]Which system will YOU try an infiltrate?[/i]" I'm not planning to infiltrate a system at all. "[i]I know you'll come up with some irrelevant BS and avoid answering the simplest question, because I think even you know how stupid it will make you to answer honestly.[/i]" If you mean the question about what system I'll infiltrate, it's predicated upon false premises. I wouldn't directly answer the question "Have you stopped beating your wife yet?" either. If you mean some other question -- well, there weren't even any other question marks in your post.

Oz_Media
Oz_Media

Your hypocrisy is hilarious this time. I JUSt finished tellign you that new technology will always emerge and teh cost will never hit rock bottom. YOu quickly disagreed and said taht ALL technology drops in cost as it is simply economics. Now, when it suits your trollign agenda, you state that costs will NOT drop past a certain point as it is simple economics. You area complete joke, you make no sense you constantly contradict yourself. I HAVE answered the cost question too many times to count now and you are STILL not getting it, as simple as it is. REGARDLESS of cost, it could be 8 cents per tag (though they have been trying to get below 25 cents for 10 years now to no avail), the means we have of getting the same information TODAY is less expensive than RFID regardless of the RFID costs. So, if You could get the same information from two different systems. One has been around nealry 60 years and is next to free to obtain. The other is more secure, changes all the time and costs many times more money. Which system will YOU try an infiltrate? I know you'll come up with some irrelevant BS and avoid answering the simplest question, because I think even you know how stupid it will make you to answer honestly.

Oz_Media
Oz_Media

Is seeign RFID as a people tracking system, which it COULD become but is not and in fact that is being regulated against now. Once again, you ,miss teh key point. It is 1000 times easier to do that exact same replication today, with existing technology than it is with RFID, why BOTHER with RFID? Its really VERY VERY simple. 1) We carry the exact same info on us every day today, as we would if RFID tags were widely implemented. 2) The information we carry on us today, is FAR more vulberable and easier to duplicate than if RFID tags were widely implemented. 3) There are no posts stating the fear and insecurity behind using MagStripes or barcodes today, however a more secure and harder to duplicate technology is seen as the end alll of personal privacy? Illogical and irrelevant. if you really want to fear something, fear what you carry today that is NOT as secure as RFID, but then again that hype was dead 15 years ago when people found out that barcodes were not being stolen and used to infiltrate their personal data. Some people just like to flatter themselves I guess.

apotheon
apotheon

1. Why do you keep avoiding the subject of cloning, Oz? It has been brought up several times, by several people. 2. I'm not sure you understand economics very well. A technology available for $100 two years ago isn't going to drop in sticker price by 50% just because two years have passed, under current economic conditions. Have you heard of inflation? Even if the real cost drops, so does the value of your currency, so that retail price may not drop as much -- or may remain constant, or even climb, depending on inflation rates. Furthermore, when you're constructing something yourself (as mcarr suggested), you have to deal with the cost of the parts. Advances in RFID technology and dropping costs for the technology when you're mass-producing it -- and, thus, can pass the savings on to the consumer -- doesn't guarantee that parts you buy from Radio Shack to implement the technology yourself will see a similar drop in cost. While it's likely that a home-built skimmer will contain some prfabricated parts (I don't care to build a receiver unit from scratch), there is still less economy of scale and commoditization at work in determining cost changes than there would be if you just bought a complete, pre-assembled unit. Relatively early in the development of a technology that can be replicated by a hobbyist, the price gap between something built at home and a high-overhead commercially manufactured unit tends to be quite high. As the cost of commercial unit production drops, however, that gap tends to narrow, because the commercial unit costs generally drop much more quickly than the hobbyist home-built units. That closes this session of Technology Economics 101.

mcarr
mcarr

You say: "As for costs, please feel free to make a $50.00 scanner (if it was $100.00 2 years ago it must be cheaper now) and go to the airport or somewhere else where RFID tags are used, and try scanning some data. You'll first need figure out the access key to get any response from the tag, after they successfully 'shake hands', you can decrypt it and then hack the central database to find out what the numbers mean and post the results back here." As I understand it, shaking hands is not very complicated at all, though feel free to correct me. You consistently maintain that I need the data to do anything, but I don't. Let's say that someone set up a scanner at the airport and picked up a tag in my wallet with an identifier of 'A123B456C'. Although they know nothing about me, they are able to assert that "the entity we now know as 'A123B456C' was at the airport today". Later that day, another scanner picks me up at a hotel. The fact that there is a gap between my actual identity and that by which they know me is not very comforting. There are myriad ways of obtaining my name other than from the database storing my information - once they've achieved this, they're tracking me by name, without my knowledge or consent and almost certainly not in my interests. If you don't see that as a legitimate concern from an emerging technology... well, I'm running out of ways to explain it to you.

mcarr
mcarr

You have consistently said that RFID is not vulnerable! In the very next paragraph after you assessed me as having "comprehension difficulties" you stated that "RFID is NOT the intrusive, covert technology people think it is and that it is less vulnerable than systems we already use today". Come on! The reason that people accept carrying ID at the moment is that if they produce it, it is done with their knowledge rather than without. Also, you note that the "U.S. Code of Federal Regulations (CFR), European Telecommunications Standards Institute (ETSI), International Civil Aviation Organization (ICAO) and others" accept that there is "a need for global regulation". Clearly the inconsistency across international borders makes the technology vulnerable. You point out that the technology is getting more secure all the time - that would be good, especially in the unlikely event that it outpaces those trying to exploit it. Are you aware of what Adam Laurie did with a UK passport in 2007? He cracked the encryption and skimmed it while it was still in the mailing envelope. Others have copied data from one tag to another to produce a passport that fools an RFID reader. Forging a chip might be even easier than forging a whole passport. Killer security - embed a chip in your "Rules of Poker" handbook and walk right through customs...

Oz_Media
Oz_Media

You are simply creating an opposition that isn't there. You claim I am not going to convince anyone that RFID can't be abused. Therefore I channegs you to post a single comment where I have said it can't or won't be abused. To save yourself time, I haven't. I have said that the systems we CURRENTLY use are easier to thwart and that for the effort of decoding, decoding and decoding RFID in order ot get information, there are FAR easier methods that criminals use today. One example I cited was stealign a car, whey make a wax imprint of a key, handcarve a copy and steal a car with it, when ou can jimmy the lock in 20 seconds with apair od scissors? It CAN be done but it doesn't make sense to and I'd like to give organized criminals a little more credit than that. New methods of getting RFID info are created all teh time, I know that new methods of collecting your bar coded or Magstrip information were also created all the time for decades. The manufacturers of those products also constantly improved securty measuers to meet new threats. This is no different with RFID. As for costs, please feel free to make a $50.00 scanner (if it was $100.00 2 years ago it must be cheaper now) and go to the airport or somewhere else where RFID tags are used, and try scanning some data. You'll first need figure out the access key to get any response from the tag, after they successfully 'shake hands', you can decrypt it and then hack the central database to find out what the numbers mean and post the results back here. Good luck with that.

Oz_Media
Oz_Media

I am yet to say that RFId is not vulnerable even once, wher you got that idea is beyond me; comprehension difficulties are the usual reason for such misunderstanding of what you are reading. All I have said is that RFID is NOT the intrusive, covert technolgoy people think it is and that it is less vulnerable than systems we already use today. People aren't freakign out over the insecure ID they carry already, but a more secure system is seen as horeendous invasion of personal security, a complete joke. As for regulations, there are set regulations for use of FRID tags. They have a long way to come though, as I mentioned before. Different uses have different restrictions about what data can be collected, how it is encrypted, stored etc. It also vary's by country and even state (in the US). When designing systems, you always have to follow a set of guidelines. Regulating bodies include: U.S. Code of Federal Regulations (CFR), European Telecommunications Standards Institute (ETSI), International Civil Aviation Organization (ICAO) and others, again demonstrating a need for global regulation. A probelm is that tags are often implemented in one country and the product is shipped to another. I also acknowledge the fact that these systems have been and will be abused again. Ever since Gen1 tags billions have been invested by multinational providers such as Symbol and Zebra to further secure tags for more sensitive useage. GenII tags offered greater encrytpion and an ability to store more data, newer technology is more and more secure all the time. There are more and more people learning to implement and understand RFID applications, after quite a few years working with th industry I too am always leaning that what works with one application fails in another; this technology, while having been around for som etime now, is still in its infancy and has a long way to go. There are three main engineers in the US that are booked solid travelling the world and implementing the most complex systems and training RFID implementers (one still works for Symbol/Motorola I believe), they are considered the global guru's of RFID and recognized as such by all of the major RFID implementors in the world, there are also two in Europe, not too sure in which countries though. Make of it what you will, take my comments as snidely as you wish, your impressions, correct or not, do not bother me in the least. I am just saying, why the hype over a more secure way of doing the same things than we have had in decades? RFID doesn't do anything new, it just does it more efficiently, whether that is in security, retail, transportation etc. It is simply a faster way of doing something we already while almost elminating human error.

mcarr
mcarr

As long as you can Google for "build an rfid antenna" and get a first hit such as http://www.eng.tau.ac.il/~yash/kw-usenix06/index.html, you're never going to convince anyone that this technology can't be abused now or that it won't be even easier to abuse in the future. The article is two years old and provides the means for building an antenna for around a hundred bucks - out of the range of most criminals? Oz, assuming you know as much as you claim to about the technology, you must have been aware of these sorts of developments. That being the case, it makes it hard to take anything you say seriously.

mcarr
mcarr

CASPIAN, the Privacy Rights Clearinghouse, the Electronic Privacy Information Center, the Electronic Frontier Foundation, The American Civil Liberties Union and 40 other leading privacy and civil liberties advocates and organizations have recognized the threat posed by RFID. Are you suggesting that they're all victims of misguided media? Further, RFID control is not legislated in most cases - in the US they rely on self-regulation to control and protect the use of the data. The industry body that sets the technical standards for RFIDs is EPCglobal. When Checkpoint Systems (a member of EPCglobal) designed RFIDs to be hidden in the soles of people's shoes in clear violation of the guidelines, the then president of EPCglobal Mike Meranda stated that since the guidelines were voluntary, there was nothing that they could do about it. RFIDs can be misused. I don't know if you just lack the vision or creativity to see how tracking the movements of RFID carriers (aka people) could be abused, but if you really can't, you're just not trying hard enough. For any interested readers, Scientific American had a good article in September 08 written by Katherine Albrecht, who holds a doctorate in education from Harvard, regularly testifies before legislators about RFID use, recently delivered a keynote about RFID and privacy at an MIT worshop and has written two books describing how corporate and governmental uses of RFID could threaten individual privacy and security. Is she one of only three people in the US you claim understand RFID Oz, or did you mean that there are only three experts who agree with your position?

apotheon
apotheon

Your close brush with reasoned discourse just ruptured an artery and bled all over the discussion. Thank you for ignoring your own potential for discussing the matter like an intelligent human being in favor of insulting me.

Oz_Media
Oz_Media

If it poked your eye out.

Oz_Media
Oz_Media

I don't care WHO's advice your take, its not my problem. You can live in a world of speculative fear or you can investigate the technology and prove ourself wrong, its your life to live as you choose. This is also the internet, if you do not want to read it don't click the links, pretty straight forward, isn't it? I did actually answer each and every one of your concerns and explained exactly how those concerns are not relevant when looking at today's systems. My point is that it makes no difference, your information is just as vulnerable, in fact moreso, today that it is with RFID. If someone wants it, there are FAR easier ways to obtain it than trying to thwart RFID technology. ANY system can and will be beaten, ANY system. Making it useless to try and beat a system is a good way to slow such activity or making it too time consuming and expensive is another. once again, any informaton you fear losing due to RFID, can already be obtained much easier, with less effort and for less money. Criminals are not as dumb as people make them out to be, well some are, but not most that are into such scams. As I said to another poster, why would a criminal make a plasticine imprint of a key, hand carve a copy or yuor key and then steal your car when he could jimmy the locks with a pair of scissors in less than 20 seconds or simply steal your keys? Yes it can be thwarted but why would anyone bother when there are far simpler means of getting to the samme end result?

mcarr
mcarr

... rather than being dismissive and smarmy. I think I'll take the advice of another poster and not bother - for all your (poorly typed) rhetoric, you offer remarkably little substance.

Oz_Media
Oz_Media

In your case it is a simple magstripe, just as easy to 'steal' from a distance than bar codes. I have several cards that have one, the other or both myself.

Oz_Media
Oz_Media

Aside from yoru constant third party trolling, you probably missed how I explained that he had a valid point and that it was worth explanation. I also didn't contradict or flame him in order ot troll, as you have intently done once again. Next time try reading before posting, for once. Either let people have their own debates or contest a point yourself, the third party crap is just childish though.

apotheon
apotheon

His arguments are self-contradictory rants against anyone that would dare suggest a means for him to make money might not be perfectly safe under all circumstances. He'll probably come up with some spurious, off-topic disputation of what I just said, too. I don't remember the last time I saw Oz enter a discussion without trolling for flames.

apotheon
apotheon

I don't know about you, but I don't have barcodes taped to my forehead, hands, and outsides of my back pockets on a regular basis. I do, however, have a PayPass MasterCard. The moment I think barcodes present the same kind of potential vulnerability as RFID technologies, I'll recommend that people keep their barcodes in their wallets rather than wearing them silk screened to the backs of their shirts. Since I don't see a lot of people wandering around with bank account information encoded in a barcode silk screened on the backs of their shirts, though, I don't think such an article will be written very soon.

Oz_Media
Oz_Media

RFID as ANY RFID manufacturer or sales rep will tell you, does NOTHING that couldn't be done before. All it does is simplify collection and manipulation of data. It was only designed for supply chain management, it did well for the military for years and some people jumped on the bandwagon. It offers a way for major retailer like WalMart, to track product from the manufacturer (they have forced compliance by all suppliers now and do not accept goods that aren't tagged with RFID)to the truck, to the train, to the airplane, to the next truck, to the next warehouse to the store and eventually the shelf. After that, they couldn't give a damn what happens to the tag. It allows them to quickly see that there are only 6 medium, blue shirts left on the rack, which automatically sends data to the warehouse to replenish the supply. this means they dont sit on stock and always have exactly what is needed at all stores based on individual sales. As the warehouse runs low, the manufacturer is notified and an order is automatically placed. If the warehouse is low, they can instantly tell you where the next shipment is based on the last place the order was scanned, whether manufacturer's warehouse, ship etc. Thats it, supply chain management just as the military used it for. When I was first getting into RFID, I had calls from every company you can imagine, they all wanted RFID and had unique applications for it. After doing the math and realizing it did nothing that they didn' talready do, except make it faster and automated, they soon drop out and stick with paper barcode tags for mere fractions of a penny each. Before RFID, barcodes were used. Barcodes requrire a person to individually scan each and every box on a pallet, they then scan each and every box as it enters the warehouse, then it is manually scanned box box box again as it hits the store and eventually inventory is tracked periodically at the shelf. Now it is automated and done in groups, a whole pallet can be scanned by a forklift mounted scanner as it is picks up pallets for loading on the truck and the next forklift or post scanner will grab the data as it is unloaded, THAT 'S IT, that's ALL RFID is, nothing more. I just find it comical that people are still coming up with bizarre ways that RFID is used, simply because it is unknown technology it is feared. People feared all Muslims until they started to recognize the difference and understand that not all Muslims are terrorist and not all Sunni's hate Shiites, as my earlier post stated, I saw a show where a shiite man is married to a sunni woman and says it is common and not what is portrayed in the west. We are taught to fear what is not understood, with no advantage to RFId except automation, people FEAR all kiond s of things about it, because it somply doesn't make sense ot invest all that money in teh same thing you already have. Well it does to SOME people, I'd say 1 in 100 that investigate RFID can find a case for it, that's all there is to it. Simple and different way of doing what we already do today. sorry for length but I feel it needed proper explanation as you did raise a valid point that most just don't get.

Oz_Media
Oz_Media

RFID tags are not a new way of doing something you alredy do. They offer a few more lines where product origin, time leavign warehouse B etc can be stored in cryptic numerical format. Currently there are up to four stripes that can be encoded on a magstripe card and they add more and mreo as technology improves. So the information gathered is the same as always, when you swipe your card. The only thing RFID does is offer a DIFFERENT, automated way of reading the same info. Just as it does nothign new for the provider of teh tag, it does nothign new for thieves of the information. It is just as easy to obtain and stores teh same info. Why isn't everyone freakign out abotu magstripes on credit cards, drivers licences and every other hunk of plastic in your wallet? Sure there are criminals that easily obtain trade, sell and use the inofrmation. there always has been and always wil be, RFID or not. NOTHING changes just the format and it is NOT as easy to obtain as it is said to be. Wifi? What were you respondng to with that? Wifi can be used today to transfer pen scanner info too. A high power MSR that reads your mag stripe from a distance of several feet and transmits the info to a database, how is that any different with RFID, other than being about $1800.00 less expensive? Most people that would want YOUR special, private information, (this is where we flatter ourselves by pretending we are important)would simply steal your wallet anyway, no need for high tech when the old five finger discount works just as well if not better. What about MSR thieves? You know those fancy green plastic things on the ATM machines, where you slide yoru card in? They are there because poeple install scanners into machines that read cards and send the data out as they are inserted. HOw about the MSR at your local store? ANY clerk can steal a copy of all numbers swiped (and thy do) for a few weeks before getting fired purposely with yout collected data. Mag stripes are far less secure than RFID tags, its simply the way they are read that scares people. Your personal data is no more and no less vulnerable than it ever has been.

The Scummy One
The Scummy One

Ok Oz -- LOL -- I got to this line before commenting "It is a very expensive asset management system that does NOTHING that wasn't done before." Hmmm, if it is soo much more expensive and adds nothing new, then why move to it? There are Benefits for using rfid, so it Does indeed add something new.

Oz_Media
Oz_Media

Where to start with that one?! Subliminal advertising? People asking randomly for your middle name? You call those comparisons or examples? LOL :D RFID is not a spynetwork used to track yoru every move. It is a very expensive asset management system that does NOTHING that wasn't done before. so your card can be scanned automatically, so what? Would you rather pass that same point and pull yuor card out or simply pass through? They aren't hidden and covert systems, RFID systems are always tagge dby law because some people may have issues due to artificial hearts etc. Even though teh RF is very low powered, any product taht fits teh RFID classification needs to be identified. nobody is reading your info 5 tiems a day as you walk around. On teh other hand, if you had to pass through 5 gates and you were constantly asked for your middle name, "can you spell that? Sorry, was that N or M?" you'd get pretty tired of it. With RFID you KNOW when it is being read and simply smile as the entry gates open for you without some foreigner trying to spell Phineas Kanalua Shewreman, to to mention the poor people waiting behind Phineas. Decryign RFid technology. I odn't decry it, I know it and understand it. Sure it took a good year and a half of serious study and training to actually understand how it is used, where and why but I don't decry it. Technology changes rapidly! I know, in fact RFID has been used for over two decades and is only now starting to find reasonable applications. everyone wants teh technology but when they find out it offers nothign new and it costs a lot of money, they soon balk. the only advancements they have beeen working on oer the last ten years is to bring teh cost of tag manufacturign below 25 cents each. They are close now but it is still a way off. And what about thos ecomputers! Now there's some dangerous technology, I thiknn we should smash compputers with a hammer too! You never know when you are being hacked, your information isn't secure (more than any RFID tag will offer)and they can be stolen with all of your info on them. We should force teh government to cease building smarter computers, they are only going ot be trouble and I can't walk around with a laptop near wireless signals, someone may read my info on my hard drive. Yes, that's just as insane as fearing RFID tags. The problem is, everyone has a bad opinion of RFID, except those that use it daily or truly understand it. Some twink with a pair of coke bottle glasses and a pocket protector writes a paranoid rant in an electronics magazine and it is taken as gospel by teh IT world. You lot are fun with your paranoia sometimes but this is just stupid.

The Scummy One
The Scummy One

3G or 4G card, or any wi-fi for that matter. The potential is huge, whether the ability is avail. at this time or not. I see no reason to argue NOT using an rfid blocking device to store those cards, other data. Nor do I see a reason Not to break the chip if one wants to. I do agree that out of the readers that I have seen, at this time, they would not be useful for this. But what about the next gen readers 2 years from now, or even next year? The problem isnt that these are not available, so dont worry about it, it is that these May become available, when we arent ready for it, and we may not be informed of risk properly when it does happen.

Oz_Media
Oz_Media

Without swiping it. tricky huh? The point is, this information is so easily obtained already that an RFID tag, encoded much harder than a barcode, really offers nothing that can't be obtained through MUCH simpler methods. Scan a barcode with a raster scanner from 3' away, and yuo get 836745267841. Scan an RFID tag with an RFID scanner from 3' away and you get 836745267841. So if I was in an airport and wanted ot scan your DL, a raster scanner will read it when I am within sight of it. Say standing behind or beside or even BY you. Same info, info is useless. now determine what 836745267841 relates to? Which digits represent your birthdate? Which digits represent your name? Which digits represent your marital status etc.? Connect to the main database at the terminal and you've got a shot, but if you have that ability and access, RFID isn't going to change anything anyway. You have no idea how much information can be collected by barcodes, especially modern 2D/PDF barcodes, the really crazy looking ones with short lines and swirls all over them. RFID offers nothing new for the criminal, just slightly different ways of obtaining teh same info.

mcarr
mcarr

The reason that subliminal advertising is banned is because there is a possibility of influencing someone without them having a conscious choice. The issue of RFIDs is the same. It doesn't matter whether the data is immediately useful or not - it's our information and it's being taken from us without our permission. Imagine if during the course of the day tomorrow, 10 random people asked you what your middle name was - by the end of the day, you'd be getting annoyed at it. Not just because you were named after your grandmother's maiden name, but because it's information that is none of their business. Of course it's no use to them, but that doesn't mean that you're entirely comfortable with them having it either. The fact that they're actively collecting it leads you to think that they intend to try to use it somehow. Decrying RFID on a technological basis is a rubbish answer too - you know as well as anyone how quickly these things can improve if there's a proven need for them. If you look at this issue from an information perspective, there's no denying that there is the potential for problems.

The Scummy One
The Scummy One

why should barcodes have been included? If I have a card with a barcode in my wallet, and I pass by a barcode scanner -- it doesnt see a thing. If I pass by an rfid reader with an rfid chip in my wallet -- it may just pick up data that it shouldnt! Big difference