RFID: Applications, Security, and Privacy

Join the site for free
to get exclusive member benefits!

Usually ships in 24 hours.

Book Description

“RFID is the first important technology of the twenty-first century. That’s an awesome responsibility. How can we know when and how RFID is being used? How can we make sure it is not misused? How can we exercise choice over how it affects us personally? How do we ensure it is safe? This book is a valuable contribution to the ongoing effort to find the answers.”
—From the Foreword by Kevin Ashton, cofounder and former executive director, Auto-ID Center; vice president, ThingMagic Corporation

Radio frequency identification (RFID) technology is rapidly becoming ubiquitous as businesses seek to streamline supply chains and respond to mandates from key customers. But RFID and other new wireless ID technologies raise unprecedented privacy issues. RFID: Applications, Security, and Privacy covers these issues from every angle and viewpoint.

Award-winning technology journalist and privacy expert Simson Garfinkel brings together contributions from every stakeholder community—from RFID suppliers to privacy advocates and beyond. His contributors introduce today’s leading wireless ID technologies, trace their evolution, explain their promise, assess their privacy risks, and evaluate proposed solutions—technical, business, and political. The book also looks beyond RFID, reviewing the privacy implications of Wi-Fi, Bluetooth, smart cards, biometrics, new cell-phone networks, and the ever-evolving Internet. Highlights include

• How RFID and other wireless ID technologies work
• RFID applications—from gas stations and pharmacies to the twenty-first century battlefield
• RFID, privacy, and the law—in the United States and around the world
• RFID, security, and industrial espionage
• How Bluetooth and Wi-Fi can track individuals, with or without their permission
• Technical solutions to wireless ID privacy concerns—their values and limitations
• Stakeholder perspectives from EPCglobal, Inc., Gemplus, The Procter & Gamble Company, and other industry leaders
• The future of citizen activism on privacy issues

Clear, balanced, and accessible, this is the indispensable primer for everyone involved in RFID: businesses implementing or evaluating RFID; technology suppliers responding to user concerns; and policymakers and privacy advocates who want a deeper understanding of the technology and its implications.

Includes contributions from

AIM Global, Inc.
CASPIAN
Center for Democracy and Technology
EPCglobal, Inc.
The Galecia Group
Gemplus
IDAT Consulting & Education
Institute for the Future
Matrics, Inc.
MIT Computer Science & Artificial Intelligence Laboratory
MIT Media Laboratory
OATSystems
Privacy Journal
The Privacy Rights Clearinghouse
The Procter & Gamble Company
RSA Laboratories
UCLA Department of Geography
Wayne State University Law School

Table of Contents

Foreword.

Preface.

Acknowledgments.

I: PRINCIPLES.

1. Automatic Identification and Data Collection: What the Future Holds.

    Introduction

    A Brief History of AIDC

    The "Industry" That Isn't

    The Interconnected World

    Clear and Present Benefits

    Future Applications

    Conclusions

2. Understanding RFID Technology.

    Introduction

    RFID Technology

    RFID Applications

    Conclusions

3. A History of the EPC.

    Introduction

    The Beginning

    A Mini-Lecture: The Supply Chain

    The Auto-ID Center

    Harnessing the Juggernaut

    Conclusions

4. RFID and Global Privacy Policy.

    Introduction

    Definitions of Privacy

    Mapping the RFID Discovery Process

    Privacy as a Fundamental Human Right

    Privacy Through Data Protection Law and Fair Information Practices

    Conclusions

5. RFID, Privacy, and Regulation.

    Introduction

    Some Current and Proposed RFID Applications

    Whither Item-Level Tagging?

    Understanding RFID's Privacy Threats

    Conclusions

6. RFID and the United States Regulatory Landscape.

    Introduction

    Current State of RFID Policy

    RFID Policy Issues

    Government Versus Individual Context

    Business Versus Individual Context

    Industry Leadership

    Options for Government Leadership

    Snapshot of Current Status

    Policy Prescriptions

    The Case for, and Limits of, EPCglobal Leadership

    Conclusions

7. RFID and Authenticity of Goods.

    Introduction

    A Few Important Concepts in Authentication

    Authenticity of Tags and Authenticity of Goods

    Authenticity of Goods and Anticounterfeiting Measures

    Authentication of Readers

    Authentication of Users Across the Supply Chain (Federation)

    Conclusions

8. Location and Identity: A Brief History.

    Introduction

    Place and Identity in a World of Habits and Symbols

    Locational Technologies

    Rethinking Identity: Beyond Traits and Names

    On RFID

    Conclusions

9. Interaction Design for Visible Wireless.

    Introduction

    The Role of Interaction Design

    A Common Vocabulary

    Designing and Modifying WID Systems

    Conclusions

II: APPLICATIONS.

10. RFID Payments at ExxonMobil.

    Introduction

    Interview with Joe Giordano, ExxonMobil Corporation

11. Transforming the Battlefield with RFID.

    Introduction

    Logistics and the Military

    Conclusions

12. RFID in the Pharmacy: Q&A with CVS.

    Introduction

    CVS and Auto-ID

    Project Jump Start

    RFID in the Store

    Making RFID Work: The Back End

13. RFID in Healthcare.

    Introduction

    Home Eldercare

    Challenges

    Conclusions

14. Wireless Tracking in the Library: Benefits, Threats, and Responsibilities.

    Introduction

    RFID System Components and Their Effects in Libraries

    RFID Standards

    RFID in U.S. Libraries

    Best-Practices Guidelines for Library Use of RFID

    Conclusions

15. Tracking Livestock with RFID.

    Introduction

    RFID Has to Prove Itself

    Putting RFID to Work

    RFID and Livestock Marketing

    RFID World Livestock Roundup

III: THREATS.

16. RFID: The Doomsday Scenario.

    Introduction

    RFID Tags and the EPC Code

    A Ubiquitous RFID Reader Network

    Watching Everything: RFID and the Four Databases It Will Spawn

    Corporate Abuse

    Government Abuse

    Conclusions

17. Multiple Scenarios for Private-Sector Use of RFID.

    Introduction

    Scenario 1: "No One Wins"

    Scenario 2: "Shangri-La"

    Scenario 3: "The Wild West"

    Scenario 4: "Trust but Verify"

    Conclusions

18. Would Macy's Scan Gimbels?: Competitive Intelligence and RFID.

    Introduction

    In-Store Scenarios

    So, Who Wants to Know?

    Conclusions

19. Hacking the Prox Card.

    Introduction

    Reverse-Engineering the Protocol

    Security Implications

    Protecting Against These Types of Attacks

    Conclusions

20. Bluejacked!

    Introduction

    Bluetooth

    Bluetooth Security and Privacy Attacks

    Conclusions

IV: TECHNICAL SOLUTIONS.

21. Technological Approaches to the RFID Privacy Problem.

    Introduction

    The Technical Challenges of RFID Privacy

    Blocker Tags

    Soft Blocking

    Signal-to-Noise Measurement

    Tags with Pseudonyms

    Corporate Privacy

    Technology and Policy

    Conclusions

22. Randomization: Another Approach to Robust RFID Security.

    Introduction

    The Problems in RFID Security

    Conclusions

23. Killing, Recoding, and Beyond.

    Introduction

    RFID Recoding and Infomediaries

    Infrastructure Issues

    Conclusions

V: STAKEHOLDER PERSPECTIVES.

24. Texas Instruments: Lessons from Successful RFID Applications.

    Introduction

    Toll Tracking: Who Knows Where You Are Going?

    Contactless Payment: Are Safeguards Already in Place?

    RFID and Automotive Anti-Theft: Staying Ahead of the Security Curve

    How and What We Communicate

    Conclusions

25. Gemplus: Smart Cards and Wireless Cards.

    Introduction

    What Is a Smart Card?

    Smart Card Communication and Command Format

    Card Life Cycle

    Smart Card Applications

     "Contactless" Cards

    Protocols and Secure Communication Schemes

    Constraints of Contactless Products

    Contactless Products and the Contact Interface

    Conclusions

26. NCR: RFID in Retail.

    Introduction

    Payment Applications

    Inventory Management Applications

    Hybrid Scanners

    Privacy Concerns

    RFID Portal

    Conclusions

27. P&G: RFID and Privacy in the Supply Chain.

    Introduction

    Procter & Gamble's Position

    RFID Technology and the Supply Chain

    Global Guidelines for EPC Usage

    Conclusions

28. Citizens: Getting at Our Real Concerns.

    Introduction

    Prior to the Point of Sale

    After the Point of Sale: Nonconsumer Goods

    After the Point of Sale: Consumer Goods

    After the Point of Sale: Privacy Interests

    Eliminating the RFID Threats to Privacy

    Conclusions

29. Activists: Communicating with Consumers, Speaking Truth to Policy Makers.

    Introduction

    RFID Characteristics That Threaten Privacy

    Proposed Technology-Based Solutions

    Is Consumer Education the Answer?

    Calling for a Technology Assessment

    Conclusions

30. Experimenting on Humans Using Alien Technology.

    Introduction

    The Surveillance Society: It's Already Here

    A Trick to Overcome Resistance

    Constituents to Change-and to Stasis

    Privacy Advocates Own This Story

    Privacy, Change, and Language

    How to Make Consumers Demand Change (and RFID)

    Conclusions

31. Asia: Billions Awaken to RFID.

    Introduction

    Factors Separating Western and Asian RFID Experience

    The Extant Paper Database and Electronic Credit Card Systems

    RFID in India

    RFID Across Asia

    Conclusions

32. Latin America: Wireless Privacy, Corporations, and the Struggle for Development.

    Introduction

    An Overview of Wireless Services Penetration into Central America

    Pervasiveness of Telecommunications in Central America

    Privacy Concerns

    An Overview of Privacy Across Latin America

    Conclusions: Privacy, Poverty, and the Future

APPENDIXES.

Appendix A: Position Statement on the Use of RFID on Consumer Products.

Appendix B: RFID and the Construction of Privacy: Why Mandatory Kill Is Necessary.

Appendix C: Guidelines for Privacy Protection on Electronic Tags of Japan.

Appendix D: Adapting Fair Information Practices to Low-Cost RFID Systems.

Appendix E: Guidelines on EPC for Consumer Products.

Appendix F: Realizing the Mandate: RFID at Wal-Mart.

Index.

Preface

There's a school bus stopped outside a middle school Spring, Texas, a wealthy suburb on the northern edge of Houston's metropolitan sprawl. Inside the bus several well-dressed and obviously well-off children stand in the aisle waiting to get off. Sandra Martinez, a 10-year-old with a thick brown braid and a charcoal grey blazer, pauses while she takes her ID card, hanging from a lanyard around her neck, and presses it against the large grey panel that’s mounted on the big padded barrier that divides the stairwell from the passenger compartment.

The panel beeps.

Sandra descends the school-bus steps and the next student fumbles for her ID card. Meanwhile, a computer onboard the bus is hard at work. First the computer takes a geospatial reading from the Global Positioning System receiver that's mounted inside the bus. Next, the computer, using an onboard digital cell phone, sends to Spring Independent School District the precise time and location that Martinez left the bus using an onboard digital cell phone. This information is made instantly available on a Web site where it can be accessed by Martinez's parents, the school administration, or anyone else with the appropriate access codes. The purpose of the system, which was installed at a