Concern About Facts Prompts Association Statement to Challenge Recent RFID Book

Oct. 1, 2005
Concern About Prompts Association Statement challenges Recent Book about RFID The following statement about Spychips: How major corporations and government

Concern About “Facts” Prompts Association Statement challenges Recent Book about RFID

The following statement about Spychips: How major corporations and government plan to track your every move with RFID, appeared in RFID Insights, a newsletter produced by AIM, the trade association for automatic identification. The book was written by Katherine Albrecht and Liz McIntyre.

AIM said, to truly point out all of the flaws in this tome would, itself, require an entire book, but it is important for us to point the most egregious errors and faults immediately. Left unchecked, consumers, the media, business leaders, and government officials could proliferate this misinformation, draw faulty conclusions, and ignore the current benefits and promise of RFID.

For conspiracy buffs, this book makes a great read. It has just enough technical detail to lend it an air of credibility and more than enough nightmarish speculation to make it truly frightening -- which is exactly the point of any good horror novel.

As a fact-based book, it's sadly flawed. The foreword by Bruce Sterling of Wired.com sums up the fundamental problem with the book.

According to Sterling, "But RFID [radio frequency identification] is not high-tech or hard to understand. It is not confusing, sophisticated, or arcane. RFID is very dumb computer tech, the kind of computer tech that even grocers can understand."

It's true, in the same way that rocket science isn't really high-tech, confusing or arcane. It's something lots of elementary school students understand. After all, all you have to do is fill a tube with some kind of fuel, point it in the right direction, provide some rudimentary guidance and light it off. Simple.

Of course, there are all these nasty, complicated details about metallurgy, aerodynamics, electronics, chemistry and stuff like that if you want to build a real rocket but, fundamentally, rocket science is no big deal.

The same is fundamentally true of RFID. The concept is fairly simple. Take a basic memory chip capable of containing data, make it capable of responding to an interrogating RF signal and develop a way to read the response. Fairly basic. Understanding the physics that governs the propagation of RF and developing functional systems are considerably more of a challenge.

The book does contain some valid concerns and highlights some of the more outlandish claims made by RFID proponents. There's no denying that there is reason to be concerned -- not so much about RFID technology but about the security of databases that already contain detailed information about consumers' purchasing habits and other intimate details. And there's no denying that marketers have posited some rather disquieting proposals.

What the book mostly offers up, however, is a lot of conjecture, old news, unfounded assumptions, and a hodgepodge misrepresentation of the capabilities of various types of RFID -- even as the book admits the technology's limitations.

Interestingly, it claims that "The Internet of Things" that visionaries postulate will be facilitated through RFID, "...was supposed to be invisible to all but its corporate and military masters" as if the authors were unaware of the many Web sites and public presentations promoting the technology and the "Internet of Things." This make-believe conspiracy then makes everything that follows seem far more credible.

The book also claims that an electronic listening device developed by the Soviet Union in the 1950s was the prototype for modern RFID tags. How a microphone and active transmitter equate to a dumb memory chip without an active transmitter is not explained. Nor is the fact that RFID was developed by the Allies in the 40s as a friend/foe identification for aircraft.

Cataloging all the book's flaws would require a book in itself. However, there are some common threads for the majority of the book's attacks on RFID.

The fundamental flaw of the book is that it supposes that any RFID tag could be read at a great distance and even through a brick wall. It doesn't actually come out and say that, however. It just mentions all the different capabilities of RFID without differentiating between the very different characteristics of each frequency and type of RFID. The book also states there's a computer in the tag -- something that's true only of one type of RFID, the aptly-named "smart card" (with an effective read range of about 10 cm or 4 inches). But the book makes no mention of that fact.

Once the inference about the broad capabilities of the technology is made, however, it is an easy hop-skip-and-jump to the assumption that it will be easy to covertly read a plethora of tags on a person or in a wallet or purse from a distance. While there are sections in the book that acknowledge that existing tags aren't capable of such performance, the self-titled "nightmare scenarios" in the book act as if this is a fact. The book assumes that "as technology improves" it will become possible.

Most of the "spying" and "nightmare" scenarios are based on this misrepresentation of the technology and its capabilities.

The book suggests that governments will soon begin tagging currency to remove the anonymity of cash transactions. However, on March 18, 2004, Katherine Albrecht, speaking on Alex Jones' radio program, admitted that this wasn't practical and, in fact, there were less expensive ways already in existence to do just this. But it remained in the book.

It also supposes a massive database that collects information on every item bought by every individual that could be used to track them wherever they go utilizing an amazingly complex network of readers in strategic locations throughout the country, in individual's backpacks -- and even in your bathroom. Again, it "could" be possible.

The book does cite a variety of published statements and patent applications -- and some of these citations are, in fact, more than a little disquieting. However, the book assumes that even the most hair-brained of these statements or strangest patent applications will be employed. Many statements were made by academicians and marketing theorists exploring possible uses -- or worse -- by technology marketers who were testing their customers' reactions. What's more, companies file many patent applications in hopes that one of them will pay off some day -- directly or indirectly.

The real problem with the book is that these concepts are often spun off into speculation about what might be the "logical" extreme of a particular thought. These conjectures are then later used as supporting "evidence" for other, equally far-fetched conjectures.

For example, in referring to the REAL ID Act, which mandates standardization of information on U.S. drivers' licenses and a machine-readable representation of its data, the book concludes that RFID will be the machine-readable method of choice. It ignores the fact that the existing two-dimensional bar code on licenses already contains much of this information and could easily contain all that's been mandated.

It also misrepresents the FDA's encouragement of RFID tagging of shipments of Class 1 pharmaceuticals and, eventually, all pharmaceuticals in the supply chain. The book suggests that this will automatically extend to your purse or medicine cabinet. No such mandate is issued or anticipated. The purpose is to track cartons and pallets and help ensure pharmaceutical purity. But this is somehow bad, despite the fact that drug counterfeiting is now more lucrative for organized crime than illegal drug traffic.

The book's purpose is clear from the beginning. It instantly demonizes the technology by labeling everything a "spychip." (The chapter suggesting both Stalin and Hitler would have loved RFID was especially moving.) Were anyone to suggest the authors were "fear mongers" or "publicity seekers" rather "concerned citizens" and "privacy advocates," there would be an immediate, negative reaction -- and justifiably so. Using inflammatory terms in a supposedly serious work tends to undermine the work's authority. However, the book does consistently uses pejoratives in referring to the technology and its potential use -- even if it has to really stretch a point to do so -- as if to rouse an emotional rather than intellectual response.

For example, where RFID tags were used to track patients in an emergency room trauma center, the book calls this "spying" on patients and treating them like "objects." When it was suggested geriatric patients might benefit from having RFID monitoring of their activities and medications, the book leaps to a scenario where the individual is actually controlled by the monitoring system -- in effect, made a prisoner in his or her own home.

The book also pretends that there has been no response from professional organizations such as the International Association of Privacy Professionals (IAPP) which has presented seminar sessions on RFID and privacy concerns for the past two years.

It also acts as if there has been no positive response to the concerns of privacy advocates from industry.

Both EPCglobal, the group responsible for turning MIT's theories into a workable system, and AIM Global, the trade association representing RFID manufacturers, have both issued policy statements on RFID and privacy that closely resemble CASPIAN's "Bill of Rights."

AIM's policy states: AIM Global believes that policies and procedures should be put into place to ensure consumers rights, namely:

• The right to know whether products contain RFID tags.

• The right to have RFID tags removed or deactivated when they purchase products.

• The right to opt out of RFID-enabled services.

• The right to access an RFID tag's stored data.

• The right to know when, where and why the tags are being read.

What's more, AIM Global took on the challenge of producing a distinctive emblem to be placed on any RFID label or tag to indicate the type of RFID being used -- an emblem that is being incorporated into standards on the international level.

If this book had been published in 2003, some points that were raised might have been valid. The fact is, however, many of the concerns expressed in the book have either been (or are being) addressed, and many of the scary "facts" have been shown to be highly overstated, not technically feasible, or just plain bad judgment on the part of some marketing concerns.

AIM remains committed to ensuring that the right technology is applied to the right situation in the right way. AIM is also committed to education of its members, the public, businesses and governments about privacy concerns and to exposing bad implementations of the technology.

AIM publishes a free e-newsletter on RFID (both the good and the bad) as well as relevant news. It, and other information, can be found at AIM.

Source: AIM Global