Smokers Rights Newsletter Encyclopedia
Encyclopedia Page: RFID

 

 C.A.S.P.I.A.NRFID chips, tiny tracking devices the size of a grain of dust, can be used to secretly identify you and the things you're carrying--right through your clothes, wallet, backpack, or purse.
Have you already taken one home with you?


RFID Journal
 Radio Frequency Identification for Business.


Stop RFID
Protect your privacy. Don't buy items that contain tracking devices!


New Passports Wide Open to Hackers
August 2, 2007
Since the idea of embedding RFID chips in passports was first floated, the technology has been besieged by hack attempts, the first of which were designed to simply read passport information remotely and surreptitiously. Now, things are about to get a whole lot worse.
RFID expert Lukas Grunwald has found flaws in the passport system that not only allow passport data to be read, but also allows for stored fingerprint images to be cloned onto other RFID chips. And now, Grunwald has also found ways to encode a passport chip in such a way that it actually attacks the passport-reading equipment when someone attempts to scan it. Grunwald says he's performed this attack successfully using two different types of hardware. While his initial discovery merely crashes the passport reader, subsequent attacks could inject malicious code into a reader that could actually allow it, say, "to approve expired or forged passports."
While Grunwald's attack might sound theoretical, there's nothing to prevent such an exploit from being launched in the real world immediately. Experts have been warning about the dangers of RFID being used in passports for years, with only limited improvement in the security of the passports as a result. Meanwhile, rest assured: Things will continue to get worse on this front before they get better.
Oh, but if you want to disable the chip in your passport altogether, you can just whack it with a hammer.
Read

Schwarzenegger Quashes RFID Bill
October 4, 2006
The long-awaited California bill to regulate the use of radio-frequency identification in state and local documents has been quashed.
Governor Arnold Schwarzenegger quietly vetoed SB 768 last weekend.
Read


What You Should Know About Grocery Store Cards
Read


Item-level RFID - A Prosperous Market 2006-2016
By Dr. Peter Harrop, IDTechEx
New study from IDTechEx forecasts key markets that will apply item-level tagging and drive technology advances, mass adoption
Cambridge, U.K. — August 15, 2006 — Item-level radio frequency identification (RFID) is the tagging of the smallest taggable unit of things — the library book, apparel, jewelry, engineering parts and laundry are examples. Already profitable for most suppliers, item-level tags and systems will be the world's largest RFID market by value from 2007 onwards.
Item-level RFID tagging will rocket from $160 million in 2006 to $13 billion in 2016 for systems including tags. In 2006, 200 million items will be RFID-tagged in the world. In 2016, 550 billion items may be RFID tagged. Those adopting item-level tagging today do so willingly and are prepared to pay for good performance as they enjoy rapid multiple paybacks.
Read more


Resistance is flea-tile
March 15, 2006
Under the theory that you can't kill a bug with an IED, DARPA, the military's research arm, is looking to create "insect cyborgs," reports UPI.
Read


WARNING: TAG CHIPS CAN BE 'VIRUSED'
By J. Grant Swank, Jr.
MichNews.com
Mar 15, 2006
Don’t insert your ID chip just yet. Terrorists could virus it. Mess it up. Make you somebody you don’t want to be, someplace you don’t want to be, flip you all over the place or—perhaps—shut you down.
So much for the chip-secure who boast on being "one of the first."
Read

 

Help Protect Your Personal Privacy & Your Pocketbook!

CAGW needs your help today to send an urgent message to Department of Homeland Security Secretary Michael Chertoff that you oppose any new federal standards that would significantly increase the cost of your state-issued drivers’ license and jeopardize your personal privacy.

Under the Real ID Act, which Congress passed without any debate in May, the Department of Homeland Security (DHS) is charged with developing new federal standards for drivers’ licenses, purportedly to combat terrorism and illegal immigration.  One option under consideration is requiring drivers’ licenses to contain an embedded computer chip, called a radio frequency identification or RFID chip, with the capacity for carrying detailed personal information.  

If DHS opts to require RFID chips, more than 196 million American drivers will be forced to carry a license that has the memory to store every personal detail, including health records, family history, and bank and credit card transactions.  What’s more, the information on RFID chips can be remotely accessed by unauthorized persons, and could push the cost of a drivers’ license from $10-$25 to at least $90!   

Real ID was not subject to a full congressional debate, but since it is the law, DHS should issue implementing regulations do not overburden states and taxpayers or invade citizens’ privacy. 

Tell Secretary Chertoff that you don’t want an RFID chip in your drivers’ license today!

Read


A remote control that controls humans
Headset sends electricity through head, forcing wearer to move

By Yuri Kageyama
The Associated Press
Updated: 5:47 p.m. ET Oct. 25, 2005

ATSUGI, Japan - We wield remote controls to turn things on and off, make them advance, make them halt. Ground-bound pilots use remotes to fly drone airplanes, soldiers to maneuver battlefield robots.

But manipulating humans?

Prepare to be remotely controlled. I was.

Just imagine being rendered the rough equivalent of a radio-controlled toy car.

Nippon Telegraph & Telephone Corp., Japans top telephone company, says it is developing the technology to perhaps make video games more realistic. But more sinister applications also come to mind.

I can envision it being added to militaries' arsenals of so-called "non-lethal" weapons.

A special headset was placed on my cranium by my hosts during a recent demonstration at an NTT research center. It sent a very low voltage electric current from the back of my ears through my head _ either from left to right or right to left, depending on which way the joystick on a remote-control was moved.

I found the experience unnerving and exhausting: I sought to step straight ahead but kept careening from side to side. Those alternating currents literally threw me off.

The technology is called galvanic vestibular stimulation — essentially, electricity messes with the delicate nerves inside the ear that help maintain balance.

I felt a mysterious, irresistible urge to start walking to the right whenever the researcher turned the switch to the right. I was convinced — mistakenly — that this was the only way to maintain my balance.

The phenomenon is painless but dramatic. Your feet start to move before you know it. I could even remote-control myself by taking the switch into my own hands.

There's no proven-beyond-a-doubt explanation yet as to why people start veering when electricity hits their ear. But NTT researchers say they were able to make a person walk along a route in the shape of a giant pretzel using this technique.

It's a mesmerizing sensation similar to being drunk or melting into sleep under the influence of anesthesia. But it's more definitive, as though an invisible hand were reaching inside your brain.

NTT says the feature may be used in video games and amusement park rides, although there are no plans so far for a commercial product.

Some people really enjoy the experience, researchers said while acknowledging that others feel uncomfortable.

I watched a simple racing-car game demonstration on a large screen while wearing a device programmed to synchronize the curves with galvanic vestibular stimulation. It accentuated the swaying as an imaginary racing car zipped through a virtual course, making me wobbly.

Another program had the electric current timed to music. My head was pulsating against my will, getting jerked around on my neck. I became so dizzy I could barely stand. I had to turn it off.

NTT researchers suggested this may be a reflection of my lack of musical abilities. People in tune with freely expressing themselves love the sensation, they said.

"We call this a virtual dance experience although some people have mentioned it's more like a virtual drug experience," said Taro Maeda, senior research scientist at NTT. "I'm really hopeful Apple Computer will be interested in this technology to offer it in their iPod."

Research on using electricity to affect human balance has been going on around the world for some time.

James Collins, professor of biomedical engineering at Boston University, has studied using the technology to prevent the elderly from falling and to help people with an impaired sense of balance. But he also believes the effect is suited for games and other entertainment.

"I suspect they'll probably get a kick out of the illusions that can be created to give them a more total immersion experience as part of virtual reality," Collins said.

The very low level of electricity required for the effect is unlikely to cause any health damage, Collins said. Still, NTT required me to sign a consent form, saying I was trying the device at my own risk.

And risk definitely comes to mind when playing around with this technology.

Timothy Hullar, assistant professor at the Washington University School of Medicine in St. Louis, Mo., believes finding the right way to deliver an electromagnetic field to the ear at a distance could turn the technology into a weapon for situations where "killing isn't the best solution."

"This would be the most logical situation for a nonlethal weapon that presumably would make your opponent dizzy," he said via e-mail. "If you find just the right frequency, energy, duration of application, you would hope to find something that doesn't permanently injure someone but would allow you to make someone temporarily off-balance."

Indeed, a small defense contractor in Texas, Invocon Inc., is exploring whether precisely tuned electromagnetic pulses could be safely fired into people's ears to temporarily subdue them.

NTT has friendlier uses in mind.

If the sensation of movement can be captured for playback, then people can better understand what a ballet dancer or an Olympian gymnast is doing, and that could come handy in teaching such skills.

And it may also help people dodge oncoming cars or direct a rescue worker in a dark tunnel, NTT researchers say. They maintain that the point is not to control people against their will.

If you're determined to fight the suggestive orders from the electric currents by clinging to a fence or just lying on your back, you simply won't move.

But from my experience, if the currents persist, you'd probably be persuaded to follow their orders. And I didn't like that sensation. At all.

Read   http://msnbc.msn.com/id/6448213/did/9816703/ 
 


Yes, your printer is spying on you — EFF cracks Xerox printer fingerprinting code
http://www.engadget.com/entry/1234000663063763/

Is Your Printer Spying On You?
http://www.eff.org/Privacy/printers/


Lawmaker Rips RFID Passport Plans 
May 4, 2005
A key U.S. congressman who led post-Sept. 11 passport reforms told European diplomats last week that there was no need for European countries to put RFID chips in their passports and that Congress never required them to do so.

Feds Rethinking RFID Passport 
April 26, 2005 
By Kim Zetter
Following criticism from computer security professionals and civil libertarians about the privacy risks posed by new RFID passports the government plans to begin issuing, a State Department official said his office is reconsidering a privacy solution it rejected earlier that would help protect passport holders' data.


Philip Morris International: Smoke Screen
February 1, 2005
By David F. Carr and Larry Barrett
Philip Morris "can't keep track of every single pack of cigarettes as it makes its way through distributors and retailers," U.S. compliance VP Jack Holleran says.
A $1.25 billion settlement in Europe says the global manufacturer has no other choice.



RFID: The Big Brother bar code
Free Market News Network
by Katherine Albrecht
"Today, billions of dollars are spent annually to collect and share consumer 'intelligence.' In-store tracking technologies like floor sensors, heat sensors, hidden cameras, hidden microphones, GPS-enabled grocery carts, and phony shoppers are all used to gather information. RFID will greatly simplify the task of collecting such consumer data -- particularly if consumers can be automatically identified while walking in the door." (01/21/05)


 Static over RFID.
A key patent holder's demand for royalties has triggered concerns that promising RFID technology could become embroiled in an intellectual-property battle.


Florida theme park
uses SafeTzone application to help visitors locate other members of their group.


Opinion: Medical RFID Tagging Could Save Lives
Whether providing a primary diagnosis or identifying a medical appliance that's been installed in a patient, RFID chips in the medical field could save lives when used properly.
RFID


BARNABY J. FEDER and TOM ZELLER Jr.
Identity Badge Worn Under Skin Approved for Use in Health Care
NY Times Sept 13, 2004  
 
The Food and Drug Administration has cleared the way for a Florida company to market implantable chips that would provide easy access to individual medical records.
The approval, which the company announced yesterday, is expected to bring to public attention a simmering debate over a technology that has evoked Orwellian overtones for privacy advocates and fueled fears of widespread tracking of people with implanted radio frequency tags, even though that ability does not yet exist.

Applied Digital Solutions, based in Delray Beach, Fla., said that its devices, which it calls VeriChips, could save lives and limit injuries from errors in medical treatment. And it expressed hope that such medical uses would accelerate the acceptance of under-the-skin ID chips as security and access-control devices.

Scott R. Silverman, chairman and chief executive of Applied Digital, said the F.D.A.'s approval should help the company overcome "the creepy factor" of implanted tags and the suspicion it has stirred.

"We believe there are far fewer people resisting this today," Mr. Silverman said. But it is far from clear whether implanted identification tags can overcome opposition from those who fear new levels of personal surveillance and from some fundamentalist religious groups who contend that the tags may be the "mark of the beast" referred to in the Book of Revelation.

In Applied Digital's vision, patients implanted with the chips could receive more effective care because doctors, other emergency-room personnel and ambulance crews equipped with Applied's handheld radio scanners would be able to read a unique 16-digit number on the chip.

The chip does not contain any records, but with the number, the care provider would be able to retrieve medical information about blood type, drug histories and other critical data stored in computers. The records could be easily updated.

Tiny radio frequency identification, or RFID, tags similar to VeriChip have been embedded in livestock and pets in the millions in recent years as a more secure form of identification than external tags. But no device maker has yet been able to create a market for human implantable tags like VeriChip, which are the size of a grain of rice and are inserted under the skin of the arm or hand with a syringe.

Applied Digital's distributors overseas have achieved some highly publicized, if limited successes. This summer, Rafael Macedo de la Concha, Mexico's attorney general, announced that he and scores of his subordinates had received implanted chips that control access to a secure room and documents considered vital in Mexico's struggle with drug cartels.

Also, Solusat, the sole distributor of VeriChip in Mexico, says about 1,000 people have received the chip implants to link to their medical records. "You can have all the benefits of radio identification," a Solusat executive, Antonio Aceves, said, "but now it is inside your body."

In March, the Baja Beach Club in Barcelona began offering VeriChips to regular patrons who wanted to dispense with traditional identification and credit cards. About 50 "V.I.P.'s" have received the chip so far, according to a spokesman, which allows them to link their identities to a payment system. The program has been expanded to a club in Rotterdam also owned by Baja, and about 35 people there have signed up for the implants, the company said.

VeriChip announced last week that it had signed a distribution agreement with a British company, Surge IT Solutions, which it said intended to use the technology to control access to government facilities. And Antonia Giorgio Antonucci, an Italian doctor, is leading a study using VeriChip at the National Institute for Infectious Diseases Lazzaro Spallanzani in Rome.

"We want to see if the doctors think the device is practical or not," Dr. Antonucci said.

Applied Digital has been free to sell VeriChip in the United States for nonmedical applications, but lack of acceptance of the technology made F.D.A. approval for medical uses a high priority.

"I've believed all along that the medical application was the best, followed by security and financial applications," Mr. Silverman said.

Still, the science-fiction specter of a nation of drones tagged with sub-dermal bar codes may be a difficult image for the company to overcome in selling its technology.

Online conspiracy theorists, for example, often attach abilities to the technology that do not exist, like the ability to track individuals via satellite.

But real privacy concerns have emerged. "At the point you place the chip beneath the skin, you're saying you will not have the ability to remove the ID tracking device," said Marc Rotenberg, executive director of the Electronic Privacy Information Center, a public interest advocacy group in Washington. "I think, increasingly, if this takes off - and it's still not clear that it will - the real social debate begins around prisoners and parolees, and perhaps even visitors to the U.S. That's where the interest in being able to identify and track people is."

Indeed, the debate over civil liberties and privacy has made discussing any practical benefits of a technology like VeriChip harder.

"The fact that we're engaged in such a deep, fundamental privacy debate really does complicate the prospect for this kind of technology," said Clyde Wayne Crews Jr., director of technology studies at the Competitive Enterprise Institute, a regulatory research group in Washington. "We haven't even sorted out the appropriateness of a RFID tag that goes on a pallet of tomatoes," Mr. Crews said, "much less one that can go under a person's skin."

Applied Digital has tried to counter such concerns by arguing that the implantation of chips is voluntary and the only records linked to a VeriChip will be those authorized by the person with the chip.

But critics say that if the technology gains a foothold, employers, government authorities and others with power over individuals could dictate how it is used. For instance, if chips were to replace dog tags as military identification, the decision would not be up to the discretion of individual soldiers.

The evolution of radio identification technology also concerns some critics. Passive tags like VeriChip do not broadcast radio waves and cannot now be used to track a person's movements. And current scanners cannot read the passive chip from more than a few feet away. But design advances or the addition of a separate power source for the chip could expand those ranges and make tracking possible.

Mr. Silverman has said that the current chip could help managers of high-security installations like nuclear power plants locate people in the building because scanners in doorways should be able to track who enters and leaves a room.

Applied Digital has VeriChip distribution agreements with companies in several states, but those have been largely dormant. It said it hoped to find big medical distribution companies to market the chip to doctors' offices, specialty clinics and emergency rooms.

Dr. Richard Seeley, Applied Digital's medical adviser, said the company would concentrate on winning acceptance of the chip among patients with complex problems like diabetes, which require them to see many doctors, and those with disorders like Alzheimer's disease.

Dr. Seeley said the company was also talking to large orthopedics companies to demonstrate the value of linking the chip to medical devices like hip and knee implants.

Mr. Silverman said that surveys had shown that 14 percent to 22 percent of people would consider having the implant, but more than 80 percent of those surveyed said they would consider having the implant if the question was framed to show a medical benefit from the chip.

Applied Digital, which has been losing money for years, cautioned yesterday that it did not expect substantial revenue or profit from VeriChip anytime soon. But investors were optimistic enough about the F.D.A. news to send the company's shares up 68 percent, to close at $3.57 yesterday. Shares of Digital Angel, a subsidiary of Applied Digital that makes animal tags and manufactures the VeriChip, rose nearly 29 percent, to $3.49.


RFID tags become hacker target.


Mexican Officials Get Chipped.
Mexico's attorney general said on Monday he had had a microchip inserted under the skin of one of his arms to give him access to a new crime database and also enable him to be traced if he is ever abducted.


Japan
school kids to be tagged with RFID chips.


RFID Remedy for Medical Errors
Exavera’s eShepherd combines RFID with Wi-Fi and voice over IP to deliver a single system to track patients, staff and hospital assets.


Wal-Mart
Tries New PR Spin to Accompany Item-level RFID Tagging. "Selling the technology with partial truths is unethical," says CASPIAN


FDA approves chip implant trials in humans
Now, human trials are set to begin on a brain-computer interface involving implants.


HP Tags Printers, Scanners
This week Hewlett-Packard begins shipping pallets of EPC-tagged printers and scanners to Wal-Mart's Dallas/Fort Worth distribution center.


Companies' RFID plans fuzzy so far
The mandates are coming. The mandates are coming. Some of the largest commercial outlets in the United States and abroad have established requirements for their suppliers to begin using radio frequency identification technology before the end of this year.


RFID isn't just for billion-dollar companies
Smaller businesses are trying to gain competitive advantages with technology deployments.


Tracking tags may get congressional scrutiny
"We are on the verge of a revolution in micro-monitoring--the capability for the highly detailed, largely automatic, widespread surveillance of our daily lives," Leahy said


RFID chips watch Grandma brush teeth
Tiny computer chips that emit unique radio-frequency IDs could be slapped on to toothbrushes, chairs and even toilet seats to monitor elderly people in their own homes.


Nokia Unveils RFID Phone Reader
The world's largest provider of cell phones is offering a kit that will enable workers to scan tags remotely and transmit data via their cell phones.


E-Pedigree Product for Drugmakers
Startup SupplyScape has teamed with Sun Microsystems to offer an EPC application for tracking the history of pharmaceutical drugs.


Chameleon Card Changes Stripes
Your next wallet may be 8 mm thick and contain the only card you'll ever need.


RFID revolution: Are we close?
By Matt Hines. But figuring out details of how this emerging technology should progress and get used remains a source of debate. The issues range from safeguarding data the tiny chips transmit to managing the reams of data RFID readers gather.


Jamming Tags Block RFID Scanners
By Kim Zetter. The blocker tag, which can be placed over a regular RFID tag, prevents a receiver from scanning information transmitted by a tag by sending the receiver more data than it can read -- the equivalent of a denial-of-service attack.


California lawmaker introduces RFID bill
By Alorie Gilbert. Senate Bill 1834 would apply to any business or state government agency using radio frequency identification (RFID) systems to track merchandize or people--an activity that's on the rise.


Card Focus Shifting
Future discounts to be based on purchase history


FDA Endorses RFID Technology
In its final report on ways to reduce the counterfeiting of drugs, the U.S. Food and Drug administration says RFID could play an important role in anticounterfeiting strategies beginning next year.


Chipless RFID system developed
A new chipless RFID system could protect sensitive documents and banknotes and eventually create "hands-free" bar code scanning.


SkyeTek Shrinks the RFID Reader
January 29, 2004 An RFID engineering company introduces an ECP-compatible reader no bigger than a U.S. quarter and suitable for a range of mobile RFID applications.


Microsoft hops on the RFID bandwagon
January 26, 2004. By Marguerite Reardon. Microsoft on Monday announced new software designed to help small and midsize companies better manage their supply chains wirelessly.


IBM and Philips Team Up in Radio Tags
January 26, 2004
AMSTERDAM (Reuters) - U.S. computer giant International Business Machines Corp and Dutch electronics maker Philips said on Monday they would work together to sell radio tags that would displace barcodes.
Philips' semiconductor unit will make the tiny radio chips that can be stuck on items from clothes to bottles of milk, while IBM will provide the computer services and systems.
No financial details were disclosed.
By using so-called radio frequency identification (RFID) chips, manufacturing companies and retailers will be able to track closely their inventories.
At a later stage it could also help consumers, for instance when a washing machine will be able to recognize that a bright color piece of clothing has been put in the white wash. RFID chips, which in a few years time are likely to cost a few cents or even less, are thin and small and send essential bits of information about a product to a receiver that can read the signals. The data could include a product description, packaging and expiry dates, color and price. It is a more advanced way to track and describe goods than barcodes, which are now used for most products and inventory systems.
The market opportunity of RFID tags is estimated at $3.1 billion by 2008, according to research group Applied Business Intelligence. Another research group, IDC, estimates that retail demand alone will be $1.3 billion within four years.
Philips said it would be its own customer when later this year it tags wafer cases and carton packages at its semiconductors Kao Hsiung manufacturing site in Taiwan and the division's distribution center in Hong Kong.
Research groups estimate that some $40 billion of excess inventory of consumer goods and retail items are in the supply chain at any given time. The tags could help reduce theft and inventory levels by 25 percent, they said.


Mood Ring Measured in Megahertz
By Michelle Delio. Your computer -- that auxiliary brain that lives outside your skull -- soon may be issuing public updates on what's happening inside your body. Using tiny sensors, transmitters and some software, researchers at Sandia National Laboratories have turned personal computers into advanced polygraph machines that they say are capable of monitoring people's emotions and abilities.


Consumers Voice Opinions on RFID
By Jonathan Collins. A survey of U.S. consumers by Cap Gemini Ernst & Young reveals some occasionally surprising desires and concerns regarding RFID.


VeriSign chosen to run RFID tag network
VeriSign, the company that maintains the Internet's .com and .net domain registry, has been hired to run a new directory to be used to keep tabs on consumer goods using a technology known as radio frequency identification.


Casino chips to carry RFID tags
Counterfeit chips have long been a problem for casinos, and houses routinely mark their chips with inks visible only in infrared or ultraviolet light. Embedded RFID tags should make the chips much harder to counterfeit, and placing tag readers at staff exits could cut down on theft by employees.


Can RFID Protect the Beef Supply?
An expert from Kansas State University says, Yes, but several issues need to be resolved, including cost and performance of RFID tags and readers.


As nanotech gains visibility, venture capital follows
By Barnaby J. Feder. It may take sophisticated microscopes to see nanotechnology's products, but the money pouring into the field is hard to miss.



Wave the Card for Instant Credit

NEW YORK -- The familiar process of buying something with a credit card -- handing the plastic to the clerk or swiping it yourself, then waiting for approval and signing the receipt -- could be headed the way of the mechanical brass cash register.

For more than a year, MasterCard and American Express have been testing "contactless" versions of their credit cards. The cards need only be held near a special reader for a sale to go through -- though the consumer can still get a receipt.

The card companies say the system is much faster and safer because the card never leaves a customer's hand.

"In some instances it's faster than cash," said Betsy Foran-Owens, a MasterCard vice president. "You're eliminating the fumble factor."

MasterCard has been testing its PayPass system mainly in Orlando, Fla. and promises a nationwide rollout in 2004, beginning primarily at quick-service restaurants and other places where people tend to be in a hurry.

American Express has mainly done pilot runs of its Express Pay service in the Phoenix area, though the company expanded it to New York ferry terminals on the Hudson River this week.

The new credit cards work much like the Speedpass system that ExxonMobil has accepted for quick payments at its gas stations since 1997. But the keychain fobs carried by Speedpass' 6 million users are good only at ExxonMobil stations and a handful of other retail outlets.

In contrast, credit cards that incorporate the technology could be used anywhere regular plastic is accepted, as long as stores install the new readers. The card companies have worked out technical standards that would let one reader handle multiple brands of contactless cards.

Still, you probably will leave home without one of the new cards for a while. Forrester Research senior analyst Penny Gillespie predicts it will take a few years for contactless cards to go mainstream.

Visa USA has developed contactless capabilities but is holding off on a launch because "consumers seem to be content using the cards they have in their wallet," Visa spokeswoman Camille Lepre said.

The new cards have chips imbued with radio-frequency identification, or RFID, the technology that Wal-Mart, the military and other institutions hope to begin using soon to precisely track inventory.

While old-fashioned credit cards store account information on a magnetic stripe that has to be swiped, the contactless cards keep their data on chips inside the plastic.

American Express' ExpressPay uses a keychain fob, like the ones used by ExxonMobil Speedpass and similar to the tags in supermarket discount programs.

"I like that it's on your keychain and it's fast to use," said Kristie Beenau, 36, of Peoria, Ariz., who has used ExpressPay for about six months at a CVS Pharmacy and fastfood restaurants. "I charge everything anyways. Now I wave it rather than get my card out. It's more convenient."

MasterCard's PayPass comes on a regular-sized card that also has a magnetic stripe for swiping if need be. MasterCard also has done tests in Dallas with Nokia in which the RFID chip is embedded in the plastic casing of a cell phone.

The contactless cards have no battery or power. When they near a reader, they are jolted to life by the reader's electromagnetic waves. A small radio antenna in the cards instantly transmits account information to the reader.

The transaction then proceeds through the credit card network just as if the card had been swiped.

In theory, the transaction could be intercepted without a consumer's knowledge by a technologically savvy thief intent on cloning a card. That's because RFID transmissions themselves are not encrypted.

However, the thief would have to get quite close to his target or have a very sensitive reader.

Also, the account number on the contactless cards is useful only in the RFID system -- it's not the same as a user's credit card number. A crook would thus not be able to use the card number to go on a fraudulent Internet shopping spree, for example.

There would be other hurdles.

American Express makes the RFID reader verify the card's authenticity with a "challenge-response" exchange that depends on 128-bit encryption encoded on the chip. That strength of encryption is considered safe against "brute force" attacks, in which a hacker tries every possible combination.

MasterCard says it uses a different security system but would not provide specifics.

"I have some faith in the credit card companies," said Henry Holtzman, a research scientist at the Massachusetts Institute of Technology's Media Lab who started Presto Technologies, a now-defunct company that sought to develop in-home applications for RFID tags on consumer products. "I trust them because fraud is a serious issue they have to deal with." Others are more skeptical. Simson Garfinkel, another MIT researcher who follows RFID, said credit card companies ought to be using "smart" cards with public key cryptography, a very strong form of security.

Jeff Chasney, chief technical officer of CKE Restaurants, which runs the Carl's Jr. and Hardee's fast-food chains, says the new cards are likely to increase sales because they are so easy to use and ensure that a consumer won't be limited by the cash in his wallet.

But even Chasney, who is considering a contactless card trial, worries about the use of RFID in the cards.

"I would suggest to you," he said, "the greatest obstacle is going to be security."



Bug devices track officials at summit.
By Audrey Hudson
THE WASHINGTON TIMES

Officials who attended a world Internet and technology summit in Switzerland last week were unknowingly bugged, said researchers who attended the forum.

Badges assigned to attendees of the World Summit on the Information Society were affixed with radio-frequency identification chips (RFIDs), said Alberto Escudero-Pascual, Stephane Koch and George Danezis in a report issued after the conference ended Friday in Geneva. The badges were handed out to more than 50 prime ministers, presidents and other high-level officials from 174 countries, including the United States.

The trio's report said they were able to obtain the official badges with fraudulent identification only to be stunned when they found RFID chips - a contentious issue among privacy advocates in the United States and Europe - embedded in the tags.

Researchers questioned summit officials about the use of the chips and how long information would be stored but were not given answers.

The three-day WSIS forum focused on Internet governance and access, security, intellectual-property rights and privacy. The United States and other countries defeated an attempt to place the Internet under supervision of the United Nations.

RFID chips track a person's movement in "real time." U.S. groups have called for a voluntary moratorium on using the chips in consumer items until the technology and its effects on privacy and civil liberties are addressed.

Mr. Escudero-Pascual is a researcher in computer security and privacy at the Royal Institute of Technology in Stockholm. Miss Koch is the president of Internet Society Geneva, and Mr. Danezis studies privacy-enhancing technologies and computer security at Cambridge University.

"During the course of our investigation, we were able to register for the summit and obtain an official pass by just showing a fake plastic identity card and being photographed via a Web cam with no other document or registration number required to obtain the pass," the researchers said.

The researchers chose names for the fake identification cards from a list printed on the summit's Web site of attendees.

The hidden chips communicate information via radio frequency when close to sensors that can be placed anywhere "from vending machines to the entrance of a specific meeting room, allowing the remote identification and tracking of participants, or groups of participants, attending the event," the report said.

The photograph of the person and other personal details are not stored on the chip but in a centralized database that monitors the movement. Researchers said they are concerned that database will be used for future events, including the next summit to be hosted by Tunisian authorities.

"During the registration process, we requested information about the future use of the picture and other information that was taken, and the built-in functionalities of the seemingly innocent plastic badge. No public information or privacy policy was available upon our demands that could indicate the purpose, processing or retention periods for the data collected. The registration personnel were obviously not properly informed and trained," the report said.

The lack of security procedures violates the Swiss Federal Law on Data Protection of June 1992, the European Union Data Protection Directive, and United Nations' guidelines concerning computerized personal-data files adopted by the General Assembly in 1990, the researchers said.

"The big problem is that system also fails to guarantee the promised high levels of security while introducing the possibility of constant surveillance of the representatives of civil society, many of whom are critical of certain governments and regimes," the report said.

"Sharing this data with any third party would be putting civil-society participants at risk, but this threat is made concrete in the context of WSIS by considering the potential impact of sharing the data collected with the Tunisian government in charge of organizing the event in 2005," it said.

The organization Reporters Without Borders was banned from attending the summit and launched a pirate radio broadcast to protest the ban and detail press-freedom violations by some countries attending the meetings, including Tunisia.

"Our organization defends freedom of expression on the Internet on a daily basis. Our voice should therefore be heard during this event, despite this outrageous ban," said Robert Menard, secretary general of Reporters Without Borders.

Tunisia is among several countries Reporters Without Borders has accused of censoring the Internet, intercepting e-mails and jailing cyber-dissidents.




"Of all tyrannies, a tyranny exercised for the good of its victims may be the most oppressive. It may be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end, for they do so with the approval of their own conscience."
C. S. Lewis