C.A.S.P.I.A.NRFID chips, tiny tracking devices the
size of a grain of dust, can be used to secretly identify you and the
things you're carrying--right through your clothes, wallet, backpack, or
Have you already taken one home with you?
Journal Radio Frequency Identification for Business.
RFIDProtect your privacy. Don't buy items that contain
New Passports Wide Open to Hackers
August 2, 2007
Since the idea of embedding RFID chips in passports was first floated, the technology has been besieged by hack attempts, the first of which were designed to simply read passport information remotely and surreptitiously. Now, things are about to get a whole lot worse.
RFID expert Lukas Grunwald has found flaws in the passport system that not only allow passport data to be read, but also allows for stored fingerprint images to be cloned onto other RFID chips. And now, Grunwald has also found ways to encode a passport chip in such a way that it actually attacks the passport-reading equipment when someone attempts to scan it. Grunwald says he's performed this attack successfully using two different types of hardware. While his initial discovery merely crashes the passport reader, subsequent attacks could inject malicious code into a reader that could actually allow it, say, "to approve expired or forged passports."
While Grunwald's attack might sound theoretical, there's nothing to prevent such an exploit from being launched in the real world immediately. Experts have been warning about the dangers of RFID being used in passports for years, with only limited improvement in the security of the passports as a result. Meanwhile, rest assured: Things will continue to get worse on this front before they get better.
Oh, but if you want to disable the chip in your passport altogether, you can just whack it with a hammer.
Schwarzenegger Quashes RFID Bill
October 4, 2006
The long-awaited California bill to regulate the use of radio-frequency identification in state and local documents has been quashed.
Governor Arnold Schwarzenegger quietly vetoed SB 768 last weekend.
What You Should Know About Grocery Store Cards
Item-level RFID - A Prosperous Market 2006-2016
By Dr. Peter Harrop, IDTechEx
New study from IDTechEx forecasts key markets that will apply item-level tagging and drive technology advances, mass adoption
Cambridge, U.K. — August 15, 2006 — Item-level radio frequency identification (RFID) is the tagging of the smallest taggable unit of things — the library book, apparel, jewelry, engineering parts and laundry are examples. Already profitable for most suppliers, item-level tags and systems will be the world's largest RFID market by value from 2007 onwards.
Item-level RFID tagging will rocket from $160 million in 2006 to $13 billion in 2016 for systems including tags. In 2006, 200 million items will be RFID-tagged in the world. In 2016, 550 billion items may be RFID tagged. Those adopting item-level tagging today do so willingly and are prepared to pay for good performance as they enjoy rapid multiple paybacks.
Resistance is flea-tile
March 15, 2006
Under the theory that you can't kill a bug with an IED, DARPA, the military's research arm, is looking to create "insect cyborgs," reports UPI.
WARNING: TAG CHIPS CAN BE 'VIRUSED'
By J. Grant Swank,
Mar 15, 2006
Don’t insert your ID chip just
yet. Terrorists could virus it. Mess it up. Make you somebody you don’t
want to be, someplace you don’t want to be, flip you all over the place
or—perhaps—shut you down.
So much for the chip-secure who boast on
being "one of the first."
Help Protect Your Personal Privacy & Your Pocketbook!
CAGW needs your help today to send an urgent message to Department of
Homeland Security Secretary Michael Chertoff that you oppose any new
federal standards that would significantly increase the cost of your
state-issued drivers’ license and jeopardize your personal privacy.
Under the Real ID Act, which Congress passed without any debate in
May, the Department of Homeland Security (DHS) is charged with
developing new federal standards for drivers’ licenses, purportedly to
combat terrorism and illegal immigration. One option under
consideration is requiring drivers’ licenses to contain an embedded
computer chip, called a radio frequency identification or RFID chip,
with the capacity for carrying detailed personal
If DHS opts to require RFID chips, more than 196 million American
drivers will be forced to carry a license that has the memory to store
every personal detail, including health records, family history, and
bank and credit card transactions. What’s more, the information on
RFID chips can be remotely accessed by unauthorized persons, and could
push the cost of a drivers’ license from $10-$25 to at least
Real ID was not subject to a full congressional debate, but since it
is the law, DHS should issue implementing regulations do not overburden
states and taxpayers or invade citizens’ privacy.
Tell Secretary Chertoff that you don’t want an RFID chip in your
drivers’ license today!
A remote control that controls humans
Headset sends electricity through head, forcing
wearer to move
By Yuri Kageyama
The Associated Press
Updated: 5:47 p.m. ET
Oct. 25, 2005
ATSUGI, Japan - We wield remote controls to turn things on and off,
make them advance, make them halt. Ground-bound pilots use remotes to
fly drone airplanes, soldiers to maneuver battlefield robots.
But manipulating humans?
Prepare to be remotely controlled. I was.
Just imagine being rendered the rough equivalent of a
radio-controlled toy car.
Nippon Telegraph & Telephone Corp., Japans top telephone company,
says it is developing the technology to perhaps make video games more
realistic. But more sinister applications also come to mind.
I can envision it being added to militaries' arsenals of so-called
A special headset was placed on my cranium by my hosts during a
recent demonstration at an NTT research center. It sent a very low
voltage electric current from the back of my ears through my head _
either from left to right or right to left, depending on which way the
joystick on a remote-control was moved.
I found the experience unnerving and exhausting: I sought to step
straight ahead but kept careening from side to side. Those alternating
currents literally threw me off.
The technology is called galvanic vestibular stimulation —
essentially, electricity messes with the delicate nerves inside the ear
that help maintain balance.
I felt a mysterious, irresistible urge to start walking to the right
whenever the researcher turned the switch to the right. I was convinced
— mistakenly — that this was the only way to maintain my balance.
The phenomenon is painless but dramatic. Your feet start to move
before you know it. I could even remote-control myself by taking the
switch into my own hands.
There's no proven-beyond-a-doubt
explanation yet as to why people start veering when electricity hits
their ear. But NTT researchers say they were able to make a person walk
along a route in the shape of a giant pretzel using this technique.
It's a mesmerizing sensation similar to being drunk or melting into
sleep under the influence of anesthesia. But it's more definitive, as
though an invisible hand were reaching inside your brain.
NTT says the feature may be used in video games and amusement park
rides, although there are no plans so far for a commercial product.
Some people really enjoy the experience, researchers said while
acknowledging that others feel uncomfortable.
I watched a simple racing-car game demonstration on a large screen
while wearing a device programmed to synchronize the curves with
galvanic vestibular stimulation. It accentuated the swaying as an
imaginary racing car zipped through a virtual course, making me
Another program had the electric current timed to music. My head was
pulsating against my will, getting jerked around on my neck. I became so
dizzy I could barely stand. I had to turn it off.
NTT researchers suggested this may be a reflection of my lack of
musical abilities. People in tune with freely expressing themselves love
the sensation, they said.
"We call this a virtual dance experience although some people have
mentioned it's more like a virtual drug experience," said Taro Maeda,
senior research scientist at NTT. "I'm really hopeful Apple Computer
will be interested in this technology to offer it in their iPod."
Research on using electricity to affect human balance has been going
on around the world for some time.
James Collins, professor of biomedical engineering at Boston
University, has studied using the technology to prevent the elderly from
falling and to help people with an impaired sense of balance. But he
also believes the effect is suited for games and other
"I suspect they'll probably get a kick out of the illusions that can
be created to give them a more total immersion experience as part of
virtual reality," Collins said.
The very low level of electricity required for the effect is unlikely
to cause any health damage, Collins said. Still, NTT required me to sign
a consent form, saying I was trying the device at my own risk.
And risk definitely comes to mind when playing around with this
Timothy Hullar, assistant professor at the Washington University
School of Medicine in St. Louis, Mo., believes finding the right way to
deliver an electromagnetic field to the ear at a distance could turn the
technology into a weapon for situations where "killing isn't the best
"This would be the most logical situation for a nonlethal weapon that
presumably would make your opponent dizzy," he said via e-mail. "If you
find just the right frequency, energy, duration of application, you
would hope to find something that doesn't permanently injure someone but
would allow you to make someone temporarily off-balance."
Indeed, a small defense contractor in Texas, Invocon Inc., is
exploring whether precisely tuned electromagnetic pulses could be safely
fired into people's ears to temporarily subdue them.
NTT has friendlier uses in mind.
If the sensation of movement can be captured for playback, then
people can better understand what a ballet dancer or an Olympian gymnast
is doing, and that could come handy in teaching such skills.
And it may also help people dodge oncoming cars or direct a rescue
worker in a dark tunnel, NTT researchers say. They maintain that the
point is not to control people against their will.
determined to fight the suggestive orders from the electric currents by
clinging to a fence or just lying on your back, you simply won't
But from my experience, if the currents persist, you'd probably be
persuaded to follow their orders. And I didn't like that sensation. At
Yes, your printer is spying on you — EFF cracks Xerox printer
Is Your Printer Spying On You?
Lawmaker Rips RFID Passport Plans
A key U.S. congressman who led post-Sept. 11 passport reforms
told European diplomats last week that there was no need for European
countries to put RFID chips in their passports and that Congress never
required them to do so.
Feds Rethinking RFID Passport
By Kim Zetter
Following criticism from computer
security professionals and civil libertarians about the privacy risks
posed by new RFID passports the government plans to begin issuing, a
State Department official said his office is reconsidering a privacy
solution it rejected earlier that would help protect passport holders'
Philip Morris International: Smoke
February 1, 2005
By David F. Carr and Larry
Philip Morris "can't keep track of every single pack of
cigarettes as it makes its way through distributors and retailers," U.S.
compliance VP Jack Holleran says.
A $1.25 billion settlement in
Europe says the global manufacturer has no other choice.
RFID: The Big Brother bar code
by Katherine Albrecht
billions of dollars are spent annually to collect and share consumer
'intelligence.' In-store tracking technologies like floor sensors, heat
sensors, hidden cameras, hidden microphones, GPS-enabled grocery carts,
and phony shoppers are all used to gather information. RFID will greatly
simplify the task of collecting such consumer data -- particularly if
consumers can be automatically identified while walking in the door."
Static over RFID.
A key patent
holder's demand for royalties has triggered concerns that promising RFID
technology could become embroiled in an intellectual-property
Florida theme park
application to help visitors locate other members of their group.
Opinion: Medical RFID Tagging Could Save
Whether providing a primary diagnosis
or identifying a medical appliance that's been installed in a patient,
RFID chips in the medical field could save lives when used
BARNABY J. FEDER and TOM ZELLER Jr.
Identity Badge Worn Under Skin
Approved for Use in Health Care
NY Times Sept 13,
The Food and Drug Administration has
cleared the way for a Florida company to market implantable chips that
would provide easy access to individual medical records.
The approval, which the company
announced yesterday, is expected to bring to public attention a
simmering debate over a technology that has evoked Orwellian overtones
for privacy advocates and fueled fears of widespread tracking of people
with implanted radio frequency tags, even though that ability does not
Applied Digital Solutions, based in Delray Beach,
Fla., said that its devices, which it calls VeriChips, could save lives
and limit injuries from errors in medical treatment. And it expressed
hope that such medical uses would accelerate the acceptance of
under-the-skin ID chips as security and access-control devices.
Scott R. Silverman, chairman and chief executive
of Applied Digital, said the F.D.A.'s approval should help the company
overcome "the creepy factor" of implanted tags and the suspicion it has
"We believe there are far fewer people resisting
this today," Mr. Silverman said. But it is far from clear whether
implanted identification tags can overcome opposition from those who
fear new levels of personal surveillance and from some fundamentalist
religious groups who contend that the tags may be the "mark of the
beast" referred to in the Book of Revelation.
In Applied Digital's vision, patients implanted
with the chips could receive more effective care because doctors, other
emergency-room personnel and ambulance crews equipped with Applied's
handheld radio scanners would be able to read a unique 16-digit number
on the chip.
The chip does not contain any records, but with the number, the care
provider would be able to retrieve medical information about blood type,
drug histories and other critical data stored in computers. The records
could be easily updated.
Tiny radio frequency identification, or RFID, tags similar to
VeriChip have been embedded in livestock and pets in the millions in
recent years as a more secure form of identification than external tags.
But no device maker has yet been able to create a market for human
implantable tags like VeriChip, which are the size of a grain of rice
and are inserted under the skin of the arm or hand with a syringe.
Applied Digital's distributors overseas have achieved some highly
publicized, if limited successes. This summer, Rafael Macedo de la
Concha, Mexico's attorney general, announced that he and scores of his
subordinates had received implanted chips that control access to a
secure room and documents considered vital in Mexico's struggle with
Also, Solusat, the sole distributor of VeriChip in Mexico, says about
1,000 people have received the chip implants to link to their medical
records. "You can have all the benefits of radio identification," a
Solusat executive, Antonio Aceves, said, "but now it is inside your
In March, the Baja Beach Club in Barcelona began offering VeriChips
to regular patrons who wanted to dispense with traditional
identification and credit cards. About 50 "V.I.P.'s" have received the
chip so far, according to a spokesman, which allows them to link their
identities to a payment system. The program has been expanded to a club
in Rotterdam also owned by Baja, and about 35 people there have signed
up for the implants, the company said.
VeriChip announced last week that it had signed a distribution
agreement with a British company, Surge IT Solutions, which it said
intended to use the technology to control access to government
facilities. And Antonia Giorgio Antonucci, an Italian doctor, is leading
a study using VeriChip at the National Institute for Infectious Diseases
Lazzaro Spallanzani in Rome.
"We want to see if the doctors think the device is practical or not,"
Dr. Antonucci said.
Applied Digital has been free to sell VeriChip in the United States
for nonmedical applications, but lack of acceptance of the technology
made F.D.A. approval for medical uses a high priority.
"I've believed all along that the medical application was the best,
followed by security and financial applications," Mr. Silverman
Still, the science-fiction specter of a nation of drones tagged with
sub-dermal bar codes may be a difficult image for the company to
overcome in selling its technology.
Online conspiracy theorists, for example, often attach abilities to
the technology that do not exist, like the ability to track individuals
But real privacy concerns have emerged. "At the point you place the
chip beneath the skin, you're saying you will not have the ability to
remove the ID tracking device," said Marc Rotenberg, executive director
of the Electronic Privacy Information Center, a public interest advocacy
group in Washington. "I think, increasingly, if this takes off - and
it's still not clear that it will - the real social debate begins around
prisoners and parolees, and perhaps even visitors to the U.S. That's
where the interest in being able to identify and track people is."
Indeed, the debate over civil liberties and privacy has made
discussing any practical benefits of a technology like VeriChip harder.
"The fact that we're engaged in such a deep, fundamental privacy
debate really does complicate the prospect for this kind of technology,"
said Clyde Wayne Crews Jr., director of technology studies at the
Competitive Enterprise Institute, a regulatory research group in
Washington. "We haven't even sorted out the appropriateness of a RFID
tag that goes on a pallet of tomatoes," Mr. Crews said, "much less one
that can go under a person's skin."
Applied Digital has tried to counter such concerns by arguing that
the implantation of chips is voluntary and the only records linked to a
VeriChip will be those authorized by the person with the chip.
But critics say that if the technology gains a foothold, employers,
government authorities and others with power over individuals could
dictate how it is used. For instance, if chips were to replace dog tags
as military identification, the decision would not be up to the
discretion of individual soldiers.
The evolution of radio identification technology also concerns some
critics. Passive tags like VeriChip do not broadcast radio waves and
cannot now be used to track a person's movements. And current scanners
cannot read the passive chip from more than a few feet away. But design
advances or the addition of a separate power source for the chip could
expand those ranges and make tracking possible.
Mr. Silverman has said that the current chip could help managers of
high-security installations like nuclear power plants locate people in
the building because scanners in doorways should be able to track who
enters and leaves a room.
Applied Digital has VeriChip distribution agreements with companies
in several states, but those have been largely dormant. It said it hoped
to find big medical distribution companies to market the chip to
doctors' offices, specialty clinics and emergency rooms.
Dr. Richard Seeley, Applied Digital's medical adviser, said the
company would concentrate on winning acceptance of the chip among
patients with complex problems like diabetes, which require them to see
many doctors, and those with disorders like Alzheimer's disease.
Dr. Seeley said the company was also talking to large orthopedics
companies to demonstrate the value of linking the chip to medical
devices like hip and knee implants.
Mr. Silverman said that surveys had shown that 14 percent to 22
percent of people would consider having the implant, but more than 80
percent of those surveyed said they would consider having the implant if
the question was framed to show a medical benefit from the chip.
Applied Digital, which has been losing money for years, cautioned
yesterday that it did not expect substantial revenue or profit from
VeriChip anytime soon. But investors were optimistic enough about the
F.D.A. news to send the company's shares up 68 percent, to close at
$3.57 yesterday. Shares of Digital Angel, a subsidiary of Applied
Digital that makes animal tags and manufactures the VeriChip, rose
nearly 29 percent, to $3.49.
RFID tags become hacker target.
Mexican Officials Get Chipped.
attorney general said on Monday he had had a microchip inserted under
the skin of one of his arms to give him access to a new crime database
and also enable him to be traced if he is ever abducted.
school kids to be tagged with RFID
RFID Remedy for Medical Errors
eShepherd combines RFID with Wi-Fi and voice over IP to deliver a single
system to track patients, staff and hospital assets.
Tries New PR Spin to Accompany
Item-level RFID Tagging. "Selling the technology with partial truths is
unethical," says CASPIAN
FDA approves chip implant trials in
Now, human trials are set to begin on a
brain-computer interface involving implants.
HP Tags Printers, Scanners
Hewlett-Packard begins shipping pallets of EPC-tagged printers and
scanners to Wal-Mart's Dallas/Fort Worth distribution center.
Companies' RFID plans fuzzy so far
mandates are coming. The mandates are coming. Some of the largest
commercial outlets in the United States and abroad have established
requirements for their suppliers to begin using radio frequency
identification technology before the end of this year.
RFID isn't just for billion-dollar
Smaller businesses are trying to gain
competitive advantages with technology deployments.
Tracking tags may get congressional
"We are on the verge of a revolution in
micro-monitoring--the capability for the highly detailed, largely
automatic, widespread surveillance of our daily lives," Leahy said
RFID chips watch Grandma brush teeth
computer chips that emit unique radio-frequency IDs could be slapped on
to toothbrushes, chairs and even toilet seats to monitor elderly people
in their own homes.
Nokia Unveils RFID Phone Reader
largest provider of cell phones is offering a kit that will enable
workers to scan tags remotely and transmit data via their cell phones.
E-Pedigree Product for Drugmakers
SupplyScape has teamed with Sun Microsystems to offer an EPC application
for tracking the history of pharmaceutical drugs.
Chameleon Card Changes Stripes
wallet may be 8 mm thick and contain the only card you'll ever need.
RFID revolution: Are we close?
Hines. But figuring out details of how this emerging technology should
progress and get used remains a source of debate. The issues range from
safeguarding data the tiny chips transmit to managing the reams of data
RFID readers gather.
Jamming Tags Block RFID Scanners
Zetter. The blocker tag, which can be placed over a regular RFID tag,
prevents a receiver from scanning information transmitted by a tag by
sending the receiver more data than it can read -- the equivalent of a
California lawmaker introduces RFID bill
Alorie Gilbert. Senate Bill 1834 would apply to any business or state
government agency using radio frequency identification (RFID) systems to
track merchandize or people--an activity that's on the rise.
Card Focus Shifting
Future discounts to be
based on purchase history
FDA Endorses RFID Technology
In its final
report on ways to reduce the counterfeiting of drugs, the U.S. Food and
Drug administration says RFID could play an important role in
anticounterfeiting strategies beginning next year.
Chipless RFID system developed
chipless RFID system could protect sensitive documents and banknotes and
eventually create "hands-free" bar code scanning.
SkyeTek Shrinks the RFID Reader
2004 An RFID engineering company introduces an ECP-compatible reader no
bigger than a U.S. quarter and suitable for a range of mobile RFID
Microsoft hops on the RFID bandwagon
26, 2004. By Marguerite Reardon. Microsoft on Monday announced new
software designed to help small and midsize companies better manage
their supply chains wirelessly.
IBM and Philips Team Up in Radio Tags
AMSTERDAM (Reuters) - U.S. computer giant International Business
Machines Corp and Dutch electronics maker Philips said on Monday they
would work together to sell radio tags that would displace barcodes.
Philips' semiconductor unit will make the tiny radio chips that can
be stuck on items from clothes to bottles of milk, while IBM will
provide the computer services and systems.
No financial details were
By using so-called radio frequency identification (RFID)
chips, manufacturing companies and retailers will be able to track
closely their inventories.
At a later stage it could also help
consumers, for instance when a washing machine will be able to recognize
that a bright color piece of clothing has been put in the white wash.
RFID chips, which in a few years time are likely to cost a few cents or
even less, are thin and small and send essential bits of information
about a product to a receiver that can read the signals. The data could
include a product description, packaging and expiry dates, color and
price. It is a more advanced way to track and describe goods than
barcodes, which are now used for most products and inventory systems.
The market opportunity of RFID tags is estimated at $3.1 billion by
2008, according to research group Applied Business Intelligence. Another
research group, IDC, estimates that retail demand alone will be $1.3
billion within four years.
Philips said it would be its own customer
when later this year it tags wafer cases and carton packages at its
semiconductors Kao Hsiung manufacturing site in Taiwan and the
division's distribution center in Hong Kong.
estimate that some $40 billion of excess inventory of consumer goods and
retail items are in the supply chain at any given time. The tags could
help reduce theft and inventory levels by 25 percent, they said.
Mood Ring Measured in Megahertz
Delio. Your computer -- that auxiliary brain that lives outside your
skull -- soon may be issuing public updates on what's happening inside
your body. Using tiny sensors, transmitters and some software,
researchers at Sandia National Laboratories have turned personal
computers into advanced polygraph machines that they say are capable of
monitoring people's emotions and abilities.
Consumers Voice Opinions on RFID
Collins. A survey of U.S. consumers by Cap Gemini Ernst & Young
reveals some occasionally surprising desires and concerns regarding
VeriSign chosen to run RFID tag network
VeriSign, the company that maintains the Internet's .com and .net
domain registry, has been hired to run a new directory to be used to
keep tabs on consumer goods using a technology known as radio frequency
Casino chips to carry RFID tags
chips have long been a problem for casinos, and houses routinely mark
their chips with inks visible only in infrared or ultraviolet light.
Embedded RFID tags should make the chips much harder to counterfeit, and
placing tag readers at staff exits could cut down on theft by employees.
Can RFID Protect the Beef Supply?
from Kansas State University says, Yes, but several issues need to be
resolved, including cost and performance of RFID tags and readers.
As nanotech gains visibility, venture capital
By Barnaby J. Feder. It may take sophisticated
microscopes to see nanotechnology's products, but the money pouring into
the field is hard to miss.
Wave the Card for Instant Credit
NEW YORK -- The familiar process of buying something with a credit
card -- handing the plastic to the clerk or swiping it yourself, then
waiting for approval and signing the receipt -- could be headed the way
of the mechanical brass cash register.
For more than a year, MasterCard and American Express have been
testing "contactless" versions of their credit cards. The cards need
only be held near a special reader for a sale to go through -- though
the consumer can still get a receipt.
The card companies say the system is much faster and safer because
the card never leaves a customer's hand.
"In some instances it's faster than cash," said Betsy Foran-Owens, a
MasterCard vice president. "You're eliminating the fumble factor."
MasterCard has been testing its PayPass system mainly in Orlando,
Fla. and promises a nationwide rollout in 2004, beginning primarily at
quick-service restaurants and other places where people tend to be in a
American Express has mainly done pilot runs of its Express Pay
service in the Phoenix area, though the company expanded it to New York
ferry terminals on the Hudson River this week.
The new credit cards work much like the Speedpass system that
ExxonMobil has accepted for quick payments at its gas stations since
1997. But the keychain fobs carried by Speedpass' 6 million users are
good only at ExxonMobil stations and a handful of other retail outlets.
In contrast, credit cards that incorporate the technology could be
used anywhere regular plastic is accepted, as long as stores install the
new readers. The card companies have worked out technical standards that
would let one reader handle multiple brands of contactless cards.
Still, you probably will leave home without one of the new cards for
a while. Forrester Research senior analyst Penny Gillespie predicts it
will take a few years for contactless cards to go mainstream.
Visa USA has developed contactless capabilities but is holding off on
a launch because "consumers seem to be content using the cards they have
in their wallet," Visa spokeswoman Camille Lepre said.
The new cards have chips imbued with radio-frequency identification,
or RFID, the technology that Wal-Mart, the military and other
institutions hope to begin using soon to precisely track inventory.
While old-fashioned credit cards store account information on a
magnetic stripe that has to be swiped, the contactless cards keep their
data on chips inside the plastic.
American Express' ExpressPay uses a keychain fob, like the ones used
by ExxonMobil Speedpass and similar to the tags in supermarket discount
"I like that it's on your keychain and it's fast to use," said
Kristie Beenau, 36, of Peoria, Ariz., who has used ExpressPay for about
six months at a CVS Pharmacy and fastfood restaurants. "I charge
everything anyways. Now I wave it rather than get my card out. It's more
MasterCard's PayPass comes on a regular-sized card that also has a
magnetic stripe for swiping if need be. MasterCard also has done tests
in Dallas with Nokia in which the RFID chip is embedded in the plastic
casing of a cell phone.
The contactless cards have no battery or power. When they near a
reader, they are jolted to life by the reader's electromagnetic waves. A
small radio antenna in the cards instantly transmits account information
to the reader.
The transaction then proceeds through the credit card network just as
if the card had been swiped.
In theory, the transaction could be intercepted without a consumer's
knowledge by a technologically savvy thief intent on cloning a card.
That's because RFID transmissions themselves are not encrypted.
However, the thief would have to get quite close to his target or
have a very sensitive reader.
Also, the account number on the contactless cards is useful only in
the RFID system -- it's not the same as a user's credit card number. A
crook would thus not be able to use the card number to go on a
fraudulent Internet shopping spree, for example.
There would be other hurdles.
American Express makes the RFID reader verify the card's authenticity
with a "challenge-response" exchange that depends on 128-bit encryption
encoded on the chip. That strength of encryption is considered safe
against "brute force" attacks, in which a hacker tries every possible
MasterCard says it uses a different security system but would not
"I have some faith in the credit card companies," said Henry
Holtzman, a research scientist at the Massachusetts Institute of
Technology's Media Lab who started Presto Technologies, a now-defunct
company that sought to develop in-home applications for RFID tags on
consumer products. "I trust them because fraud is a serious issue they
have to deal with." Others are more skeptical. Simson Garfinkel, another
MIT researcher who follows RFID, said credit card companies ought to be
using "smart" cards with public key cryptography, a very strong form of
Jeff Chasney, chief technical officer of CKE Restaurants, which runs
the Carl's Jr. and Hardee's fast-food chains, says the new cards are
likely to increase sales because they are so easy to use and ensure that
a consumer won't be limited by the cash in his wallet.
But even Chasney, who is considering a contactless card trial,
worries about the use of RFID in the cards.
"I would suggest to you," he said, "the greatest obstacle is going to
Bug devices track officials at summit.
By Audrey Hudson
THE WASHINGTON TIMES
attended a world Internet and technology summit in Switzerland last week
were unknowingly bugged, said researchers who attended the forum.
Badges assigned to attendees of the World Summit on the Information
Society were affixed with radio-frequency identification chips (RFIDs),
said Alberto Escudero-Pascual, Stephane Koch and George Danezis in a
report issued after the conference ended Friday in Geneva. The badges
were handed out to more than 50 prime ministers, presidents and other
high-level officials from 174 countries, including the United States.
The trio's report said they were able to obtain the official badges
with fraudulent identification only to be stunned when they found RFID
chips - a contentious issue among privacy advocates in the United States
and Europe - embedded in the tags.
Researchers questioned summit officials about the use of the chips
and how long information would be stored but were not given answers.
The three-day WSIS forum focused on Internet governance and access,
security, intellectual-property rights and privacy. The United States
and other countries defeated an attempt to place the Internet under
supervision of the United Nations.
RFID chips track a person's movement in "real time." U.S. groups have
called for a voluntary moratorium on using the chips in consumer items
until the technology and its effects on privacy and civil liberties are
Mr. Escudero-Pascual is a researcher in computer security and privacy
at the Royal Institute of Technology in Stockholm. Miss Koch is the
president of Internet Society Geneva, and Mr. Danezis studies
privacy-enhancing technologies and computer security at Cambridge
"During the course of our investigation, we were able to register for
the summit and obtain an official pass by just showing a fake plastic
identity card and being photographed via a Web cam with no other
document or registration number required to obtain the pass," the
The researchers chose names for the fake identification cards from a
list printed on the summit's Web site of attendees.
The hidden chips communicate information via radio frequency when
close to sensors that can be placed anywhere "from vending machines to
the entrance of a specific meeting room, allowing the remote
identification and tracking of participants, or groups of participants,
attending the event," the report said.
The photograph of the person and other personal details are not
stored on the chip but in a centralized database that monitors the
movement. Researchers said they are concerned that database will be used
for future events, including the next summit to be hosted by Tunisian
"During the registration process, we requested information about the
future use of the picture and other information that was taken, and the
built-in functionalities of the seemingly innocent plastic badge. No
could indicate the purpose, processing or retention periods for the data
collected. The registration personnel were obviously not properly
informed and trained," the report said.
The lack of security procedures violates the Swiss Federal Law on
Data Protection of June 1992, the European Union Data Protection
Directive, and United Nations' guidelines concerning computerized
personal-data files adopted by the General Assembly in 1990, the
"The big problem is that system also fails to guarantee the promised
high levels of security while introducing the possibility of constant
surveillance of the representatives of civil society, many of whom are
critical of certain governments and regimes," the report said.
"Sharing this data with any third party would be putting
civil-society participants at risk, but this threat is made concrete in
the context of WSIS by considering the potential impact of sharing the
data collected with the Tunisian government in charge of organizing the
event in 2005," it said.
The organization Reporters Without Borders was banned from attending
the summit and launched a pirate radio broadcast to protest the ban and
detail press-freedom violations by some countries attending the
meetings, including Tunisia.
"Our organization defends freedom of expression on the Internet on a
daily basis. Our voice should therefore be heard during this event,
despite this outrageous ban," said Robert Menard, secretary general of
Reporters Without Borders.
Tunisia is among several countries Reporters Without Borders has
accused of censoring the Internet, intercepting e-mails and jailing
"Of all tyrannies, a tyranny exercised for the good of its
victims may be the most oppressive. It may be better to live under
robber barons than under omnipotent moral busybodies. The robber baron's
cruelty may sometimes sleep, his cupidity may at some point be satiated;
but those who torment us for our own good will torment us without end,
for they do so with the approval of their own conscience."