Privacy Eroding, Bit by Byte

The one thing conspicuously absent from that article is the RFID chip that will be in each and every consumer item in the near future. It's probably not mentioned because it's the most dangerous and immediate threat on the horizon, and it's being pushed by WalMart.

The RFID chips will be in your clothes, shoes, eyeglasses, chapstick, wallet--everything. The privacy advocates want them on removable tags, but the product manufacturers want them embedded in the products. That way you can't dig them out and disable them without destroying the product. The manufacturers want to collect data on your comings and goings, (you'll be scanned every time you enter/leave a store) in order to form a "holistic" picture of your buying habits by looking at the other items on your person and in your cart. They'll build a profile as more data accrues, and use this data to personalize their marketing efforts.

Since these items will be connected to your purchase history, they'll have your name inexorably linked to their unique numbers in the retail databases. Whoever has access to all the databases will be able to trace your movements by simply looking at all the locations and times you were scanned. You'll appear as a flock of RFID tags that goes from place to place. The RFID databases will be a goldmine for Big Brother. They won't be useful just for first degree information, (you have hair relaxer in your cart) but for second degree information, (you're statistically likely to be black if you're buying hair relaxer) third degree information, (you're statistically likely to be a Democrat if you're black), and so on--to as many degrees as they have computing power to reach!

The fact that these records will come from the private sector means they can be handled sloppily and turned over to government agencies without your consent or knowledge. Investigating agencies won't need a warrant--they'll just make a friendly request and the retailers will gladly comply.

oh my...

ew, ew, ew, ew, ew....YUCK!  I saw a blurb this morning about these chips, they were touting the medical uses of this chip and how it could save your life in an emergency situation, and no ne would need to be afraid that the information could be misused, because the consumer would be able to determine who had access.  Yeah right!  (cough, cough)
Kathy

Here is a letter I found in a local paper:

"Doctors performed emergency surgery on my 85 year old mother recently without having her
medical history. She would have benefited from VeriChip, and implantable microchip that gives doctors instant access to a patient's health records. No one will benefit from VeriChip if the privacy advocates who denounced the device's approval have their way.
   In their paranoid crusade against Big Brother, they feel justified in restricting access to life-saving medical data. Legislation passed through their efforts also prevented me from facilitating the transfer of my mother's medical records from her regular doctor to the emergency room.
   Privacy advocates may think they're protecting my mother from information misuse in the future. Instead, they endangered her life by restricting access to her health history. They shouldn't
have the right to impose their beliefs on the rest of us, especially when it compromises our choices regarding our healthcare."
                                                                                                                 Barbara Southwell
                                                                                                                                 Concord

So there you have some of the things that the "chipsters" are saying. Interesting.

The kind of chip that's publicly available and has been approved by the FDA for human implantation only produces a serial number when scanned. It doesn't produce any medical data. In order for the current chip to be useful, the doctor would have to 1) have a scanner, 2) know the patient has a chip, 3) know where the chip is at inside the patient, 4) have access to the database, 5) encounter a patient who already happens to be in the database to which he has access. How likely is that scenario? The letter is totally fake. And how nice that it doesn't specifically say which legislation is responsible for preventing the transfer of records from a doctor to an emergency room, but it knows who to demonize for it.

These guys are drooling to get the infrastructure in place for the medical chips. There's a lot of money in it. But eventually these simple RFID chips are going to evolve into MEMS chips which interact with the body and provide realtime as well as historical data on its functioning. If you have a MEMS (Micro Electro-Mechanical Systems) chip in your body, it will be able to give your blood pressure, body temperature, heartrate, and blood chemistry to whomever scans it. So if you're on the BART and one of those riot cops scans your MEMS chip, you'd better hope you aren't nervous or showing traces of marijuana in your blood, because only bomb-packing terrorists get nervous around cops and only anti-government anarchists get high.

I think item-level RFID is the first thing that will happen, then credit card RFID, then sporadic medical RFIDs for seniors and kids, then a huge push for medical MEMS chips will occur. The idea of putting a chip in your body is repugnant for most people, so it'll have to take a major threat or benefit to get them to do it. Maybe a terrible infectious disease will be introduced into the population. Then people will want the chip so that they can prove they don't have the disease. Chipped people who are scanned and shown to be disease-free will be allowed to go to public places like grocery stores, but people without chips will be considered too "high risk" to allow in. So effectively, they won't be allowed to buy or sell without the chip. In any event, the MEMS chips will eventually be given greater capabilities once they're inside the majority of the people. Eventually they'll be used to control biological functions. They're already being used for with the dispensation of insulin in diabetics, but in the future they'll dispense other things to healthy people--like nervous system interuption for rioters or Ritalin for energetic kids.

Yesterday I found a couple of blogs featuring a new product called Tagzapper. It's supposed to disable RFID tags. However, I'm very skeptical of these claims. The site looks shady to me. It doesn't look like a site created by tech-savvy people with privacy concerns, but by those looking to make a buck or pull a hoax. I'm writing this now because I think this product is going to be the first of many worthless "anti-RFID" gadgets advertised on the internet. There's going to be a glut of these product pages, just like there's a glut of half-assed "anti-spyware" and "PC security" product sites. (If there ever is a legitimate product, it's going to come out of the work going on here, I think.)

In the coming months and years we are going to see many gadgets introduced which claim to "disable" RFID tags in consumer products. However, these gadgets will most likely do only one thing: blank the re-writable portion of the chip. What I mentioned earlier in this thread, and what most people don't know, is that the chip contains two portions. One is re-writable, and the other is not. The re-writable portion is only used for product identification, and it is the same for all products of the same type--just like a UPC code. The read-only code is the real problem. This code is be completely unique. No two RFID chips have the same permanent read-only code. The permanent codes will be associated with individual products and their human purchasers in retailer databases.

With this in mind, it seems the only acceptible way to disable an RFID chip is to destroy it, so that its permanent code can never again be read by any reader. However, manufactures are going to put these chips deep into consumer items and other items. This means that it's going to be hard to find them, and hard (or even impossible) to remove them. RFID tags might be imbedded deep within the sole of a shoe, inside the spine of a book, or in the plastic frame of a pair of eyeglasses. You might be able to pop the chip by putting the item in a microwave, but then you'd run the risk of melting the item, destroying any electronic parts on it, or damaging the microwave if there is any metal in the item.

It might be possible to create a tool which would beam enough energy at the chip that it would be destroyed. However, I suspect such a tool would be expensive and potentially dangerous to any other electronic components in the chipped item.

I have two ideas to deal with RFID chipped items. Specifically, those items carrying chips which cannot be disabled and which require daily use. The first is the creation of a special RFID tag which you would keep on your person at all times, and which would poison RFID databases by constantly sending out random "junk" codes. If enough people used such tags it would destroy the viability of these databases for tracking people, because no one would be able to say a code showing the presence of a person at a particular location was not the result of a random emission from a "junk" tag. It would also add a lot of noise to the data, making it less effective in analyzing trends of human behavior and interaction.

The second idea is an extension of the first. It would involve the voluntary scanning and uploading of legitimate codes from all of your RFID'd items into a public database. This database would contain nothing but a list of legitimate RFID codes with which many of the afformentioned "junk tag" users would periodically update their chips. The junk chips would then send out your legitimate codes along with random codes, with a weighting so that maybe 50% of the codes emitted would be random and 50% would be legitimate. This would make it appear that you were in multiple places at the same time, all over the world, wherever junk tag users were passing RFID readers. It would therefore be difficult for Big Brother to form an accurate picture of the movements and associations of those whose codes had been uploaded to the "poisoned" RFID tags.

My ideas supposes there to be three levels of anti-RFID involvement: those who agree with the cause enought to buy a junk tag to help poison the databases of the scanners they pass, those who actively add new codes to the junk chips by scanning their own items, uploading codes, and downloading the codes of others, and those who manufacture the junk tags. I think there will be plenty of first-level users, because it won't require any work. If the junk tags are cheap and small enough, people might even scatter them around at places like supermarkets and toll booths, right next to the RFID readers. This will play havoc with the databases. There would be fewer second-level users, though, because it would require an RFID reader and periodic updating.

One problem I see with my second idea is that according to the Patriot Act, it would be considered terroristic behavior to spread these chips around. They'd call it economic sabatoge or something. So if we end up in a police state, all those who add their RFID codes to the "poison" database might somehow be tracked down and prosecuted. But the first idea would still be viable as a "wrench in the gears" kind of action against Big Brother.