Albrecht, Katherine and Liz McIntyre. Spychips. Nashville: Nelson Current, 2005. ISBN 0-452-28766-9.
Imagine a world in which every manufactured object, and even living creatures such as pets, livestock, and eventually people, had an embedded tag with a unique 96-bit code which uniquely identified it among all macroscopic objects on the planet and beyond. Further, imagine that these tiny, unobtrusive and non-invasive tags could be interrogated remotely, at a distance of up to several metres, by safe radio frequency queries which would provide power for them to transmit their identity. What could you do with this? Well, a heck of a lot. Imagine, for example, a refrigerator which sensed its entire contents, and was able to automatically place an order on the Internet for home delivery of whatever was running short, or warned you that the item you'd just picked up had passed its expiration date. Or think about breezing past the checkout counter at the Mall-Mart with a cart full of stuff without even slowing down—all of the goods would be identified by the portal at the door, and the total charged to the account designated by the tag in your customer fidelity card. When you're shopping, you could be automatically warned when you pick up a product which contains an ingredient to which you or a member of your family is allergic. And if a product is recalled, you'll be able to instantly determine whether you have one of the affected items, if your refrigerator or smart medicine cabinet hasn't already done so. The benefits just go on and on…imagine.

This is the vision of an “Internet of Things”, in which all tangible objects are, in a real sense, on-line in real-time, with their position and status updated by ubiquitous and networked sensors. This is not a utopian vision. In 1994 I sketched Unicard, a unified personal identity document, and explored its consequences; people laughed: “never happen”. But just five years later, the Auto-ID Labs were formed at MIT, dedicated to developing a far more ubiquitous identification technology. With the support of major companies such as Procter & Gamble, Philip Morris, Wal-Mart, Gillette, and IBM, and endorsement by organs of the United States government, technology has been developed and commercialised to implement tagging everything and tracking its every movement.

As I alluded to obliquely in Unicard, this has its downsides. In particular, the utter and irrevocable loss of all forms of privacy and anonymity. From the moment you enter a store, or your workplace, or any public space, you are tracked. When you pick up a product, the amount of time you look at it before placing it in your shopping cart or returning it to the shelf is recorded (and don't even think about leaving the store without paying for it and having it logged to your purchases!). Did you pick the bargain product? Well, you'll soon be getting junk mail and electronic coupons on your mobile phone promoting the premium alternative with a higher profit margin to the retailer. Walk down the street, and any miscreant with a portable tag reader can “frisk” you without your knowledge, determining the contents of your wallet, purse, and shopping bag, and whether you're wearing a watch worth snatching. And even when you discard a product, that's a public event: garbage voyeurs can drive down the street and correlate what you throw out by the tags of items in your trash and the tags on the trashbags they're in.

“But we don't intend to do any of that”, the proponents of radio frequency identification (RFID) protest. And perhaps they don't, but if it is possible and the data are collected, who knows what will be done with it in the future, particularly by governments already installing surveillance cameras everywhere. If they don't have the data, they can't abuse them; if they do, they may; who do you trust with a complete record of everywhere you go, and everything you buy, sell, own, wear, carry, and discard?

This book presents, in a form that non-specialists can understand, the RFID-enabled future which manufacturers, retailers, marketers, academics, and government are co-operating to foist upon their consumers, clients, marks, coerced patrons, and subjects respectively. It is not a pretty picture. Regrettably, this book could be much better than it is. It's written in a kind of breathy muckraking rant style, with numerous paragraphs like (p. 105):

Yes, you read that right, they plan to sell data on our trash. Of course. We should have known that BellSouth was just another megacorporation waiting in the wings to swoop down on the data revealed once its fellow corporate cronies spychip the world.
I mean, I agree entirely with the message of this book, having warned of modest steps in that direction eleven years before its publication, but prose like this makes me feel like I'm driving down the road in a 1964 Vance Packard getting all righteously indignant about things we'd be better advised to coldly and deliberately draw our plans against. This shouldn't be so difficult, in principle: polls show that once people grasp the potential invasion of privacy possible with RFID, between 2/3 and 3/4 oppose it. The problem is that it's being deployed via stealth, starting with bulk pallets in the supply chain and, once proven there, migrated down to the individual product level.

Visibility is a precious thing, and one of the most insidious properties of RFID tags is their very invisibility. Is there a remotely-powered transponder sandwiched into the sole of your shoe, linked to the credit card number and identity you used to buy it, which “phones home” every time you walk near a sensor which activates it? Who knows? See how the paranoia sets in? But it isn't paranoia if they're really out to get you. And they are—for our own good, naturally, and for the children, as always.

In the absence of a policy fix for this (and the extreme unlikelihood of any such being adopted given the natural alliance of business and the state in tracking every move of their customers/subjects), one extremely handy technical fix would be a broadband, perhaps software radio, which listened on the frequency bands used by RFID tag readers and snooped on the transmissions of tags back to them. Passing the data stream to a package like RFDUMP would allow decoding the visible information in the RFID tags which were detected. First of all, this would allow people to know if they were carrying RFID tagged products unbeknownst to them. Second, a portable sniffer connected to a PDA would identify tagged products in stores, which clients could take to customer service desks and ask to be returned to the shelves because they were unacceptable for privacy reasons. After this happens several tens of thousands of times, it may have an impact, given the razor-thin margins in retailing. Finally, there are “active measures”. These RFID tags have large antennas which are connected to a super-cheap and hence fragile chip. Once we know the frequency it's talking on, why we could…. But you can work out the rest, and since these are all unlicensed radio bands, there may be nothing wrong with striking an electromagnetic blow for privacy.

EMP,
EMP!
Don't you put,
your tag on me!

November 2007 Permalink