Archive for August, 2004

“Help, I’ve fallen and I can’t get funded!”

Tuesday, August 24th, 2004

Actually, these guys did get funding… nearly half a million dollars for an SBIR II grant to prototype a means to monitor toppling elderly:
SBIR Phase II: Automated Monitoring and Alarming for Elder Care

In this case, the technology is machine vision, and not RFID; I’d see these two as competitive, and would posit that the former might be a far better solution to retail store monitoring: rather than have to have all your product carry tags, which may or may not be easily read, in the messy store environment, one can use cheap computers to keep an eye on things, optically. To the extent that RFID is trying to play in “surveillance space,” it’ll be going up against other advancing technologies (we’ve heard that pervasive, item-level tagging might be 7-8 years out… imagine what machine vision ought to be able to do, 7-8 years out), and if item-level tagging is seen primarily justified by security/loss-prevention, the ROI might never appear.

Posted in Technology | Comments Off

“DOD Releases Final RFID Policy”

Friday, August 13th, 2004

The Department of Defense has finalized its RFID policy, regarding case & pallet & high-value item tagging.

Per the article:

The policy also doesn’t require data on the tag to be encrypted. [Assistant Deputy Undersecretary of Defense for Supply Chain Integration Alan] Estevez says one reason is that the information on a passive tag is simply a serial number that means nothing until it’s associated with information in a database, and the second reason is potential enemies should not be able to get close enough to read the tags. “If we have people within 10 feet who are able to read a passive tag—or even 300 feet for an active tag—then we have bigger problems than them knowing what items are in our supply chain,” he says.

But since, also per the article, the tag can be an EPC standard tag, “so consumer packaged goods manufacturers can use the same tags they use for Wal-Mart for the DOD,” those simple serial numbers will have a lot of meaning, and could be used to infer information.

As a former intelligence officer, I think Mr. Estevez should spend a little more time worrying about operational security.

Posted in Policy | Comments Off

“Low-cost ways to ‘foil’ low-tech RFID tags”

Thursday, August 12th, 2004

Ari Juels interviewed on various surveillance and privacy aspects of RFID, including “polite” and “soft” blocking of tag reading.

Posted in Technology | Comments Off

Tagging Prison Inmates

Saturday, August 7th, 2004

Some 44,000 prison inmates to be tagged with RFID in at the Ross Correctional Facility in Chillicothe, Ohio. “Inmates will wear ‘wristwatch-sized’ transmitters that can detect if prisoners have been trying to remove them and send an alert to prison computers.”

Posted in Deployments | 1 Comment »

“RFID Hack Could Allow Retail Fraud”

Wednesday, August 4th, 2004

http://www.eweek.com/article2/0,1759,1628696,00.asp

“LAS VEGAS—A German consultant has released a tool that its creator says will allow modifications of the code stored within RFID tags, theoretically allowing consumers to wreak havoc in future retail deployments.
The RFDump software allows a user equipped with an RFID reader, a laptop or PDA, and a power supply to rewrite the data stored in ISO 15693 tags, the most common tags used to host the EPC (Electronic Product Code) information traditionally stored in bar codes.
…”

But no one said that deployment of RFID would be simple…

Nothing particularly surprising here: tags exposed to potential abuse (e.g., reprogramming by malicious parties) will need to be secured, whether by virtue of being read-only, or passworded, etc.

Posted in Technology | Comments Off