An EPC RFID tag used for Wal-Mart

Radio Frequency Identification (RFID) is an automatic identification method, relying

on storing and remotely retrieving data using devices called RFID tags or transponders.
An RFID tag is a small object that can be attached to or incorporated into a product,
animal, or person. RFID tags contain silicon chips and antennas to enable them to receive
and respond to radio-frequency queries from an RFID transceiver. Passive tags require no
internal power source, whereas active tags require a power source.

Contents
[hide]

• 1 History of RFID tags

• 2 Types of RFID tags
o 2.1 Passive
o 2.2 Semi-passive
o 2.3 Active
• 3 The RFID system
• 4 Current usage
o 4.1 RFID in inventory systems
o 4.2 RFID mandates
o 4.3 Human implants
• 5 Potential uses
o 5.1 Gen 2
o 5.2 Patient identification
• 6 Regulation and standardization
• 7 RFID Legislation
• 8 Controversy
o 8.1 Passports
o 8.2 Driver's licenses
o 8.3 Religious Reaction to RFID
o 8.4 Vulnerabilities
• 9 See also
• 10 References
• 11 External Links

[edit]
History of RFID tags

An RFID tag used for electronic toll collection

In 1945 Léon Theremin invented an espionage tool for the Soviet government which
retransmitted incident radio waves with audio information. Even though this device was a
passive covert listening device, not an identification tag, it has been attributed as the first
known device and a predecessor to RFID technology. The technology used in RFID has
been around since the early 1920s according to one source (although the same source
states that RFID systems have been around just since the late 1960s) [1][2].

A more similar technology, the IFF transponder, was invented by the British in 1939 [1],
and was routinely used by the allies in World War II to identify airplanes as friend or foe.

Another early work exploring RFID is the landmark 1948 paper by Harry Stockman,
titled "Communication by Means of Reflected Power" (Proceedings of the IRE, pp 1196–
1204, October 1948). Stockman predicted that "...considerable research and development
work has to be done before the remaining basic problems in reflected-power
communication are solved, and before the field of useful applications is explored."

Mario Cardullo claims that his U.S. Patent 3,713,148 in 1973 was the first true ancestor
of modern RFID; a passive radio transponder with memory. [2] The first demonstration
of today's reflected power (backscatter) RFID tags was done at the Los Alamos Scientific
Laboratory in 1973. [3]

[edit]

Types of RFID tags

RFID tags can be either passive, semi-passive (also known as semi-active), or active.

[edit]

Passive
Passive RFID tags have no internal power supply. The minute electrical current induced
in the antenna by the incoming radio frequency signal provides just enough power for the
CMOS integrated circuit (IC) in the tag to power up and transmit a response. Most
passive tags signal by backscattering the carrier signal from the reader. This means that
the aerial (antenna) has to be designed to both collect power from the incoming signal
and also to transmit the outbound backscatter signal. The response of a passive RFID tag
is not just an ID number (GUID); the tag chip can contain nonvolatile EEPROM for
storing data. Lack of an onboard power supply means that the device can be quite small:
commercially available products exist that can be embedded under the skin. As of 2006,
the smallest such devices measured 0.15 mm × 0.15 mm, and are thinner than a sheet of
paper (7.5 micrometers).[4] The addition of the antenna creates a tag that varies from the
size of postage stamp to the size of a post card. Passive tags have practical read distances
ranging from about 2 mm (ISO 14443) up to a few meters (EPC and ISO 18000-6)
depending on the chosen radio frequency and antenna design/size. Due to their simplicity
in design they are also suitable for manufacture with a printing process for the antennas.
Passive RFID tags do not require batteries, and can be much smaller and have an
unlimited life span. Non-silicon tags made from polymer semiconductors are currently
being developed by several companies globally. Simple laboratory printed polymer tags
operating at 13.56 MHz were demonstrated in 2005 by both PolyIC (Germany) and
Philips (The Netherlands). If successfully commercialized, polymer tags will be roll
printable, like a magazine, and much less expensive than silicon-based tags.

[edit]

Semi-passive

Semi-passive RFID tags are very similar to passive tags except for the addition of a small
battery. This battery allows the tag IC to be constantly powered, which removes the need
for the aerial to be designed to collect power from the incoming signal. Aerials can
therefore be optimized for the backscattering signal. Semi-passive RFID tags are thus
faster in response, though less reliable and powerful than active tags.

[edit]

Active

Unlike passive RFID tags, active RFID tags have their own internal power source which
is used to power any ICs that generate the outgoing signal. Active tags are typically much
more reliable (e.g. fewer errors) than passive tags due to the ability for active tags to
conduct a "session" with a reader. Active tags, due to their onboard power supply, also
transmit at higher power levels than passive tags, allowing them to be more effective in
"RF challenged" environments like water (including humans/cattle, which are mostly
water), heavy metal (shipping containers, vehicles), or at longer distances. Many active
tags have practical ranges of hundreds of meters, and a battery life of up to 10 years.
Some active RFID tags include sensors such as temperature logging which have been
used in concrete maturity monitoring or to monitor the temperature of perishable goods.
Other sensors that have been married with active RFID include humidity,
shock/vibration, light, radiation, temperture and atmospherics like ethylene. Active tags
typically have much longer range (approximately 300 feet) and larger memories than
passive tags, as well as the ability to store additional information sent by the transceiver.
The United States Department of Defense has successfully used active tags to reduce
logistics costs and improve supply chain visibility for more than 15 years. At present, the
smallest active tags are about the size of a coin and sell for a few dollars.

[edit]

The RFID system

An RFID system may consist of several components: tags, tag readers, edge servers,
middleware, and application software.

The purpose of an RFID system is to enable data to be transmitted by a mobile device,

called a tag, which is read by an RFID reader and processed according to the needs of a
particular application. The data transmitted by the tag may provide identification or
location information, or specifics about the product tagged, such as price, color, date of
purchase, etc. The use of RFID in tracking and access applications first appeared during
the 1980s. RFID quickly gained attention because of its ability to track moving objects.
As the technology is refined, more pervasive and possibly invasive uses for RFID tags
are in the works.

In a typical RFID system, individual objects are equipped with a small, inexpensive tag.
The tag contains a transponder with a digital memory chip that is given a unique
electronic product code. The interrogator, an antenna packaged with a transceiver and
decoder, emits a signal activating the RFID tag so it can read and write data to it. When
an RFID tag passes through the electromagnetic zone, it detects the reader's activation
signal. The reader decodes the data encoded in the tag's integrated circuit (silicon chip)
and the data is passed to the host computer. The application software on the host
processes the data, often employing Physical Markup Language (PML).

Take the example of books in a library. Security gates can detect whether or not a book
has been properly checked out of the library. When users return items, the security bit is
re-set and the item record in the Integrated library system is automatically updated. In
some RFID solutions a return receipt can be generated. At this point, materials can be
roughly sorted into bins by the return equipment. Inventory wands provide a finer detail
of sorting. This tool can be used to put books into shelf-ready order.

[edit]

Current usage
 • The Canadian Cattle Identification Agency began using RFID tags as a
replacement for barcode tags. The tags are required to identify a bovine's herd of
origin and this is used for trace-back when a packing plant condemns a carcass.
Currently CCIA tags are used in Wisconsin and by US farmers on a voluntary
basis. The USDA is currently developing its own program.

• In the UK, systems for prepaying for unlimited public transport have been
devised, making use of RFID technology. The design is embedded in a creditcard-
like pass, that when scanned reveals details of whether the pass is valid, and for
how long the pass will remain valid. The first company to implement this is the
NCT company of Nottingham City, where the general public affectionately refer
to them as "beep cards". It's also the case with "Navigo" pass in Paris public
transport system (RATP).

RFID tags used in libraries: square book tag, round CD/DVD tag and rectangular VHS
tag.

• High-frequency RFID tags are used in library book or bookstore tracking, pallet
tracking, building access control, airline baggage tracking, and apparel and
pharmaceutical item tracking. High-frequency tags are widely used in
identification badges, replacing earlier magnetic stripe cards. These badges need
only be held within a certain distance of the reader to authenticate the holder. The
American Express Blue credit card now includes a high-frequency RFID tag.

• UHF RFID tags are commonly used commercially in case, pallet, and shipping
container tracking, and truck and trailer tracking in shipping yards.

• Microwave RFID tags are used in long range access control for vehicles.

• RFID tags are used for electronic toll collection at toll booths with Georgia's
Cruise Card, California's FasTrak, Illinois' I-Pass, the expanding eastern states' E-
ZPass system, Florida's SunPass, Massachusett's Fast Lane, North Texas NTTA
and Houston HCTRA EZ Tag, The "Cross-Israel Highway" (Highway 6),
Philippines South Luzon Expressway E-Pass, Brisbane's Gateway Motorway E-
 Toll in Australia, Central Highway (Autopista Central) in Chile and all highways
in Portugal (Via Verde, the first system in the world to span the entire network of
tolls) and France (Liber-T system). The tags are read remotely as vehicles pass
through the booths, and tag information is used to debit the toll from a prepaid
account. The system helps to speed traffic through toll plazas as it records the
date, time, and billing data for the RFID vehicle tag.

• Sensors such as seismic sensors may be read using RFID transceivers, greatly
simplifying remote data collection.

• In January 2003, Michelin began testing RFID transponders embedded into tires.
After a testing period that is expected to last 18 months, the manufacturer will
offer RFID-enabled tires to car makers. Their primary purpose is tire-tracking in
compliance with the United States Transportation, Recall, Enhancement,
Accountability and Documentation Act (TREAD Act).

• Some smart cards embedded with RFID chips are used as electronic cash, e.g.
SmarTrip in Washington, DC, USA, EasyCard in Taiwan, Suica in Japan, T-
Money in South Korea, Octopus Card in Hong Kong, and the Netherlands and
Oyster Card on the London Underground in the United Kingdom to pay fares in
mass transit systems and/or retails. The Chicago Transit Authority recently began
using RFID technology in their Chicago Card.

• Starting with the 2004 model year, a Smart Key/Smart Start option became
available to the Toyota Prius. Since then, Toyota has been introducing the feature
on various models around the world under both the Toyota and Lexus brands,
including the Toyota Avalon (2005 model year), Toyota Camry (2007 model
year), and the Lexus GS (2006 model year). The key uses an active RFID circuit
which allows the car to acknowledge the key's presence within approximately 3
feet of the sensor. The driver can open the doors and start the car while the key
remains in a purse or pocket.

• In August 2004, the Ohio Department of Rehabilitation and Correction (ODRH)

approved a $415,000 contract to evaluate the personnel tracking technology of
Alanco Technologies. Inmates will wear wristwatch-sized transmitters that can
detect if prisoners have been trying to remove them and send an alert to prison
computers. This project is not the first such rollout of tracking chips in US
prisons. Facilities in Michigan, California and Illinois already employ the
technology.

• A number of ski resorts, particularly in the French Alps, have adopted RFID tags
to provide skiers hands-free access to ski lifts.

[edit]
RFID in inventory systems

An advanced automatic identification technology such as the Auto-ID system based on

the Radio Frequency Identification (RFID) technology has two values for inventory
systems. First, the visibility provided by this technology allows an accurate knowledge on
the inventory level by eliminating the discrepancy between inventory record and physical
inventory. Second, the RFID technology can prevent or reduce the sources of errors.
Benefits of using RFID include the reduction of labor costs, the simplification of business
processes and the reduction of inventory inaccuracies.

[edit]

RFID mandates

Wal-Mart and the United States Department of Defense have published requirements that
their vendors place RFID tags on all shipments to improve supply chain management.
[5]. Due to the size of these two organizations, their RFID mandates impact thousands of
companies worldwide. The deadlines have been extended several times because many
vendors face significant difficulties implementing RFID systems. In practice, the
successful read rates currently run only 80%, due to radio wave attenuation caused by the
products and packaging. In time it is expected that even small companies will be able to
place RFID tags on their outbound shipments.

Since January, 2005, Wal-Mart has required its top 100 suppliers to apply RFID labels to
all shipments. To meet this requirement, vendors use RFID printer/encoders to label cases
and pallets that require EPC tags for Wal-Mart. These smart labels are produced by
embedding RFID inlays inside the label material, and then printing bar code and other
visible information on the surface of the label.

[edit]

Human implants

Hand with the planned location of the RFID chip

Just after the operation to insert the RFID tag was completed

Implantable RFID chips designed for animal tagging are now being used in humans. An
early experiment with RFID implants was conducted by British professor of cybernetics
Kevin Warwick, who implanted a chip in his arm in 1998. Night clubs in Barcelona,
Spain and in Rotterdam, The Netherlands, use an implantable chip to identify their VIP
customers, who in turn use it to pay for drinks [6].

In 2004, the Mexican Attorney General's office implanted 18 of its staff members with
the Verichip to control access to a secure data room. (This number has been variously
mis-reported as 160 or 180 staff members, though the correct number is actually 18. [7])

Security experts are warning against using RFID for authenticating people due to the risk
of Identity Theft. For instance a Mafia Fraud Attack would make it possible for an
attacker to steal the identity of a person in real-time. Due to the resource-constraints of
RFIDs it is virtually impossible to protect against such attack models as this would
require complex distance-binding protocols.

[edit]

Potential uses
RFID tags are often envisioned as a replacement for UPC or EAN barcodes, having a
number of important advantages over the older barcode technology. They may not ever
completely replace barcodes, due in part to their higher cost and in other part to the
advantage of more than one independent data source on the same object. The new EPC,
along with several other schemes, is widely available at reasonable cost.

The storage of data associated with tracking items will require many terabytes on all
levels. The escape is filtering, as nobody will save data without defined purpose. It is
likely that goods will be tracked preferably by the pallet using RFID tags, and at package
level with Universal Product Code (UPC) or EAN from unique barcodes.

The unique identity in any case is a mandatory requirement for RFID tags, despite special
choice of the numbering scheme. RFID tag data capacity is big enough that any tag will
have a unique code, while current bar codes are limited to a single type code for all
instances of a particular product. The uniqueness of RFID tags means that a product may
be individually tracked as it moves from location to location, finally ending up in the
consumer's hands. This may help companies to combat theft and other forms of product
loss. Moreover, the tracing back of products is an important feature that gets well
supported with RFID tags containing not just a unique identity of the tag but also the
serial number of the object. This may help companies to cope with quality deficiencies
and resulting recall campaigns, but also contributes to concern over post-sale tracking
and profiling of consumers.

It has also been proposed to use RFID for POS store checkout to replace the cashier with
an automatic system which needs no barcode scanning. However this is not likely to be
possible without a significant reduction in the cost of current tags and changes in the
operational process around POS. There is some research taking place, however, this is
some years from reaching fruition.

Active RFID tags also have the potential to function as low-cost remote sensors that
broadcast telemetry back to a base station. Applications could include sensing of road
conditions by implanted beacons, weather reports, and noise level monitoring.

[edit]

Gen 2

GS1 and GS1 US operate the joint venture EPCglobal. EPCglobal is working on
international standards for the use of RFID and the EPC in the identification of any item
in the supply chain for companies worldwide. The organization's board of governors
includes representatives from GS1, GS1 US, The Gillette Company, Procter & Gamble,
Wal-Mart, Hewlett-Packard, Johnson & Johnson, Checkpoint Systems and Auto-ID Labs
and others.

The EPCglobal gen 2 standard was approved in December 2004, and is likely to form the
backbone of RFID tag standards moving forward. This was approved after a contention
from Intermec that the standard may infringe a number of their RFID related patents. It
was decided that the standard itself did not infringe their patents, but it may be necessary
to pay royalties to Intermec if the tag were to be read in a particular manner. EPC Gen2 is
short for EPCglobal UHF Generation 2. EPC standardisation is headed to become
adopted by ISO, e.g. in accordance with complementary standardisation based on the ISO
standard 18000-6.

[edit]

Patient identification

In July 2004, the Food and Drug Administration issued a ruling that essentially begins a
final review process that will determine whether hospitals can use RFID systems to
identify patients and/or permit relevant hospital staff to access medical records. The use
of RFID to prevent mixups between sperm and ova in IVF clinics is also being
considered [8].
In October 2004, the FDA approved the country's first RFID chips that can be implanted
in humans. The 134 kHz RFID chips, from VeriChip Corp., a subsidiary of Applied
Digital Solutions Inc., can incorporate personal medical information and could save lives
and limit injuries from errors in medical treatments, according to the company. The FDA
approval was disclosed during a conference call with investors. Shortly after the
approval, authors and anti-RFID activists Katherine Albrecht and Liz McIntyre
discovered a warning letter from the FDA that spelled out serious health risks associated
with the VeriChip. According to the FDA, these include "adverse tissue reaction,"
"migration of the implanted transponder," "failure of implanted transponder," "electrical
hazards" and "magnetic resonance imaging [MRI] incompatibilty."

Some in-home uses, such as allowing a refrigerator to track the expiration dates of the
food it contains, have also been proposed, but few have moved beyond the prototype
stage.

[edit]

Regulation and standardization

There is no global public body that governs the frequencies used for RFID. In principle,
every country can set its own rules for this. The main bodies governing frequency
allocation for RFID are:

• USA: FCC (Federal Communications Commission)

• Canada: DOC (Department of Communication)
• Europe: ERO, CEPT, ETSI, and national administrations (note that the national
administrations must ratify the usage of a specific frequency before it can be used
in that country)
• Japan: MPHPT (Ministry of Public Management, Home Affairs, Post and
Telecommunication)
• China: Ministry of Information Industry
• Australia: Australian Communications and Media Authority.
• New Zealand: Ministry of Economic Development

Low-frequency (LF: 125 - 134.2 kHz and 140 - 148.5 kHz) and high-frequency (HF:
13.56 MHz) RFID tags can be used globally without a license. Ultra-high-frequency
(UHF: 868 MHz-928 MHz) cannot be used globally as there is no single global standard.
In North America, UHF can be used unlicensed for 908 - 928 MHz, but restrictions exist
for transmission power. In Europe, UHF is under consideration for 865.6 - 867.6 MHz.
Its usage is currently unlicensed for 869.40 - 869.65 MHz only, but restrictions exist for
transmission power. The North American UHF standard is not accepted in France as it
interferes with its military bands. For China and Japan, there is no regulation for the use
of UHF. Each application for UHF in these countries needs a site license, which needs to
be applied for at the local authorities, and can be revoked. For Australia and New
Zealand, 918 - 926 MHz are unlicensed, but restrictions exist for transmission power.

These frequencies are known as the ISM bands (Industrial Medical Scientific). The return
signal of the tag may still cause interference for other radio users [9].

Some standards that have been made regarding RFID technology include:

• ISO 11784 & 11785 - These standards regulate the Radio frequency identification
of animals in regards to Code Structure and Technical concept
• ISO 14223/1 - Radio frequency identification of Animals, advanced transponders
- Air interface
• ISO 10536
• ISO 14443
• ISO 15693
• ISO 18000
• EPCglobal - this is the standardization framework that is most likely to undergo
International Standardisation according to ISO rules as with all sound standards in
the world, unless residing with limited scope, as customs regulations, air-traffic
regulations and others. Currently the big distributors and governmental customers
are pushing EPC heavily as a standard well accepted in their community, but not
yet regarded as for salvation to the rest of the world.

A primary security concern surrounding RFID technology is the illicit tracking of RFID
tags. Tags which are world-readable pose a risk to both personal location privacy and
corporate/military security. Such concerns have been raised with respect to the United
States Department of Defense's recent adoption of RFID tags for supply chain
management [10]. More generally, privacy organizations have expressed concerns in the
context of ongoing efforts to embed electronic product code (EPC) RFID tags in
consumer products.

A second class of defense uses cryptography to prevent tag cloning. Some tags use a form
of "rolling code" scheme, wherein the tag identifier information changes after each scan,
thus reducing the usefulness of observed responses. More sophisticated devices engage in
challenge-response protocols where the tag interacts with the reader. In these protocols,
secret tag information is never sent over the insecure communication channel between tag
and reader. Rather, the reader issues a challenge to the tag, which responds with a result
computed using a cryptographic circuit keyed with some secret value. Such protocols
may be based on symmetric or public key cryptography. Cryptographically-enabled tags
typically have dramatically higher cost and power requirements than simpler equivalents,
and as a result, deployment of these tags is much more limited. This cost/power limitation
has led some manufacturers to implement cryptographic tags using substantially
weakened, or proprietary encryption schemes, which do not necessarily resist
sophisticated attack. For example, the Exxon-Mobil Speedpass uses a cryptographically-
enabled tag manufactured by Texas Instruments, called the Digital Signature Transponder
(DST), which incorporates a weak, proprietary encryption scheme to perform a
challenge-response protocol.

Still other cryptographic protocols attempt to achieve privacy against unauthorized

readers, though these protocols are largely in the research stage. One major challenge in
securing RFID tags is a shortage of computational resources within the tag. Standard
cryptographic techniques require more resources than are available in most low cost
RFID devices. RSA Security has patented a prototype device that locally jams RFID
signals by interrupting a standard collision avoidance protocol, allowing the user to
prevent identification if desired. [11]. Various policy measures have also been proposed,
such as marking RFID tagged objects with an industry standard label.

[edit]

RFID Legislation
• California – SB1834

PURPOSE: Restrict the way businesses and libraries in California use RFID tags
attached to consumer products or using an RFID reader that could be used to
identify an individual.
Defeated by members of the California state assembly on June 25, 2005.

• Massachusetts – HB 1447, SB 181

PURPOSE: Requires labels regarding use and purpose of RFID on consumer

products; requires the ability to remove tags; and restricts info on tags to
inventory and like purposes.

• Maryland – HB 354

PURPOSE: Creates a task force to study privacy and other issues related to RFID
and report on whether legislation is needed.

• Missouri – SB 128

PURPOSE: Requires a conspicuous label on consumer packaging with RFID

disclosing existence of the tag and that the tag can transmit a unique ID before
and after purchase.

• Nevada – AB 264

PURPOSE: Requires manufacturers, retailers and others to ensure placement of a

label regarding existence of RFID on product prior to sale.
 • New Hampshire – HB 203

PURPOSE: Requires written or verbal notice of existence of a tracking device on

any product prior to sale.

• New Mexico – HB 215

PURPOSE: Requires businesses purveying tagged items to post notices on their

premises and labels on the products; requires removal or deactivation of tag at
point of sale.

• Rhode Island – H 5929

PURPOSE: Prohibits state or local government from using RFID to track

movement or identity of employees, students or clients or others as a condition of
a benefit or service.

• South Dakota – HB 1114

PURPOSE: Prohibits requiring a person to receive implant of an RFID chip.

• Tennessee – HB 300, SB 699

PURPOSE: Requires conspicuous labeling of goods containing RFID disclosing

existence of RFID and that it can transmit unique information.

• Texas – HB 2953

PURPOSE: Prohibits school district from requiring student to use an RFID device
for identification; requires school to provide alternative method to those who
object to RFID.

• Utah – HB 185

PURPOSE: Amends computer crime law to include RFID.

• Wisconsin – Assembly Bill 291

PURPOSE: Prohibits anyone, including employers or government agencies, from

requiring people to have microchips implanted in them. Violators would face
fines of up to $10,000.
[edit]

Controversy
 How would you like it if, for instance, one day you realized your underwear was
reporting on your whereabouts?
— California State Senator Debra Bowen, at a 2003 hearing [12]

The use of RFID technology has engendered considerable controversy and even product
boycotts by consumer privacy advocates such as Katherine Albrecht and Liz McIntyre of
CASPIAN who refer to RFID tags as "spychips". The four main privacy concerns
regarding RFID are:

• The purchaser of an item will not necessarily be aware of the presence of the tag
or be able to remove it;
• The tag can be read at a distance without the knowledge of the individual;
• If a tagged item is paid for by credit card or in conjunction with use of a loyalty
card, then it would be possible to tie the unique ID of that item to the identity of
the purchaser; and
• The EPCglobal system of tags create, or are proposed to create, globally unique
serial numbers for all products, even though this creates privacy problems and is
completely unnecessary for most applications.

Most concerns revolve around the fact that RFID tags affixed to products remain
functional even after the products have been purchased and taken home, and thus can be
used for surveillance and other nefarious purposes unrelated to their supply chain
inventory functions. Although RFID tags are only officially intended for short-distance
use, they can be interrogated from greater distances by anyone with a high-gain antenna,
potentially allowing the contents of a house to be scanned at a distance, something
distinctly Orwellian in nature. Even short range scanning is a concern if all the items
detected are logged in a database every time a person passes a reader, or if it is done for
nefarious reasons (e.g., a mugger using a hand-held scanner to obtain an instant
assessment of the wealth of potential victims). With permanent RFID serial numbers, an
item leaks unexpected information about a person even after disposal; for example, items
that are resold or given away can enable mapping of a person's social network.

Another privacy issue is due to RFID's support for a singulation (anti-collision) protocol.
This is the means by which a reader enumerates all the tags responding to it without them
mutually interfering. The structure of the most common version of this protocol is such
that all but the last bit of each tag's serial number can be deduced by passively
eavesdropping on just the reader's part of the protocol. Because of this, whenever RFID
tags are near to readers, the distance at which a tag's signal can be eavesdropped is
irrelevant; what counts is the distance at which the much more powerful reader can be
received. Just how far this can be depends on the type of the reader, but in the extreme
case some readers have a maximum power output of 4 W, enabling signals to be received
from tens of kilometres away.[citation needed]

Technical note: the anti-collision scheme of ISO 15693 will render this rather
implausible. To eavesdrop on the reader part of the protocol - and gather the 63 least
significant bits of a uid - would require the reader to send a mask value of 63 bits. This
can only happen when the reader detects a collision up to the 63rd bit. In other words:
One can eavesdrop on the transmitted mask-value of the reader, but for the reader to
transmit a 63 bit mask-value requires two tags with identical least significant 63 bits. The
probability of this happening must be near zero. I.e. the eavesdropper needs two virtually
identical tags to be read at the same time by the reader in question.

The potential for privacy violations with RFID was demonstrated by its use in a pilot
program by the Gillette Company, which conducted a "smart shelf" test at a Tesco in
Cambridge, England. They automatically photographed shoppers taking RFID-tagged
safety razors off the shelf, to see if the technology could be used to deter shoplifting. [13]
This trial resulted in consumer boycott against Gillette. There was also a protest of Tesco.
A boycott against Tesco for its involvement with item-level RFID tagging has been in
effect since early 2005.

In another incident, uncovered by the Chicago Sun-Times, shelves in a Wal-Mart in

Broken Arrow, Oklahoma, were equipped with readers to track the Max Factor Lipfinity
lipstick containers stacked on them. Webcam images of the shelves were viewed 750
miles (1200 km) away by Procter & Gamble researchers in Cincinnati, Ohio, who could
tell when lipsticks were removed from the shelves and observe the shoppers in action.

In January 2004 privacy advocates from CASPIAN and the German privacy group
FoeBuD were invited to the METRO Future Store in Germany, where an RFID pilot
project was implemented. It was uncovered by accident that METRO "Payback"
customer loyalty cards contained RFID tags with customer IDs, a fact that was disclosed
neither to customers receiving the cards, nor to this group of privacy advocates. This
happened despite assurances by METRO that no customer identification data was tracked
and all RFID usage was clearly disclosed. [14]

The controversy was furthered by the accidental exposure of a proposed Auto-ID

consortium public relations campaign that was designed to "neutralize opposition" and
get consumers to "resign themselves to the inevitability of it" whilst merely pretending to
address their concerns. [15]

The standard proposed by EPCglobal includes privacy related guidelines for the use of
RFID-based EPC. These guidelines include the requirement to give consumers clear
notice of the presence of EPC and to inform them of the choice that they have to discard,
disable or remove EPC tags. These guidelines are non-binding, and only partly comply
with the joint statement of 46 multinational consumer rights and privacy groups.

In 2004, Lukas Grunwald released a computer program RFDump which with suitable
hardware allows reading and reprogramming the metadata contained in an RFID tag,
although not the unchangeable serial number built into each tag. He said consumers could
use this program to protect themselves, although it would also have significant malicious
uses.

[edit]
Passports

A number of countries have begun to embed RFID devices in new biometric passports, to
facilitate efficient machine reading of personal data. Security expert Bruce Schneier said
of these proposals: "It's a clear threat to both privacy and personal safety. Quite simply,
it's a bad idea." The RFID-enabled passport uniquely identifies its holder, and in the
proposal currently under consideration, will also include a variety of other personal
information. This could greatly simplify some of the abuses of RFID technology, and
expand them to include abuses based on machine reading of data such as a person's
nationality. For example, a mugger operating near an airport could target victims who
have arrived from wealthy countries, or a terrorist could design a bomb which functioned
when approached by persons from a particular country.

The US State Department initially rejected these concerns on the grounds that they
believed the chips could only be read from a distance of 10 cm (4 in), but in the face of
2,400 critical comments from security professionals, and a clear demonstration that
special equipment can read the test passports from 10 m (33 feet) away, the proposal was
reviewed. RFID passports will start to be issued in mass distribution in October 2006.[16]
In November 2005, the State Department stated that as of October 2006 all new US
passports will contain RFID chips with some security features. The passports will be
shielded to prevent skimming. The department will also implement Basic Access Control
(BAC), which functions as a Personal Identification Number (PIN) in the form of
characters printed on the passport data page. Before a passport's tag can be read, this PIN
must be entered into an RFID reader. The BAC also enables the encryption of any
communication between the chip and interrogator [17].

The Pakistan Passport Authority has started issuing passports with RFID tags.

The Norwegian Passport authority has also issued passports with RFID tags, and was
criticized by the Norwegian Data Inspectorate Department because of their lack of
implementing any security features. As of November 2005 only a handful of passports
have been issued [18].

The Malaysian Passport Authority has started using passports with RFID tags since early
2000.

The New Zealand government introduced chipped passports on 4 November 2005 after
trials with pilots from the United States in association with Australia. All new passports
issued by New Zealand will contain these chips.

France is to start issuing biometric identity cards on 17 April 2006.

[edit]

Driver's licenses
The US state of Virginia has considered putting RFID`S tag into driver's licenses
ostensibly to make lookups faster for police officers and other government officials. The
Virginia General Assembly also hopes that by including the tags, false identity
documents would become much harder to obtain. The proposal was first introduced in the
"Driver's License Modernization Act" of 2002, which was not enacted, but as of 2004 the
concept was still under consideration.

The idea was prompted by the fact that some of the September 11 hijackers held
fraudulent Virginia driver's licenses. However the American Civil Liberties Union has
noted that in addition to being a risk to privacy and liberty, the RFID proposal would not
have hindered the hijackers, since the false documents they carried were valid, officially
issued documents obtained with other false identification. The weakness in the system is
not failure to validate documents in the field, but failure to verify identity before issuing
them.

[edit]

Religious Reaction to RFID

There has been discussion by members of the Christian community, especially Christian
anarchists, that RFID tagging could represent the mark of the beast mentioned
specifically in the Book of Revelation (see Revelation 13:16). This subject is studied by
those Christians interested in the fields of eschatology (last things) and dispensationalism.
Previously, other forms of identification such as credit cards and UPC codes had been
suggested as candidates for the mark. [19] [20] [21]

While the exact Mark of the Beast used in the Left Behind series was not fully explained,
the implanted chip exhibited behavior similar to a RFID tag.

[edit]

Vulnerabilities

• The New York Times reported on new research showing how RFID tags could be
"infected" with computer viruses. "RFID malware is a Pandora's box...," the
Times quotes from the study available at www.rfidvirus.org.
• The Wall Street Journal reported on the privacy implications of RFID technology
in consumer cards and passports. The article refers to RFID Blocking Wallets
which are "designed to shield radio chip bank card[s] from being read without
[the consumer's] knowledge" as a method of ensuring security.
• Security expert Bruce Schneier reports on a Weizmann Institute of Science study
suggesting "so-called 'wallet phones' will be capable of attacking HF tags"
through power analysis attack.
• Wired Magazine reported that current encryption and security measures used by
RFID devices are grievously inadequate. Currently, it is very easy to steal and/or
modify the data contained on most RFID chips.
[edit]

See also

Wikimedia Commons has media related to:

Radio Frequency Identification

• Ubiquity
• WiBro
• Electronic tagging
• Mass surveillance

[edit]

References
1. ^ Dargan, Gaurav; Johnson,Brian; Panchalingam, Mukunthan; Stratis, Chris
(2004). The Use of Radio Frequency Identification as a Replacement for
Traditional Barcoding. URL accessed on 2006-05-31.
2. ^ Landt, Jerry (2001). Shrouds of Time: The history of RFID. (PDF) AIM, Inc..
URL accessed on 2006-05-31.

[edit]

External Links
• RFID Journal
• RFID Law Blog

Retrieved from "http://en.wikipedia.org/wiki/Radio_Frequency_Identification"