RFID, its implications and how to defeat
Imagine a future in which your every belonging is marked with a unique number identifiable with the swipe of a scanner, where the location of your car is always pinpoint-able and where signal-emitting microchips storing personal information are implanted beneath your skin or embedded in your inner organs.
This is the possible future of radio frequency identification (RFID), a technology whose application has so far been limited largely to supply-chain management (enabling companies, for example, to keep track of the quantity of a given product they have in stock) but is now being experimented with for passport tracking, among other things. RFID is set to be applied in a whole range of consumer settings. Already being tested in products as innocuous as shampoo, lip balm, razor blades, clothing, and cream cheese, RFID-enabled items are promoted by retailers and marketers as the next revolution in customer convenience. Consumer advocates say this is paving the way for a nightmarish future where personal privacy is a quaint throwback.
How RFID works
There are two types of RFID tags: active and passive. When most people talk about RFID, they talk about passive tags, in which a radio frequency is sent from a transmitter to a chip or card which has no power cell per se, but uses the transmitted signal to power itself long enough to respond with a coded identifier. This numeric identifier carries no information other than a unique number, but keyed against a database that associates that number with other data, the RFID tag's identifier can evoke all information in the database keyed to that number.
An active tag has its internal power source and can store as well as send even more detailed information.
The RFID value chain involves three parts: the tags, the readers and the application software that powers these systems. From there, the data generated by the application software can interface with other systems used in an enterprise, or, if they obtain the information or collect it themselves, conceivably by governments or more nefarious organizations.
Where it’s used today
Global companies such as Gillette, Phillips, Procter & Gamble, Wal-Mart and others see huge savings to be made from the use of RFID, and there are numerous pilot projects underway which is indicating savings in supply chains as well as the ability to add value to both product owner, product reseller and customer.
But they’re just pilots, mostly. RFID is a long way from being everywhere, so far. Pharmaceutical tracking has long been held out as one of the flagship applications of RFID in the short term, yet just some 10 medications are expected to be tagged using RFID technology on a large scale in the U.S. during 2006, analysts predict. Slow roll-outs are contrasting sharply with the optimism of a year ago when evidence suggested tripling or even quadrupling of RFID for consumer goods tracking. Why? Uncertainty over pending legislation. There is a complex mixture of federal and new state laws (in particular Florida and California) intended to combat drug theft and counterfeiting that have implications for RFID. The details are still being worked out.
Where it’s likely to be used tomorrow
Depending on which analysts you believe, the market for RFID technology will represent between 1.5 and 30 Billion USD by the year 2010. Analyst firm IDTechEx, which tracks the RFID industry, believes more than 585 billion tags will be delivered by 2016. Among the largest growth sectors, IDTechEx foresees the tagging of food, books, drugs, tires, tickets, secure documents (passports and visas), livestock, baggage and more.
Buses and subways in some parts of the world are being equipped with RFID readers, ready for multi-application e-tickets. These are expected to make things easier for the commuter, and help stem the fraud from the current paper-ticket system. However, the biggest problem facing rollouts of RFID for commercial micropayment tracking is not technical but involves agreeing on the fees charged by the clearinghouse and how credit from lost and discarded tickets will be divided.
One of the highest-profile uses of RFID will be passport tracking. Since the terrorist attacks of 2001, the U.S. Department of Homeland Security has wanted the world to agree on a standard for machine-readable passports. Countries whose citizens currently do not have visa requirements to enter the United States will have to issue passports that conform to the standard or risk losing their non-visa status.
American and other passports are being developed that include RFID-based chips which allow the storage of considerable amounts of data such as fingerprints and digitized photographs. In the U.S., these passports are due to start being issued in October of 2006. Early in the development of these passports, there were gaping security holes, such as the capability of being read by any reader, not just the ones at passport control (the upshot of this was that travelers carrying around RFID passports would have been openly broadcasting their identity, making it easy for wrongdoers to easily – and surreptitiously – pick Americans or nationals of other participating countries out of a crowd.)
Those security blunders were initially corrected by adding metal shielding to the passport cover to minimize its readability when closed, dialing back the range of the electronics and adding a special electronic protocol called Basic Access Control (or BAC). This scheme required the passport to be opened and scanned before its data could have been properly interpreted by an RFID receiver. Unfortunately, in early February 2006, Dutch security experts managed to “listen in” on the communications between a prototype BAC-protected passport and a receiver and cracked the protocol. This means the international authority developing this new global passport standard may need to go back to the drawing board as of this writing because ‘bad guys’ could stand in line at passport control and capture passport information. Details of the Dutch hack here.
Implications for privacy seekers
RFID has clear implications for those who are worried about their privacy and safety. Some of them are obvious, and some of them are not.
- Can be read without your knowledge – Since the tags can be read without being swiped or scanned (as is the case with magnetic strips or barcodes), anyone with an RFID tag reader can read the tags embedded in your clothes and other consumer products without your knowledge. For example, you could be scanned before you enter the store, just to see what you are carrying. You might then be approached by a clerk who knows what you have in your backpack or purse and can suggest accessories or other items.
- Can be read greater distances with a high-gain antenna – For various technical reasons, RFID reader/tag systems are designed so that distance between the tag and the reader is kept to a minimum. However, a high-gain antenna can read tags from much further away, leading to privacy problems. Governments or others could punch through privacy screens and keep tabs on people.
- Difficult to remove – RFID tags are hard for consumers to remove; some are very small (less than a half-millimeter square, and as thin as a sheet of paper) - others may be hidden or embedded inside a product where consumers cannot see them. New technologies allow RFID tags to be printed right on a product and may not be removable at all
- Disruptions if maliciously jammed – RF signals can be jammed, which could complicate everyday life if RFID tags became essential. Imagine a central bus or train station, maybe an airport, where suddenly everyone could neither be ID'd or access their cash accounts. A single hour of jamming during morning rush over a large area could cost a large city untold millions of dollars in delayed commerce and transport. It would be worse than a mass-transit strike, and easier to repeat.
- Could be linked to a credit card number – The Universal Product Code (UPC) implemented with barcodes allows each product sold in a store to have a unique number that identifies that product. Work is proceeding on a global system of product identification that would allow each item to have its number. When the item is scanned for purchase and is paid for, the RFID tag number for a particular item can be associated with the credit card number it was purchased with.
- Potential for counterfeit – If an RFID tag is being used to authenticate someone, anyone with access to an RFID reader can easily capture and fake someone else’s unique numeric identifier, and therefore, in essence, their electronic 'signature'. If an RFID-tagged smartcard is used for shopping, for instance, anyone who intercepted and reverse-engineered your number, and programmed another card with it, could make charges on your account.
- Marking for crime – Even after you leave a store, any RFID devices in things you buy are still active. A thief could walk past you in the mall and know exactly what you have in your bags, marking you as a potential victim. Someone could even circle your house with an RFID scanner and pull up data on what you have in your house before robbing it. As a result, there are now discussions of “zombie” RFID tags that expire upon leaving the store and reanimate if the product is ever returned to the store and returned to the supply chain.
- Marking for violence – Military hardware and even clothing are beginning to make use of RFID tags to help track these items through supply chains. RFID is being used today by the U.S. military to track materials in Iraq and Afghanistan. Some analysts are concerned about particular items being associated with high-level officers that could trigger roadside bombs via an RFID scan of cars going by. (Thankfully, RFID tags retained close to the body can rarely be scanned. For instance, UHF tags, the kind being most widely deployed, are virtually unreadable near the body because of its high water content.)
Some have suggested that mobile phones are already as great a threat to privacy as RFID. In the case of mobile phones, information about your whereabouts and calling patterns is regularly available to your service provider, a centralized and highly regulated source of information gathering. An adversary with special-purpose equipment would also have the capability of tracking your mobile phone, but this would require significant expertise and investment. See our separate article "Cell phone hazards".
What makes RFID a more significant privacy threat than mobile phones is the fact that readers will be readily available and ubiquitously deployed. In other words, RFID readers will soon be an accepted element of everyday life, while eavesdropping equipment for mobile phones is unlikely to be.
How to thwart RFID technology
There are a few approaches you can take to thwart RFID tags ... but before you take proactive steps, note that sometimes the very absence of a tag or its signal in places it’s expected could arouse suspicion. For instance, if you’re carrying what is expected to be an RFID-tagged passport and your tag isn’t working, say, you may invite unwanted scrutiny. Be careful about which tags you choose to disrupt.
The simplest, most permanent approach to disable RFID tags is to destroy them. If you can detect them and wish to permanently render them useless, remove them and smash the small chip component with a hammer. If you’re not sure whether a product you own contains a tag, consider putting it in a microwave to destroy the tag if the object is otherwise safe to be microwaved. Be careful with some plastics. Note there have been reports of RFID materials catching fire in microwaves.
If removing the tag is not practical, there are four general ways to disrupt RFID tag detection.
- Blocking – Construct a conductive foil box (even tin foil is good) around the tag. If you are concerned about RFID emissions from work badges, school IDs, new generation drivers licenses, credit cards, and even cash in the future containing RFID tags, buy or make an RFID-proof wallet. RFID wallet project details are easy to find on the Internet.
- Jamming – Since RFID systems make use of the electromagnetic spectrum like wireless networks or cellphones, they are relatively easy to jam using a strong radio signal at the same frequency the tag operates. Although this would only be an inconvenience for consumers in stores (longer waits at the checkout), it could be disastrous in other environments where RFID is increasingly being used, like hospitals, or in military combat situations. Such jamming devices, however, would in most cases violate government regulations on radio emissions. A group of researchers in Amsterdam have theorized that a personal RFID jammer is possible (their paper is linked to from the version of this article that lives at our web site, www.powerprivacy.com) but the device seems only theoretical at this time.
- Repeated interrogation – Active RFID tags that use a battery to increase the range of the system can be repeatedly interrogated to wear the battery down, disrupting the system.
- Popping – Generating a very strong pulse of radiation at the right frequency can cause RFID tags to resonate and break.
What strategy you should pursue depends on what RFID privacy threats.