View stunning SlideShares in full-screen with the new iOS app!Introducing SlideShare for AndroidExplore all your favorite topics in the SlideShare appGet the SlideShare app to Save for Later — even offline
View stunning SlideShares in full-screen with the new Android app!View stunning SlideShares in full-screen with the new iOS app!
Abstract: Radio Frequency Identification is a technology which is rapidly rising in
society today. It is facing major challenges from privacy groups and various security
concerns; there seem to be some critical vulnerabilities in RFID systems that need
addressing. At the same time, RFID can be acknowledged as an aspect of the societies of
control as described by Gilles Deleuze. As the social practices for the technology are being
shaped, people are encouraged to monitor its progress, or preferably participate in it.
Length: 5666 words
Keywords: RFID chips, surveillance, protocol, privacy, security.
Nieuwe Media Analyse
Docent: Jan Simons
Universiteit van Amsterdam
11 Januari 2007
Table of Contents
2. Contemporary uses of RFID in every day life..................................................................................5
3. RFID security, privacy and vulnerability issues...............................................................................8
3.1 RFID Security............................................................................................................................9
3.2 RFID vulnerabilities................................................................................................................10
3.3 RFID Privacy...........................................................................................................................12
3.4 Solutions to privacy and security problems.............................................................................15
4. RFID's place within the Networked Society..................................................................................17
Radio Frequency IDentification chips, or RFID chips1, are silicon chips containing an
antenna. They are used to identify whatever they are attached to. RFID chips can be
divided into active and passive tags – active tags vary from the size of a brick to the size of
a coin – they carry an internal power source and are capable of constantly transmitting
their information, as well as harbouring other functions such as pressure and temperature
meters. Passive tags, which are cheaper and more common, range from the size of a coin to
the size of a grain of sand. The price for standard passive RFID tags is currently about
twenty-five US cents. Industry is working hard to push the price down to five cents per tag.
RFID chips are part of larger RFID systems, which contain readers and back-end
databases. RFID is widely expected to replace the bar code system.
In this essay I will explore the questions “How is RFID used and what is its status
in contemporary society?”
I will try to answer these by listing many of RFID's current uses in the second
chapter, exploring in detail the technical and privacy issues in the third chapter and
placing RFID in a broader philosophical/historical context in the fourth chapter. I will use
the conclusion to evaluate RFID's contemporary status.
1 The terms “RFID chips” and “RFID tags” will be used interchangeably.
2. Contemporary uses of RFID in every day life
Radio Frequency Identification as a technology is not new. It was used in the Second
World War to identify aircraft, i.e. in the identification Friend or Foe (IFF) systems. That
way, people behind the radar screen could tell which planes belonged to which side.
Nowadays it is used primarily in commercial logistics. Critics generally agree that RFID
used in the supply chains of companies are no threat to anyone's privacy, though there are
still security issues that need dealing with and these will be addressed in the next chapter.
The METRO Group Future Store Initiative produced a number of promotional
videos describing the usefulness of RFID in logistics in relation to speed and accuracy.2
RFID quite conclusively has the potential to automate a lot of functions in the supply chain
process that have to be done by hand. The listing, verification, counting, checking, and
sorting of products can be done automatically due to the ability of an RFID system to read
hundreds of tags per second which each one specifying a products' type, manufacturer and
RFID has also been used to track livestock and wildlife 3 as well as the identification
of lost pets. In the case of livestock and wildlife active tags are used which can transmit
data over long distances. In the case of livestock, these tags can help rounding them up,
but also help in determining their health by analysing their movements. Researchers can
use RFID tags on wildlife to study their migrations and behaviour. “Chipped” pets can be
identified and recovered more quickly due to the chips which identify themselves and
could even contain contact information of their owners.
Inmates in California, Michigan, Ohio and Illinois are made to wear bracelets
containing active RFID tags to allow them to be tracked. Their tags are part of an intricate
security system that raises alarms whenever an inmate is where he or she is not supposed
to be. As such, the system allows for greater control and management of prisoners.4
RFID is used in toll systems in various states in the US.5 E-ZPass is the most well
known case; RFID tags are placed inside the windshield or mounted on the front licence
plate of a vehicle. Toll booths register when a tagged car passes and the toll fee is
3 Texas Instruments supply technology for these purposes: http://www.ti.com/rfid/shtml/apps-anim-tracking.shtml
4 Swedberg, Claire. 'L.A. County Jail to Track Inmates'. May 16th, 2005.
5 RFid Gazette. 'RFID Found At Highway Toll Booths' March 23rd, 2005.
subtracted from the driver's account. In some systems cars don't even have to slow down;
as a result, there is no traffic congestion due to manual toll collection.6
Some security systems are based on RFID technology. Readers installed next to
doors determine who can pass or not by means of reading 'smart cards' equipped with
RFID chips. Some cars will only unlock or start if the appropriate RFID tag is nearby. In
one case, a couple unlock their car and their apartment by RFID chips implanted in their
RFID has been implanted into humans in several other cases. A well known
instance is the RFID system used at the Baja Beach Club in Barcelona.8 VIP members use
an implanted chip, produced by Advanced Digital Solutions, to gain access to the club and
to pay for their drinks. Another example of RFID embedded under the skin is VeriMed9, a
chip designed to improve hospital workings by allowing personnel to quickly identify
people who due to their condition are unable to identify themselves. The tags would also
contain information about the patient's medical conditions, allowing medical personnel to
take appropriate action.
Dollar and Euro bills may also already contain RFID tags. In this case it is to
prevent money laundering and counterfeiting. There are several reports10111213 stating that
the technology is ready and the demand by banks and governments is there, however there
are no official statements that RFID has indeed been implemented in bank notes. There
has been a controversy regarding exploding twenty dollar bills when microwaved 14 and a
CNN report15 which states that a number of adjustments to the bank notes are kept secret,
however there is no conclusive evidence of RFID in newly printed currency.
An active RFID chip is used in certain Nike sneakers to monitor how much distance
you have covered, how many calories you have burned and a few other relevant statistics
6 Wikipedia contributors. 'E-Zpass'. Accessed at 10-1-2007. http://en.wikipedia.org/wiki/E-ZPass
7 Excerpt from Good Morning America: http://youtube.com/watch?v=yQo4mGTCALE
8 Losowski, Andrew. 'I've got you under my skin.' June 10th, 2004.
9 VeriMed Patient Identification. http://www.verimedinfo.com/intro.html
10 Yoshida, Junko. 'Euro bank notes to embed RFID chips by 2005'. December 19th 2005.
11 Sun Microsystems. 'RFID Streamlines Processes, Saves Tax Dollars'. 2003.
12 Williams, Martyn. 'RFID tags make it into bank notes.' September 2nd 2003.
13 Yong-Young, Kim. 'Radio ID chips may track bank notes'. May 22nd 2003.
14 Watson, Steve. 'Debunkers Attempt To Discredit Prison Planet/Infowars Over Exploding $20 Bills Story' March 18th
15 Freedman, Jonah. 'The (new) color of money'. March 5th 2003.
to joggers. The chip feeds data to an iPod as you run. Interestingly enough, a few
researchers of the University of Washington have managed to track a person wearing these
sneakers from up to sixty feet away.16 The next chapter will look deeper into these issues
Public transportation in various countries sometimes make use of RFID tags. Oyster
Cards in London, for instance, enable people to “pay as you go”. The RFID knowledge base
of idtechex.com17 contains over three hundred case studies regarding RFID used in public
The main issue that is currently surrounded with a lot of controversy is the
implementation of RFID in the process of human identity verification. RFID tags have
been inserted into passports, both in the United Kingdom and the United States,
containing the name, date of birth and digital photo of the carrier. The chips are used in
these passports to combat counterfeiting. In order to comply with a large amount of
criticism and pressuring from privacy concern groups, the RFID system in and around US
passports carry a lot of security measures to prevent any potential abuse. One of the
measures is Basic Access Control, which is a password lock to the data contained on the
chip that can only be read by authorized readers. Another measure is material used in the
passport's cover that shields the RFID tag when the booklet is closed, preventing any
unauthorized reading except during passport checking at the airport. Many security
experts are still sceptical about the security of the passport, however.18
16 Saponas, T.S, Jonathan Lester, Carl Hartung, Tadayoshi Kohno. 'Devices That Tell On You: The Nike+iPod Sport
Kit'. November 30th 2006,University of Washington, Seattle.
17 IDTechEx. The RFID Knowledgebase. http://rfid.idtechex.com/knowledgebase/en/casestudy.asp?
18 The Wall Street Journal. 'Are E-Passports more secure?' September 29th, 2006.
3. RFID security, privacy and vulnerability issues
The widespread usage of RFID has not gone unnoticed. Privacy groups have pounced and
held on to the issue with remarkable tenacity, and in the case of the US passports it has
had a significant effect, namely the incorporation of security measures regarding its RFID
system. Most of these privacy groups hold the opinion that RFID chips should not be used
in conjunction with human identification or tracking. Some of them insist in calling the
tags “spychips” and stress that governments and corporations plan to use them to track
people.19 The two most basic properties of RFID technology on which most concerns are
• the fact that tags can be read at a distance, without contact
• the fact that any reader can access any tag without knowledge of the tag's owner.
There are basically two kinds of RFID uses that are contested: one is the use of direct
identification of individuals, i.e. tying a unique number to a person that serves as proof of
their identity, usually in combination with biometrics. This implementation of RFID
would serve a government the most in terms of keeping tabs on its population. The other,
more imminent use is the universal tagging of consumer products, causing the fear that
corporations will track customers or build up profiles regarding their preferences.
Subsequently people carrying tagged items could be tracked outside of the store, the
unique ID of the tag becoming a momentary identifier for the person carrying the item. Of
course, the combination of both uses could result in any number of horrible Orwellian
scenarios, when your whereabouts and specific consumption would be permanently
captured in databases and you would be subject to complete monitoring of all aspects of
your life by the powers that be.
Besides these privacy issues, there are concerns for security. RFID implementation
as it is now is susceptible to corporate espionage as well as sabotage. Most current RFID
systems in use today are remarkably insecure. Cloning, skimming, eavesdropping,
disabling, viruses and Denial of Service attacks are all part of the (potential) hazards facing
RFID technology. And although the Food and Drug Administration has approved
19 Democracy Now! 'How Major Corporations and Government Plan to Track your Every Move with Radio Frequency
Identification' Transcript of an interview with Liz McIntyre. March 1st, 2006.
VeriChip's implantable chips, it does assert several potential health risks:
“adverse tissue reaction; migration of implanted transponder; compromised
information security; failure of implanted transponder; failure of inserter;
failure of electronic scanner; electromagnetic interference; electrical hazards;
magnetic resonance imaging incompatibility; and needle stick.”20
In the next section I will provide an overview of all the security-related issues, after which
I will discuss the privacy issues more in depth.
3.1 RFID Security
Simon Garfinkel, Ari Juels and Ravi Pappu have written a comprehensive paper21 on RFID
flaws and suggested solutions. They identify four threats unprotected RFID technology can
pose to companies who use it in their supply chain:
• Corporate Espionage Threat
• Competitive Marketing Threat
• Infrastructure Threat
• Trust Perimeter Threat
These threats mostly stem from RFID's property to be remotely read by anyone. Corporate
espionage, for instance, gains from unprotected RFID systems in the way that
unauthorized readers can remotely harvest data regarding a company's supply chain,
which is confidential information. Since pallets or objects are tagged with unique numbers
competitors are able to gather large volumes of data in a clandestine way. The Competitive
Marketing Threat extends this type of espionage to customer behaviour data, which could
be obtained by remotely gathering data as customers select tagged items and purchase
them, maybe tracking them to other stores and observe their preferences there. The
harvested data can then be used as a basis for marketing schemes. Infrastructure threats
concern corporate sabotage. While this phenomenon is not unique to RFID, the wireless
20 Tillman, Donna-Bea. 'Evaluation of Automatic Class III Designation VeriChip(TM) Health Information
Microtransponder System'. October 12th, 2004.
21 Garfinkel, Simon, Ari Juels, Ravi Pappu. 'RFID Privacy: An Overview of Problems and Proposed Solutions'. June
properties of RFID combined with the fact that any reader would read any tag does open
up new vectors of attack. Viruses could be transmitted via corrupted RFID tags, as well as
other kinds of disruption and false information. The radio frequency on which a particular
warehouse would employ RFID technology could also be jammed. Lastly, the Trust
Perimeter Threat concerns the large volume of digitally stored data that comes along with
RFID automated warehouses, which can be open to attack. Though this is not specific to
RFID technology, the changeover from manual to automated control over logistic
processes in the distribution chain increases the reliance on databases and makes them
increasingly more a viable target for attack. The following schematic shows potential
security vulnerabilities at different thresholds and should be kept in mind for the following
3.2 RFID vulnerabilities
There are a number of specific techniques which open up avenues to disrupt,
destroy, fool or take advantage of RFID systems. While there are no known legal cases in
which people have exploited RFID's weaknesses in society, hackers, scientists and security
experts have been able to demonstrate ways in which systems currently in use can be
sabotaged or circumvented.
Cloning RFID chips is one of the chief security concerns. As it is, Jonathan
Westhues has conclusively demonstrated2223 that the implantable RFID chips from
VeriChip contain no security measures whatsoever. You can clone someone's implanted
chip just by sitting near them in the subway or walking past them on the street using a
small portable device. After this tag has been cloned all systems linked to the ID of the
original chip can be accessed freely by mimicking the original chip with the device. If one
uses RFID as a digital key, a digital copy can almost be made effortlessly and without
knowledge of the holder unless security measures are taken to prevent unauthorized
Another telling example is the RFID Guardian24 project initiated by Melanie
Rieback from the Vrije Universiteit Amsterdam. This device is able to jam or mimic
specific RFID tags, which would also enable it to grant you unauthorized access to RFID
secured spaces. Since the device is actively powered it is able to transmit its signal over
larger distances as well, boosting its jamming and mimicking functions. Additional
features of the Guardian include authentication, key management, access control and
The RFID Guardian research team has also produced a number of academic papers
on RFID, of which one describes in detail the havoc a malicious RFID chip can cause to
RFID middleware.25 By this, the authors mean RFID readers, application servers and back-
end databases. The paper shows convincingly that despite the limited resources of a
passive RFID tag it is possible to program them with very simple lines of code which would
serve as instructions for back-end databases. These instructions could range from shutting
down the system to deleting the entire database. As with regular computer viruses, code
can also be written in a way that the virus self-propagates, thus overloading the database.
Such RFID 'malware' can cripple entire RFID networks without appropriate middleware
protection. The reason that this type of attack poses a significant threat is because few
22 Westhues, Jonathan. 'Demo: Cloning a Verichip' Updated July 2006. http://cq.cx/verichip.pl
23 ABC7 News Report from Sacramento, California. http://youtube.com/watch?v=4jpRFgDPWVA
24 RFID Guardian Project, located at http://www.rfidguardian.org/
25 Rieback, Melanie, Bruno Crispo, Andrew Tanenbaum. 'Is Your Cat Infected with a Computer Virus?' March 2006.
people would expect an attack from a simple tag. Since RFID borrows from established
internet protocols such as URI, HTTP, DNS and XML it suffers the same weaknesses. This
is why RFID systems should have internal security measures against potential exploits.
Eavesdropping is another problem specific to RFID. Since activity from RFID
readers has a far greater range than responses from passive tags, people could pick up
these signals and figure out the unique ID of tags that have been read. With this data,
tracking of objects or people could be done from a 30 feet. It is particularly useful in the
case of corporate espionage.26 Also, by replaying a transmission between RFID tag and
reader one could fool a reader and gain unauthorized access to certain locations.
Denial of Service (D0S) attacks could jam a radio frequency, rendering a whole
system inoperable. Another, more benevolent form is the blocking of RFID tags with
protective material to prevent them from being read by any reader. This is the easiest way
to protect yourself in regards to privacy issues, as long as you know the whereabouts of all
the tags you are carrying.
Skimming of RFID chips means that the perpetrator tries to access the data
available on a chip, or at least obtain the chip's unique ID. One particular fear associated
with this technique is that terrorists could fairly easily determine the nationality of a
passport holder by skimming its chip. Consequently, a bomb could be set to detonate
whenever someone with a US ID passes by. Critics272829 have argued that if the new US
passports are only slightly opened the RFID chips within will be susceptible to
unauthorized reading, and claim this is a substantial security threat.
3.3 RFID Privacy
As mentioned before, the two main concerns against the usage of RFID in conjunction
with humans are the ability of government to track people's movements and the ability of
corporations to track and profile people. A third one is less often invoked but not less
important – the ability of criminals or terrorists to determine targets based on what
26 RSA Laboratories. 'Securing RFID tags from eavesdropping.' Accessed January 11th 2007.
27 The Wall Street Journal. 'Are E-Passports more secure?' September 29th, 2006.
28 Flexilis. 'RFID e-Passport Vulnerability.'. 2006, http://www.flexilis.com/epassport.php
29 Yoshida, Junko. 'Tests reveal e-passport security flaw '. August 30th, 2004.
appears on RFID displays. In this section I will quote the paper of Garfinkel, Juels and
Pappu again to provide an overview of possible privacy threats regarding RFID technology.
The above picture displays a number of privacy threats of concern to consumers of RFID
tagged products. The first item compromising privacy is the Action Threat. This is related
to anti-shoplifting efforts where tagged items are monitored by cameras and pictures are
taken from people once they pick up one of these items. If the person with the item doesn't
check out at the register, s/he may be considered a shoplifter. A well known example of
this is the controversial case of tagged packages of Gillette razorblades at a TESCO
supermarket in the United Kingdom30, which spawned a Boycott Gillette website.31
The Association, Location and Preference threats are closely interlinked. It is the
mainstay of privacy concerns. The Association Threat means that even though one does
not know the exact identity of a person, a tagged item with a unique code could serve as an
identifier. Readers hidden at different locations (throughout a store) compile the Location
30 Indymedia.org.uk. 'TESCO tags Cambridge Shoppers'. August 9th, 2003.
Threat, allowing the person to be tracked covertly, building up a database of a consumer's
activities. Lastly the Preference Threat means that by reading all the tags on some person
one could gain knowledge about this person's consumption behaviour, which can lead to
effects such as individually targeted marketing (as can be seen in the film Minority
Report) but it can also potentially enable thieves to assert the value of the stuff you are
carrying and thus determining whether you are a worthy target or not. Here is a picture
displaying the fears associated with the mentioned threats:
This is called 'inventorying'.
The last three privacy threats regard tracking and monitoring. Regardless of
associating tags with individuals, a set of tags will form a 'constellation' around a person.
Without knowing someone's identity, one could simply track these constellations, enabling
the Constellation Threat. The Transaction Threat applies when RFID tags transfer from
one constellation to another, which obviously means that a transaction has happened.
Finally, the Breadcrum Threat is a side-effect of the Association Threat: once a tag's
unique ID has been tied to a person, another person who obtains the tag could carry out
illegal activities and the original owner could be blamed, or at least suspected. This would
be particularly nasty if powerful bodies would indeed monitor people on the basis of RFID
tags worn around a person.
3.4 Solutions to privacy and security problems
The simplest solution to all these problems would simply to not use RFID. This is not
realistic however since billions of RFID tags are already used around society. According to
Mark Roberti32, between twenty and fifty million Americans already carry RFID chips
There are a number of technical and political solutions proposed33 (and in many
cases implemented) and I will attempt to list as many as writing space permits below.
• Digital signatures on chips have been implemented in the US passports. This is a
measure against forging, but not against copying or reading. It can only serve as an
alarm mechanism if two identical chips are observed in a network at the same time.
• Encryption is an industry favourite. This usually concerns reader-to-chip
communication however, since the tags themselves don't have enough resources to
perform meaningful encryption. Even if encryption would be possible on future
generation tags, their costs would be driven up dramatically and companies would
default to the cheaper, lesser secure chips.
• Killing tags would certainly solve a lot of problems. West End Laboratories is
developing a 'tag zapper'34 which can be used to disable RFID tags after a purchase.
However, killing tags (whether manually or at checkout) may be undesirable in case of
potential benefits tagged items may have.
• Password protection could work, since a tag would remain unreadable until a
reader sends the appropriate password to it. However, given the volume of tags and
their possible usage in various RFID systems, there could be a massive password
• One of the more feasible techniques seems to be giving tags a set of pseudonyms.
32 Garfinkel, Simon, Ari Juels, Ravi Pappu. 'RFID Privacy: An Overview of Problems and Proposed Solutions'. June
33 Juels, Ari. 'RFID Security and Privacy: A Research Survey.' September 28th, 2005.
34 WhyNot.net. 'Zapper Detects, Destroys Unwanted RFID Chips'. April 4th, 2005.
This means that tags will cycle through serial numbers each time they are read, which
would make things very confusing for unauthorized readers. Authorized readers would
be able to identify tags as they possess a list of all possible numbers per tag.
• Blocker tags would 'spam' any reader with confusing information, enabling only
authorized readers to harvest data from a tag. Some determined readers are able to
bypass this, however.
To get to know more about the technical specifics of these solutions I suggest reading
RFID Security and Privacy: A Research Survey by Ari Juels.
Another approach to improve consumer privacy is the incorporation of 'RFID
rights' into official policy. Simon Garfinkel has proposed a simple RFID “Bill of Rights” 35
addressing this issue. He writes that consumers should have:
• The right to know whether products contain RFID tags.
• The right to have RFID tags removed or deactivated when they purchase products.
• The right to use RFID-enabled services without RFID tags.
• The right to access an RFID tag's stored data.
• The right to know when, where and why the tags are being read.
Measures like these would go a long way in protecting the privacy of people from RFID's
35 Garfinkel, Simon. 'An RFID Bill of Rights'. October 2002. http://www.technologyreview.com/Infotech/12953/
4. RFID's place within the Networked Society
Heather Cameron wrote in her paper 'CCTV and (In)dividuation'36 about the background
of surveillance and tracking in contemporary society. She discusses Michel Foucault's
concept of governmentality (Gouvernementalité). What this constitutes is the way in
which people govern themselves in relation to private relationships, institutions and the
relationship of the citizen to the state. Foucault recognizes a shift in understanding and
definition of leadership between Greek and Judeo-Christian texts. While the former
encourages leaders to strive for immortality and greatness, the latter invokes the metaphor
of the 'shepherd'. The shepherd holds power over the flock, not the land. The shepherd
creates the flock by bringing individual sheep together. The shepherd looks after each
sheep as an individual, recognizing the value of each. The shepherd acts out of a sense of
devotion or duty (rather than immortality). Finally, the shepherd keeps watch over the
sheep and takes care of them. However, in the sheep metaphor the shepherd cannot
communicate with his flock, so he has to take steps to find out about the inner lives of his
followers rather than wait for them to inform him. Foucault used this metaphor to track
changes in power relations in the emergence of the modern state, and calls it “Pastoral
Power”. Pastoral power established itself firmly in the so called 'disciplinary societies',
dating between eighteenth and mid-twentieth centuries. People are controlled through a
variety of closed environments for each stage of life. From the family to the school to the
barracks to the factory, with occasional trips to the hospital or sometimes even the prison,
people were organized into these enclosed institutions to maximize efficiency and
oversight. After World War II however, the disciplinary societies were making way for
what Gilles Deleuze calls the societies of control.37
In the societies of control, boundaries between institutions are fading. Schools are
gradually being replaced by perpetual training in corporations, the enclosed space of the
hospitals is being challenged by day care and neighbourhood clinics. The powers that be
have shifted from exposing the deep motivation of individuals to scanning the surface,
looking for bits of relevant data. There is no longer a distinction between the mass and the
individual - individuals have become 'dividuals', strings and samples of data and group
36 Cameron, Heather. 'CCTV and (In)dividuation'. 2004. http://www.surveillance-and-
37 Deleuze, Gilles. 'Postscript on the Societies of Control' Originally appearing in L'autre Journal, May 1st, 1990. http://
identifiers which only have relevance and meaning in specific situations, such as at the
entry and exits of places and at, borders and government buildings, where people are
scanned for risk or threat assessment. Cameron says:
“RFID tags represent a move towards smaller and smaller units of tracking.
These tags are also programmed with certain information which can be
particular to each tag. As Foucault’s flock was broken into individual trackable
and predictable sheep and then regrouped at will, the development of these
tags opens the possibility of a more detailed and intimate control. This makes
Deleuze’s point that the current historical framework is not interested in
unique individuals confessing their truth but connected units being scanned
for their code.”38
Governments and corporations are undoubtedly interested in any means by which they
can identify people's behavioural or preference patterns. RFID, as shown earlier, has this
potential. A widespread implementation of this technology could give the powers that be
the measure of control and surveillance they seek. It would vastly increase their abilities to
sort and classify.
RFID and biometrics are closely linked in relation to Deleuze's argument of the
dividual. Gillian Fuller39 discusses how biometrics enter (in)dividuals into databases.
Digital storage of people's identity means that there is a shift in emphasis on the visual to
emphasis on fragmented pieces of data. Where people used to be identified by comparing a
photograph to a face, it is now a matter of matching algorithmic patterns. The linear image
of the whole of the body has made way for a mass of isolated bits of data. Your body has
become your password. We are no longer confined to the factory or the school, but are
moving “through the free-floating controls of open systems”40. Access is granted or denied
at various thresholds; control has retreated to exit and entry points:
“This is where the strength of biometrics lies – not in the vision modes of the
disciplinary technologies of surveillance – rather in the scanning technologies
of logistical life where movement is not tracked in linear flows but logged on at
various thresholds. “41
Fuller mentions the term 'protocol' a number of times in her essay. I would like to expand
38 Cameron, Heather. 'CCTV and (In)dividuation'. 2004. http://www.surveillance-and-
39 Fuller, Gillian. 'Perfect Match: Biometrics and Body Patterning in a Networked World'. Fibreculture Journal, 2003,
volume 1 NO 1. http://journal.fibreculture.org/issue1/issue1_fuller.html
on this term using arguments from Alexander Galloway's book “Protocol”.42
Galloway explains how in a large distributed network such as the internet, which
superficially seems like an anarchical, chaotic and free system there is an underlying
standardizing force which exercises complete control. This is protocol. Protocol is more
than a framework of rules; it's the most logical way of doing things:
“Protocol is like the trace of footprints left in snow, or a mountain trail whose
route becomes fixed only after years of constant wear. One is always free to
pick a different route. But protocol makes one instantly aware of the best route
– and why wouldn't one want to follow it?”43
One can understand RFID and the danger of it being implemented into society on these
terms. Not only does RFID follow protocol itself, it is also a very “protocological”
technology in that it too regulates and structures the flow of objects or people. Like the
headers on data packets in computer networks, RFID in supply chains serves as the
headers on products, containing information about their type, origin and destination.
Where TCP/IP and such protocols regulate data flow in computer networks, technologies
like RFID and biometrics are moving towards regulating the flow of people and goods in
society. Technologies like these may ensure in the future that no product or person will be
able to go where it is not supposed to be.
One of Galloway's arguments about protocol is that it is voluntarily. You do not
have to use it. For instance, you do not have to have RFID transponders in your car on toll
highways. You are free to stand in line at the toll booth. It simply makes more sense
however to install such a device because it saves a lot of time and effort.
42 Galloway, Alexander. 'Protocol: how control exists after decentralization.' MIT press, Cambridge MA, 2004
43 Galloway, p.244
RFID is a technology that is on the rise, one everyone will have to deal with as more and
more companies invest in it, price and production costs drop and technological
advancements continue. RFID investment in 2005 reached an estimate of five hundred
million dollars and it is expected to rise up to three billion dollars by 2010.44 As it stands,
RFID could present significant threats to people's privacy, for which corporations and
government agencies show distressingly little concern. But “RFID as protocol” is still a
work in progress. Corporations, security companies, government agencies, privacy groups
and academics are arguing and competing on how or whether society should implement
the technology on a large scale. In this process, any person with the motivation and
interest has the ability to jump into the fray.
RFID technology will continue to evolve and improve as the technology moves more
and more into the spotlight. Current issues about technological limitations may soon be
resolved, but RFID principles will remain the same, as likely will the ethical debate about
RFID usage. More studies delving deeper into the technology's potential will undoubtedly
yield new possibilities and problems, and as such it is important for academics to keep an
eye on RFID developments in society, as well as conducting their own investigations.
44 ZDNetUK. 'RFID may become a $3bn business by 2010'. December 14th, 2005.
Book and articles
Cameron, Heather. 'CCTV and (In)dividuation'. 2004. http://www.surveillance-and-
Deleuze, Gilles. 'Postscript on the Societies of Control' Originally appearing in L'autre Journal, May
1st, 1990. http://www.nadir.org/nadir/archiv/netzkritik/societyofcontrol.html
Fuller, Gillian. 'Perfect Match: Biometrics and Body Patterning in a Networked World'. Fibreculture
Journal, 2003, volume 1 NO 1. http://journal.fibreculture.org/issue1/issue1_fuller.html
Galloway, Alexander. 'Protocol: how control exists after decentralization.' MIT press, Cambridge
Garfinkel, Simon, Ari Juels, Ravi Pappu. 'RFID Privacy: An Overview of Problems and Proposed
Solutions'. June 2005. http://www.simson.net/clips/academic/2005.IEEE.RFID.pdf
Juels, Ari. 'RFID Security and Privacy: A Research Survey.' September 28th, 2005.
Rieback, Melanie, Bruno Crispo, Andrew Tanenbaum. 'Is Your Cat Infected with a Computer
Virus?' March 2006. http://www.cs.vu.nl/~melanie/rfid_guardian/papers/percom.06.pdf
Saponas, T.S, Jonathan Lester, Carl Hartung, Tadayoshi Kohno. 'Devices That Tell On You: The
Nike+iPod Sport Kit'. November 30th 2006,University of Washington, Seattle.
News reports, videos and miscellaneous
DTechEx. The RFID Knowledgebase. Accessed on January 11th 2007
Democracy Now! 'How Major Corporations and Government Plan to Track your Every Move with
Radio Frequency Identification' Transcript of an interview with Liz McIntyre. March 1st, 2006.
Flexilis. 'RFID e-Passport Vulnerability.' 2006, http://www.flexilis.com/epassport.php
Freedman, Jonah. 'The (new) color of money'. March 5th 2003.
Garfinkel, Simon. 'An RFID Bill of Rights'. October 2002.
Indymedia.org.uk. 'TESCO tags Cambridge Shoppers'. August 9th, 2003.
Losowski, Andrew. 'I've got you under my skin.' June 10th, 2004.
RFid Gazette. 'RFID Found At Highway Toll Booths' March 23rd, 2005.
RFID Guardian Project. Accessed on January 11th, 2007. http://www.rfidguardian.org/
RSA Laboratories. 'Securing RFID tags from eavesdropping.' Accessed January 11th 2007.
Sun Microsystems. 'RFID Streamlines Processes, Saves Tax Dollars'. 2003.
Swedberg, Claire. 'L.A. County Jail to Track Inmates'. May 16th, 2005.
Texas Instruments. 'Animal Tracking with RFID Raises Resource Management to a New Level'
Accessed on January 10th, 2007
Tillman, Donna-Bea. 'Evaluation of Automatic Class III Designation VeriChip(TM) Health
Information Microtransponder System'. October 12th, 2004.
The Wall Street Journal. 'Are E-Passports more secure?' September 29th, 2006.
VeriMed Patient Identification. Accessed on January 11th, 2007. http://www.verimedinfo.com/intro.html
Watson, Steve. 'Debunkers Attempt To Discredit Prison Planet/Infowars Over Exploding $20 Bills
Story' March 18th 2004. http://www.prisonplanet.com/180304_RFID_article.html
Westhues, Jonathan. 'Demo: Cloning a Verichip' Updated July 2006. http://cq.cx/verichip.pl
WhyNot.net. 'Zapper Detects, Destroys Unwanted RFID Chips'. April 4th, 2005.
Wikipedia contributors. 'E-Zpass'. Accessed on January 10th, 2007. http://en.wikipedia.org/wiki/E-
Williams, Martyn. 'RFID tags make it into bank notes.' September 2nd 2003.
Yong-Young, Kim. 'Radio ID chips may track bank notes'. May 22nd 2003.
Yoshida, Junko. 'Euro bank notes to embed RFID chips by 2005'. December 19th 2005.
Yoshida, Junko. 'Tests reveal e-passport security flaw '. August 30th, 2004. http://www.eetimes.com/
http://youtube.com/watch?v=4Zj7txoDxbE --- Corporate promotional video for RFID in the supply chain
http://youtube.com/watch?v=yQo4mGTCALE --- Excerpt from Good Morning America
http://youtube.com/watch?v=4jpRFgDPWVA --- ABC7 News Report from Sacramento, California.
ZDNetUK. 'RFID may become a $3bn business by 2010'. December 14th, 2005.
Picture page 10 – an RFID system diagram – from Garfinkel, Simon, Ari Juels, Ravi Pappu. 'RFID
Privacy: An Overview of Problems and Proposed Solutions
Picture page 13 – an overview of RFID security and privacy threats – from Garfinkel, Simon, Ari
Juels, Ravi Pappu. 'RFID Privacy: An Overview of Problems and Proposed Solutions
Picture page 14 – Scanning tags on the future consumer – from Juels, Ari. 'RFID Security and
Privacy: A Research Survey.'