0248746Uitterhoeve_RFID.doc
Upcoming SlideShare
Loading in...5
×
 

0248746Uitterhoeve_RFID.doc

on

  • 2,155 views

 

Statistics

Views

Total Views
2,155
Views on SlideShare
2,155
Embed Views
0

Actions

Likes
0
Downloads
38
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft Word

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

0248746Uitterhoeve_RFID.doc 0248746Uitterhoeve_RFID.doc Document Transcript

  • Radio Frequency IDentification: an overview 1
  • Abstract: Radio Frequency Identification is a technology which is rapidly rising in society today. It is facing major challenges from privacy groups and various security concerns; there seem to be some critical vulnerabilities in RFID systems that need addressing. At the same time, RFID can be acknowledged as an aspect of the societies of control as described by Gilles Deleuze. As the social practices for the technology are being shaped, people are encouraged to monitor its progress, or preferably participate in it. Length: 5666 words Keywords: RFID chips, surveillance, protocol, privacy, security. Nieuwe Media Analyse Docent: Jan Simons Universiteit van Amsterdam 11 Januari 2007 Pepijn Uitterhoeve Studentnummer: 0248746 Pepijn.uitterhoeve@student.uva.nl 2
  • Table of Contents 1. Introduction......................................................................................................................................4 2. Contemporary uses of RFID in every day life..................................................................................5 3. RFID security, privacy and vulnerability issues...............................................................................8 3.1 RFID Security............................................................................................................................9 3.2 RFID vulnerabilities................................................................................................................10 3.3 RFID Privacy...........................................................................................................................12 3.4 Solutions to privacy and security problems.............................................................................15 4. RFID's place within the Networked Society..................................................................................17 5. Conclusion......................................................................................................................................20 6. Bibliography...................................................................................................................................21 3
  • 1. Introduction Radio Frequency IDentification chips, or RFID chips1, are silicon chips containing an antenna. They are used to identify whatever they are attached to. RFID chips can be divided into active and passive tags – active tags vary from the size of a brick to the size of a coin – they carry an internal power source and are capable of constantly transmitting their information, as well as harbouring other functions such as pressure and temperature meters. Passive tags, which are cheaper and more common, range from the size of a coin to the size of a grain of sand. The price for standard passive RFID tags is currently about twenty-five US cents. Industry is working hard to push the price down to five cents per tag. RFID chips are part of larger RFID systems, which contain readers and back-end databases. RFID is widely expected to replace the bar code system. In this essay I will explore the questions “How is RFID used and what is its status in contemporary society?” I will try to answer these by listing many of RFID's current uses in the second chapter, exploring in detail the technical and privacy issues in the third chapter and placing RFID in a broader philosophical/historical context in the fourth chapter. I will use the conclusion to evaluate RFID's contemporary status. 1 The terms “RFID chips” and “RFID tags” will be used interchangeably. 4
  • 2. Contemporary uses of RFID in every day life Radio Frequency Identification as a technology is not new. It was used in the Second World War to identify aircraft, i.e. in the identification Friend or Foe (IFF) systems. That way, people behind the radar screen could tell which planes belonged to which side. Nowadays it is used primarily in commercial logistics. Critics generally agree that RFID used in the supply chains of companies are no threat to anyone's privacy, though there are still security issues that need dealing with and these will be addressed in the next chapter. The METRO Group Future Store Initiative produced a number of promotional videos describing the usefulness of RFID in logistics in relation to speed and accuracy.2 RFID quite conclusively has the potential to automate a lot of functions in the supply chain process that have to be done by hand. The listing, verification, counting, checking, and sorting of products can be done automatically due to the ability of an RFID system to read hundreds of tags per second which each one specifying a products' type, manufacturer and destination. RFID has also been used to track livestock and wildlife 3 as well as the identification of lost pets. In the case of livestock and wildlife active tags are used which can transmit data over long distances. In the case of livestock, these tags can help rounding them up, but also help in determining their health by analysing their movements. Researchers can use RFID tags on wildlife to study their migrations and behaviour. “Chipped” pets can be identified and recovered more quickly due to the chips which identify themselves and could even contain contact information of their owners. Inmates in California, Michigan, Ohio and Illinois are made to wear bracelets containing active RFID tags to allow them to be tracked. Their tags are part of an intricate security system that raises alarms whenever an inmate is where he or she is not supposed to be. As such, the system allows for greater control and management of prisoners.4 RFID is used in toll systems in various states in the US.5 E-ZPass is the most well known case; RFID tags are placed inside the windshield or mounted on the front licence plate of a vehicle. Toll booths register when a tagged car passes and the toll fee is 2 http://youtube.com/watch?v=4Zj7txoDxbE 3 Texas Instruments supply technology for these purposes: http://www.ti.com/rfid/shtml/apps-anim-tracking.shtml 4 Swedberg, Claire. 'L.A. County Jail to Track Inmates'. May 16th, 2005. http://www.rfidjournal.com/article/articleview/1601/ 5 RFid Gazette. 'RFID Found At Highway Toll Booths' March 23rd, 2005. http://www.rfidgazette.org/2005/03/rfid_found_at_h.html 5
  • subtracted from the driver's account. In some systems cars don't even have to slow down; as a result, there is no traffic congestion due to manual toll collection.6 Some security systems are based on RFID technology. Readers installed next to doors determine who can pass or not by means of reading 'smart cards' equipped with RFID chips. Some cars will only unlock or start if the appropriate RFID tag is nearby. In one case, a couple unlock their car and their apartment by RFID chips implanted in their hands.7 RFID has been implanted into humans in several other cases. A well known instance is the RFID system used at the Baja Beach Club in Barcelona.8 VIP members use an implanted chip, produced by Advanced Digital Solutions, to gain access to the club and to pay for their drinks. Another example of RFID embedded under the skin is VeriMed9, a chip designed to improve hospital workings by allowing personnel to quickly identify people who due to their condition are unable to identify themselves. The tags would also contain information about the patient's medical conditions, allowing medical personnel to take appropriate action. Dollar and Euro bills may also already contain RFID tags. In this case it is to prevent money laundering and counterfeiting. There are several reports10111213 stating that the technology is ready and the demand by banks and governments is there, however there are no official statements that RFID has indeed been implemented in bank notes. There has been a controversy regarding exploding twenty dollar bills when microwaved 14 and a CNN report15 which states that a number of adjustments to the bank notes are kept secret, however there is no conclusive evidence of RFID in newly printed currency. An active RFID chip is used in certain Nike sneakers to monitor how much distance you have covered, how many calories you have burned and a few other relevant statistics 6 Wikipedia contributors. 'E-Zpass'. Accessed at 10-1-2007. http://en.wikipedia.org/wiki/E-ZPass 7 Excerpt from Good Morning America: http://youtube.com/watch?v=yQo4mGTCALE 8 Losowski, Andrew. 'I've got you under my skin.' June 10th, 2004. http://technology.guardian.co.uk/online/story/0,3605,1234827,00.html 9 VeriMed Patient Identification. http://www.verimedinfo.com/intro.html 10 Yoshida, Junko. 'Euro bank notes to embed RFID chips by 2005'. December 19th 2005. http://www.eetimes.com/story/OEG20011219S0016 11 Sun Microsystems. 'RFID Streamlines Processes, Saves Tax Dollars'. 2003. http://www.sun.com/br/government_1216/feature_rfid.html 12 Williams, Martyn. 'RFID tags make it into bank notes.' September 2nd 2003. http://www.techworld.com/news/index.cfm?fuseaction=displaynews&NewsID=412 13 Yong-Young, Kim. 'Radio ID chips may track bank notes'. May 22nd 2003. http://news.com.com/2100-1017-1009155.html 14 Watson, Steve. 'Debunkers Attempt To Discredit Prison Planet/Infowars Over Exploding $20 Bills Story' March 18th 2004. http://www.prisonplanet.com/180304_RFID_article.html 15 Freedman, Jonah. 'The (new) color of money'. March 5th 2003. http://money.cnn.com/2003/03/05/news/money/index.htm 6
  • to joggers. The chip feeds data to an iPod as you run. Interestingly enough, a few researchers of the University of Washington have managed to track a person wearing these sneakers from up to sixty feet away.16 The next chapter will look deeper into these issues surrounding privacy. Public transportation in various countries sometimes make use of RFID tags. Oyster Cards in London, for instance, enable people to “pay as you go”. The RFID knowledge base of idtechex.com17 contains over three hundred case studies regarding RFID used in public transport worldwide. The main issue that is currently surrounded with a lot of controversy is the implementation of RFID in the process of human identity verification. RFID tags have been inserted into passports, both in the United Kingdom and the United States, containing the name, date of birth and digital photo of the carrier. The chips are used in these passports to combat counterfeiting. In order to comply with a large amount of criticism and pressuring from privacy concern groups, the RFID system in and around US passports carry a lot of security measures to prevent any potential abuse. One of the measures is Basic Access Control, which is a password lock to the data contained on the chip that can only be read by authorized readers. Another measure is material used in the passport's cover that shields the RFID tag when the booklet is closed, preventing any unauthorized reading except during passport checking at the airport. Many security experts are still sceptical about the security of the passport, however.18 16 Saponas, T.S, Jonathan Lester, Carl Hartung, Tadayoshi Kohno. 'Devices That Tell On You: The Nike+iPod Sport Kit'. November 30th 2006,University of Washington, Seattle. http://www.cs.washington.edu/research/systems/nikeipod/tracker-paper.pdf 17 IDTechEx. The RFID Knowledgebase. http://rfid.idtechex.com/knowledgebase/en/casestudy.asp? freefromsection=122 18 The Wall Street Journal. 'Are E-Passports more secure?' September 29th, 2006. http://online.wsj.com/public/article/SB115938787873075826-6AbUpMIaJVCS1i_UBVoGrWP867k_20070929.htm l 7
  • 3. RFID security, privacy and vulnerability issues The widespread usage of RFID has not gone unnoticed. Privacy groups have pounced and held on to the issue with remarkable tenacity, and in the case of the US passports it has had a significant effect, namely the incorporation of security measures regarding its RFID system. Most of these privacy groups hold the opinion that RFID chips should not be used in conjunction with human identification or tracking. Some of them insist in calling the tags “spychips” and stress that governments and corporations plan to use them to track people.19 The two most basic properties of RFID technology on which most concerns are based are: • the fact that tags can be read at a distance, without contact • the fact that any reader can access any tag without knowledge of the tag's owner. There are basically two kinds of RFID uses that are contested: one is the use of direct identification of individuals, i.e. tying a unique number to a person that serves as proof of their identity, usually in combination with biometrics. This implementation of RFID would serve a government the most in terms of keeping tabs on its population. The other, more imminent use is the universal tagging of consumer products, causing the fear that corporations will track customers or build up profiles regarding their preferences. Subsequently people carrying tagged items could be tracked outside of the store, the unique ID of the tag becoming a momentary identifier for the person carrying the item. Of course, the combination of both uses could result in any number of horrible Orwellian scenarios, when your whereabouts and specific consumption would be permanently captured in databases and you would be subject to complete monitoring of all aspects of your life by the powers that be. Besides these privacy issues, there are concerns for security. RFID implementation as it is now is susceptible to corporate espionage as well as sabotage. Most current RFID systems in use today are remarkably insecure. Cloning, skimming, eavesdropping, disabling, viruses and Denial of Service attacks are all part of the (potential) hazards facing RFID technology. And although the Food and Drug Administration has approved 19 Democracy Now! 'How Major Corporations and Government Plan to Track your Every Move with Radio Frequency Identification' Transcript of an interview with Liz McIntyre. March 1st, 2006. http://www.democracynow.org/article.pl?sid=06/03/01/1447202 8
  • VeriChip's implantable chips, it does assert several potential health risks: “adverse tissue reaction; migration of implanted transponder; compromised information security; failure of implanted transponder; failure of inserter; failure of electronic scanner; electromagnetic interference; electrical hazards; magnetic resonance imaging incompatibility; and needle stick.”20 In the next section I will provide an overview of all the security-related issues, after which I will discuss the privacy issues more in depth. 3.1 RFID Security Simon Garfinkel, Ari Juels and Ravi Pappu have written a comprehensive paper21 on RFID flaws and suggested solutions. They identify four threats unprotected RFID technology can pose to companies who use it in their supply chain: • Corporate Espionage Threat • Competitive Marketing Threat • Infrastructure Threat • Trust Perimeter Threat These threats mostly stem from RFID's property to be remotely read by anyone. Corporate espionage, for instance, gains from unprotected RFID systems in the way that unauthorized readers can remotely harvest data regarding a company's supply chain, which is confidential information. Since pallets or objects are tagged with unique numbers competitors are able to gather large volumes of data in a clandestine way. The Competitive Marketing Threat extends this type of espionage to customer behaviour data, which could be obtained by remotely gathering data as customers select tagged items and purchase them, maybe tracking them to other stores and observe their preferences there. The harvested data can then be used as a basis for marketing schemes. Infrastructure threats concern corporate sabotage. While this phenomenon is not unique to RFID, the wireless 20 Tillman, Donna-Bea. 'Evaluation of Automatic Class III Designation VeriChip(TM) Health Information Microtransponder System'. October 12th, 2004. http://www.sec.gov/Archives/edgar/data/924642/000106880004000587/ex99p2.txt 21 Garfinkel, Simon, Ari Juels, Ravi Pappu. 'RFID Privacy: An Overview of Problems and Proposed Solutions'. June 2005. http://www.simson.net/clips/academic/2005.IEEE.RFID.pdf 9
  • properties of RFID combined with the fact that any reader would read any tag does open up new vectors of attack. Viruses could be transmitted via corrupted RFID tags, as well as other kinds of disruption and false information. The radio frequency on which a particular warehouse would employ RFID technology could also be jammed. Lastly, the Trust Perimeter Threat concerns the large volume of digitally stored data that comes along with RFID automated warehouses, which can be open to attack. Though this is not specific to RFID technology, the changeover from manual to automated control over logistic processes in the distribution chain increases the reliance on databases and makes them increasingly more a viable target for attack. The following schematic shows potential security vulnerabilities at different thresholds and should be kept in mind for the following paragraphs. 3.2 RFID vulnerabilities 10
  • There are a number of specific techniques which open up avenues to disrupt, destroy, fool or take advantage of RFID systems. While there are no known legal cases in which people have exploited RFID's weaknesses in society, hackers, scientists and security experts have been able to demonstrate ways in which systems currently in use can be sabotaged or circumvented. Cloning RFID chips is one of the chief security concerns. As it is, Jonathan Westhues has conclusively demonstrated2223 that the implantable RFID chips from VeriChip contain no security measures whatsoever. You can clone someone's implanted chip just by sitting near them in the subway or walking past them on the street using a small portable device. After this tag has been cloned all systems linked to the ID of the original chip can be accessed freely by mimicking the original chip with the device. If one uses RFID as a digital key, a digital copy can almost be made effortlessly and without knowledge of the holder unless security measures are taken to prevent unauthorized reading. Another telling example is the RFID Guardian24 project initiated by Melanie Rieback from the Vrije Universiteit Amsterdam. This device is able to jam or mimic specific RFID tags, which would also enable it to grant you unauthorized access to RFID secured spaces. Since the device is actively powered it is able to transmit its signal over larger distances as well, boosting its jamming and mimicking functions. Additional features of the Guardian include authentication, key management, access control and auditing. The RFID Guardian research team has also produced a number of academic papers on RFID, of which one describes in detail the havoc a malicious RFID chip can cause to RFID middleware.25 By this, the authors mean RFID readers, application servers and back- end databases. The paper shows convincingly that despite the limited resources of a passive RFID tag it is possible to program them with very simple lines of code which would serve as instructions for back-end databases. These instructions could range from shutting down the system to deleting the entire database. As with regular computer viruses, code can also be written in a way that the virus self-propagates, thus overloading the database. Such RFID 'malware' can cripple entire RFID networks without appropriate middleware protection. The reason that this type of attack poses a significant threat is because few 22 Westhues, Jonathan. 'Demo: Cloning a Verichip' Updated July 2006. http://cq.cx/verichip.pl 23 ABC7 News Report from Sacramento, California. http://youtube.com/watch?v=4jpRFgDPWVA 24 RFID Guardian Project, located at http://www.rfidguardian.org/ 25 Rieback, Melanie, Bruno Crispo, Andrew Tanenbaum. 'Is Your Cat Infected with a Computer Virus?' March 2006. http://www.cs.vu.nl/~melanie/rfid_guardian/papers/percom.06.pdf 11
  • people would expect an attack from a simple tag. Since RFID borrows from established internet protocols such as URI, HTTP, DNS and XML it suffers the same weaknesses. This is why RFID systems should have internal security measures against potential exploits. Eavesdropping is another problem specific to RFID. Since activity from RFID readers has a far greater range than responses from passive tags, people could pick up these signals and figure out the unique ID of tags that have been read. With this data, tracking of objects or people could be done from a 30 feet. It is particularly useful in the case of corporate espionage.26 Also, by replaying a transmission between RFID tag and reader one could fool a reader and gain unauthorized access to certain locations. Denial of Service (D0S) attacks could jam a radio frequency, rendering a whole system inoperable. Another, more benevolent form is the blocking of RFID tags with protective material to prevent them from being read by any reader. This is the easiest way to protect yourself in regards to privacy issues, as long as you know the whereabouts of all the tags you are carrying. Skimming of RFID chips means that the perpetrator tries to access the data available on a chip, or at least obtain the chip's unique ID. One particular fear associated with this technique is that terrorists could fairly easily determine the nationality of a passport holder by skimming its chip. Consequently, a bomb could be set to detonate whenever someone with a US ID passes by. Critics272829 have argued that if the new US passports are only slightly opened the RFID chips within will be susceptible to unauthorized reading, and claim this is a substantial security threat. 3.3 RFID Privacy As mentioned before, the two main concerns against the usage of RFID in conjunction with humans are the ability of government to track people's movements and the ability of corporations to track and profile people. A third one is less often invoked but not less important – the ability of criminals or terrorists to determine targets based on what 26 RSA Laboratories. 'Securing RFID tags from eavesdropping.' Accessed January 11th 2007. http://www.rsasecurity.com/rsalabs/node.asp?id=2118 27 The Wall Street Journal. 'Are E-Passports more secure?' September 29th, 2006. http://online.wsj.com/public/article/SB115938787873075826-6AbUpMIaJVCS1i_UBVoGrWP867k_20070929.htm l 28 Flexilis. 'RFID e-Passport Vulnerability.'. 2006, http://www.flexilis.com/epassport.php 29 Yoshida, Junko. 'Tests reveal e-passport security flaw '. August 30th, 2004. http://www.eetimes.com/showArticle.jhtml?articleID=45400010 12
  • appears on RFID displays. In this section I will quote the paper of Garfinkel, Juels and Pappu again to provide an overview of possible privacy threats regarding RFID technology. The above picture displays a number of privacy threats of concern to consumers of RFID tagged products. The first item compromising privacy is the Action Threat. This is related to anti-shoplifting efforts where tagged items are monitored by cameras and pictures are taken from people once they pick up one of these items. If the person with the item doesn't check out at the register, s/he may be considered a shoplifter. A well known example of this is the controversial case of tagged packages of Gillette razorblades at a TESCO supermarket in the United Kingdom30, which spawned a Boycott Gillette website.31 The Association, Location and Preference threats are closely interlinked. It is the mainstay of privacy concerns. The Association Threat means that even though one does not know the exact identity of a person, a tagged item with a unique code could serve as an identifier. Readers hidden at different locations (throughout a store) compile the Location 30 Indymedia.org.uk. 'TESCO tags Cambridge Shoppers'. August 9th, 2003. http://www.indymedia.org.uk/en/2003/08/275490.html 31 http://www.boycottgillette.com/ 13
  • Threat, allowing the person to be tracked covertly, building up a database of a consumer's activities. Lastly the Preference Threat means that by reading all the tags on some person one could gain knowledge about this person's consumption behaviour, which can lead to effects such as individually targeted marketing (as can be seen in the film Minority Report) but it can also potentially enable thieves to assert the value of the stuff you are carrying and thus determining whether you are a worthy target or not. Here is a picture displaying the fears associated with the mentioned threats: This is called 'inventorying'. The last three privacy threats regard tracking and monitoring. Regardless of associating tags with individuals, a set of tags will form a 'constellation' around a person. Without knowing someone's identity, one could simply track these constellations, enabling the Constellation Threat. The Transaction Threat applies when RFID tags transfer from one constellation to another, which obviously means that a transaction has happened. Finally, the Breadcrum Threat is a side-effect of the Association Threat: once a tag's unique ID has been tied to a person, another person who obtains the tag could carry out illegal activities and the original owner could be blamed, or at least suspected. This would 14
  • be particularly nasty if powerful bodies would indeed monitor people on the basis of RFID tags worn around a person. 3.4 Solutions to privacy and security problems The simplest solution to all these problems would simply to not use RFID. This is not realistic however since billions of RFID tags are already used around society. According to Mark Roberti32, between twenty and fifty million Americans already carry RFID chips around. There are a number of technical and political solutions proposed33 (and in many cases implemented) and I will attempt to list as many as writing space permits below. • Digital signatures on chips have been implemented in the US passports. This is a measure against forging, but not against copying or reading. It can only serve as an alarm mechanism if two identical chips are observed in a network at the same time. • Encryption is an industry favourite. This usually concerns reader-to-chip communication however, since the tags themselves don't have enough resources to perform meaningful encryption. Even if encryption would be possible on future generation tags, their costs would be driven up dramatically and companies would default to the cheaper, lesser secure chips. • Killing tags would certainly solve a lot of problems. West End Laboratories is developing a 'tag zapper'34 which can be used to disable RFID tags after a purchase. However, killing tags (whether manually or at checkout) may be undesirable in case of potential benefits tagged items may have. • Password protection could work, since a tag would remain unreadable until a reader sends the appropriate password to it. However, given the volume of tags and their possible usage in various RFID systems, there could be a massive password management crisis. • One of the more feasible techniques seems to be giving tags a set of pseudonyms. 32 Garfinkel, Simon, Ari Juels, Ravi Pappu. 'RFID Privacy: An Overview of Problems and Proposed Solutions'. June 2005. http://www.simson.net/clips/academic/2005.IEEE.RFID.pdf 33 Juels, Ari. 'RFID Security and Privacy: A Research Survey.' September 28th, 2005. http://www.rsasecurity.com/rsalabs/staff/bios/ajuels/publications/pdfs/rfid_survey_28_09_05.pdf 34 WhyNot.net. 'Zapper Detects, Destroys Unwanted RFID Chips'. April 4th, 2005. http://www.infowars.com/articles/bb/rfid_zapper_detects_destroys_rfid_chips.htm 15
  • This means that tags will cycle through serial numbers each time they are read, which would make things very confusing for unauthorized readers. Authorized readers would be able to identify tags as they possess a list of all possible numbers per tag. • Blocker tags would 'spam' any reader with confusing information, enabling only authorized readers to harvest data from a tag. Some determined readers are able to bypass this, however. To get to know more about the technical specifics of these solutions I suggest reading RFID Security and Privacy: A Research Survey by Ari Juels. Another approach to improve consumer privacy is the incorporation of 'RFID rights' into official policy. Simon Garfinkel has proposed a simple RFID “Bill of Rights” 35 addressing this issue. He writes that consumers should have: • The right to know whether products contain RFID tags. • The right to have RFID tags removed or deactivated when they purchase products. • The right to use RFID-enabled services without RFID tags. • The right to access an RFID tag's stored data. • The right to know when, where and why the tags are being read. Measures like these would go a long way in protecting the privacy of people from RFID's pervasive potentials. 35 Garfinkel, Simon. 'An RFID Bill of Rights'. October 2002. http://www.technologyreview.com/Infotech/12953/ 16
  • 4. RFID's place within the Networked Society Heather Cameron wrote in her paper 'CCTV and (In)dividuation'36 about the background of surveillance and tracking in contemporary society. She discusses Michel Foucault's concept of governmentality (Gouvernementalité). What this constitutes is the way in which people govern themselves in relation to private relationships, institutions and the relationship of the citizen to the state. Foucault recognizes a shift in understanding and definition of leadership between Greek and Judeo-Christian texts. While the former encourages leaders to strive for immortality and greatness, the latter invokes the metaphor of the 'shepherd'. The shepherd holds power over the flock, not the land. The shepherd creates the flock by bringing individual sheep together. The shepherd looks after each sheep as an individual, recognizing the value of each. The shepherd acts out of a sense of devotion or duty (rather than immortality). Finally, the shepherd keeps watch over the sheep and takes care of them. However, in the sheep metaphor the shepherd cannot communicate with his flock, so he has to take steps to find out about the inner lives of his followers rather than wait for them to inform him. Foucault used this metaphor to track changes in power relations in the emergence of the modern state, and calls it “Pastoral Power”. Pastoral power established itself firmly in the so called 'disciplinary societies', dating between eighteenth and mid-twentieth centuries. People are controlled through a variety of closed environments for each stage of life. From the family to the school to the barracks to the factory, with occasional trips to the hospital or sometimes even the prison, people were organized into these enclosed institutions to maximize efficiency and oversight. After World War II however, the disciplinary societies were making way for what Gilles Deleuze calls the societies of control.37 In the societies of control, boundaries between institutions are fading. Schools are gradually being replaced by perpetual training in corporations, the enclosed space of the hospitals is being challenged by day care and neighbourhood clinics. The powers that be have shifted from exposing the deep motivation of individuals to scanning the surface, looking for bits of relevant data. There is no longer a distinction between the mass and the individual - individuals have become 'dividuals', strings and samples of data and group 36 Cameron, Heather. 'CCTV and (In)dividuation'. 2004. http://www.surveillance-and- society.org/articles2(2)/individuation.pdf 37 Deleuze, Gilles. 'Postscript on the Societies of Control' Originally appearing in L'autre Journal, May 1st, 1990. http:// www.nadir.org/nadir/archiv/netzkritik/societyofcontrol.html 17
  • identifiers which only have relevance and meaning in specific situations, such as at the entry and exits of places and at, borders and government buildings, where people are scanned for risk or threat assessment. Cameron says: “RFID tags represent a move towards smaller and smaller units of tracking. These tags are also programmed with certain information which can be particular to each tag. As Foucault’s flock was broken into individual trackable and predictable sheep and then regrouped at will, the development of these tags opens the possibility of a more detailed and intimate control. This makes Deleuze’s point that the current historical framework is not interested in unique individuals confessing their truth but connected units being scanned for their code.”38 Governments and corporations are undoubtedly interested in any means by which they can identify people's behavioural or preference patterns. RFID, as shown earlier, has this potential. A widespread implementation of this technology could give the powers that be the measure of control and surveillance they seek. It would vastly increase their abilities to sort and classify. RFID and biometrics are closely linked in relation to Deleuze's argument of the dividual. Gillian Fuller39 discusses how biometrics enter (in)dividuals into databases. Digital storage of people's identity means that there is a shift in emphasis on the visual to emphasis on fragmented pieces of data. Where people used to be identified by comparing a photograph to a face, it is now a matter of matching algorithmic patterns. The linear image of the whole of the body has made way for a mass of isolated bits of data. Your body has become your password. We are no longer confined to the factory or the school, but are moving “through the free-floating controls of open systems”40. Access is granted or denied at various thresholds; control has retreated to exit and entry points: “This is where the strength of biometrics lies – not in the vision modes of the disciplinary technologies of surveillance – rather in the scanning technologies of logistical life where movement is not tracked in linear flows but logged on at various thresholds. “41 Fuller mentions the term 'protocol' a number of times in her essay. I would like to expand 38 Cameron, Heather. 'CCTV and (In)dividuation'. 2004. http://www.surveillance-and- society.org/articles2(2)/individuation.pdf 39 Fuller, Gillian. 'Perfect Match: Biometrics and Body Patterning in a Networked World'. Fibreculture Journal, 2003, volume 1 NO 1. http://journal.fibreculture.org/issue1/issue1_fuller.html 40 Fuller. 41 Fuller. 18
  • on this term using arguments from Alexander Galloway's book “Protocol”.42 Galloway explains how in a large distributed network such as the internet, which superficially seems like an anarchical, chaotic and free system there is an underlying standardizing force which exercises complete control. This is protocol. Protocol is more than a framework of rules; it's the most logical way of doing things: “Protocol is like the trace of footprints left in snow, or a mountain trail whose route becomes fixed only after years of constant wear. One is always free to pick a different route. But protocol makes one instantly aware of the best route – and why wouldn't one want to follow it?”43 One can understand RFID and the danger of it being implemented into society on these terms. Not only does RFID follow protocol itself, it is also a very “protocological” technology in that it too regulates and structures the flow of objects or people. Like the headers on data packets in computer networks, RFID in supply chains serves as the headers on products, containing information about their type, origin and destination. Where TCP/IP and such protocols regulate data flow in computer networks, technologies like RFID and biometrics are moving towards regulating the flow of people and goods in society. Technologies like these may ensure in the future that no product or person will be able to go where it is not supposed to be. One of Galloway's arguments about protocol is that it is voluntarily. You do not have to use it. For instance, you do not have to have RFID transponders in your car on toll highways. You are free to stand in line at the toll booth. It simply makes more sense however to install such a device because it saves a lot of time and effort. 42 Galloway, Alexander. 'Protocol: how control exists after decentralization.' MIT press, Cambridge MA, 2004 43 Galloway, p.244 19
  • 5. Conclusion RFID is a technology that is on the rise, one everyone will have to deal with as more and more companies invest in it, price and production costs drop and technological advancements continue. RFID investment in 2005 reached an estimate of five hundred million dollars and it is expected to rise up to three billion dollars by 2010.44 As it stands, RFID could present significant threats to people's privacy, for which corporations and government agencies show distressingly little concern. But “RFID as protocol” is still a work in progress. Corporations, security companies, government agencies, privacy groups and academics are arguing and competing on how or whether society should implement the technology on a large scale. In this process, any person with the motivation and interest has the ability to jump into the fray. RFID technology will continue to evolve and improve as the technology moves more and more into the spotlight. Current issues about technological limitations may soon be resolved, but RFID principles will remain the same, as likely will the ethical debate about RFID usage. More studies delving deeper into the technology's potential will undoubtedly yield new possibilities and problems, and as such it is important for academics to keep an eye on RFID developments in society, as well as conducting their own investigations. 44 ZDNetUK. 'RFID may become a $3bn business by 2010'. December 14th, 2005. http://news.zdnet.co.uk/emergingtech/0,1000000183,39241887,00.htm 20
  • 6. Bibliography Book and articles Cameron, Heather. 'CCTV and (In)dividuation'. 2004. http://www.surveillance-and- society.org/articles2(2)/individuation.pdf Deleuze, Gilles. 'Postscript on the Societies of Control' Originally appearing in L'autre Journal, May 1st, 1990. http://www.nadir.org/nadir/archiv/netzkritik/societyofcontrol.html Fuller, Gillian. 'Perfect Match: Biometrics and Body Patterning in a Networked World'. Fibreculture Journal, 2003, volume 1 NO 1. http://journal.fibreculture.org/issue1/issue1_fuller.html Galloway, Alexander. 'Protocol: how control exists after decentralization.' MIT press, Cambridge MA, 2004 Garfinkel, Simon, Ari Juels, Ravi Pappu. 'RFID Privacy: An Overview of Problems and Proposed Solutions'. June 2005. http://www.simson.net/clips/academic/2005.IEEE.RFID.pdf Juels, Ari. 'RFID Security and Privacy: A Research Survey.' September 28th, 2005. http://www.rsasecurity.com/rsalabs/staff/bios/ajuels/publications/pdfs/rfid_survey_28_09_05.pdf Rieback, Melanie, Bruno Crispo, Andrew Tanenbaum. 'Is Your Cat Infected with a Computer Virus?' March 2006. http://www.cs.vu.nl/~melanie/rfid_guardian/papers/percom.06.pdf Saponas, T.S, Jonathan Lester, Carl Hartung, Tadayoshi Kohno. 'Devices That Tell On You: The Nike+iPod Sport Kit'. November 30th 2006,University of Washington, Seattle. http://www.cs.washington.edu/research/systems/nikeipod/tracker-paper.pdf News reports, videos and miscellaneous DTechEx. The RFID Knowledgebase. Accessed on January 11th 2007 http://rfid.idtechex.com/knowledgebase/en/casestudy.asp?freefromsection=122 Democracy Now! 'How Major Corporations and Government Plan to Track your Every Move with Radio Frequency Identification' Transcript of an interview with Liz McIntyre. March 1st, 2006. http://www.democracynow.org/article.pl?sid=06/03/01/1447202 Flexilis. 'RFID e-Passport Vulnerability.' 2006, http://www.flexilis.com/epassport.php Freedman, Jonah. 'The (new) color of money'. March 5th 2003. http://money.cnn.com/2003/03/05/news/money/index.htm Garfinkel, Simon. 'An RFID Bill of Rights'. October 2002. http://www.technologyreview.com/Infotech/12953/ 21
  • Indymedia.org.uk. 'TESCO tags Cambridge Shoppers'. August 9th, 2003. http://www.indymedia.org.uk/en/2003/08/275490.html Losowski, Andrew. 'I've got you under my skin.' June 10th, 2004. http://technology.guardian.co.uk/online/story/0,3605,1234827,00.html RFid Gazette. 'RFID Found At Highway Toll Booths' March 23rd, 2005. http://www.rfidgazette.org/2005/03/rfid_found_at_h.html RFID Guardian Project. Accessed on January 11th, 2007. http://www.rfidguardian.org/ RSA Laboratories. 'Securing RFID tags from eavesdropping.' Accessed January 11th 2007. http://www.rsasecurity.com/rsalabs/node.asp?id=2118 Sun Microsystems. 'RFID Streamlines Processes, Saves Tax Dollars'. 2003. http://www.sun.com/br/government_1216/feature_rfid.html Swedberg, Claire. 'L.A. County Jail to Track Inmates'. May 16th, 2005. http://www.rfidjournal.com/article/articleview/1601/ Texas Instruments. 'Animal Tracking with RFID Raises Resource Management to a New Level' Accessed on January 10th, 2007 http://www.ti.com/rfid/shtml/apps-anim-tracking.shtml Tillman, Donna-Bea. 'Evaluation of Automatic Class III Designation VeriChip(TM) Health Information Microtransponder System'. October 12th, 2004. http://www.sec.gov/Archives/edgar/data/924642/000106880004000587/ex99p2.txt The Wall Street Journal. 'Are E-Passports more secure?' September 29th, 2006. http://online.wsj.com/public/article/SB115938787873075826-6AbUpMIaJVCS1i_UBVoGrWP867k_20070 929.html VeriMed Patient Identification. Accessed on January 11th, 2007. http://www.verimedinfo.com/intro.html Watson, Steve. 'Debunkers Attempt To Discredit Prison Planet/Infowars Over Exploding $20 Bills Story' March 18th 2004. http://www.prisonplanet.com/180304_RFID_article.html Westhues, Jonathan. 'Demo: Cloning a Verichip' Updated July 2006. http://cq.cx/verichip.pl WhyNot.net. 'Zapper Detects, Destroys Unwanted RFID Chips'. April 4th, 2005. http://www.infowars.com/articles/bb/rfid_zapper_detects_destroys_rfid_chips.htm Wikipedia contributors. 'E-Zpass'. Accessed on January 10th, 2007. http://en.wikipedia.org/wiki/E- ZPass Williams, Martyn. 'RFID tags make it into bank notes.' September 2nd 2003. http://www.techworld.com/news/index.cfm?fuseaction=displaynews&NewsID=412 Yong-Young, Kim. 'Radio ID chips may track bank notes'. May 22nd 2003. 22
  • http://news.com.com/2100-1017-1009155.html Yoshida, Junko. 'Euro bank notes to embed RFID chips by 2005'. December 19th 2005. http://www.eetimes.com/story/OEG20011219S0016 Yoshida, Junko. 'Tests reveal e-passport security flaw '. August 30th, 2004. http://www.eetimes.com/ showArticle.jhtml?articleID=45400010 http://youtube.com/watch?v=4Zj7txoDxbE --- Corporate promotional video for RFID in the supply chain http://youtube.com/watch?v=yQo4mGTCALE --- Excerpt from Good Morning America http://youtube.com/watch?v=4jpRFgDPWVA --- ABC7 News Report from Sacramento, California. ZDNetUK. 'RFID may become a $3bn business by 2010'. December 14th, 2005. http://news.zdnet.co.uk/emergingtech/0,1000000183,39241887,00.htm Pictures Picture page 10 – an RFID system diagram – from Garfinkel, Simon, Ari Juels, Ravi Pappu. 'RFID Privacy: An Overview of Problems and Proposed Solutions Picture page 13 – an overview of RFID security and privacy threats – from Garfinkel, Simon, Ari Juels, Ravi Pappu. 'RFID Privacy: An Overview of Problems and Proposed Solutions Picture page 14 – Scanning tags on the future consumer – from Juels, Ari. 'RFID Security and Privacy: A Research Survey.' 23