Researchers recently found that Apple’s smart phones and tablets record and store device owners’ movements for up to a year. A lot of people find that disturbing—so much so that the discovery made it to the top of U.S. talk shows’ agendas.
Researchers recently found that Apple's smart phones and tablets
record and store device owners' movements for up to a year. A lot
of people find that disturbing-so much so that the discovery made
it to the top of U.S. talk shows' agendas. Does the idea of a big
U.S. company tracking your every move bother you?
Privacy's a personal
Many people don't like it, and who can blame them? The
information may only be used on an aggregate basis, but it's still
a breach of privacy. Other people, however, couldn't care less.
Many use social media applications like Foursquare to voluntarily
report their location wherever they are. People treat privacy
differently-and not just different people, but the same person in
different contexts. Someone who locks away Facebook profile data to
all but their closest contacts might very well leave every aspect
of their professional history, personal details and other
information open for all to see on LinkedIn.
Everyone's version of privacy is a little different.
Unfortunately, less privacy is almost always tied to heightened
security risk, and security is the battleground upon which this
privacy reckoning is being fought. As with geo-location technology,
privacy and security issues are also coming to the fore in the RFID
sphere, where business-focused applications are beginning to bleed
over into the consumer world.
RFID and privacy
Radio frequency identification is not a new technology, but it
has only really begun to blossom in the last five years, as the
science has matured and tag prices have dropped. "RFID tags can
store tremendous amounts of information," says Jorma Lalla, CEO of
RFID handset manufacturer Nordic ID. "You can also add data to tags
as they travel, which is what makes them truly valuable. The
information captured on tags during manufacturing or logistics
processes is data that can be mined on an aggregate basis to see
where efficiencies lie," he explains.Some tags are the size of
seeds, while others are as big as books. Some are rugged enough to
be immersed and dropped; others can take the form of an adhesive
sticker. Tag costs vary tremendously depending on
specifications-from a few cents to many Euros. Another advantage of
RFID technology is that read/write tags allow some levels of
information to be erased and new information written in.
Sniffing, eavesdropping and
Several European and other nations have embedded RFID tags in
passports. With a read/write RFID chip in place, governments can
keep precise digital records of citizens' movements. That's all
well and good for record keeping, but encrypted RFID information
has, in a few cases, been clandestinely intercepted from several
metres away. When customs officials scan passports, data is being
decrypted and read-presenting an opportunity for signal
The likelihood of passport data getting stolen is low, since a
rogue reader can only pick up secured information when it's being
read with an official device. But the same kinds of concerns are
also being raised about more pedestrian uses of RFID. A second-hand
RFID reader, bought online for as little as five dollars, can be
outfitted with a high-power, clandestine antenna hidden in clothing
or a backpack that will allow it to pick up nearby RFID
information, for example on a credit card. Open source software can
enable hackers to de-encrypt that information and use it in various
Security playing catch-up to RFID
But even if this RFID 'sniffing' isn't used to steal funds or
identity, who wants the medications and other contents of their
purse to be scanned? Or the size of their undergarments? Heikki
Seppä, a professor with the VTT Technical Research Centre of
Finland and known in European circles as 'Mr. RFID', believes that
encryption and security are playing catch-up to RFID
implementation. "If you look at one kind of RFID use - that
of nearfield communication (NFC) in mobile phones, security and
consequently privacy work very well," says Seppä. "That's because
encryption is not only built in, but there's also a chain of IDs
that work together to form protection-mobile serial number,
security pass code, SIM card serial number and NFC serial number.
Together, this all forms a unique chain of identity," he states.
"If you lose the phone, you can deactivate the SIM card via the
Internet and it becomes unusable. Other applications don't have the
same chain of IDs, and encryption is either nonexistent or easily
Encryption and security has not been a concern for traditional
RFID processes. Many of Nordic ID's clients, for example, use RFID
to track consumer items from point of production through to point
of sale. "We have fashion retail clients who use RFID end-to-end
throughout the supply chain," says Lalla. "They send manufacturers
RFID-equipped care tags to sew into clothing, ensuring that all
items are trackable at the item level." With total RFID
integration, a worker can scan a carton or a pallet in a shop
storeroom or in a warehouse and get an instant count of precisely
what's in the order, right down to colour and size of garment. That
helps guard against shrinkage, incomplete or erroneous orders,
stock-outs and product counterfeiting.
Consumers benefit from
That's all beneficial to manufacturers, but what about
consumers? Those same RFID tags are designed to become unreadable
after a couple washes, so there's no privacy problem there-but nor
is there any consumer benefit. "RFID is only just starting to
become useful to consumers," says Seppä. "But the Internet of
Things is just around the corner. Imagine scanning a toaster with
your cell phone to read receipt and warranty information. Or
scanning your car to find out when maintenance is recommended.
There are hundreds of possible uses."
Along with the increase in information comes privacy risk. If
Stan the Stalker buys an RFID reader, can he scan the trash of the
girl next door to see what she's eating and if there are condom
wrappers in the bin? The short answer is…probably. But Stan could
find that out now; he just needs to sort through the garbage. "The
bigger problem is with things like scanning credit cards through a
purse or a wallet," maintains Seppä. "The same thing can happen
there as with passport eavesdropping. Except that it's much easier
to do. Credit cards are everywhere."
The Internet of Things is coming, but security issues are not
entirely resolved. Like in the early days of wireless large area
networking and many other technologies that have matured, we still
need to achieve a sufficiently hardened set of standards and
protocols for the safe use of RFID in all applications.