misspelledsearch.com:

rfid altiris software

information page

If you cannot find the information you are searching for on this page, we suggest searching Google with the correct spelling "rfid altiris software":

An EPC RFID tag used for Wal-Mart

Radio Frequency Identification (RFID) is an automatic identification method, relying on storing and remotely retrieving data using devices called RFID tags or transponders. An RFID tag is a small object that can be attached to or incorporated into a product, animal, or person. RFID tags contain silicon chips and antennas to enable them to receive and respond to radio-frequency queries from an RFID transceiver. Passive tags require no internal power source, whereas active tags require a power source.

1 History of RFID tags
2 Types of RFID tags
- 2.1 Passive
- 2.2 Semi-passive
- 2.3 Active
3 The RFID system
4 Current usage
- 4.1 RFID mandates
- 4.2 Human implants
5 Potential uses
- 5.1 Gen 2
- 5.2 Patient identification
- 5.3 Traffic and positioning
6 Regulation and standardization
7 RFID Legislation
8 Controversy
- 8.1 Passports
- 8.2 Driver's licenses
- 8.3 The mark of the beast?
- 8.4 Vulnerabilities
9 See also

History of RFID tags

An RFID tag used for electronic toll collection

In 1945 Léon Theremin invented an espionage tool for the Soviet government which retransmitted incident radio waves with audio information. Even though this device was a passive covert listening device, not an identification tag, it has been attributed as the first known device and a predecessor to RFID technology. The technology used in RFID has been around since the early 1920s according to one source (although the same source states that RFID systems have been around just since the late 1960s). [1]

A more similar technology, the IFF transponder, was invented by the British in 1939 [2], and was routinely used by the allies in World War II to identify airplanes as friend or foe.

Another early work exploring RFID is the landmark 1948 paper by Harry Stockman, titled "Communication by Means of Reflected Power" (Proceedings of the IRE, pp 1196–1204, October 1948). Stockman predicted that "...considerable research and development work has to be done before the remaining basic problems in reflected-power communication are solved, and before the field of useful applications is explored."

Mario Cardullo claims that his U.S. Patent 3,713,148 in 1973 was the first true ancestor of modern RFID; a passive radio transponder with memory.[3]

An excellent exploration of the history of RFID technology, from discovery of the electromagnetic spectrum to the current iteration of RFID systems can be found at http://www.aimglobal.org/technologies/rfid/resources/shrouds_of_time.pdf.

Types of RFID tags

RFID tags can be either passive, semi-passive (also known as semi-active), or active.

Passive

Passive RFID tags have no internal power supply. The minute electrical current induced in the antenna by the incoming radio frequency signal provides just enough power for the CMOS integrated circuit (IC) in the tag to power up and transmit a response. Most passive tags signal by backscattering the carrier signal from the reader. This means that the aerial (antenna) has to be designed to both collect power from the incoming signal and also to transmit the outbound backscatter signal. The response of a passive RFID tag is not just an ID number (GUID); the tag chip can contain nonvolatile EEPROM(Electrically Erasable Programmable Read-Only Memory) for storing data. Lack of an onboard power supply means that the device can be quite small: commercially available products exist that can be embedded under the skin. As of 2006, the smallest such devices measured 0.15 mm × 0.15 mm, and are thinner than a sheet of paper (7.5 micrometers).[4] The addition of the antenna creates a tag that varies from the size of postage stamp to the size of a post card. Passive tags have practical read distances ranging from about 2 mm (ISO 14443) up to a few meters (EPC and ISO 18000-6) depending on the chosen radio frequency and antenna design/size. Due to their simplicity in design they are also suitable for manufacture with a printing process for the antennae. Passive RFID tags do not require batteries, and can be much smaller and have an unlimited life span. Non-silicon tags made from polymer semiconductors are currently being developed by several companies globally. Simple laboratory printed polymer tags operating at 13.56 MHz were demonstrated in 2005 by both PolyIC (Germany) and Philips (The Netherlands). If successfully commercialized, polymer tags will be roll printable, like a magazine, and much less expensive than silicon-based tags.

Because passive tags are cheaper to manufacture and have no battery, the majority of RFID tags in existence are of the passive variety. As of 2005, the lowest cost EPC Gen 2 tags available on the market are as low as 7.2 cents each in volumes of 10 million units or more. Current demand for RFID integrated circuit chips is expected to grow rapidly based on these prices.

Semi-passive

Semi-passive RFID tags are very similar to passive tags except for the addition of a small battery. This battery allows the tag IC to be constantly powered, which removes the need for the aerial to be designed to collect power from the incoming signal. Aerials can therefore be optimized for the backscattering signal. Semi-passive RFID tags are faster in response and therefore stronger in reading ratio compared to passive tags.

Active

Unlike passive and semi-passive RFID tags, active RFID tags (also known as beacons) have their own internal power source which is used to power any ICs and generate the outgoing signal. They are often called beacons because they broadcast their own signal. They may have longer range and larger memories than passive tags, as well as the ability to store additional information sent by the transceiver. To economize power consumption, many beacon concepts operate at fixed intervals. At present, the smallest active tags are about the size of a coin. Many active tags have practical ranges of tens of meters, and a battery life of up to 10 years.

The RFID system

An RFID system may consist of several components: tags, tag readers, edge servers, middleware, and application software.

The purpose of an RFID system is to enable data to be transmitted by a mobile device, called a tag, which is read by an RFID reader and processed according to the needs of a particular application. The data transmitted by the tag may provide identification or location information, or specifics about the product tagged, such as price, color, date of purchase, etc. The use of RFID in tracking and access applications first appeared during the 1980s. RFID quickly gained attention because of its ability to track moving objects. As the technology is refined, more pervasive and possibly invasive uses for RFID tags are in the works.

In a typical RFID system, individual objects are equipped with a small, inexpensive tag. The tag contains a transponder with a digital memory chip that is given a unique electronic product code. The interrogator, an antenna packaged with a transceiver and decoder, emits a signal activating the RFID tag so it can read and write data to it. When an RFID tag passes through the electromagnetic zone, it detects the reader's activation signal. The reader decodes the data encoded in the tag's integrated circuit (silicon chip) and the data is passed to the host computer. The application software on the host processes the data, often employing Physical Markup Language (PML).

Take the example of books in a library. Security gates can detect whether or not a book has been properly checked out of the library. When users return items, the security bit is re-set and the item record in the Integrated library system is automatically updated. In some RFID solutions a return receipt can be generated. At this point, materials can be roughly sorted into bins by the return equipment. Inventory wands provide a finer detail of sorting. This tool can be used to put books into shelf-ready order.

Current usage

Talking Prescriptions - 13.56 MHz tags are being placed on prescriptions for Visually Impaired Veterans. The Department of Veterans Affairs Outpatient pharmacies are now supplying the tags with label information stored inside that can be read by a battery powered, talking prescription reader. This reader speaks information such as: Drug Name; Instruction; Warnings; etc. ["Scriptalk" http://www.envisionamerica.com/scriptalk.htm]

The Canadian Cattle Identification Agency began using RFID tags as a replacement for barcode tags. The tags are required to identify a bovine's herd of origin and this is used for trace-back when a packing plant condemns a carcass. Currently CCIA tags are used in Wisconsin and by US farmers on a voluntary basis. The USDA is currently developing its own program.Image:CCIA tags.jpg

High-frequency RFID tags are used in library book or bookstore tracking, pallet tracking, building access control, airline baggage tracking, and apparel item tracking. High-frequency tags are widely used in identification badges, replacing earlier magnetic stripe cards. These badges need only be held within a certain distance of the reader to authenticate the holder. The American Express Blue credit card now includes a high-frequency RFID tag, a feature American Express calls ExpressPay.

UHF RFID tags are commonly used commercially in pallet and container tracking, and truck and trailer tracking in shipping yards.

Microwave RFID tags are used in long range access control for vehicles.

RFID tags are used for electronic toll collection at toll booths with Georgia's Cruise Card, California's FasTrak, Illinois' I-Pass, the expanding eastern states' E-ZPass system, Florida's SunPass, Massachusett's Fast Lane, North Texas NTTA and Houston HCTRA EZ Tag, The "Cross-Israel Highway" (Highway 6), Philippines South Luzon Expressway E-Pass, Brisbane's Gateway Motorway E-Toll in Australia,Central Highway (Autopista Central) in Chile and all highways in France (Liber-T system). The tags are read remotely as vehicles pass through the booths, and tag information is used to debit the toll from a prepaid account. The system helps to speed traffic through toll plazas as it records the date, time, and billing data for the RFID vehicle tag.

Sensors such as seismic sensors may be read using RFID transceivers, greatly simplifying remote data collection.

Location sensing of RFID with milimeter accuracy is possible by adding a low cost photosensor. The real time location sensing (RTLS) supports many complex geometric queries.

In January 2003, Michelin began testing RFID transponders embedded into tires. After a testing period that is expected to last 18 months, the manufacturer will offer RFID-enabled tires to car makers. Their primary purpose is tire-tracking in compliance with the United States Transportation, Recall, Enhancement, Accountability and Documentation Act (TREAD Act).

Some smart cards embedded with RFID chips are used as electronic cash, e.g. SmarTrip in Washington, DC, USA, EasyCard in Taiwan, Suica in Japan, T-Money in South Korea, Octopus Card in Hong Kong, and the Netherlands and Oyster Card on the London Underground in the United Kingdom to pay fares in mass transit systems and/or retails.

Starting with the 2004 model year, a Smart Key/Smart Start option became available to the Toyota Prius. Since then, Toyota has been introducing the feature on various models around the world under both the Toyota and Lexus brands, including the Toyota Avalon (2005 model year), Toyota Camry (2007 model year), and the Lexus GS (2006 model year). The key uses an active RFID circuit which allows the car to acknowledge the key's presence within approximately 3 feet of the sensor. The driver can open the doors and start the car while the key remains in a purse or pocket.

In August 2004, the Ohio Department of Rehabilitation and Correction (ODRH) approved a $415,000 contract to evaluate the personnel tracking technology of Alanco Technologies. Inmates will wear wristwatch-sized transmitters that can detect if prisoners have been trying to remove them and send an alert to prison computers. This project is not the first such rollout of tracking chips in US prisons. Facilities in Michigan, California and Illinois already employ the technology.

RFID mandates

Wal-Mart and the United States Department of Defense have published requirements [5] that their vendors place RFID tags on all shipments to improve supply chain management. [6]. Due to the size of these two organizations, their RFID mandates impact thousands of companies worldwide. The deadlines have been extended several times because many vendors face significant difficulties implementing RFID systems. In practice, the successful read rates currently run only 80%, due to radio wave attenuation caused by the products and packaging. In time it is expected that even small companies will be able to place RFID tags on their outbound shipments.

Since January, 2005, Wal-Mart has required its top 100 suppliers to apply RFID labels to all shipments. To meet this requirement, vendors use RFID printer/encoders to label cases and pallets that require EPC tags for Wal-Mart. These smart labels are produced by embedding RFID inlays inside the label material, and then printing bar code and other visible information on the surface of the label.

Human implants

Amal Graafstra's left hand with the planned location of the RFID chip Just after the operation to insert the RFID tag was completed

Implantable RFID chips designed for animal tagging are now being used in humans as well. An early experiment with RFID implants was conducted by British professor of cybernetics Kevin Warwick, who implanted a chip in his arm in 1998. Applied Digital Solutions proposes their chip's "unique under-the-skin format" as a solution to identity fraud, secure building access, computer access, storage of medical records, anti-kidnapping initiatives and a variety of law-enforcement applications. Combined with sensors to monitor body functions, the Digital Angel device could provide monitoring for patients. The Baja Beach Club [7], a night club in Barcelona Spain and in Rotterdam, The Netherlands, uses an implantable VeriChip to identify their VIP customers, who in turn use it to pay for drinks [8].

In 2004, the Mexican Attorney General's office implanted 18 of its staff members with the Verichip to control access to a secure data room. (This number has been variously mis-reported as 160 or 180 staff members, though the correct number is actually 18. [9])

Amal Graafstra [10], a Washington native and business owner had a RFID chip implanted in his left hand in early 2005. The chip was 12 mm long by 2 mm in diameter and has a basic read range of two inches (5 cm). The implant procedure was conducted by a cosmetic surgeon, although the name of the doctor was not released. When asked what he planned to do with the implant Graafstra responded:

Because I'm writing my own software and soldering up my own stuff, pretty much anything I want.

Graafstra has since written a book called RFID Toys [11], which details how hobbyists and tech-types can create and build their own RFID enabled projects and solutions including: computer login, front door access, car and vehicle access, object tracking, etc.

Potential uses

RFID tags are often envisioned as a replacement for UPC or EAN barcodes, having a number of important advantages over the older barcode technology. They may not ever completely replace barcodes, due in part to their higher cost and in other part to the advantage of more than one independent data source on the same object. The new EPC is offered at reasonable cost, other numbering scheme are widely available, it makes no sense at all for none of the industrial applications to save numbers at the expense of uniqueness.

The storage of data associated with tracking items will require many terabytes on all levels. The escape is filtering, as nobody will save data without defined purpose. It is likely that goods will be tracked preferably by the pallet using RFID tags, and at package level with Universal Product Code (UPC) or EAN from unique barcodes.

The unique identity in any case is a mandatory requirement for RFID tags, despite special choice of the numbering scheme. RFID tag data capacity is big enough that any tag will have a unique code, while current bar codes are limited to a single type code for all instances of a particular product. The uniqueness of RFID tags means that a product may be individually tracked as it moves from location to location, finally ending up in the consumer's hands. This may help companies to combat theft and other forms of product loss. Moreover, the tracing back of products is an important feature that gets well supported with RFID tags containing not just a unique identity of the tag but also the serial number of the object. This may help companies to cope with quality deficiencies and resulting recall campaigns, but also contributes to concern over post-sale tracking and profiling of consumers.

It has also been proposed to use RFID for POS store checkout to replace the cashier with an automatic system which needs no barcode scanning. However this is not likely to be possible without a significant reduction in the cost of current tags and changes in the operational process around POS. There is some research taking place, however, this is some years from reaching fruition.

Gen 2

An organization called GS1 (http://www.gs1.org) is operating the joint venture EPCglobal (http://www.epcglobalinc.org), is working on international standards for the use of RFID and the EPC in the identification of any item in the supply chain for companies in any industry, anywhere in the world. The organization's board of governors of EPCglobal includes representatives from GS1, GS1-US, EAN, UCC, The Gillette Company, Procter & Gamble, Wal-Mart, Hewlett-Packard, Johnson & Johnson, Checkpoint Systems and Auto-ID Labs and others.

The EPCglobal gen 2 standard was approved in December 2004, and is likely to form the backbone of RFID tag standards moving forward. This was approved after a contention from Intermec that the standard may infringe a number of their RFID related patents. It was decided that the standard itself did not infringe their patents, but it may be necessary to pay royalties to Intermec if the tag were to be read in a particular manner. EPC Gen2 is short for EPCglobal UHF Generation 2. EPC standardisation is headed to become adopted by ISO, e.g. in accordance with complementary standardisation based on the ISO standard 18000-6.

EPC Gen 2 as well as the majority of RFID tags in existence are of the passive variety. As of 2005, these tags cost an average of Euro 0.20 at high volumes. Today, as universal RFID tagging of individual products become commercially viable at very large volumes, the lowest cost EPC Gen 2 tags available on the market are as low as 7.2 cents each in volumes of 10 million units or more. Current demand for RFID integrated circuit chips is expected to grow rapidly based on these prices.

Patient identification

In July 2004, the Food and Drug Administration issued a ruling that essentially begins a final review process that will determine whether hospitals can use RFID systems to identify patients and/or permit relevant hospital staff to access medical records. The use of RFID to prevent mixups between sperm and ova in IVF clinics is also being considered [12].

In October 2004, the FDA approved the country's first RFID chips that can be implanted in humans. The 134 kHz RFID chips, from VeriChip Corp., a subsidiary of Applied Digital Solutions Inc., can incorporate personal medical information and could save lives and limit injuries from errors in medical treatments, according to the company. The FDA approval was disclosed during a conference call with investors. Shortly after the approval, authors and anti-RFID activists Katherine Albrecht and Liz McIntyre discovered a warning letter from the FDA that spelled out serious health risks associated with the VeriChip. According to the FDA, these include "adverse tissue reaction," "migration of the implanted transponder," "failure of implanted transponder," "electrical hazards" and "magnetic resonance imaging [MRI] incompatibilty."

Some in-home uses, such as allowing a refrigerator to track the expiration dates of the food it contains, have also been proposed, but few have moved beyond the prototype stage.

Traffic and positioning

Road beacons

The most common use of RFID in traffic is for Electronic toll collection, normally using the Dedicated Short Range Communication (DSRC).

Another proposed application is the use of RFID for intelligent traffic signs called Road Beacons or "RBS" [13]. Such solutions are based in the use of RFID transponders buried under the pavement that are read by an onboard unit (OBU) in the vehicle which filters the different traffic signs and translates them into voice messages or gives a virtual projection using a HUD (Heads-Up Display). Its main advantage compared with satellite-based systems is that road beacons do not need digital mapping associated with them, as long as they provide traffic sign symbol and actual position information by themselves. RFID road beacons are also useful for complementing satellite positioning systems in places like tunnels or indoors.

Regulation and standardization

There is no global public body that governs the frequencies used for RFID. In principle, every country can set its own rules for this. The main bodies governing frequency allocation for RFID are:

USA: FCC (Federal Communications Commission)
Canada: DOC (Department of Communication)
Europe: ERO, CEPT, ETSI, and national administrations (note that the national administrations must ratify the usage of a specific frequency before it can be used in that country)
Japan: MPHPT (Ministry of Public Management, Home Affairs, Post and Telecommunication)
China: Ministry of Information Industry
Australia: Australian Communication Authority.
New Zealand: Ministry of Economic Development

Low-frequency (LF: 125 - 134.2 kHz and 140 - 148.5 kHz) and high-frequency (HF: 13.56 MHz) RFID tags can be used globally without a license. Ultra-high-frequency (UHF: 868 MHz-928 MHz) cannot be used globally as there is no single global standard. In North America, UHF can be used unlicensed for 908 - 928 MHz, but restrictions exist for transmission power. In Europe, UHF is under consideration for 865.6 - 867.6 MHz. Its usage is currently unlicensed for 869.40 - 869.65 MHz only, but restrictions exist for transmission power. The North American UHF standard is not accepted in France as it interferes with its military bands. For China and Japan, there is no regulation for the use of UHF. Each application for UHF in these countries needs a site license, which needs to be applied for at the local authorities, and can be revoked. For Australia and New Zealand, 918 - 926 MHz are unlicensed, but restrictions exist for transmission power.

These frequencies are known as the ISM bands (Industrial Medical Scientific). The return signal of the tag may still cause interference for other radio users [14].

Additional regulations exist regarding health and environmental issues [15]. For example, in Europe, the Waste Electrical and Electronic Equipment Directive does not allow for RFID tags to be thrown away. This means that RFID tags in cardboard boxes must be removed before disposing of them. This is important because RFID tags disrupt recycling [16]. Health regulations exist as well; see EMF (Electromagnetic field).

Some standards that have been made regarding RFID technology include:

ISO 11784 & 11785 - These standards regulate the Radio frequency identification of animals in regards to Code Structure and Technical concept
ISO 14223/1 - Radio frequency identification of Animals, advanced transponders - Air interface
ISO 10536
ISO 14443
ISO 15693
ISO 18000
EPCglobal - this is the standardization framework that is most likely to undergo International Standardisation according to ISO rules as with all sound standards in the world, unless residing with limited scope, as customs regulations, air-traffic regulations and others. Currently the big distributors and governmental customers are pushing EPC heavily as a standard well accepted in their community, but not yet regarded as for salvation to the rest of the world.

A primary security concern surrounding RFID technology is the illicit tracking of RFID tags. Tags which are world-readable pose a risk to both personal location privacy and corporate/military security. Such concerns have been raised with respect to the United States Department of Defense's recent adoption of RFID tags for supply chain management [17]. More generally, privacy organizations have expressed concerns in the context of ongoing efforts to embed electronic product code (EPC) RFID tags in consumer products.

A second class of defense uses cryptography to prevent tag cloning. Some tags use a form of "rolling code" scheme, wherein the tag identifier information changes after each scan, thus reducing the usefulness of observed responses. More sophisticated devices engage in challenge-response protocols where the tag interacts with the reader. In these protocols, secret tag information is never sent over the insecure communication channel between tag and reader. Rather, the reader issues a challenge to the tag, which responds with a result computed using a cryptographic circuit keyed with some secret value. Such protocols may be based on symmetric or public key cryptography. Cryptographically-enabled tags typically have dramatically higher cost and power requirements than simpler equivalents, and as a result, deployment of these tags is much more limited. This cost/power limitation has led some manufacturers to implement cryptographic tags using substantially weakened, or proprietary encryption schemes, which do not necessarily resist sophisticated attack. For example, the Exxon-Mobil Speedpass uses a cryptographically-enabled tag manufactured by Texas Instruments, called the Digital Signature Transponder (DST), which incorporates a weak, proprietary encryption scheme to perform a challenge-response protocol. In 2005, researchers from RSA Labs and Johns Hopkins University reverse engineered the algorithm and were able to clone Speedpass tags [18].

Still other cryptographic protocols attempt to achieve privacy against unauthorized readers, though these protocols are largely in the research stage. One major challenge in securing RFID tags is a shortage of computational resources within the tag. Standard cryptographic techniques require more resources than are available in most low cost RFID devices. Many security measures have been proposed for RFID in the academic literature. Several low strength cryptographic solutions have been proposed, including hash locks, backward channel XORing, third party privacy agents, and LPN authentication [19]. RSA Security has patented a prototype device that locally jams RFID signals by interrupting a standard collision avoidance protocol, allowing the user to prevent identification if desired. [20]. Various policy measures have also been proposed, such as marking RFID tagged objects with an industry standard label.

RFID Legislation

California - SB1834

PURPOSE: Restrict the way businesses and libraries in California use RFID tags attached to consumer products or using an RFID reader that could be used to identify an individual.

Defeated by members of the California state assembly on June 25, 2005.

Massachusetts – HB 1447, SB 181

PURPOSE: Requires labels regarding use and purpose of RFID on consumer products; requires the ability to remove tags; and restricts info on tags to inventory and like purposes.

Maryland – HB 354

PURPOSE: Creates a task force to study privacy and other issues related to RFID and report on whether legislation is needed.

Missouri – SB 128

PURPOSE: Requires a conspicuous label on consumer packaging with RFID disclosing existence of the tag and that the tag can transmit a unique ID before and after purchase.

Nevada – AB 264

PURPOSE: Requires manufacturers, retailers and others to ensure placement of a label regarding existence of RFID on product prior to sale.

New Hampshire – HB 203

PURPOSE: Requires written or verbal notice of existence of a tracking device on any product prior to sale.

New Mexico – HB 215

PURPOSE: Requires businesses purveying tagged items to post notices on their premises and labels on the products; requires removal or deactivation of tag at point of sale.

Rhode Island – H 5929

PURPOSE: Prohibits state or local government from using RFID to track movement or identity of employees, students or clients or others as a condition of a benefit or service

South Dakota – HB 1114

PURPOSE: Prohibits requiring a person to receive implant of an RFID chip.

Tennessee – HB 300, SB 699

PURPOSE: Requires conspicuous labeling of goods containing RFID disclosing existence of RFID and that it can transmit unique information.

Utah – HB 185

PURPOSE: Amends computer crime law to include RFID.

Texas – HB 2953

PURPOSE: Prohibits school district from requiring student to use an RFID device for identification; requires school to provide alternative method to those who object to RFID.

Controversy

How would you like it if, for instance, one day you realized your underwear was reporting on your whereabouts?

— California State Senator Debra Bowen, at a 2003 hearing [21]

The use of RFID technology has engendered considerable controversy and even product boycotts by consumer privacy advocates such as Katherine Albrecht and Liz McIntyre of CASPIAN who refer to RFID tags as "spychips". The four main privacy concerns regarding RFID are:

The purchaser of an item will not necessarily be aware of the presence of the tag or be able to remove it;
The tag can be read at a distance without the knowledge of the individual;
If a tagged item is paid for by credit card or in conjunction with use of a loyalty card, then it would be possible to tie the unique ID of that item to the identity of the purchaser; and
The EPCglobal system of tags create, or are proposed to create, globally unique serial numbers for all products, even though this creates privacy problems and is completely unnecessary for most applications.

Most concerns revolve around the fact that RFID tags affixed to products remain functional even after the products have been purchased and taken home, and thus can be used for surveillance and other nefarious purposes unrelated to their supply chain inventory functions. Although RFID tags are only officially intended for short-distance use, they can be interrogated from greater distances by anyone with a high-gain antenna, potentially allowing the contents of a house to be scanned at a distance, something distinctly Orwellian in nature. Even short range scanning is a concern if all the items detected are logged in a database every time a person passes a reader, or if it is done for nefarious reasons (e.g., a mugger using a hand-held scanner to obtain an instant assessment of the wealth of potential victims). With permanent RFID serial numbers, an item leaks unexpected information about a person even after disposal; for example, items that are resold or given away can enable mapping of a person's social network.

Another privacy issue is due to RFID's support for a singulation (anti-collision) protocol. This is the means by which a reader enumerates all the tags responding to it without them mutually interfering. The structure of the most common version of this protocol is such that all but the last bit of each tag's serial number can be deduced by passively eavesdropping on just the reader's part of the protocol. Because of this, whenever RFID tags are near to readers, the distance at which a tag's signal can be eavesdropped is irrelevant; what counts is the distance at which the much more powerful reader can be received. Just how far this can be depends on the type of the reader, but in the extreme case some readers have a maximum power output (4 W) that could be received from tens of kilometres away.

The potential for privacy violations with RFID was demonstrated by its use in a pilot program by the Gillette Company, which conducted a "smart shelf" test at a Tesco in Cambridge, England. They automatically photographed shoppers taking RFID-tagged safety razors off the shelf, to see if the technology could be used to deter shoplifting. [22] This trial resulted in a consumer boycott against Gillette that is still in effect today. There was also a protest of Tesco. A boycott against Tesco for its involvement with item-level RFID tagging has been in effect since early 2005. [23]

In another incident, uncovered by the Chicago Sun-Times, shelves in a Wal-Mart in Broken Arrow, Oklahoma, were equipped with readers to track the Max Factor Lipfinity lipstick containers stacked on them. Webcam images of the shelves were viewed 750 miles (1200 km) away by Procter & Gamble researchers in Cincinnati, Ohio, who could tell when lipsticks were removed from the shelves and observe the shoppers in action.

In January 2004 privacy advocates from CASPIAN and the German privacy group FoeBuD [24] were invited to the METRO Future Store in Germany, where an RFID pilot project was implemented. It was uncovered by accident that METRO "Payback" customer loyalty cards contained RFID tags with customer IDs, a fact that was disclosed neither to customers receiving the cards, nor to this group of privacy advocates. This happened despite assurances by METRO that no customer identification data was tracked and all RFID usage was clearly disclosed. [25]

The controversy was furthered by the accidental exposure of a proposed Auto-ID consortium public relations campaign that was designed to "neutralize opposition" and get consumers to "resign themselves to the inevitability of it" whilst merely pretending to address their concerns. [26]

The standard proposed by EPCglobal includes privacy related guidelines for the use of RFID-based EPC. These guidelines include the requirement to give consumers clear notice of the presence of EPC and to inform them of the choice that they have to discard, disable or remove EPC tags. These guidelines are non-binding, and only partly comply with the joint statement of 46 multinational consumer rights and privacy groups.

In 2004, Lukas Grunwald released a computer program RFDump which with suitable hardware allows reading and reprogramming the metadata contained in an RFID tag, although not the unchangeable serial number built into each tag. He said consumers could use this program to protect themselves, although it would also have significant malicious uses.

Passports

A number of countries have begun to embed RFID devices in new biometric passports, to facilitate efficient machine reading of personal data. Security expert Bruce Schneier said of these proposals: "It's a clear threat to both privacy and personal safety. Quite simply, it's a bad idea." The RFID-enabled passport uniquely identifies its holder, and in the proposal currently under consideration, will also include a variety of other personal information. This could greatly simplify some of the abuses of RFID technology, and expand them to include abuses based on machine reading of data such as a person's nationality. For example, a mugger operating near an airport could target victims who have arrived from wealthy countries, or a terrorist could design a bomb which functioned when approached by persons from a particular country.

The US State Department initially rejected these concerns on the grounds that they believed the chips could only be read from a distance of 10 cm (4 in), but in the face of 2,400 critical comments from security professionals, and a clear demonstration that special equipment can read the test passports from 30 feet (10 m) away, the proposal was reviewed. [27] In November 2005, the State Department stated that as of October 2006 all US passports will contain RFID chips with some security features. The passports will be shielded to prevent skimming. The department will also implement Basic Access Control (BAC), which functions as a Personal Identification Number (PIN) in the form of characters printed on the passport data page. Before a passport's tag can be read, this PIN must be inputted into an RFID reader. The BAC also enables the encryption of any communication between the chip and interrogator [28].

The Pakistan Passport Authority has started issuing passports with RFID tags.

The Norwegian Passport authority has also issued passports with RFID tags, and was criticized by the Norwegian Data Inspectorate Department because of their lack of implementing any security features. As of november 2005 only a handful of passports have been issued [29].

The Malaysian Passport Authority has started using passports with RFID tags since early 2000.

The New Zealand government introduced chipped passports on 4 November 2005 after trials with pilots from USA in association with Australia. All new passports issued by New Zealand will contain these chips.

France are to start issuing biometric passports on 17 April 2006.

Driver's licenses

The US state of Virginia has considered putting RFID tags into driver's licenses in order to make lookups faster for police officers and other government officials. The Virginia General Assembly also hopes that by including the tags, false identity documents would become much harder to obtain. The proposal was first introduced in the "Driver's License Modernization Act" of 2002, which was not enacted, but as of 2004 the concept was still under consideration.

The idea was prompted by the fact that several of the September 11 hijackers held fraudulent Virginia driver's licenses. However the American Civil Liberties Union has noted that in addition to being a risk to privacy and liberty, the RFID proposal would not have hindered the hijackers, since the false documents they carried were valid, officially issued documents obtained with other false identification. The weakness in the system is not failure to validate documents in the field, but failure to verify identity before issuing them.

The mark of the beast?

There has been discussion by members of the Christian community, especially Christian anarchists, that RFID tagging could represent the mark of the beast mentioned specifically in the Book of Revelation (see Revelation 13:16). This subject is studied by those Christians interested in the fields of eschatology (last things) and dispensationalism. Previously, other forms of identification such as credit cards and UPC codes had been suggested as candidates for the mark. [30] [31] [32]

Vulnerabilities

The New York Times reported on new research showing how RFID tags could be "infected" with computer viruses. "RFID malware is a Pandora's box...," the Times quotes from the study available at www.rfidvirus.org.
Security expert Bruce Schneier reports on a Weizmann Institute of Science study suggesting "so-called 'wallet phones' will be capable of attacking HF tags" through power analysis attack.