[AktiviX] [Politech] Hack the tech: a possible counter-RFID strategy

Paul Mobbs mobbsey at gn.apc.org
Wed May 5 18:47:08 UTC 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



- -------- Original Message --------
Subject: A possible counter-RFID strategy
Date: Mon, 3 May 2004 07:57:30 -0400
From: Rich Kulawiec <rsk at firemountain.net>
To: Declan McCullagh <declan at well.com>

(An edit of something I sent to the folks at nocards.org last summer)

Having followed the recent RFID-related messages on Politech, I thought
I'd send this along.

First, a small historical diversion: back in the 1980's, there were rumors
that the NSA had a complete Usenet feed going into its data centers.
In reaction, Usenet article authors began to include what were called
"NSA fodder" in the headers and bodies of their articles; text strings like:

	Moscow nuke Iran Kremlin secret spy CIA transmission

were put there to (at least in theory) cause the text-analysis programs
and perhaps the human beings analyzing the incoming data at the NSA to
work a bit harder.

Nobody (I hope) took this very seriously, but it does illustrate
an interesting point about approaches to frustrating unwanted
data collection, and that is that there are two ways to do that:

	1. Deny the data to the collectors.
	2. Give them all the data they could possibly hope for...
	   but fill it with so much noise that it's useless.

In the case of RFID tags, so many people are all over their deployment
that approach #1 may now be effectively impossible.

Fine.  Let them knock themselves out putting RFID tags on and in
everything and tracking them and accumulating all the data, and
spending lots and lots of money and time setting all that up.

Meanwhile, let's try approach #2.

After all, there's no reason why you and I can't have our own RFID
scanners, and locate the tags that we happen to find in our possession,
now is there?  And if I felt like, oh, removing the tag from my new
shirt and sticking it in a city bus seat, or extracting the tag from
a new lawn sprinkler and putting it in on a shopping cart back at the
store where I bought it, well, why not?

Now imagine the consequences if 20 million people did the same.

We could even have little exchanges where we throw all our tags in a
pile and randomly take some away to play with -- the point being that
then not even *we* know what happened to them.

I find it very satisfying to think that someone trying to figure out where
my bicycle helmet is at the moment will actually be tracking a Walmart
(rushing headlong toward adoption of RFID) manager's car that happened
to parked somewhere nearby when I felt like transplanting the RFID tag.

RFID tags from all kinds of things could be randomly planted everywhere:
in an airplane seat, in a newspaper at the library, in a copy of a rented
video, EVERYWHERE.  Some could be transplanted to similar items; others
to completely different ones.  And so on.

I'm not suggesting that anyone abandon the fight against the intrusive
and abusive uses of RFID by any means; I'm just suggesting that one
possible countermeasure to make whatever deployment goes forward far
less effective than its backers hope is to cause their RFID trackers to
record huge amounts of completely useless data. [1]  This is relatively
easy to do, and could actually be turned into a rather amusing exercise
in competitive ingenuity. [2]

But more seriously, if a sufficient number of people participate, and thus
a sufficient number of RFID tags are pressed into service generating bogus
data, it will discredit them and devalue their usefulness, thus discouraging
their further adoption and undercutting attempts to rely on them for
some of their more Orwellian possible uses.

It's a shame that something like this is necessary: but given the total
lack of respect for privacy and any semblance of self-restraint on the
part of governments and corporations, it is.

- --Rsk

[1] Most importantly, "useless data" that will be very difficult to
distinguish from useful data.  Every communications engineer learns
that separating signal from noise is relatively easy when they have
very different properties, but much harder when they're the same.
Hence the need to transplant at least some RFID tags to similar items,
thus generating bogus but hard-to-spot-as-bogus data.

[2] "I'd like to thank you for coming to testify before our committee
today, Mr. Ashton, and as my first question, I'd like you to explain
why the Senate's RFID scanner indicates that you walked in here with a
cheese grater, a copy of the latest Harry Potter video, a forklift, and
the latest issue of 'Motorcycle Babes' on your person."


_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)

- -------------------------------------------------------

- -- 



==========

"We are not for names, nor men, nor titles of Government, nor are we for
this party nor against the other but we are for justice and mercy and
truth and peace and true freedom, that these may be exalted in our nation,
and that goodness, righteousness, meekness, temperance, peace and unity
with God, and with one another, that these things may abound."
(Edward Burroughs, 1659 - from 'Quaker Faith and Practice')


Paul Mobbs, Mobbs' Environmental Investigations,
3 Grosvenor Road, Banbury OX16 5HN, England
tel./fax (+44/0)1295 261864

email - mobbsey at gn.apc.org
website - http://www.fraw.org.uk/mobbsey/index.html



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQFAmTastEaNwM05jx0RAnAKAKCfzT4Fb8TaE1d2mrR69ZrMpE4ASQCggTjN
k9bgrVuJHPKbc0L8a1ryo8A=
=4qoo
-----END PGP SIGNATURE-----

More information about the AktiviX-discuss mailing list