From the Back Cover
Radio frequency identification (RFID) technology is rapidly becoming ubiquitous as businesses seek to streamline supply chains and respond to mandates from key customers. But RFID and other new wireless ID technologies raise unprecedented privacy issues. RFID: Applications, Security, and Privacy covers those issues from every angle and viewpoint.
Award-winning technology journalist and privacy expert Simson Garfinkel brings together contributions from every stakeholder community--from RFID suppliers to privacy advocates. His contributors introduce today's leading wireless ID technologies, trace their evolution, explain their promise, assess their privacy risks, and evaluate proposed solutions--technical, business, and political. Beyond RFID, they also review the privacy implications of Wi-Fi, Bluetooth, smartcards, biometrics, new cell-phone networks, and the ever-evolving Internet. Highlights includeHow RFID and other wireless ID technologies work RFID applications, from your gas station and pharmacy to the twenty-first century battlefieldRFID, privacy, and the law--in the United States and around the worldThe privacy impact of location awareness in today's wireless Internet infrastructureDoomsday scenarios: Could ubiquitous wireless ID enable totalitarianism?RFID, security, and industrial espionageHow Bluetooth and Wi-Fi can track individuals, with or without their permissionTechnical solutions to wireless ID privacy concerns--their value and limitationsStakeholder perspectives from Texas Instruments, Gemplus, NCR, P&G, and other leadersThe future of citizen activism on privacy issues
Clear, balanced, and accessible, this is the indispensable primer for everyone involved in RFID: businesses implementing or evaluating RFID; technology suppliers responding to user concerns; and policymakers and privacy advocates who want a deeper understanding of the technology and its implications. Includes contributions from
AIM Global, Inc.
CVS Corporation
Center for Democracy and Technology
Consumers Against Supermarket Privacy Invasion and Numbering
EPCglobal, Inc.
ExxonMobil Corporation
Fleishman-Hillard Inc.
The Galecia Group
Gemplus
IDAT Consulting & Education
Institute for the Future
Matrics, Inc.
MIT Media Laboratory
MIT Auto-ID Laboratory
Privacy Journal
The Privacy Rights Clearinghouse
Procter & Gamble
RSA Security
Texas Instruments, Inc.
UCLA Department of Geography
Wayne State University Law School
About the Author
Simson Garfinkel is a computer security researcher and an award-winning commentator on information technology. Among his twelve books are Database Nation: The Death of Privacy in the 21st Century (O'Reilly, 2001) and Practical UNIX and Internet Security, Third Edition (O'Reilly, 2003). A columnist for Technology Review and CSO magazine, Garfinkel's CSO columns earned the 2004 Jesse H. Neal National Business Journalism Award. He is a doctoral candidate at MIT's Computer Science and AI Laboratory.
Beth Rosenberg is a writer, editor, and journalist with fifteen years of experience in emerging technologies. She has written for the Boston Globe, Boston Magazine, and the Christian Science Monitor, and edited a book for Harvard's Kennedy School of Government.
Excerpt. © Reprinted by permission. All rights reserved.
There's a school bus stopped outside a middle school Spring, Texas, a wealthy suburb on the northern edge of Houston's metropolitan sprawl. Inside the bus several well-dressed and obviously well-off children stand in the aisle waiting to get off. Sandra Martinez, a 10-year-old with a thick brown braid and a charcoal grey blazer, pauses while she takes her ID card, hanging from a lanyard around her neck, and presses it against the large grey panel that's mounted on the big padded barrier that divides the stairwell from the passenger compartment. The panel beeps.
Sandra descends the school-bus steps and the next student fumbles for her ID card. Meanwhile, a computer onboard the bus is hard at work. First the computer takes a geospatial reading from the Global Positioning System receiver that's mounted inside the bus. Next, the computer sends to Spring Independent School District the precise time and location that Martinez left the bus using an onboard digital cell phone. This information is made instantly available on a web site where it can be accessed by Martinez's parents, the school administration, or anyone else with the appropriate access codes. The purpose of the system, which was installed at a cost of $180,000, is to let parents know precisely when and where their children get on or off the school bus. "If it works one time finding a student who has been kidnapped, then the system has paid for itself," Brian Weisinger, the head of transportation for the Spring district, told the New York Times.1
No student has ever been kidnapped in Spring, Texas.
A slightly different student tracking is in use at the Enterprise Charter School in Buffalo, New York. There, a pair of kiosks that were purchased at a cost of $40,000 read ID tags as students enter and exit the building. Mark Walter, head of technology for the Buffalo school, told the New York Times that initially the system failed to register some students, but now it works pretty well. Advocates of the technology say that it just might even be expanded--for example, placing readers on individual classroom doors to see if students are attending their classes.
Some students, of course, invariably forget their tags at home or lose them. Some might even purposely throw them away. Even for these students, technology has an answer: In late 2004, the U.S. Food and Drug Administration approved for general use a tiny radio tag that can be implanted under the skin. Similar technology has been used to track household pets since the 1990s.
Meanwhile, by the time this book is in print, the U.S. State Department will probably have started issuing passports that carry a tiny RFID chip that includes 64 kilobytes of memory and, alas, can be covertly read at a distance of 30 feet by anyone with a suitable reader and a good antenna.2 The State Department says that there's no need to worry: The data on the chip will reportedly be encrypted, so that anybody who reads it will only read gibberish. The RFID Controversy and the Technology That Fuels It
Radio Frequency Identification--better known as RFID--is fast becoming one of the most controversial technologies of our era.
Proponents of RFID say that the tiny tags, made out of silicon chips and radio antennas, can stamp out counterfeit drugs, fight terrorism, and at the same time help Wal-Mart keep its shelves stocked. They say that widespread adoption of RFID will allow companies to improve efficiency, cut costs, and offer dramatic new products and services to their customers. Most proponents scoff that the technology has a downside at all--other than perhaps the cost of the tags, and the cost of tags is dropping fast.
But RFID has many critics. The most vocal are privacy activists who argue that the technology's unprecedented ability to track the movement of individually serialized objects could be turned around and used to track the people carrying those objects. They worry that the RFID readers across the nation could report back to a single global network that could be used by the government as a kind of roving geographical wiretap.
Many critics argue that RFID is a threat not just to individuals, but to corporations and governments as well. In a few years RFID readers at warehouse doors will allow companies to inventory the contents of cartons without opening them. But without the proper controls, the technology could also facilitate industrial espionage by giving competitors unprecedented access to a company's inventory. And once you begin thinking about RFID as an offensive technology, a lot of possibilities start emerging. Just as toll roads can use RFID to read E-ZPass tags and automatically debit the driver's account, an RFID-equipped bomb could wait patiently until it senses the tag of a particular individual driving above, and then detonate. Want to falsely implicate someone in a crime? Just clone one of their RFID tags and then arrange for it to pass by a particular reader just minutes before the murder.
The book you are holding is the first of its kind to explore the wide range of security and privacy issues that are being raised by RFID technology. It is the first book to bring together proponents from across the RFID spectrum. In its pages you will find chapters from companies that are producing RFID readers; from companies that are busy putting products with embedded RFID-tags on their shelves; and from the very privacy activists that are trying to stop them. Bringing together this diverse group of individuals and organizations has taken a lot of time and work. The result is the most balanced and accurate discussion you will find anywhere on the planet of RFID technology and its attendant controversy.RFID: What Is It?
As its name implies, the term RFID is generally used to describe any technology that uses radio signals to identify specific objects. In practice, this means any technology that transmits specific identifying numbers using radio. Electronic article surveillance (EAS) systems, used by many clothing and music stores to set off an alarm when a shoplifter steals an item, are not RFID because the EAS tags do not have individual codes or serial numbers that can be read remotely. The Mobil SpeedPass system used to pay for gas is an RFID system: Each SpeedPass tag contains a unique serial number that is used to identify the tag's owner.
Each RFID tag consists of a silicon chip, an antenna, and some kind of housing. The tags come in sizes as large as a paperback book and smaller than a grain of rice. So-called active tags contain batteries, while passive tags are powered directly by the radio frequencies used to read them. The reading range of a tag depends on many factors, including the tag's electronics, its antenna, the reader, the radio frequencies used, and decisions made at the time the system is deployed. It is therefore inaccurate to state a "typical tag's" read range without first specifying what kind of tag you are using. (I'll explain these technical issues and others in Chapter 2, Understanding RFID Technology.)
RFID technology is already broadly deployed within the United States. Between the "proximity cards" used to unlock many office doors, and the automobile "immobilizer chips" built into many modern car keys, it's estimated that roughly 40 million Americans carry some form of RFID device in their pocket every day. I have two: Last year MIT started putting RFID chips into the school's identity cards, and there is a Philips immobilizer chip inside the black case of my Honda Pilot car keys.
Many of today's media accounts of RFID aren't about these proprietary devices or RFID in general, but the standardized electronic product code (EPC) chips that were developed by the AutoID Center and are now being overseen by EPCglobal, a trade organization. RFID systems have been around for more than thirty years, opening office doors and tagging laboratory animals, but prior to the introduction of the EPC, these systems were too expensive for mass deployment. By standardizing on a simple chip design and over-the-air protocol, EPC is able to take advantage of mass production's efficiencies.
EPC tags are designed to replace today's ubiquitous Universal Product Code (UPC) barcodes, except instead of identifying the maker and kind of product, the 96-bit EPC code will give every package of razors, box of pancake mix, and pair of sneakers its own unique serial number. The tags, which operate in the unlicensed radio spectrum between 868 MHz and 965 MHz, can be read at a distance of many feet and through paper, fabric, and some plastics. And although the tags can cost as much as a 40 cents today, when purchased by the million, the cost rapidly decreases to 10 cents per tag or less. (Sanjay Sarma, one of the founders of the AutoID center, explains the birth of the AutoID center and the EPC in Chapter 3, A History of the EPC.)RFID Comes of Age
I had my first experience with RFID technology in January 1984. I was a freshman at the Massachusetts Institute of Technology and had just taken a job at one of MIT's new biology labs. For added security, the lab had installed a keyless entry system. The lab gave me thick blue card to put in my wallet. To get into the secure area, all I had to do was wave my wallet in front of a special reader. Within a few days I learned that I could just bump against the reader, leaving my wallet in my pocket. It was very cool and high-tech and allegedly very secure.
After a few weeks in my wallet I noticed that the top layer of the card's plastic was starting to peel away. And a few days after I quit that job, I ripped open the card to see how it worked. Underneath the laminate I found a printed circuit board, a chip that was the size of a postage stamp, and a dozen or so metal pads, some of them soldered together.
It was immediately clear that my card's serial number was determined by which pads were soldered together and which had been left open. My ID number had been canceled when I resigned, but in theory I could have changed my card's ID to someone else's simply by making or breaking a few connections on the card. I never tested this hypothesis, but there is no reason why it shouldn't have worked. (Twenty years later, the security of many proximity card systems has only marginally improved; Jonathan Westhues explores other ways of subverting the security of proximity cards in Chapter 19, Hacking the Prox Card.)
I promptly forgot about RFID for the next ten years. Then, in 1994, my editor at Wired magazine asked me to write a brief article about ID chips that were being injected into cats and dogs. I called up the chip manufacturer and learned that the technology was being used for far more. Some firms were using RFID to track the movement of gas cylinders; others companies were using it to follow the path of tools at job sites. A few nursing homes were even experimenting with tagged bracelets that could automatically set off alarms when Alzheimer patients wandered out the back door.
A few months later I learned that highway authorities from Massachusetts and New York to California were in the final stages of testing RFID-based electronic toll collection (ETC) systems for a variety of highways and bridges. The tags, which could be read at speeds of up to 100 miles-per-hour, would cut traffic jams and the resulting levels of smog at toll booths. But it was also clear that the new ETC systems would also create a huge database recording the precise time and location of every toll crossing by every tagged car.
The planners of those early RFID systems said that it was important to establish policies that would prevent toll-crossing information from being used for purposes unrelated to traffic management. But such policies were never adopted. These days ETC databases are routinely used by law enforcement agencies to track the movement of suspect cars--and by both divorce and labor lawyers to track the movements of people under investigation. I spoke with these technologists in the 1990s: None of them wanted to create a ubiquitous surveillance system that would permanently record the movements of cars on the highways and make that information available to anybody with a subpoena. Yet somehow, that's the system we got.RFID: A Choice We Face
Newspaper and magazine stories about RFID frequently present the technology as one that forces us to make trade-offs and compromises. Almost always, RFID is portrayed as promising some new convenience or security feature, but in return consumers must be willing to give up a little privacy to reap these benefits.
ETC is perhaps the best example of this tradeoff. With an E-ZPass tag you can speed through the toll booths on the George Washington Bridge, but that nasty divorce attorney will be able to get a blow-by-blow record of every time you entered and left Manhattan for the past year.
But making E-ZPass a combination toll payment and surveillance system was a conscious choice on the part of the engineers who designed the system and the highway administrators who approved it. Instead of broadcasting a serial number that's used to debit an account, the creators of E-ZPass could have adopted a more complex over-the-air protocol based on anonymous digital cash. Such a system would actually have been more secure--that is, more resistant to various kinds of cloning, fraud and abuse--than the account-based systems in a growing number of states. But as near as I have been able to determine, the system based on digital cash was never seriously considered.
The question of whether or not the nation's ETC system should preserve privacy or be a tool for surveillance should have been a subject of public debate. But it wasn't. Instead, policy was determined by a small number of technologists and administrators with virtually no input from either the public or elected officials.
In Massachusetts, for instance, when the Massachusetts Turnpike Authority (MTA) issued its Request For Proposal (RFP) to contractors interested in supplying the ETC technology to the state, the RFP mandated that respondents propose only account-based systems similar to New York's E-ZPass. (Not surprisingly, a Boston-area company called ATCom, which had a system based on anonymous digital cash, cried foul, arguing that they had been frozen out of the bidding process because they had a technology that preserved privacy!)
John Judge was the MTA official responsible for the decision. When I called him up to ask about the RFP, he told me in 1997 that "privacy is a non-issue."I think that is the experience nationwide, as least as it relates to electronic toll collection. Privacy has not been an issue that has emerged nationally. I think that is principally because it is a voluntary system. If you are of a mind where you might be concerned about privacy issues, you just don't have to join the program and can use the traditional toll collection methods. I don't think that it is any more an issue than credit cards.3
Did John Judge and other MTA administrators not hear an outcry from an enraged electorate because the electorate simply wasn't informed about any decisions? Wide-scale public notification of the system's design happened only after contracts were signed, equipment was installed, and administrators were trying to accelerate the public's adoption of Massachusetts' "FastLane" technology. At that point it was too late to challenge the system's underlying design. Instead, consumers were simply given a "take it or leave it" choice for the convenient but admittedly invasive technology. RFID Is Different
For the record, John Judge was wrong. The privacy and security considerations of RFID systems are profoundly more complex than those associated with credit cards.
For starters, radio waves are both invisible and penetrating. I cannot read your credit card if it is in your pocket, but I can read a proximity card, or even an RFID-enabled credit card, in that same place. Every E-ZPass or FastLane tag has a small battery that lasts for five years or so; without significantly increasing costs, each E-ZPass tag could have been equipped with a tiny speaker that would "beep" whenever the tag was read. Because they are not, there is no simple way for users of E-ZPass and the like, to audit the system for themselves. Are there hidden E-ZPass readers scattered around New York City or Washington DC? If each E-ZPass tag had a tiny speaker, it would be a simple matter to find out about unpublicized reader deployments.
The choice between using or abstaining from RFID-based payment systems on the highway is profoundly different from cash versus credit in another important way. Whether you buy your lunch with cash or a credit card, the length of the overall transaction is about the same. With RFID this is not the case. At Boston's Logan Airport on a typical weekday night, you might wait in line for ten minutes or longer to make it through the tolls. But if you're willing to give up your privacy, you can sail through the FastLane electronic toll lane at 100 miles per hour--well, at 40 miles per hour, at least. So unlike people who buy their lunch with cash, people who try to travel the highways with cash end up paying a considerable penalty for the privilege of preserving their privacy.
It's probably too late to change the toll payment system used by Connecticut, Maine, Massachusetts, New Jersey, New York, Pennsylvania, and a growing number of other states. Today's highway regulators aren't interested in experimenting with new RFID systems; they're interested in seeing a single system deployed throughout the United States so that drivers can travel coast-to-coast without reaching for their coins. Once a technological direction is embarked upon, it is very difficult to start making incompatible choices.
This is not to say that privacy on the highway is lost. We can still have the privacy of our toll crossings; we just can't assure that privacy through technical means. But states or the federal government could pass legislation--if there were political will--to set a high threshold for protecting toll-crossing information. Such legislation could make RFID-collected toll crossing information "off limits" for use in divorce proceedings, for instance, much in the way that the Video Privacy Protection Act of 1988 (18 U.S.C. Sec. 2710) made videotape rental records off limits. (The VPPA--better known as the Bork Bill--was passed after Judge Bork's video rental records were obtained by Washington DC's City Paper. The bill sped through Congress soon afterwards, allegedly because lawmakers were worried that their own video rental records might be similarly obtained and published.) RFID-protection legislation could set standards that needed to be followed for the protection of the information, and it could establish a "data retention" policy that required RFID-collected information to be destroyed after six months. Our lawmakers could pass such legislation quickly. All it takes is the political will. (Stephanie Perrin and Jonathan Weinberg explore global and national privacy regulations--and discuss how those regulations apply or could be applied to RFID--in Chapter 4, RFID and Global Privacy Policy, and Chapter 5, RFID Applications, Privacy and the Law.)
Alternatively, privacy protections can be built directly into RFID technology itself. The EPC standard, for instance, supports a "kill" command that makes it possible to permanently disable tags after they are no longer needed. If tags might be needed for some kind of post-sale use--for example, enabling a product return--it might be possible to remove the tag's antenna so that the reader needs to be in physical contact with the device. Yet another approach is the so-called RFID blocker tag, which jams all RFID transmissions within a sphere around the holder--think of this as a kind of "sphere of privacy." (Ari Jules, one of the co-inventors of the blocker tag, explores these and other technological solutions to the RFID privacy problem in Chapter 21, Technical Approaches to the RFID Privacy Problem.)RFID Is Not Different
But on a deeper level, John Judge was right--just not for the reason that he thought. Privacy on the highways is a non-issue because the right to anonymous travel had already been considered--and rejected--at the dawn of the automobile.
Horses and buggies didn't have to be registered, but soon after their introduction, motorized vehicles in every state of the United States were required to display license plates. The explicit purpose of the plates was to make every car different and, by so doing, eliminate anonymity.
These days the technology for reading and automatically recognizing license plates has been virtually perfected. RFID-based systems are more accurate than optical license plate readers: They can read when the car is moving at a higher speed, and they are not affected by mud, rain, or fog. But the fundamental question of anonymous travel on the roads has already been resolved in the negative: Americans don't have it--at least not if they want to drive their own car.
And here, RFID promoters maintain, is the fundamental problem in discussing the technology in a vacuum: Practically without exception, every threat to privacy that could conceivably be caused by RFID can already be accomplished using some combination of other technologies. The cat is already out of the bag! What the RFID industry really needs to do, noted Canadian computer columnist Peter de Jager argues in his chapter, Experimenting on Humans Using Alien Technology, is to stop scaring the public with frightening scenarios and product names and, instead, clearly articulate to the public the advantage that will come from the technology--be that advantage improved customer service, lower costs, or decreased fraud.
Such thinking might be dangerous, however. Privacy activists like Beth Givens (Chapter 29) argue that before we deploy this technology, we should more carefully assess its impact, something that really hasn't been done to date. Although it is true that stores can use store loyalty cards, credit cards, and even face recognition technology track people and their purchases, it may be that the increased accuracy of an RFID tag hidden in your clothing or buried in the sole of your shoe fundamentally changes the kinds of applications that stores and other businesses are willing to deploy. RFID and the Public's Right to Know
Doomsday scenario or not, I believe that at the very least we have a right to know when we are being monitored by radio frequency devices. Because radio waves are invisible and penetrating, RFID has the potential to be a uniquely covert technology. I can't tell if there is an RFID tag buried in the sole of my shoe. I can't see if a store's RFID reader is silently and invisibly inventorying the clothes on my body.
Philips Semiconductors, one of the worldwide leaders in RFID, claims that it has shipped more than a billion RFID devices worldwide. This astonishing figure was announced by Mario Rivas, the company's executive vice president for communications, at the MIT RFID Privacy Workshop.
Many people in the audience were visibly shocked when Rivas made his statement. After all, RFID is usually presented in the popular press as something of a fledgling technology that is still be tried out, not as a mature technology that has a solid role in the worldwide marketplace. But over the past ten years, RFID has made stunning gains. Indeed, Mark Roberti, editor of the RFID Journal, estimates that between 20 and 50 million Americans carry an RFID chip in their pocket every day--either in the form of a proximity card used for entering buildings and garages or else an automobile key with an immobilizer chip molded into the key's plastic handle.
One way to make the invisible visible is through the use of regulations and laws. Two years ago I called upon the RFID industry to adopt an RFID consumer "Bill of Rights," in which the industry would pledge to refrain from various nefarious practices, such as hiding RFID chips in clothing or other consumer products without notification, having secret RFID readers, and giving consumers the option of having chips deactivated in products that they purchase. Other policy suggestions are included in this book: Privacy Rights Clearinghouse position paper (Appendix A), a position paper from the Electronic Frontier Foundation (Appendix B), and Japan's METI Draft Guidelines on the use of RFID (Appendix C).
Some of these proposals are actually in Appendix E, Guidelines on EPC for Consumer Products4, which are on the web site of EPCglobal, the internal consortium that is overseeing the allocation of RFID serial numbers used in many consumer products. But the guidelines are considerably watered down from what I and others have proposed. For example, EPC guidelines say that consumers should have the right to know if an EPC RFID tag is inside a product that is purchased, but they don't have a right to know about the presence of readers in a store or other public places. Instead of giving consumers the right to have a tag removed or deactivated (killed), the guidelines instead say that consumers have to be told whether or not they have such a right. Instead of giving consumers a right to know what the RFID information is being used for, the policies simply call for companies to publish their policies regarding "Record Use, Retention, and Security" on their web sites.About This Book
This book is an outgrowth of a workshop on RFID privacy issues that I organized at MIT in the fall of 2003. That conference, sponsored by MIT's Computer Science and Artificial Intelligence Laboratory and by the MIT Media Lab, brought together roughly 200 researchers, developers, reporters, and students from around the world. We gathered on Saturday, November 15, 2003, to hear presentations from fifteen technologists and privacy activists. For many it was the first time coming face-to-face with the other side for serious discussions.
This book takes up where the conference left off. In the year and a half since we met, RFID has gone from the headlines to the loading docks and the store shelves. We are living in the future. Nevertheless, many of us are still thinking about RFID using the language of the past.
Although some form of RFID technology seems to be in the newspaper every day, there are surprisingly few books available on RFID technology. Our hope with this book is to give you a good overview of RFID applications, the underlying technology, and the public policy debate.Organization of This Book
This book is divided into five parts; it includes thirty-two chapters and five appendixes.
Part I, Principles of RFID, examines the history, underlying technology, and public policy debates that affect RFID technology in general.
Chapter 1, Automated Identification and Data Collection: What the Future Holds, by Dan Mullen and Bret Moore, looks at the past, present, and future of automatic identification and data collection technologies, from the bar code to advanced RFID systems. Dan Mullen is president of AIM Global, the Association for Automatic Identification and Mobility. I met him when I was serving on the Auto-ID Center's outside public policy committee. Bret Moore is director of IDAT Consulting & Education, a technology-agnostic, vendor-independent firm that helps companies understand, evaluate, select and implement automatic identification and data collection (ADIC) solutions. Think of this chapter as the RFID industry's position paper of what can be done with the technology.
Chapter 2, Understanding RFID Technology, by Henry Holtzman and myself, is a brief tutorial on how RFID systems work. Henry Holtzman is research scientist at the MIT Media Laboratory and the founder of Presto Technologies, which developed an RFID-based payment system back in the go-go 1990s. My contributions to this chapters are based, in part, on Matt Reynolds' presentation at the RFID Privacy Workshop, which Henry and I organized in the fall of 2003. In this chapter you'll learn the theoretical range at which RFID devices can be read. You'll learn of some basic RFID applications that aren't covered elsewhere in this book.
Chapter 3, A History of the EPC, by Sanjay Sarma, looks specifically at the history and development of the electronic product code and the AutoID center. MIT Professor Sanjay Sarma is the cofounder of the AutoID center; we are honored to have his personal perspective on the history of what may be the twenty-first century's most important commercial code.
Chapter 4, RFID and Global Privacy Policy, by Stephanie Perrin, introduces the reader to various international conventions and national laws on data protection and shows how those rules are likely to affect the deployment and use of RFID systems. Based in Montreal, Stephanie Perrin is a recipient of the Electronic Frontier Foundation's Pioneer Award for her role as a global privacy advocate. These days she spends her time consulting on various privacy issues to the Canadian government and global corporations.
Chapter 5, RFID Applications, Privacy and the Law, by Jonathan Weinberg, explores how U.S. law might respond to RFID technology. Jonathan Weinberg, a professor of law at Wayne State University, has written extensively about privacy and Internet law and regulation.
Chapter 6, RFID and the U.S. Regulatory Landscape, by Doug Campbell, is an in-depth examination of how RFID technology is likely to be regulated by the U.S. federal bureaucracy. In this chapter Doug Campbell, a senior vice president at the the international communications firm Fleishman Hillard, looks at issues such as government access to stored data, the impact on health, impact on labor regulations, and how various actors are likely to respond to changing frameworks.
Chapter 7, RFID and Authenticity of Goods, by Marlena Erdos, explores uses of RFID tags in product authenticity. The chapter looks at the interaction of authentication of tags and the authentication of goods, and other related authentication issues. Marlena Erdos is an expert in secure distributed computing systems, having architected, designed, and implemented them for more than a decade. Recent interests (and work assignments) have led her into analysis and design of secure RFID-based systems.
Chapter 8, Location and Identity: A Brief History, by Michael Curry, explores the evolution of "location" as a concept throughout the ages. The author is an associate professor at the University of California, Los Angeles, department of geography. This chapter spans three thousand years of history and asks whether or not the "time-honored" ways of identifying places and things are in fact far more complicated than the notion that everything has a place and every event takes place at a particular time. It's certainly the only chapter in this book to discuss both Aristotle and Lee Harvey Oswald.
Chapter 9, Interaction Design for Visible Wireless, by Chris Noessel, Simona Brusa Pasque and Jason Tester, looks at techniques for making RFID and other wireless technology visible to nontechnical users. The trio of designers began working with RFID while attending the Interaction Design Institute Ivrea in Italy.
Part II, Applications of RFID, looks at specific consumer-facing RFID appl
0321290968P03152005
Rfid: Applications, Security, and Privacy