RFID Gazette

Yet More Anti-RFID Envelope Makers
National Envelope Corporation is the latest company to go after the potentially lucrative anti-RFID envelope and wallet market with their Smart Card Guard products. The envelopes can be used to protect contactless credit cards, ID cards, and e-passports. [via Contactless News]

A Smart RFID Mirror
Paxar is currently showing off its smart mirror at a show in Miami, Florida. The mirror, typically to be used in retail clothing stores, gives customers information about a tagged item of clothing. [via RFID Update]

Free RFID Discovery Service
Affilias is offering a service to companies that want to share RFID EPC data over the Internet. What information is to be shared can be configured on a per subscriber basis. Affilias calls the service ESDS (Extensible Supply-Chain Discovery Services) and hopes it'll become an industry standard. [via RFID Journal]

To date, two states - Wisconsin and now North Dakota -  have banned forced human RFID implants. Except that there's no way that'll stop determined employers. Jeremy Duffy offers an explanation of how organizations might circumvent such laws. One way is by suggesting that implantation is voluntary but to then either punish those that don't "volunteer" or reward those that do. I've worked for enough bad bosses in my life to know the tactics companies use to make you do what they want, or to conoct ways to make you quit if you don't comply. There's no reason why the same sort of emotional blackmail will not happen in regards to RFID implantation.

In California, the issue is more about the use of RFID in certain ways by public entities. An elementary school there has tried to implement an RFID program to monitor the whereabouts of students. To deter this sort of use, the California Senate passed a bill 28-5 to prevent public schools from mandatory RFID systems for monitoring students. The bill must still be passed by the State Assembly.

[Commentary] Apparently, all you need to do to skim data from a certain type of RFID chip used in e-passports and credit cards is $20 worth of equipment available on eBay and the know how. Except that security researcher Chris Paget isn't allowed to say how the flaw works, due to a claim by a chip maker that he'd be infringing on various rights. They stopped Paget from talking at the Black Hat conference in February, and they're still trying to do so now.

Very interesting way of trying to defeat detractors, but instead helping, those who feel consumers should be aware of such security flaws will probably mistrust the manufacturer now. (I unfortunately do not know who this is - see below.) Alienating more people is not what the RFID industry needs; it's about awareness. It might be time get new lawyers and PR people.

[UPDATE: I mistakenly indicated that IOActive is the chipmaker in the above article. Correction made, and my sincere apologies for the error.]

[editorial] In a series of proto-cyberpunk short stories and novellas that I wrote in 2002, set in an alternate, near-future Earth country called the United States of North America (Canada and the US), a roving, microchipped band of digital rebels escape from a USNA government that is essentially a dictatorship pretending to be patriotic. Paper is outlawed, thinking for yourself is highly frowned upon, and everyone is being microchipped "for their safety." (By which I mean RFID chips, though I never refer to RFID.)

These rebels have "underground" meeting places where chips are either removed or disabled, and from where their "subversive" activities are planned. These are the true patriots for freedom and justice, but they are looked upon as hackers and criminals, particularly because they disable the RFID microchips. From their perspective, they do this because they feel the chips are a threat to their privacy and general well-being, and that control of the chips can be subverted by malicious parties - counter to this fictional government's claim that the chips are safe.

Well, truth may be stranger than fiction. According to a security researcher in the UK, Adam Laurie, implanted RFID chips can be hacked by malicious parties and thus controlled. Laurie cracked codes for an RFID id card, a livestock chip, and a chip that a volunteer from the audience had previously had implanted.

You can argue that these demonstrations are not sufficient to be concerned about RFID implants, but obviously I'm going to disagree. As a "proto-cyberpunk" writer, I make it a point to write fiction that considers worst case scenarios of the use of technology. Most of my proto-cyberpunk stories are strongly influenced by the work of science fiction author Philip K. Dick, long-deceased and the author of the novels that were turned into Blade Runner, Total Recall, Minority Report, and others. They are very dystopian, and not afraid to speculate on the "what might be" aspect of world politics (see The Man In The High Castle) and the misuse of technology.

I'm not saying that my stories equal Dick's, but they are definitely written in the same spirit. That said, I see RFID as both a blessing and a curse. I am of the staunch opinion that just because something sounds like a conspiracy theory does not make it false. RFID is unfortunately an ideal technology for both very good and very evil - quite possibly more so than any technology in history has ever been. In the wrong hands, it will be misused under the guise of self-preservation. And any proof of that possibility is something that we all need to take note of.

A glimpse of the TV show Las Vegas would suggest to you that security for casinos there are high-tech, marvellous operations. Well it just might be true. A surveillance tech company called Third Eye has a new RF-based security system, SATS (Security Alert Tracking System) based on a wristband biosensor (from SPO Medical) that monitors employee's heart rate. If the rate suddenly increases, management is alerted by an RF signal from the wristband.

The premise is that if a casino employee's heart starts suddenly beating rapidly, they are likely under stress. This could be due to some emergency such as a robbery, or possibly because the employee is planning a theft.

RFID has some very important applications in health care, and this biosensor is no exception. But the idea that every casino employee would have to wear these wristbands, in case they just might be planning a theft, could turn into a Minority Report-like situation. The movie stars Tom Cruise and is based on the Philip K. Dick novel of the same name. The idea is that law enforcement officers can stop crimes before they start by arresting future perpetrators, based on technology that can read the latter's thoughts and determine that will/may commit a crime.

The SPO Medical wristband in and of itself is not my issue but rather Third Eye's intended use of it by casino clients. It seems to move life into the realm of guilty until proven innocent. An odd thing for a company whose name is borrowed from a spiritual concept of the inward eye of self-enlightenment.

Law makers in the US and EU have been considering regulating the use of RFID in their respective districts. The European Union commissioner backed off, deciding to let the technology mature before imposing regulations.

In Washington state, RFID legislation didn't make the Floor. It sought to impose rules on how RFID would be deployed and used to collect personal data. In Wisconsin, a new bill was just passed that prohibits US currency and documents to be embedded with chips. Previously, the state passed legislation banning forced chip implants.

Implants in particular are going to be a hot law issue in the years to come, Companies like VeriChip have been trying persuade anyone and everyone to implant, including soldiers, and diabetics, and have used them on corpses during disaster recovery.

Finally, someone with a lot more influence in the RFID industry than I said it: VeriChip implant unnecessary and a little creepy [Spychips]

Thanks to RFID Journal's Editor and Founder Mark Roberti for saying what had to be said. I've been pretty vocal about the questionable use of implanted RFID chips, a la VeriChip, and have repeatedly said that some wearable object with an RFID chip is just as good. Which is what Mark Roberti says as well.

On the other hand, Roberti also criticizes media for bad press regarding implants. I assume I am such a person. Or maybe not. Regardless, I see absolutely nothing wrong with making people aware of useless or offensive applications of RFID.

I could be misunderstanding, though Roberti didn't say he's against monitoring people with RFID, as Liz McIntyre points out at SpyChips. In fact, you have to read his article and decide for yourself. Nothing against him personally, but while he says it's creepy and isn't a big fan of implanting people, there could be some benefits of doing so.

From my viewpoint, all power to anyone who wants to willingly have an RFID chip implanted in themselves, but I'll continue to maintain that no one has any right to force an implant on anyone for any reason.

VeriChip's recent poor IPO performance would suggest that not many people think there's much of a market for living human implants. (VeriChips were used to identify the dead during disaster recovery in New Orleans, after Hurricane Katrina.)

In one of my random updates about VeriChip, I'm unpleased to report that the chairman of VeriChip's parent company still hasn't had himself implanted with an RFID chip - as far as I know - despite claiming he would do so, what, about two years ago? Now, if you've kept up with the RFID industry, you might know that VeriChip is planning an IPO (which they filed for a year ago). And this in the midst of poor performance for some companies in the industry and the generally accepted view that most human beings would never willingly allow themselves to be implanted. Feel free to disagree, but in my opinion, forced implanting is one of the worst applications of RFID, not to mention a travesty of personal privacy, regardless of the political BS being fed to us. Besides, there are so many useful, legitimate, non-infringing applications.

I haven't followed the IPO but I'm thinking they'll have a very hard time with it. (Even VeriChip, in their SEC filing, stated that many patients would be unwilling. Apparently a lot of doctors are uncomfortable with implanting their patients - thank goodness.) Nevertheless, they don't seem to be having any problem implanting 222 people in total with RFID chips, for a sales total of about US$100K. [Speaking of implanting, one of the character's in this week's episode of Smallville is abducted and has a tiny GPS chip implanted in his/her shoulder (don't want to spoil it). Though at first, I thought it might be an RFID chip.]

Singer Nelly Furtado appeared on last night's CSI:NY franchise as an amazingly successful shoplifter at high-priced New York boutiques. Towards the very end of the episode, one of the CSIs found a device in a purse they confiscated from Furtado's character. And guess what? It was a "credit card scanner" which, according to two other CSI characters is "based on RFID", "works remotely" and "from three feet".

I'm guessing that the writing team read that New York Times article about the inherent security flaws in RFID-based credit cards, which I've discussed a few times. No doubt the episode was shot months ago. Since the NY Times article, credit card companies have skirted around the issues or outright denied them, but have said that their cards (meaning the new generation) are secure and have new security features.

Still, that's not going to stop speculation from TV shows and movies. RFID tech was also mentioned in Law + Order: SVU a few months back.

A couple of weeks ago, there were a couple of articles around the blogosphere talking about how to disable the RFID chip in your new e-passport. Engadget has a great photograph of a simple, low-tech option. Now, while one article said that a passport is still valid even with a disabled chip, The Inquirer says that a tampered passport might get you "25 years in prison and a special customs search with rubber gloves.

Damned if you do and damned if you don't. The security issues have yet to be resolved and might be worse than formerly thought. Two European tech consultants found that cloned e-passport data can be purchased on the Internet. Not only that, the RFID reader they bought on eBay had a blank chip and software for cloning and copying the data onto the chip.

Wired's Quinn Norton writes about the Chaos Communication Congress (CCC) in Berlin, Germany, and how attendees are paying 10 euros each for an RFID badge that reports their location. There's an array of 35 monitoring stations that pick up badge locations and produce a constantly updated public XML feed.

The badges are part of an experiment and are voluntary, but it reflects exactly what I've been saying as to how RFID could be used to track people, given the right technical environment. There have been vocal naysayers here on this blog, but the CCC is proving exactly that it's possible. If you doubt me, consider that electronic civil liberties pioneer John Perry Barlow, one of the founders of EFF (Electronic Frontier Founddation), is talking at the CCC. One of this badge project's leaders also openly states:

The idea was most of this surveillance technology slowly faded into your lives, and we accepted them.... [we want to] make it possible to bring it into people's heads.

Meaning, if I've interpreted everything correctly, they want the general populace to be aware of what's going on and the potential misuse of RFID. Before you get your knickers in a knot, noticed I said potential, not actual. And that's all I've really been trying to do. Embrace the good, legit uses of RFID. Beware the questionable. You'll have to define the latter for yourself, but I partially define it as anything that violates a citizen's privacy and gives them no benefit whatsover.

You've no doubt seen them: those fitness buffs jogging in the neighborhood or park with their Nike shoes and the tell-tale white iPod earwires, listening to music while getting healthier. They might just be the owner of the RFID-enabled Nike / iPod Sport Kit, which lets runners monitor their efforts.

But researchers from the University of Washington think that a security flaw in the Sport Kit (which uses an active RFID tag) lets stalkers also monitor runners. They claim that someone with a scanner can track a jogger's regimen from a distance of up to 60 feet, even from a car. They could go as far as  skimming RFID data and recording jogging times and even plotting routes on Google Maps for later use. [Info Shop via RFID News]

While this potential threat shouldn't be taken lightly, one thought comes to my mind. The average human being isn't going to go to such lengths. Anyone who does go to all that effort to stalk someone doesn't need to utilize the Sport Kit flaw to do so. Their sickness would prompt them into doing it by other methods. In this scenario, I think, it's the person and not the technology that's to blame. On the other hand, this flaw can be exploited by more than just stalkers, possibly encouraging borderline personalities into surveillance activities that they might not otherwise bother with.

Earlier in the week, I wrote about a Law + Order TV episode in which one character unwittingly has an RFID chip implanted into her (on the back of the neck, I believe). I argued that this isn't possible, especially since the character is "septic", meaning susceptible to infection. That means she should have known right away that her husband tagged her.

Mark Roberti, Editor of the RFID Journal backs up my claim, indicating that it's very difficult to get away with a secret implant. Generally speaking, my observation over a decade (?!) of Law + Order viewing is that the scriptwriters do due diligence in understanding new technology. But in the case of RFID, they did not get it right/write. And planting the chip deep into the body so it's not detectable (except with an X-ray) would be useless since it would generally cease to function. (So vague references in the X-Files show were also quite fictionalized.)

[via RFID Weblog]

During American Thanksgiving today, CNBC TV is running a long segment on "Big Brother" and surveillance societies. If you haven't seen it, there may be reruns later. Or check their website.

What I'm watching right now is a segment on the implanting of RFID chips into humans. One small company in the US supposedly made their employees get microchip implants. The representative that CNBC interviewed said, and I quote, "It's not Big Brotherish." No, of course not. Thank goodness that some US states such as Wisconsin have signed a law banning forced microchipping.

And of course what would a segment about RFID be without interviewing Scott Silverman, CEO of VeriChip's parent company. My interpretation of what he said was a skirt around the answer he should have given and instead said there was no tracking ability, or some such - using his hands to make "quote marks".

I don't know whether to laugh or cry. You can feel free to blast me, but I will never be convinced that implanted RFID is anything but Big Brotherish, despite my respect for RFID for "legitimate" uses. I've highlighted my reasoning, with facts, many times here. The people who've willingly implanted themselves have their own reasoning, and that's fine with me. In that sense, it's no different than a tattoo or a piercing (of which I have both) or other willing body modifications. My beef is with people like Silverman who are trying to force implantation on certain groups of people and then suggesting there's nothing wrong with it, and that privacy is not being violated.

According to a Harris Interactive survey, 72% of 2000 people surveyed seem to indicate that fingerprint scans at ATM/ debit machines would make them feel more secure. I have a hard time believing this, and Evan Schuman at Storefront Backtalk says there are reasons to be suspicious of such data because of the way that a question about biometrics was worded.

Fingerprinting still and probably always will have connotations of being arrested, despite the fact that some employers expect it. I still believe that if biometric authentication has to be used for various reasons, with or without RFID, that consumers would rather it be something like voice recognition. Though that has a number of technical issues that need to be resolved, including its usability in public. On the other hand, other recent surveys in other countries suggest that younger people would be all for identification via palm vein scans and even from implanted radio frequency chips.

The ability to skim information discreetly off of the RFID chip in contactless credit cards is causing a stink, thanks to a big NY Times article recently, and eliciting questions that either credit card companies either have ignored or never asked themselves during the design phase. One important issue is secure use, another is credit card selection when a consumer is carrying more than one contactless card.

Of course, there is a way that these cards could be made more secure, but it would require more technology and another generation of cards before they're widely available. Biometric techniques are already being used for access control and identity verification, such as in e-passports. Several forms are in use, including fingerprints,  palm vein scans, retinal scans, and voice recordings. (DNA biometrics is infeasible, at least at present.) From a consumer perspective, most of these techniques are invasive, with maybe the exception of voice recordings.

People are used to recording their voice, so voice biometrics may be a method for solving both issues: secure use and card selection. During a transaction, the customer would be prompted to select the card they'd like to use and recite their name.

Problem is, this isn't a guaranteed solution, as there are technical issues that might hamper its use. For example, if you are in a very noisy shopping mall during Xmas holiday rush, voice authentication may not work unless your mouth is close to the merchant scanner's microphone - which leads to issues of hygiene. The other problem, and more serious, is what if someone uses a recording of someone's voice? Ambient background noise would be expected during a purchase (except online), but with cheap/ free audio editors, that's not difficult to add. And if there is no cashier to verify that a person using a card is actually speaking instead of replaying a recording, then security isstill an issue.

This is, of course, something that all voice biometrics systems will have to deal with, but biometrics tech is costly, and if a merchant is "forced" to use it, there's another source of inflation for our cost of living. But what really worries me, though, is whether these sorts of flaws will lead to the thinking that we "have to" use something more invasive such as retinal scans or palm vein scans just to buy our groceries. Because if cold, hard cash and notes are eliminated, that's the direction we'll have to head down to "protect" consumers from security issues of contactless credit cards. Even if it's as simple as the idea that your contactless credit card requires your fingerprint to be recorded.

Bruce Schneier, a writer for Wired Magazine, has his own blog that has a short post about the ability to skim information off the RFID chip on new contactless credit cards. This is a post worth reading for the comments by readers. Many of the commenters echo my feelings about contactless credit cards and the supposed time-savings they offer, not to mention their security flaws. One commenter, Nicholas, says that you gain almost nothing since while you don't have to take your credit card out of your wallet, you do have to take your wallet out of your pocket. In other words - whoop-de-do. And even that little bit of time savings may not last. A bit further down the post, reader Daniel asks what happens when people start carry two or more of these cards. How will store scanners know which card to charge?

These contactless credit cards are expected to become popular for small transactions, so security issues aside, the likelihood that consumers will carry more than one, is increased. A merchant's RFID reader would thus detect more than one card in your pocket, unless you use an anti-RF sleeeve or wallet.

If you don't use a sleeve (but you should - always use protection), that means you have to remove the desired card from your wallet/ purse. If you do use sleeves, then you still have to remove the right card - not just from your wallet but also from its sleeve. Where exactly is the time saving in that?

These are more reasons why I've said for some time that contactless credit cards are stupid idea that only benefit the issuing companies and the merchants, not the consumer. And they're presently more of a risk to carry than regular credit cards. But since they're probably here to stay, wrap that rascally card with an anti-RF sleeve - something issuing companies should already be doing for you.

MasterCard was awarded the honors of 2006 Frost & Sullivan Company of the Year for its PayPass contactless payment technology. The technology is being used in the new contactless credits cards from Mastercard. [via Contactless News]

MasterCard was one of the companies listed in a recent NY Times article about the findings of two US researchers regarding the security flaws in 20 contactless credit cards tested. The researchers found that not only could they "skim" important information off the cards while they were still in their envelopes, they could do so with a homemade reader, which cost US$150 to make. They also determined that a smaller reader could be made for only $50 and read information through a mailbox, from a distance of a few feet.

Several credit card companies have claimed that any information skimmed off the cards tested cannot be used successfully to make purchases. Although the whole issue begs the question of why the cards are not mailed with an anti-RF sleeve to at least give them impression that they are protecting consumers from all possibilities of fraud.

This is a debate that I cannot possibly settle, certainly not in a few paragraphs. But let me try. Some of my previous posts have "suggested" the possibility of tracking employees. They've drawn some heated comments as a result. I feel it's important to explain myself, not to save face but to explain exactly what I mean, and to prove, hypothetically, that is in fact possible to track people. However, I am talking of a very general form of tracking, which not only might not be in real-time, but would also be very rough.

To wit, consider this hypothetical scenario. Assume you have a closed environment, such as a large company that has RFID readers installed at doorway access points at regular intervals. Every employee is issued a contactless card that has an unique code. An employee leaves his cubicle to go somewhere, say lunch. The choices are the cafeteria at the far end of the giant complex, or out somewhere. In either case, the employee passes through two or three access points before his path diverges, depending on his destination. Each time through an access point, the time and the id of the card is logged. If the employee goes through more than one access point, which is likely, there is a log of his "trail". A very sparse log, but a log nonetheless. With that log, his boss can tell how long he took for lunch, whether he ate at the cafeteria, whether he stopped off at some lab along the way, etc., etc.

True, this isn't a real-time location system (RTLS), but it offers after-the-fact tracking of sorts, an employee trail, if you will. Guy J Kewney has a well-written post from March which says RFID is hard to get right, so don't worry about "imaginary Sci-Fi scenarios with Big Brother spies..." I respectfully say that while that may be true, it misses the point. RFID/ contactless technology does have the ability to give its controllers more information about you than maybe you want them to have. The question is, how will the information be used? Hopefully end users will be respectful with information they collect.

As I write this, I'm watching the season premiere of the T&A jiggle show Las Vegas, which has a healthy dose of drama thrown in. It suddenly struck me that had this episode been written a few months from now, how different it might have been. One of the main characters, Ed Deline - played by James Caan - is a casino boss. He's also a former CIA operative , or something to that effect.

Shortly after being shot and having a heart attack scare only a few hours before his daughter's wedding, he's visited in the hospital by two members of the CIA. In his normal bullheadedness, he takes off to London. Fast forward to a scene of him in a bank, where he's greeted by a different name. He then opens a safe-deposit box that has a couple of stacks of British Pounds and what appears to be a couple of dozen passports. Tossing his passport into the box, he pulls out another one. Fast forward. He gets off a plane, hands over a passport. The uniformed customs agent opens it to reveal a picture of Deline, but greets him with a different name.

Now if you haven't already figured out what I'm getting at, here it is. If e-passports get implemented worldwide, or at least in the countries that are trading partners of the United States, as the current administration wants, then scriptwriters need a whole new education in e-passports. Most spy stories would cease to make sense to anyone who knows about an e-passport. Granted, having a passport does not mean that you would be visiting a country where they can actually read the RFID chip. As well, when you are a former military operative, you probably have ways to get fake passports with fake data on the RFID chip. At least in fiction.

The oddest thing about this episode, however, is that the show has an extremely high-tech bent, and yet they completely ignored the concept of an e-passport. Maybe scriptwriters are amongst those who are hoping the e-passport doesn't go through - despite the unlikelihood of that, even with all the supposed evidence that there are some serious privacy and security flaws.

RFID Cannes-Can
A hospital in Cannes, home of the famous French film festival, is using RFID in their laundry operations to manage hospital garments. Over 36,000 garments use TAGSYS tags that can repeatedly withstand water, heat and chemicals. Other hospitals in the area also send their garments to the same laundry. Information in each tag tells laundry staff where the garment came from and how many are in stock, amongst other things. [via PR Web/ Yahoo News] Hospitals are already using radio frequency tags and systems for patient records management and other applications.

Europeans Wary Of RFID
A survey by the European Commission suggests that over of EU (European Union) citizens are strongly in support of de-activating radio frequency tags on consumer goods at the point of purchase. Two-thirds of survey respondents feel there should be more data protection and privacy legislation, especially if RFID use grows in the EU. This is something the Commission will have to take in account, especially since other research shows big potential in Europe for RF technology, despite the narrow band for RFID tech allocated by ETSI (European Telecommunications Standards Institute).

Take The First Step
For those companies not yet using RFID, take some risks and jump in, learn to innovate. For those already using RFID, share your successes in a community fashion. That's the advice from representatives of RFID early-adopter companies like Wal-Mart and Procter & Gamble, speaking at the EPCglobal US's third annual user conference. [via RFID Journal]

Despite California Governor Arnold Schwarzenegger's vetoing of California SB 768 RFID bill, it's expected that state Senator Joe Simitian (Dem) will try to reintroduce rfid legislation in another form. Previous to 768, he had introduced Senate Bill 682, which would have prohibited RFID being used in personal identity cards and documents in California. SB 682 was amended to be the less restrictive SB 768, which would have protected the privacy of citizens against misuse of RFID. The RFID industry was neutral in their response to the second bill, but vocal about the first. [via Card Technology]

It's noted that Simitian was inspired to draft the legislation due to a school in his district enforcing RFID badges on all students. Given that that's the case, he is probably going to continue reintroducing legislation until he succeeds, or at least comes to a compromise.

Even though Governor Arnold Schwarzenegger vetoed California Senate Bill 768, that would have limited the use of RFID technology in terms of protecting citizen privacy, the bill is not dead yet. The bill, drafted by Senator Joe Simitian (Dem, Calif), can be brought back (probably in another form), but not during the rest of the current two-year Senate session. Simitian said that he was in the middle of his first four-year term - suggesting that he would continue to work on the bill. (Simitian also drafted California SB 682 which, had it passed, would have prevented RFID from being used in personal identity cards and documents in California.

Schwarnegger's response, when he vetoed the bill, was that it was premature, overbroad, and that it may hinder "beneficial new applications of contactless technology." It may be the cynic in me, but he seems to be favoring not so much state interests as federal interests by suggesting the bill may clash federal mandates about radio frequency technology due soon.

[sources: Baseline]

Dr. Katherine Albrecht, co-author of Spychips and founder/ director of CASPIAN, weighed in last week with a comment on an article from this site from earlier this year: RFID vs Christian Right? Her comment, which just came to my attention, clarifies her actual viewpoint about RFID, and that she's never actually equated RFID in its present form with "the mark of the beast", despite what some writers suggest. She says in her comment

... that modern databases and communications  technologies, coupled with POS data-capture equipment and sophisticated  ID and authentication systms make it theoretically possible to require a biometrically associated number or mark to make purchases.

She also points out the signficance of such a payment system to Christians, "who have been mandated by their faith not to participate in such payment systems." This is much different than her being attributed to calling RFID "the mark of the beast." She also points out the inherent right that anyone of any faith should have regarding privacy. See the orginal VoIP Now article, which misquotes her, for Dr. Albrecht's full commentary.

I don't know if this is a joke by PC Magazine, but in the Sep 5/06 print edition, they have an article suggesting that people should embed an RFID chip into their hand, since "dogs do it, cats do it". [via Spychips]

For a different perspective on implanting RFID into humans, read my 10 types of people who should be RFID-tagged (and 5 not), which was actually a dark humor piece that some people just didn't get. There's also 10 people or groups who have been microchipped, which lists some people who have willingly or voluntarily had RFID chips implanted into them - in one case, twice.

No doubt the above question has been asked many times by many people: why promote a technology that we've done without for so long, and that seems to scare a lot of people? Do we really need it? Is there a political agenda? Something else? Mark Roberti, founder and editor of RFID Journal weighs on why he promotes RFID, and highlights some of the abuse he takes because of it, mostly by email.

His main statement that seems to get a lot of not so delightful email is his belief that consumer concerns of a future Big Brother-like society based on RFID is overblown. His other statement that gets negative response is in saying that some people - namely Katherine Albrecht, founder of CASPIAN - are hyping the concerns for their own agendas, some of which may be religious. On the other hand, there are respected doctors, like Dr. John Halamka, CIO of Harvard Medical School, who willingly allowed himself to be implanted with an RFID chip to prove a point as well as to get a perspective for standards and privacy.

Roberti points out that he has often brought up legitimate privacy and security issues related to RFID, at the RFID Journal website, and thus feels he has not downplayed the concerns. But he believes that the industry would suffer greatly were any company, particularly retailers, were found to be abusing privacy rights. His own business, the magazine, would suffer as well.

While that may be true - and note that this is the first time I am disagreeing with him - that stance in itself is hardly proof that RFID is not being abused or that will not be abused. VeriChip Corp. wants to implant RFID chips into people and has even recommended it for US soliders, the terminally ill, migrant/ visiting workers, etc. I've been writing about privacy and technologies like RFID and smartcards since 1991. Rational, professional, well-respected - and somewhat powerful - people in the know have indicated to me that there has been agenda to tag humans for at least 20 years, emanating from a group in - of all places - California - a state that recently has had a lot of discussions in state Senate about RFID, and have decided to encrypt RFID data on smart id cards.

I like to live by the principle of Occam's Razor. It's something I've learned to do over time. But both my logic and intuition tell me that there really are people who want to tag all of us, though not necessarily for control purposes, just commerce. My science background says that it's possible, and my imagination unfortunately agrees. (There's a saying someone taught me a long time ago: If something is possible, it's probably, given enough time. If something is probably, it's likely, given enough time.)

Think of the fortune you would make if you were one of a handful of companies who could concoct "legitimate" ways of persuading, forcing or even scaring people - all of humanity - into being tagged. And while these people may not want to control you per se, there are others without the means of implementation who might just want to use the technology that way. These two groups are not necessarily mutually exclusive, but probably are. And of course there's the rest, who break down to into several other groups, non of which have negative intentions for RFID.

I'm a middle grounder. I think that RF technology is brilliant, with loads of incredible applications that improve efficiency and potentially reduce operating costs for businesses. But I also think that we have a Pandora's box here, and not because of any religious affiliation. I do not want that box opened, but I also don't want radio frequency technology to go away. Thus, my own purpose for promoting the technology is to make people aware of the parameters, to point out that if there is a conspiracy, there is likely more than one, with different, maybe even cross purposes. But mostly, I'm writing to promote all the good, positive, useful applications of RFID. And there really are a lot of them.

The state legislature in California passed the Identity Information Act of 2006 last month with the intent of protecting residents from abuse of data collected via RFID. This applies a variety of government-issued documents, especially smart id cards. [via B-Eye] Last year, California tabled Senate Bill 682 (Joe Simitian D-Palo Alto), which would prohibit RFID from being implemented in personal identity cards and documents, and then postponed the bill. Senate did, however, pass a 30-7 vote in August to impose regulations on RFID use.

Margaret Schaut, an RFID Gazette reader, left a comment on the post Brisk sales of RFID livestock tags regarding the Amish community in the state of Indiana. She works directly with the Amish community there, and they brought their concerns to her. The United States is in the process of implementing the NAIS - National Animal Identifcation System. As part of this program, all livestock animals will be tagged for identification with several intentions including controlling diseased animals.

Several states in the USA also have their own programs - likely as a supplement to NAIS. According to an article that Margaret has posted at her Amish Community page at Squidoo, the Amish farmers were told by the Indiana State Board of Animal Health (BOAH) that they have to be enrolled in a three-phase program starting Sept 1st, which has already passed. Under the new rules, a number of types of "farm animals, defined as cattle, bison, swine, sheep, goats, and captive deer or elk, must be entered into the electronic database."

Non-compliance means a $1,000 per day fine, although the BOAH says that their intention is to help meat producers register, in order aid disease identification. Margaret Schaut concludes by saying, "The Amish have historically and consistently resisted certain government impositions that violate their religious convictions." The Amish also have a concern that people will eventually be tagged.

This is a situation that, honestly, had not occurred to me. I only know a little about the Amish culture, and my understandting is that certain devices (possibly just electric devices or similar) are not part of their lifestyle, are banned for use by community members. That of course creates a huge dilemma in a country that values freedom of religious practice.

Will the US or state governments make an exception in such cases? If they do, there may be conditions that mean the Amish cannot sell their livestock without the tags, and thus will lose a portion of their livelihood. Comments on older articles at this site suggest that some people feel that NAIS will spell the end of the small family and hobby farms.

Image: by ishmell/ amal graafstra.

Previously, we had the post 10 types of people who should be RFID-tagged (and 5 not). Here are ten people (or groups) who have already been microchipped with radio frequency technology - most of them willingly. There's also VeriChip Corp., whose agenda seems clear: implant as many people as they can get away with, including recommending that US soldiers be microchipped. (I guess they think the traditional dog tags aren't enough.)

These are of course the sorts of things that many people, such as the authors of Spychips, have been cautioning against. Such activities have prompted both the US states of Wisconsin and Ohio to pass laws against forced implantation of RFID chips. No doubt other states will follow suit, because while it's certainly a personal choice to get RFID tagged, it's another thing to be forced to do so for work - especially when wearable RFID is more than sufficient.

1. Amal Graafstra, tech guy. Amal has one chip in each hand, in the webbing between thumb and forefinger. Why? Because he got tired of using keys to open his house doors or turn on his computer.
2. Jennifer Tomblin, girlfriend of partner of Amal Graafstra. Jennifer thinks it's romantic that they both have RFID chips that share the same resources. Ain't that sweet?
3. Mikey Sklar, UNIX engineer.
4. Meghan Trainor, Master's student, for her thesis.
5. Professor Kevin Warwick, the cyborg himself.
6. Dr. John Halamka, Harvard Medical School CIO.
7. Rafael Macedo de la Concha, Mexico's Attorney General.
8. Supposedly 160 employees of de la Concha, unrevealed numbers of prisoners in some European jails, select mentally ill people and elderly in certain European countries - all likely unwilling, coerced, or misinformed.
9. Scott Silverman, CEO of VeriChip Corp's parent company. Actually, that's a lie. Silverman has publicly claimed he would get an RFID chip but has yet to do so. VeriChip is the company that wants to tag American soliders, (illegal) immigrants and guest workers, newborn babies, prisoners, sick people in hospitals, old people, dead bodies during disaster recovery, probably any visitor to the United States, and probably everyone else besides. And it's likely not even about xenophobia with him, just commerce.
10. Tommy Thompson, former US Secretary of Health Services. Actually, that's another lie. He pledged to get microchipped but has yet to do so. And now that he is no longer in his role, the likelihood of his doing so is slim to none.

Image: by ishmell/ amal graafstra.

If you've been following along pretty much anywhere in the media, Radio frequency identification technology is the subject of huge controversy. In no particular order, camp 1 created the technology and has an agenda based on business need to promote it. Camp 2 thinks it's evil. Camp 3 doesn't know any better. Camp 4 is the government and is subdivided on what to do. Camp 5 doesn't care. Anyone else? Probably lots of middle-grounders.

The biggest controversy is the issue of whether there is actually a conspiracy afoot to tag all human beings. Well, it's not even a conspiracy. Companies like Verichip have been openly pushing their agenda to tag anyone they can get away with and even recently suggested to the US government that soldiers in the military be RFID-tagged. Like common household pets and livestock. There are also reports that prisoners in some European countries have already been implanted subdermally with RFID chips against their consent, and there is talk of doing the same in the US.

I say, bring it on. But let's have a trial run first. Here are my ten candidates for RFID microchipping, in no particular order:

1. The Presidents of the United States. I don't mean just G.W.B., but all presidents who take the Office. They represent the populace and should be accountable to each and every citizen. And really the only way that's possible is to implant an RFID chip in them.
2. Every head of state in every country. If they belong to the United Nations, like the US, then they should be chipped as well, for the same reason.
3. Every politician, especially those of the party that holds the House majority during an administration.
4. Visitors to Camp David. Don't we have a right to know? (Detecting a theme here?)
5. Every CEO of every tech company whose technology potentially invades a citizen's privacy, especially those pushing the ideology that we should all be tagged like animals. Hey, turnabout is fair play. Heck, every CEO and board member period? Doesn't Sarbanes-Oxley maybe stretch just enough to cover that? Surely Hewlett-Packard chairwoman Patricia Dunn wouldn't have had to illegally obtain phone records if she knew where everyone was.
6. Law enforcement officers, especially government ones such as in the FBI and the CIA. Or maybe just them because police officers are the ones doing the real law enforcement work. And while we're at it, we can embed a secure-communication device into agents' wrists.
7. Lawyers, especially criminal lawyers. And maybe even Attorney Generals. Why not, right?
8. Outside postal workers. Hey, what if one of them falls into a snowbank and our mail doesn't get delivered?
9. Athletes, especially those being paid multi-millions per season, including soccer players?
10. Hollywood stars. Just because, and with hybrid RFID/GPS tracking devices. I mean, wouldn't you like to be able to get on a website and see where your fave celebrity is? While we're at it, lets tag the members of Supernova, too, especially Tommy Lee and their new monkey boy, winner Lukas Rossi.

Hmmm. Three categories of politician. Of course, there are those who just want to be microchipped (watch for a follow up to this post). But other than them, here are 5 types of people who shouldn't be microchipped:

1. Your children. I mean, really. Do you believe the crap that your newborn baby needs to implanted with an RFID chip for protection? Past research shows that over 90% of kidnappings are perpetrated by a disgruntled parent after a divorce or separation. To be resolved, this situation doesn't require every newborn baby in the country being microchipped like Fido.
2. Ex-politicians. When a politician retires from office, their chip should be removed. (And their memory downloaded. How's that for accountability?) But that excludes senators, governors, and presidents. Why? Just because. Let's see how they feel about invasion of privacy issues after the fact.
3. Ex-law enforcement officers. Why not. If they aren't representing the country any longer, why should they be chipped?
4. Pretty much everyone else, with the exception maybe of dangerous criminals. Again, really. Do you really want to be microchipped like an animal? Do you sense any common threads here?
5. Dogs and cats. They're people, too, right? Okay, I'm stretching things just a little.

So basically, the government has it backwards. It's not the private citizen who needs to be RFID-tagged, it's the public figure whose salary is paid by us, the private citizen.

All US government agencies will be issuing PIV (Personal Identity Verification) smart ID cards to all employees. To protect those cards, they've selected the Secure Sleeve [Contactless News] from Identity Stronghold. This sleeve is one of several similar security offerings from different companies that are designed to protect RFID smartcards and e-Passports from unauthorized readers. The general method of security used in these sleeves employs the principle of a Faraday Cage, which forms a field that blocks out radio frequency signals when an id card is not in use.

While there are small handful of companies offering these "secure" smartcard sleeves, and Identity Stronghold seems to have come out ahead so far in the race, we'll probably see more companies offering such accessories. If you prefer DIY stuff, Instructables has instructions for making your own shielding wallet. Unfortunately, according to a comment by a reader there, it doesn't block EM (electro-magnetic) signals in the RF range. But it might protect your flash memory, etc. Alternately, you could take some of the tin foil wrapped around your noggin and use it on your RFID smart contactless credit card.

The immensely popular streaming video website Youtube is like a book of mankind, with videos about all kinds of topics. Believe it or not, they have over a hundred video clips relating to RFID. Here are a couple for you to view, some bordering on the overhyped. Note: some clips have especially low volume, so you may have to keep your hand on your speaker's volume control as you watch each clip. I've included the original YouTube links here, so if for some reason you cannot view the clips on this site, you can go directly to YouTube.

RFID US id card cloning:



RFID video jockey:



RFID applications and uses: A PBS video.



Digital angel: Clip from 1970s movie with Shakespearean actor Michael York. Apparently this is also the name of an RFID company.



Is Verichip the mark? The scariest clip I've seen, and in-line with the informal research I've been doing for nearly 20 years about the new world order - but that doesn't invalidate legitimate uses of RFID.



RFID passport security:

An RFID security group, the RFID CUSP (RFID Consortium for Security and Privacy), was awarded over US$1 M by the NSF (National Science Foundation) to study, what else, security and privacy implications of the the technology. The group consists mostly of academics and industry reps, though graduate students will be involved in the studies. Participating universities are the U of Massachusetts Amherst and Johns Hopkins University. [via RFID Journal]

This consortium is different than the Secure ID Coalition, whose mandate is to promote the use of smartcards and dispel the notion that they are a security and privacy risk. In fact, it almost seems that these two groups are working at opposite purposes.

If the controversial North American PASS card, part of the US DHS (Dept of Homeland Security) WHTI (Western Hemisphere Travel Initiative, goes through, the demand for RFID tags could increase considerably. While the PASS card is expected to go through, the WHTI has been set aside temporarily.

The e-Passport program is still continuing, with some new passports already being distributed. The CAGW (CItizens Against Government Waste) issued a report recently which blasts the PASS card, partly on grounds that the card is subject to unauthorized signal interception from a distance, and partly on the basis that the entire cost of the Real ID Act will be more like US$17.3 B instead of the $100 M the government has reported.

RFID Solutions Center For NEC
Earlier this week, NEC announced an RFID solutions center, which will be opened in Tokyo later this year. The center will employee 350 people. [via RFID In Japan]

California Passes RFID Legislation
The California Senate passed new legislation on RFID by a vote of 30 to 7 yesterday. The legislation would impose a number of regulations on the public use of RFID, and is the result of security and privacy concerns. [via RFID Law Blog] The California Legislature had postponed banning RFID last September.

Resort Island In Singapore Goes Contactless
The resort island of Sentosa, off the coast of Singapore, will have all of its admissions gates and outlets upgraded to use a contactless payment system from INSIDE Contactless. This includes thermal printers, tickets, and smartards, all of which use INSIDE's dual-standard memory chip, PicoPass. [via Contactless News]

Choose A Controller For ZigBee
Comms Design has some (technical) tips for selecting a MAC (Media Access Controller) for ZigBee wireless networks, which are increasingly being used for RFID projects. [via Comms Design]

Given all the concern about RFID in terms of security and privacy issues, it's not surprising that the Australian DHS (Dept of Human Services) hire the law firm of Minter Ellison to act as a legal advisor for the planned smartcard project. Under this new program, to start in 2008, citizens will have access to health and social services. The firm has previous experience with technology projects. [via Web Wereld] While there's no issue of implantation of RFID chips, this is still a good idea.

This is something that all young wanna-be lawyers should note. While articles from 2004 indicate that US alone will have 4 million lost jobs due to RFID, there will be new jobs created. One area will be in the area of technology law in the near future - and I wouldn't doubt, patent law, civil liberties, etc. This includes both RFID (radio frequency identification) and VoIP (Voice over Internet Protocol) technologies. I'm predicting this not only because I write a lot about technology, but my research shows that there will be a severe shortage of skilled workers in RFID.

The result of this, I feel, is that many companies will rush into implementation with out an appropriate project analysis phase, and without skilled consultants. Result? Lawsuits in the area of privacy and security, in particular. Unfortunate but very likely.

For more information about law and RFID, I'll recommend RFID Law Blog.

Paraben Radio Frequency Signal Blocker
Yet another company is offering a type of sleeve for smartcards and e-passports. Paraben's Passport StrongHold is a mesh bag made of nickel, copper, and silver which is designed to block unwanted radio frequency signals. [TG Daily via RFID Blog]
Other companies offering similar solutions include Identity Stronghold and Emvelope. Most of these solutions work on the principle of a Faraday Cage.

RFID Threats and Countermeasures
Bert Moore, Editor of RFID Insights at AIM Global outlines six specific security threats of concern in RFID: Skimming, eavesdropping, spoofing, cloning, data tampering, insertion of malicious code. [via AIM Global] I don't think I've seen anyone layout it out like that before.  He also talks about AIM Global's REG (RFID Experts Group) and some of the countermeasures they're documenting for RFID threats. This is one of those must-read articles, if you have an interest in RFID-related security.

RFID Maker SkyeTek Wins Local Award
The Boulder County Business Report in Boulder, Colorado awarded embedded-RFID maker SkyeTek with the honor of "The Most Innovative Communications Company in Boulder County." [via Businesswire] Interesting. This obviously suggests that the editors of the magazine, at least, don't fear RFID technology. Congrats to SkyeTek.

The 2005 California Bill 682 stalled the use of RFID technology in ID cards, placing a three-year moratorium on such use. That bill has now been amended and approved by a 49-to-26 vote in the California Assembly. Senate still has to vote. If it passes, it'll be sent to The Terminator, I mean (California Governor) Schwarzenegger for final approval. [via RFID Journal]

Despite rumblings that China wanted their own RFID standard, ABI Research's latest report suggests that this is unlikely. This may be partly due to EPCGlobal's activities in mainland China, whose momentum would be difficult for the government to stop. [via RFID Update]

Newsfactor Online has a lengthy article on RFID and the changes it will bring to our lives, privately, in the workplace, and in places we shop.

The government of Queensland in Australia is seeking vendors for their smartcard driver's license, for which studies were conducted starting in 2003. [via Australian IT]

The Inspector General (IG) of the US DHS (Dept of Homeland Security) feels that RFID systems need certain vulnerabilities be addressed before the Department's systems could be considered completely secure. The IG also said that there is no department-wide policy dictate how agencies should implement security for their RFID systems. A plan of action is currently being devised. [via FCW]

I find it surprising that the DHS, an agency whose very existence has to do with security, wouldn't already have a draft document in place before the fact, before any RFID trials ever took place. (At least, that's what appears to be the case.) Maybe I'm just naive.

Then again, large organizations often have several similar projects in place that are run unaware of each other. The result, in this case, is that some branches of the government have differing opinions on how RFID should or should not be used. (For example, the DHS privacy office criticized the potential use of RFID for tracking people.)

This in turn has cause programs like the DHS's WHTI (Western Hemisphere Travel Initiative) to be set aside while e-passports are already being handed out.

RFID Update has an interview with Robert Kashmer, VP of Information Technology at H.D. Smith Wholesale Drug Company. Kashmer talks about how and why the company conducted the United States' first drug e-pedigree trial last year. They also conducted other RFID trials in 2004.

Privacy International is running their 2006 Stupid Security Awards and are asking for nominees. Amongst the awards are "Most Egregiously Stupid" and "Most Explicitly Stupid". [via Spy Blog[] Note that these awards are not explicitly intended for the RFID industry, but with all the security and privacy concerns over radio frequency technology, I thought it appropriate to include here.

Hong Kong electronic dictionary maker Group Sense Ltd (GSL) currently tracks cases of their product by writing on them by hand. They are planning to move to RFID to control their supply chain. The six-month trial is being funded by EPCGlobal Hong Kong. [via RFID Journal]

Air France-KLM is running an RFID pre-trial on ULDs (unit load devices), which are containers for luggage and cargo. The trial will start with two reading stations at two airports: Amsterdam's Schipol and Paris' Charles de Gaulle. [via RFID Journal and RFID Blog]

Spychips has an old Shockwave animated video demo of an RFID-enabled airport. [via Storefront Backtalk] (Note: use Internet Explorer; you made need a plug-in.)

What's interesting to note - besides some pretty stupid spelling errors - is that near the end of the video, a man is standing behind our hero with a flat panel device and checking his identity. So concerns about interception of data/ identity from smartcards or e-Passports may not be so far-fetched. In fact, this seems to be a design feature, not a flaw.

The Secure ID Coalition's mandate is to promote smartcard technology with consumer privacy and security features in place. The coalition was formed by some giants in the RFID chip and smart card markets, including Texas Instruments, Philips Semiconductors, Infineon Technologies, Gemalto, and Oberthur Card Systems. [via RFID Update]

These companies feel that the statements made publicly about the security flaws in RFID chips and smartcards are overblown and, I assume, harming the industry as well as projects.

Robert Cresanti, Undersecretary of Commerce for Technology Administration and a co-chair of the RFID Interagency Working Group, has stated publicly that he will coordinate the US government's RFID efforts. This is necessary because of the dozens of federal agencies who are using or looking into using RFID. [via RFID Law Blog]

On a related note, the US State Department and the DHS (Department of Homeland Security) are at odds over the type of RFID tags to use. The former prefers short-range chips, in deference to security issues raised by privacy advocates. The DHS prefers longer-range chips.

With all members of the European Union required to comply by this month (Aug 2006), several countries are issuing ICAO-standard electronic passports. Other countries outside of the EU, including the United States and many of its trading partners, are participating as well, although possibly at a slightly later date.

As such, there's an increasing interest in protecting these RFID-enabled e-passports, as well as contactless "smartcard" payment cards, from eavesdropping and other security concerns. To that end, a number of solutions have been devised. Most of them work on the principle of the Faraday Cage, which shields cards from unauthorized readers.

But, Marisa Torrieri of Contactless News asks, is the eavesdropping threat real? She paints a spy-vs-spy scenario whereby someone intercepts RFID data from a government worker's access card, then has the ability to "replay" the information to gain access somewhere.

It's done with an undertone of amusement, but she then quotes Walt Augustinowicz, founder of Identity Stronghold, who calls this the "leech- and- ghost theory" and says that it is possible. Of course, his company makes protective sleeves for smartcards, joining the growing number of manufacturers who do.

I'm not going to weigh in whether I believe it or not. My science-related background says it's possible. But my common sense suggests that no RFID chip manufacturer nor smartcard maker worth their salt would go to market with such a serious flaw - especially not for passports.

Then again, hundreds if not thousands of consumer products are released for use with shortcomings, sometimes creating an aftermarket. And like some aftermarket accessories, you just feel safer/ better using it.

According to a Forrester Research study, a small fraction of retailers and consumer goods manufacturers deferred their RFID projects due to concerns about violating consumer privacy. [via Newsfactor]

The concern of these companies is that some of their own uses of RFID may inconvenience consumers or put their private information at risk. Older Forrester research from 2004 indicated that back then, many suppliers felt there was no business case for their use of RFID.

Coupled with issues of privacy, some suppliers still likely feel that there is no onus to speed up their RFID projects. Retailers, on the other hand, are more likely to see some ROI (Return on Investment) from their RFID usage. However, it's been said many times that the real ROI for retailers will come from item-level tagging. However, such RFID tags are currently too costly to implement on a wide scale.

Can a parallel be drawn between the religious oppositions of the past, such as objections to smallpox vaccine testing, and the religious "mark-of-the-beast" opposition to RFID that privacy advocate Katherine Albrecht has? Mark Roberti of RFID Journal reflects upon both cases [via RFID Journal]

Personally, as I've stated/ implied several times, I have no religious objections to RFID technology itself. I think it's a brilliant technology, with endless applications. But I do have simple "citizen of the world" objections to some of RFID's intended uses, many of which are backed with flimsy excuses for their necessity - when in fact it's purely a play for the immense profit that can be made by politically ensuring mass enforcement of a technology. [How's that saying go? If you want to make a million dollars, sell a million-dollar item to one person or a $1 item to a million people. Or even a $0.10 item to 10 million people.]

That said, I don't believe RFID should be banned, but I do believe that caution should be exercised on the uses that particularly offend people. There are legitimate objections, and they have to be filtered from those are likely the result of misperceptions.

The less government regulation the better, but what do you do when the government it self uses the technology that offends some people? As always, it's not the technology that's evil, but how it's used. What do you think? Do you object to RFID in general, or to some of its uses, or not at all?

Kevin Mahaffey, a 21-year old electrical engineer, set off an explosive with an RFID-enabled passport mockup. But he had no nefarious intent. In fact, he was asked by tech security analysts at Flexilis to set up the demonstration. Thi was done to show the potential hazards of using the new RFID-enabled e-passports that the US government is planning on issuing later this year, and which has raised privacy concerns.

Flexilis analysts, speaking at the Blackhat 2006 conference in Nevada, said that the foil mesh inside the cover of the new US e-passports are not secure enough to shield from being read by unauthorized devices.

While I'm no fan of using RFID as an attempted human tracking technology, I make a few exceptions, especially in the case of RFID-tagging luggage for airport check-in/ out. However, the scenario painted Flexilis has nothing to do with luggage. They suggested that an RFID e-passport could be used to set off explosives hidden in a trash bin at an airport. Something about this, in my opinion, seems flawed.

Firstly, if trash-bin device uses short-range RFID, the person setting it off is endangered as well. If the device is long-range, then security sweeps of an airport, using an RFID reader is likely to reveal it. So given good security methods and thorough sweeps, it's unlikely to remain hidden.

Secondly, if a trash bin is metal and blocks security readers, an e-passport will be no more successful setting off a hidden device. Alternately, each airport trash bin could be lined with a Faraday Cage, to shield against RF signals. While possibly costly, it would deter the success of such scenarios.

Thirdly, you don't need an RFID-passport to activate the hidden device. The person assigned as activator could carry an RFID keyfob. In other words, it's not the passport that's the problem, but the methodology (or lack of) used to prevent such scenarios.

On the other hand, if the criminal intent is to harm the person carrying the passport, this is a bit more chilling, as the theory put forth by Flexilis is that a specific person's passport could unwittingly activate the hidden device. As proof, Flexilis set up model rocket engines in a trashcan (albeit rubber), attached to an RFID reader. When they swung a e-passport-carrying mannequin, on pulleys, near the trashcan, the rocket engines were fired off directly at the mannequin.

Apparently it's not just the US passports that are considered a risk. In Germany