katherine albrecht, ed.d., caspian

Technological Threats to Consumer Privacy

Katherine Albrecht, Ed.D., CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering)

www.spychips.com

www.nocards.org

Copyright © Katherine Albrecht 2007 All rights reserved

RFID Tag:A tiny chip connected to an antenna

Hitachi’s 0.3 mm mu chip RFID tags in use at Extra “Future Store” in Rheinberg, Germany

Copyright © Katherine Albrecht 2007

RFID Reader:Sends a signal to a tag, reads the response


EPC: Unique identifiers for all objects worldwide

“…the EPC network [is] a new global standard for immediate, automatic identification of any item in the supply chain of any company, in any industry, in the world.”

- EPCglobal


THREAT #1

Hidden tags


Hidden Tags (But isn’t a 6” tag hard to hide?)

Alien/RAFSEC “C” tag


6” Alien/RAFSEC “C” tag inside a box

Not if it’s sandwiched in cardboard


Hidden Tags:This 6-inch tag has a 17-foot read range

Alien/RAFSEC “I” Tag


Invisible when “placed inside cap” (an inaccessible location on this flip-top

Pantene shampoo)

Alien/RAFSEC “I” tag in lid of Pantene shampoo bottleCopyright © Katherine Albrecht 2007

Tiny chips could be very hard to spot


This RFID chip would be nearly undetectable


…if its antenna were made of conductive ink

"With these things you could literally tag a pack of chewing gum."

- Jeff Jacobsen Alien Technology

“Alien envisions [conductive] ink being mixed with regular packaging ink to create antennas on boxes of cereal and other disposable packaging.”


Tags can be integrated into paper

Inkode’s “chipless tag”: Closeup of Inkode metal fibers embedded in paper


Sewn into clothing


Embedded in Shoes


Hidden in fabric labels(Checkpoint prototype)


Back of Checkpoint clothing label


RFID tag in Checkpoint label


Place inside an object through anti-theft “source tagging”

• Integrated into cardboard boxes

• Hidden in inaccessible location on product

• Slipped between layers of paper

• Sewn into clothing• Embedded in plastic• Printed onto product

packaging• Seamlessly integrated into

paperImage of EAS source tagging from Checkpoint Systems(This is not RFID, but a precursor)http://www.checkpointsystems.com/content/srctag/default.aspx


Tags are appearing in credit cards


...being placed in tires


Even people can be tagged with RFID

The “Verichip” implant


http://images.google.com/imgres?imgurl=http://www.elplural.com/media/0000003000/0000003191.jpg&imgrefurl=http://www.elplural.com/macrovida/detail.php%3Fid%3D4862&h=150&w=150&sz=25&hl=en&start=177&tbnid=hZyFIO1tw5ovWM:&tbnh=90&tbnw=90&prev=/images%3Fq%3Dverichip%26start%3D160%26ndsp%3D20%26svnum%3D10%26hl%3Den%26lr%3D%26sa%3DN

Tommy Thompson sits on the VeriChip board


Colombian president Alvaro Uribe is willing to chip guest workers

visiting the U.S.


THREAT #2

Ubiquitousreaders


Texas Instruments advises retailers to scan customers’ loyalty cards right through their purse or wallet

Source: http://www.ti.com/tiris/docs/solutions/pos/loyalty.shtml

Doorway readers planned


Tesco, the UK’s largest retailer

is tagging at the item level


Readers in ceilings and floors

Source: Checkpoint SystemsCopyright © Katherine Albrecht 2007

In “thinking carpets”

Image source: Vorwerk (Germany)http://www.vorwerk.teppich.de/sc/vorwerk/img/bildarchiv/thinking_carpet_1.jpg


Anywhere in the environment

"We will not force the bracelets onto people and the cameras will be unobtrusive, so they will not feel like they are being watched."


THREAT #3

The “Authorized Parties”


RFID-enabled loyalty card blank by Matrics

Companies describe privacy-invading plans in their own words

We reviewed over 30,000 documents, attended conferences, and visited test sites around the world.

What we found was shocking.


“Previous purchase records of persons who shop at a store are collected by POS terminals and stored in a transaction database. When a person carrying or wearing items having RFID tags enters the store or other designated area, a RFID tag scanner scans the RFID tags on that person and reads the RFID tag information [to] determine the exact identity of the person... Then, as that person moves around the store, different RFID tag scanners located throughout the store can pick up radio signals from the RFID tags...and the movement of that person is tracked based on these detections.”

-IBM patent application 20020165758 “Tracking and Identification of persons using RFID-tagged items”

IBM describes its patented “Person Tracking Unit”


In addition to stores, RFID tracking “can be applied to other locations having roaming areas, such as shopping malls, airports, train stations, bus stations, elevators, trains, airplanes, restrooms, sports arenas, libraries, theaters, museums, etc.”

-IBM patent application 20020165758

Libraries

Elevators

Public restrooms

IBM suggests tracking people in public spaces


The tracking information can be used in any application where it is useful. For example, if the person is carrying a baby bottle, a store advertisement system may be configured to advertise diapers.

-IBM patent application 20020165758

…and silent scanning for marketing purposes


Retailers are investing heavily in consumer tracking technologies


Who’s doing this? Everyone. Here’s just a partial list of Pathtracker’s clients


IBM wants to spray tracking ink on your shoe

“The location of each electronically-tagged customer is tracked using sensors in the establishment, with each sensor configured to detect the unique electronically-readable code of a customer.”

- IBM patent

"...customers may be 'herded' into a tagging station, e.g., by requiring users to enter an establishment through narrowed aisles one at a time" to increase the likelihood of a customer stepping on an applicator.

- IBM patentCopyright © Katherine Albrecht 2007

“Instead of having to redesign the entire store… a store manager simply…places wireless sensor motes on the different shelves to track customers….RFID-enabled loyalty cards are distributed to customers [that] carry a unique customer identifier that links to a customer entry in a database…. As a customer passes by a wireless sensor mote, the customer is automatically tracked.”

- Detecon white paper, April 2006 “Wireless RFID Networks for Real-Time Customer Relationship”

In-store tracking remains a top

priority


Why? Marketers seek to discourage unprofitable shoppers

Marty Abrams “advises chief privacy officers and other senior executives…[on] information management strategies”

Sources: http://www.hunton.com/profiles/lawyer_profile.asp?id=8728 and http://www.hunton.com/pdfs/article/Double_Edged.pdf http://hbswk.hbs.edu/archive/3028.html

Maximization “means marginal service and high prices designed to drive the unattractive customer somewhere else…”

– Marty Abrams

“Barnacles: These customers are the most problematic. They do not generate satisfactory returns on investments… Like barnacles on the hull of a cargo ship, they only create additional drag.”

- Werner Reinartz and V. Kumar Harvard Business Review


http://www.hunton.com/pdfs/article/Double_Edged.pdf

NCR could make it happenRFID tags can be used to “"collect data on customer behavior, for the benefit of the owner of the market, and the manufacturer of the items."

-US Patent # 6,659,344, assigned to NCR Corporation “Automated Monitoring of Activity of Shoppers in a Market”

“Individual shopper movements through the store could be precisely tracked in real time.”

“Store cameras could be programmed to automatically pan and tilt to follow the customer with [RFID-tagged] merchandise”

"With RFIDs on loyalty cards… items could be priced differently depending on characteristics of the person who was buying them."

-NCR Promotional Brochure (46-pages, full color) “50 Ideas for Revolutionizing the Store through RFID”


In fact, NCR says RFID is perfect for “People tracking”


“Conductive threads interwoven with the fabric…[could create an RFID tag that is] flexible and pliant, thereby lending itself to taking on and conforming to the [item’s] shape.”

“The placement of [the RFID tag] in [the] shoe may be particularly advantageous where the [RFID] interrogator is located in a floor.”

- Philips Electronics US Patent # 6677917

"Fabric antenna for tags"

Shoe tags and floor readers


"Let’s say [an RFID tag is] positioned on the bottom of a bottle of Coca Cola. As soon as we take it out of the refrigerator, the fridge will know that the Coke supply has run out…. At this instant, as if by magic, the publicity of Pepsi Cola will appear on the home TV screens. Because your intelligent refrigerator has communicated with your intelligent TV set."

-P&G Promotional Document "Inside P&G brands: A chip in the shopping cart."

Watching in-home product consumption


“By combining captured pre-consumer [RFID tag] information with post-consumption information, the entire life cycle of an item may be tracked. This information may be useful to…retailers, manufacturers, distributors and the like….The collected and processed data may be helpful to track consumer purchase [and] use patterns.”

- US Patent Application # 20040129781 Assigned to BellSouth “System and method for utilizing RF tags to collect data concerning post-consumer resources”

Garbage Scanning


Industry trials and consumer response

Abuses to Date


Reported:

Benetton announced plans to tag 15,000,000 garments

Response:

Boycott Benetton

Campaign


Benetton cancelled the plan


The Gillette “smart shelf”


Took a mug shot of every customer


Tags were hidden in Gillette product

packaging


Bad publicity ended the trial


Undisclosed Wal-Mart/P&G trial

Broken Arrow, Oklahoma4-month secret experiment

P&G executives used a video camera to watch Wal-Mart shoppers handle lipsticks on an RFID reader shelf

As reported in the Chicago Sun Times, Wal-Mart and P&G denied the trials until evidence was produced.


A Whistle Blower revealed the story


We found hidden RFID at the Future Store

The RFID industry’s flagship “Future Store” had hidden RFID tags in its loyalty cards. For details of how CASPIAN uncovered the story, see our 12-page special report at: http://www.spychips.com/metro/scandal-payback.html


Spychip hidden in loyalty card


Metro was forced to recall RFID-laced cards


Wal-Mart is now selling products tagged at the item level


Wal-Mart promised RFID tags would be clearly labeled at the shelf

(But there were no signs at this Dallas store.)

©Liz McIntyreCopyright © Katherine Albrecht 2007

Wal-Mart promised employees would be trained to answer RFID questions, but a Wal-Mart employee told us this tag was “Nothing.”


That tiny EPC symbol is the consumer’s only notice, and it's not mandatory.


A number of states have recognized the need for RFID privacy legislation

Nevada

New Hampshire

New Mexico

Tennessee

Missouri

Massachusetts

Also:

•California•Alabama•New Jersey•New York


WWW.SPYCHIPS.COM

Dr. Katherine Albrecht, Founder and DirectorCASPIAN Consumer Privacy(Consumers Against Supermarket Privacy Invasion and Numbering)

(877) 287-5854 [email protected]


Read Range 915 MHz Tags

“The first product to come from the collaboration will be a handheld device that reads Matrics' passive EPC tags…The unit will be able to read passive tags from up to 33 feet (10 meters) away”

33 feet unspecifiedPassiveMatrics/Savi

Read range “depends on reader configuration and tag enclosure.30 W EIRP (USA site licensed):> 20m4 W EIRP (USA unlicensed): 6-8m500 mW ERP (Europe): 1-2m”

66 feet USA licensed

20-26 feetUSA unlicensed

3 – 7 feet EU

915 MHz PassiveiPico

“The maximum freespace read range of these emulator tags is 5 meters, consistent with the performance of other known UHF passive tags.”

17 feet915 MHzPassiveAlien

“Telenexus has developed a reader and antenna for the 915 MHz long-range RFID system...with a read range of over 15 feet. The tag is a low-cost passive transponder.”

15 feet915 MHz PassiveTelenexus

“Read range up to 3.5m (11.48 ft) using unlicensed 915 MHz reader with one antenna; read range up to 7m (22.96 ft) with two antennas"

11 feet 915 MHz PassiveTransponder Technologies Intellitag 500

CommentsRead RangeFrequencyTypeMfgr


katherine albrecht, ed.d., caspian

Documents