[ASRG] public relations hole in RFID web site

Simson L. Garfinkel simsong at lcs.mit.edu
Mon Jul 7 18:53:31 EDT 2003 

Dan,

Your observations are valid based on the picture of RFID that some 
people have put forth, but they are not valid based on the version of 
RFID that the AutoID center is trying to promote. Here's why:

1. All tags that follow the AutoID center's proposal have both 
passwords and a kill-feature.
2. Any retailer that deploys the tags will probably set the passwords 
when they are put on the shelves. Otherwise, competitors could come 
into the store and inventory the store without the store's permission.
3. All stores will give customers the option of killing tags at 
check-out. They may even give consumers the option to change the 
password.

Moore's Law is your friend for correlating large databases, but 
competition between vendors is not your friend. Given the difficulty we 
have witnessed in cooperation on items with much smaller code spaces 
(like UPC), I think that the idea that there is a big database of all 
RFID codes is very improbable.

-Simson

On Monday, July 7, 2003, at 04:36  PM, Dan Geer wrote:

>
> Let me be pushy:  Observational data  has zero cost to acquire
> and near zero cost to store.  It has cost to correlate but has
> Moore's Law as a friend.  Hence there is no doubt whatsoever
> that observational data will accumulate vastly, soon, and not
> with lots of formal permission.  Walmart requires RFID tags
> for all its retailers by 2005 -- and they sell 15% of all US
> retail.  You are not going to tell anyone that pushing the
> cart through the checkout and getting an instanteous and
> accurate bill won't "sell" and particularly in those places
> already doing self-serve checkout.  If you want to make an
> issue of this your only hope is to make an issue of the use
> of data, not the existence of data.  Next up would be the
> number of cameras and whether you have a right to take my
> picture on the public street.  For a risque version of
> that, see
>
> http://www.mobileasses.com
>
> --dan
>
> _______________________________________________
> ASRG mailing list
> ASRG at amsterdam.lcs.mit.edu
> https://amsterdam.lcs.mit.edu/mailman/listinfo/asrg

More information about the ASRG mailing list