[ASRG] public relations hole in RFID web site
Simson L. Garfinkel
simsong at lcs.mit.edu
Mon Jul 7 18:53:31 EDT 2003
Dan,
Your observations are valid based on the picture of RFID that some
people have put forth, but they are not valid based on the version of
RFID that the AutoID center is trying to promote. Here's why:
1. All tags that follow the AutoID center's proposal have both
passwords and a kill-feature.
2. Any retailer that deploys the tags will probably set the passwords
when they are put on the shelves. Otherwise, competitors could come
into the store and inventory the store without the store's permission.
3. All stores will give customers the option of killing tags at
check-out. They may even give consumers the option to change the
password.
Moore's Law is your friend for correlating large databases, but
competition between vendors is not your friend. Given the difficulty we
have witnessed in cooperation on items with much smaller code spaces
(like UPC), I think that the idea that there is a big database of all
RFID codes is very improbable.
-Simson
On Monday, July 7, 2003, at 04:36 PM, Dan Geer wrote:
>
> Let me be pushy: Observational data has zero cost to acquire
> and near zero cost to store. It has cost to correlate but has
> Moore's Law as a friend. Hence there is no doubt whatsoever
> that observational data will accumulate vastly, soon, and not
> with lots of formal permission. Walmart requires RFID tags
> for all its retailers by 2005 -- and they sell 15% of all US
> retail. You are not going to tell anyone that pushing the
> cart through the checkout and getting an instanteous and
> accurate bill won't "sell" and particularly in those places
> already doing self-serve checkout. If you want to make an
> issue of this your only hope is to make an issue of the use
> of data, not the existence of data. Next up would be the
> number of cameras and whether you have a right to take my
> picture on the public street. For a risque version of
> that, see
>
> http://www.mobileasses.com
>
> --dan
>
> _______________________________________________
> ASRG mailing list
> ASRG at amsterdam.lcs.mit.edu
> https://amsterdam.lcs.mit.edu/mailman/listinfo/asrg
More information about the ASRG
mailing list