RFID : applications, security, and privacy

"RFID is the first important technology of the twenty-first century. That's an awesome responsibility. How can we know when and how RFID is being used? How can we make sure it is not misused? How can we exercise choice over how it affects us personally? How do we ensure it is safe? This book is a valuable contribution to the ongoing effort to find the answers." -From the Foreword by Kevin Ashton, cofounder and former executive director, Auto-ID Center; vice president, ThingMagic CorporationRadio frequency identification (RFID) technology is rapidly becoming ubiquitous as businesses seek to streamline supply chains and respond to mandates from key customers. But RFID and other new wireless ID technologies raise unprecedented privacy issues. RFID: Applications, Security, and Privacy covers these issues from every angle and viewpoint. Award-winning technology journalist and privacy expert Simson Garfinkel brings together contributions from every stakeholder community-from RFID suppliers to privacy advocates and beyond. His contributors introduce today's leading wireless ID technologies, trace their evolution, explain their promise, assess their privacy risks, and evaluate proposed solutions-technical, business, and political. The book also looks beyond RFID, reviewing the privacy implications of Wi-Fi, Bluetooth, smart cards, biometrics, new cell-phone networks, and the ever-evolving Internet. Highlights include How RFID and other wireless ID technologies work RFID applications-from gas stations and pharmacies to the twenty-first century battlefield RFID, privacy, and the law-in the United States and around the world RFID, security, and industrial espionage How Bluetooth and Wi-Fi can track individuals, with or without their permission Technical solutions to wireless ID privacy concerns-their values and limitations Stakeholder perspectives from EPCglobal, Inc., Gemplus, The Procter & Gamble Company, and other industry leaders The future of citizen activism on privacy issues Clear, balanced, and accessible, this is the indispensable primer for everyone involved in RFID: businesses implementing or evaluating RFID; technology suppliers responding to user concerns; and policymakers and privacy advocates who want a deeper understanding of the technology and its implications. Includes contributions from AIM Global, Inc. CASPIAN Center for Democracy and Technology EPCglobal, Inc. The Galecia Group Gemplus IDAT Consulting & Education Institute for the Future Matrics, Inc. MIT Computer Science & Artificial Intelligence Laboratory MIT Media Laboratory OATSystems Privacy Journal The Privacy Rights Clearinghouse The Procter & Gamble Company RSA Laboratories UCLA Department of Geography Wayne State University Law School

Foreword. Preface. Acknowledgments. I: PRINCIPLES. 1. Automatic Identification and Data Collection: What the Future Holds. Introduction A Brief History of AIDC The "Industry" That Isn't The Interconnected World Clear and Present Benefits Future Applications Conclusions 2. Understanding RFID Technology. Introduction RFID Technology RFID Applications Conclusions 3. A History of the EPC. Introduction The Beginning A Mini-Lecture: The Supply Chain The Auto-ID Center Harnessing the Juggernaut Conclusions 4. RFID and Global Privacy Policy. Introduction Definitions of Privacy Mapping the RFID Discovery Process Privacy as a Fundamental Human Right Privacy Through Data Protection Law and Fair Information Practices Conclusions 5. RFID, Privacy, and Regulation. Introduction Some Current and Proposed RFID Applications Whither Item-Level Tagging? Understanding RFID's Privacy Threats Conclusions 6. RFID and the United States Regulatory Landscape. Introduction Current State of RFID Policy RFID Policy Issues Government Versus Individual Context Business Versus Individual Context Industry Leadership Options for Government Leadership Snapshot of Current Status Policy Prescriptions The Case for, and Limits of, EPCglobal Leadership Conclusions 7. RFID and Authenticity of Goods. Introduction A Few Important Concepts in Authentication Authenticity of Tags and Authenticity of Goods Authenticity of Goods and Anticounterfeiting Measures Authentication of Readers Authentication of Users Across the Supply Chain (Federation) Conclusions 8. Location and Identity: A Brief History. Introduction Place and Identity in a World of Habits and Symbols Locational Technologies Rethinking Identity: Beyond Traits and Names On RFID Conclusions 9. Interaction Design for Visible Wireless. Introduction The Role of Interaction Design A Common Vocabulary Designing and Modifying WID Systems Conclusions II: APPLICATIONS. 10. RFID Payments at ExxonMobil. Introduction Interview with Joe Giordano, ExxonMobil Corporation 11. Transforming the Battlefield with RFID. Introduction Logistics and the Military Conclusions 12. RFID in the Pharmacy: Q&A with CVS. Introduction CVS and Auto-ID Project Jump Start RFID in the Store Making RFID Work: The Back End 13. RFID in Healthcare. Introduction Home Eldercare Challenges Conclusions 14. Wireless Tracking in the Library: Benefits, Threats, and Responsibilities. Introduction RFID System Components and Their Effects in Libraries RFID Standards RFID in U.S. Libraries Best-Practices Guidelines for Library Use of RFID Conclusions 15. Tracking Livestock with RFID. Introduction RFID Has to Prove Itself Putting RFID to Work RFID and Livestock Marketing RFID World Livestock Roundup III: THREATS. 16. RFID: The Doomsday Scenario. Introduction RFID Tags and the EPC Code A Ubiquitous RFID Reader Network Watching Everything: RFID and the Four Databases It Will Spawn Corporate Abuse Government Abuse Conclusions 17. Multiple Scenarios for Private-Sector Use of RFID. Introduction Scenario 1: "No One Wins" Scenario 2: "Shangri-La" Scenario 3: "The Wild West" Scenario 4: "Trust but Verify" Conclusions 18. Would Macy's Scan Gimbels?: Competitive Intelligence and RFID. Introduction In-Store Scenarios So, Who Wants to Know? Conclusions 19. Hacking the Prox Card. Introduction Reverse-Engineering the Protocol Security Implications Protecting Against These Types of Attacks Conclusions 20. Bluejacked! Introduction Bluetooth Bluetooth Security and Privacy Attacks Conclusions IV: TECHNICAL SOLUTIONS. 21. Technological Approaches to the RFID Privacy Problem. Introduction The Technical Challenges of RFID Privacy Blocker Tags Soft Blocking Signal-to-Noise Measurement Tags with Pseudonyms Corporate Privacy Technology and Policy Conclusions 22. Randomization: Another Approach to Robust RFID Security. Introduction The Problems in RFID Security Conclusions 23. Killing, Recoding, and Beyond. Introduction RFID Recoding and Infomediaries Infrastructure Issues Conclusions V: STAKEHOLDER PERSPECTIVES. 24. Texas Instruments: Lessons from Successful RFID Applications. Introduction Toll Tracking: Who Knows Where You Are Going? Contactless Payment: Are Safeguards Already in Place? RFID and Automotive Anti-Theft: Staying Ahead of the Security Curve How and What We Communicate Conclusions 25. Gemplus: Smart Cards and Wireless Cards. Introduction What Is a Smart Card? Smart Card Communication and Command Format Card Life Cycle Smart Card Applications "Contactless" Cards Protocols and Secure Communication Schemes Constraints of Contactless Products Contactless Products and the Contact Interface Conclusions 26. NCR: RFID in Retail. Introduction Payment Applications Inventory Management Applications Hybrid Scanners Privacy Concerns RFID Portal Conclusions 27. P&G: RFID and Privacy in the Supply Chain. Introduction Procter & Gamble's Position RFID Technology and the Supply Chain Global Guidelines for EPC Usage Conclusions 28. Citizens: Getting at Our Real Concerns. Introduction Prior to the Point of Sale After the Point of Sale: Nonconsumer Goods After the Point of Sale: Consumer Goods After the Point of Sale: Privacy Interests Eliminating the RFID Threats to Privacy Conclusions 29. Activists: Communicating with Consumers, Speaking Truth to Policy Makers. Introduction RFID Characteristics That Threaten Privacy Proposed Technology-Based Solutions Is Consumer Education the Answer? Calling for a Technology Assessment Conclusions 30. Experimenting on Humans Using Alien Technology. Introduction The Surveillance Society: It's Already Here A Trick to Overcome Resistance Constituents to Change-and to Stasis Privacy Advocates Own This Story Privacy, Change, and Language How to Make Consumers Demand Change (and RFID) Conclusions 31. Asia: Billions Awaken to RFID. Introduction Factors Separating Western and Asian RFID Experience The Extant Paper Database and Electronic Credit Card Systems RFID in India RFID Across Asia Conclusions 32. Latin America: Wireless Privacy, Corporations, and the Struggle for Development. Introduction An Overview of Wireless Services Penetration into Central America Pervasiveness of Telecommunications in Central America Privacy Concerns An Overview of Privacy Across Latin America Conclusions: Privacy, Poverty, and the Future APPENDIXES. Appendix A: Position Statement on the Use of RFID on Consumer Products. Appendix B: RFID and the Construction of Privacy: Why Mandatory Kill Is Necessary. Appendix C: Guidelines for Privacy Protection on Electronic Tags of Japan. Appendix D: Adapting Fair Information Practices to Low-Cost RFID Systems. Appendix E: Guidelines on EPC for Consumer Products. Appendix F: Realizing the Mandate: RFID at Wal-Mart. Index.