If Mesdames Albrecht and McIntyre are right, corporations and governments are conspiring, even as you read this, to bring on the apocalypse. Universal surveillance, in the form of nascent RFID (Radio Frequency ID) technology, is on the way, and they don’t think you’re going to like the results. They make a compelling and insightful case that RFID technology can put dangerous power into the hands of the government. But it’s a case that’s undermined – although not fatally – by overestimating the technology and misunderstanding how business works.
The principle behind RFID is simple: attach a tiny antenna to a tinier ID chip. Put the whole package on every item. Then, place readers at critical points in the supply chain. Bar codes can only tell that a Snickers bar is headed out the door; RFID tells you which one won’t be going anywhere for a while. Businesses get not only perfect snaphots but also feature-length films of their supply chains.
So far, so good. But what if the supply chain doesn’t stop at the store’s exit? What if the item in question is your registered car or its tires? Or your clothing, bought with your traceable debit card? Or you? What if RFID could track the contents of your refrigerator, your medicine cabinet, or your house? So long, castle.
While supply chain applications end at he checkout line, post-purchase applications are sold as benefitting the consumer. Tagging cars is seen as an extension of the VIN to help prevent theft. Reader-refrigerators would let you know when your tagged food was ready for the kids’ science fair. Reader-medicine cabinets would do the same for prescriptions, or warn you if you were about to mix heart drug A with diet pill B and give yourself a coronary.
Sounds cool. Until you realize that governments have a way of using technology in unpredictable and unwelcome ways. In the wake several high-profile data security breaches, the authors have imagined a number of threatening ways that ubiquitous tags could be misused. Placing RFID readers at key intersections and highway off- and on-ramps would be enough to track movements. The creation of uniform protocols actually makes rogue RFID readers easier to create, making it possible for thieves to know what’s in your shopping bag, perverts to know your underwear, or terrorists to target a specific car. And they point out that small read distances actually work to the bad guys’ advantage, avoiding signal clutter from a roomful of chips.
Still, while caution is prudent, Albrecht and McIntyre sometimes sound like Ida Tarbell gone nuts, demonizing perfectly normal business practices. They single out Wal-Mart for using its market power to push the new technology into the supply chain. But when they argue that some stores want to raise prices for bargain shoppers to discourage them, they forget that Wal-Mart’s entire business model is predicated on attracting just those shoppers. They also tend to view any efforts to make RFID systems privacy-safe as a means to implementing a giant trap to be snapped shut on us at some future date.
Moreover, they wildly overestimate the current state of the technology. Certainly they’ve done their homework on patent claims (many of the most invasive proposed uses come straight from approved patents). But they take at face value the requirement that a patented product be able to fulfill its claim. An individual RFID shelf may be able to distinguish an individual product, but getting shelves to process multiple products from multiple companies without interference, and then to sensibly process all that data downstream are only two of many serious outstanding systems engineering problems.
The Spychips Threat is a slight reworking of the earlier, Spychips. This version has several chapters aimed at religious Christians, likening plans for subcutaneous chips to the Number of the Beast. I’ve never been too interested in reading current events into biblical prophecy (for this Orthodox Jew, Revelations is of academic interest anyway), and the fact that an RFID company uses a black cat in its advertising, or that a machine-tool RFID system is called, “The Mark” isn’t all that impressive to me. Still, the success of the Left Behind series suggests a strong market for this kind of thinking, and the authors don’t overplay their hand here. People waiting to pounce on numerology equating Wal-Mart to 666 will be disappointed.
Some readers would stereotype the authors as part of the Religious Right, but their politics seem to run more along Libertarian lines, and the only public policy proposal from Albrecht’s CASPIAN is right-to-know legislation.
The fact is, these are all planned uses for RFID. O’Reilly’s RFID systems book is written by proponents of the technology, and it basically confirms both the plans and the privacy risks. The passive chips are virtually indestructable outside of a microwave, and anything that’s deactivated can be re-activated.
One might reasonably argue that a citizens who let themselves be tagged and branded are already spending their off-hours at the Two Minutes’ Hate, but that’s only true if they know what’s coming. And to that extent, The Spychips Threat is an important early-warning service. And if RFID system engineers are interested in privacy issues at all, it’s almost certainly a result of these two authors.