Tuesday, October 9, 2012
Smart Dust & RFID privacy
The Science Daily article Nano-Based RFID Tags Could Replace Bar Codes  announces with breathless excitement that we may be on the verge of nano-scale RFIDs. The implications extend far beyond tracking inventory in warehouses, even if the devices perform only passively at the hoped for range of 300m.
These devices would be by design tiny and ubiquitous, likely embedded in products such that they are not only undetectable when the product is in use, but also integrated into the product in such a way that their removal would be impossible without damaging or destroying the object in question.
There are already some grave concerns  regarding tradeoffs in efficiency versus privacy and safety in RFID-enabled passports: do you really want anyone who cares to install the proper equipment to be able to identify you as carrying a U.S. passport the moment you walk though their door? There are certainly places today where such identification could be actively dangerous to the passport holder. Passports, at least, are specific enough items that it might not be unreasonable to expect that those carrying them should take measures to protect them from casual snooping, just as one might take care where one carries a wallet or credit card. Use your favorite search engine to see how many hits you get for “passport RFID blocker” – there are already multiple products on the market designed to address this concern.
Imagine instead that nearly everything on or about your person is labeled with an RFID which identifies manufacturer and item number – not at all unreasonable if you are the manufacturer working to track your inventory, but potentially problematic if you are the end consumer. From an arbitrary distance, say, that 300m or less figure quoted in the Science Daily article someone can generate a profile of you without even needing to focus upon you as a specific individual. You might pass through a portal or doorway and be identified as having $3000 worth of clothing and electronics on your person. You might subsequently be selected for a targeted sales pitch or to be followed with intent for unspecified mayhem.
One might sprinkle nano RFIDs on or about one’s premises for simple inventory – sprinkle first then catalog later: the rough collection of these RFID IDs correlates to the printer, and those to the postage meter. If a few fall off, so be it, there are still a few hundred with unique identifiers; more than enough to specify a particular item. This would be wonderful for tracking material through a manufacturing process or simply for keeping track of what is where. It might also be useful for a third party wishing to track you without your knowledge. If the little nano RFIDs are a bit more capable, they enter the realm of smart dust  – able to record and transmit data.  Again, incredibly useful if you want to monitor conditions in your shipping container or warehouse, but potentially problematic from a privacy standpoint.
Concerns regarding privacy issues and potential for abuse aside, this technology is coming: the world of ubiquitous sensors is not so much “if” but “when and how.” There is just too much upside for manufacturers or any entity that desires to track and inventory . . . anything.
Question: how will we mitigate the new set of risks that will be created as this technology evolves? Disabling all the RFIDs on your gear/clothing will eventually make you as noticeable as disabling none of them . . .
Pister: Smart Dust in 2010. He has the timing off (obviously) but many of his projections are being developed actively.
Privacy concerns grow with the use of RFID tags Martínez-Cabrera, A. SF Gate (September 6 2010). Short consumer article outlining some broad concerns regarding RFID use.
 Nano-Based RFID Tags Could Replace Bar Codes. ScienceDaily. (Mar. 19, 2010) http://www.sciencedaily.com/releases/2010/03/100318113300.htm accessed 9 October 2012.
 A Threat Analysis of RFID Passports. Waldo, J. et al Queue. (October 1 2009) http://queue.acm.org/detail.cfm?id=1626175 accessed 9 October 2012
 'Smart dust' aims to monitor everything. Sutter, J.D. CNN (May 03, 2010) http://articles.cnn.com/2010-05-03/tech/smart.dust.sensors_1_smart-dust-sensors-kris-pister?_s=PM:TECH accessed 9 October 2012.
 SMART DUST: Autonomous sensing and communication in a cubic millimeter. Website: http://robotics.eecs.berkeley.edu/~pister/SmartDust/