Last modified: 28 March 2004, 17:05
What does this acronym mean, and what is all this fuss about, anyway?
RFID stands for "Radio Frequency IDentification" which is an automatic data registration
technology where tiny chips are used for the tracking of products by attaching
them to the products themselves or their packaging. With these little chips,
the whereabouts of objects can be detected - even through a wallet, a rucksack or
a bag. Many big retailing concerns want to replace the known bar codes by such
"spy chips" so that they can track just about any object on our planet - and the
people carrying or moving them - without anybody else taking any notice. As yet, there
are no rules or legislations in existence in Germany, the EU, or even world wide,
through which the society would or could be protected against dangers or even misuse
of these technologies.
>> More about RFID (English) ![[Externer Link]](../img/ex.gif)
http://www.spychips.com/rfid_overview.htm
RFIDs are inconspicuous. They have already been in or on some products for some
time, without anybody taking notice. Memory cards from "Scandisk", for example, often
have a 2x2 in. white tag on them. Only when you hold that against a strong lamp
the typical antenna-structure on the edge of this tag is visible. Pictures can be
found on our other
web site.
Some RFID chips (which together with an antenna turn into so-called "transponders")
can also be found in ordinary price tags. These often are "a little thicker
than normally". This might be evidence that there is a transponder in that
tag. Some pieces of clothing carry a little, about credit-card-sized, piece
of cardboard. What looks like a nicely printed tag, which is to convey that
this piece of clothing deserves an especially nice-looking tag, is only just
another way of hiding an RFID chip. As yet, there is mostly only some theft
protection built into them, consisting of two strips of metal. But some
technicians call already this a 1-bit-RFID (although it doesn't transmit
an "ID" but only -- as long as isn't de-activated -- tells the respective
reading devices that it is there: and thus activates the well-known alarm).
RFIDs come in quite a number of forms. They are being built, for example, into customers' cards (loyalty cards), credit cards, stickers or even nails(!). It always depends on what use they are meant for. In loyalty cards, on the inside of some product packaging, integrated into some cardboard case, but also on the back sides of stickers or price tags, they don't attract atention. RFID tags can also be printed on packages!
At the moment, just about everything (wrongly but understandably) is called RFID if it transmits anything. Thus the "Schokoticket" of the VRR (local transport provider for the Rhein-Ruhr area, "Verkehrsverbund Rhein-Ruhr") is not an RFID, but a "SmartCard" - it does not send out a "unique" number or ID but the data contained on it. Which is not less bad! According to media reports, in a clothes store in Neuss the data of school kids carrying a "Schokoticket" were read out in clear text by accident. Whole new possibilities for "child molesters"...
The acronym RFID consists of the combinations "RF" and "ID".
"RF" stands for "radio frequency". Through electric or magnetic waves
the "ID" is being transmitted.
"ID" stands for "identity" or "identification". The chip has a number,
fixedly stored, which makes it unique. No chip number ever comes up
twice.
Both of them together make the "RFID chip". This is attached to an
antenna which catches electromagnetic radiation from a reading device
and thus provides the chip with electrical energy. Once a chip is
"electrified" it "wakes up" and responds by sending out its ID-number,
which can then be caught and read out by a reading device. This unit of
RFID chip and antenna is called a "transponder", often also just "RFID",
"RFID tag", or "tag".
Additionally, an RFID chip can have a (re-)writeable memory. The chips
current at the moment have the so-called EPC (Electronic Product Code)
underlying. This number consists of information which up to now was
also contained in the bar code: a product number which makes clear that
we are dealing, e.g., with a Gillette Mach3 razor blade here. In addition
to that, this number also shows the serial number of this product. I.e., one
can, since there is always a log kept on the "life line" of the product,
determine exactly, which blade this is, when and where it was produced, and
delivered when to whom. Other digits are reserved for "best before" dates
etc.
When there is an EPC on the chip, we already have two unique numbers:
The hardware-number of the individual chip, which was branded on it by the
chip-manufacturer, and the one that was written on it by the manufacturer
of the product through some EPC software. Mind: The hardware number from
the maker of the chip cannot be deleted.
If further storage-space is available, it can be used ad lib. for other data.
RFID has been implemented in locking- and alert-systems for some time already. E.g., some car keys carry little transponders that switch the immobilsing device of your car on or off. Surely, these are quite sensible applications. But one can encounter RFID also in examplary projects of the retailers, for instance at Tchibo-shops (a German coffee chain) Gillette, Gerry Weber (attached to the items in a way that the tags can be cut off at point of sale), and METRO with their related retailing chains (see below: "How widely are RFID chips used already?") The little buggers could als be in the soles of your shoes (see below).
How do I know where an RFID is hidden?
Since there is no legislation binding the manufacturers to telling you where
they might be using RFID in or on their products or packaging, the average
customer has to rely on his or her eyes in order to detect the chips. As long
as the RFID chips used commercially today have a more or less easily spotable
antenna, it is not quite futile to try to look for them. Provided you suspect
a "spy chip" behind just every price tag.
here.
FoeBuD
on the other hand is currently working on the construction of another device, the
"DataPrivatizer", which is supposed to be able to detect chips and overwrite their
rewritable memory. And which will be considerably smaller and cheaper. It should be
available in summer 2004.
(*) There are a number of highly developed chips from research and
military projects that don't show the typical antenna because it is
integrated directly in the chip. These chips are so small that they
are almost impossible to find.
(Read more about this for instance in "RFID Chips Put To The Test",
http://www.spacedaily.com/news/chip-tech-03k.html.
RFID-Chips with an integrated antenna can be so small that they can
be embedded in paper (for example in money bills).
The most common types of RFID are:
What's the difference between RFID and conventional electronic theft protection?
Electronic theft protection recognises only the status (the presence of an active
tag(*)) and activates the alert system. It does not read out data about the
goods or the customer.
Of course, the "gates" installed at the shop doors can be replaced by RFID scanners
without this being noticed.
(*) "active" in this case means the internal status "not paid for" of the
tag, not its build (cf. under "What are the reading ranges?")
There are two kinds of RFID tags: "passive" tags, i.e. without a source of
energy of their own, and "active" ones which contain a battery or are
attached to a battery or another kind of external source.
Passive tags receive the energy they need directly from the electro-magnetic
energy of the radio waves transmitted by a reading device. Outside the range
of such a device, passive tags are therefore without energy. Depending on a
number of factors, such as size of the antenna, radio frequency, environmental
conditions, etc., a passive tag can have a reading distance ranging from some inches
to more than 30 feet.
As a rule of thumb: The larger the antenna, the larger is the reading range.
Active tags can have reading ranges of one mile or more. Most of the tags
meant for use in the consumer environment are passive, however.
There are some projects under way devoted to tracking of wares or packagings
via satellite. In these, though, the RFID tags are not directly read out, but
in the transport container or -vehicle there is an RFID reading device which
in its turn is connected to a satellite dish.
What is or can be stored in data bases?
With every contact of an RFID tag with a reading device, its unique serial
serial number and possibly, according to chip type, other data stored on the
chip can be read out and stored, together with time and place of reading.
With these data, one can create tracking profiles.
These data, of course, awaken a certain kind of covetousness with some poeple.
If, e.g., one can trace back an idividual RFID number to an individual person,
one also knows, through the data stored in data bases, where this person
has been when.
The unique serail number of an RFID tag makes it quite simple for holders
of the respective data bases or archives to relate other data, possibly collected
by different means, to this number and call them up.
Just imagine that your jacket, your shoes, your trousers, your hat, two loyalty
cards in your wallet, and the money bills, are equipped with RFID. Even in
good weather, if you leave your hat, jacket and shoes at home, you will still be
indentifiable by the other RFID tags you carry with you. At the moment, we all
are hearing in the news about all the things that allegedly are useful in the
"fight against international terrorism". It won't take long until our
shopping data will also go roaming around related data bases, and be used
against us. Paranoids assume that the introduction of RFID is part of some great
plan of the high and mighty, anyway, to strengthen their power and render all
of us citizens manipulable. There probably is no such "great plan" - but the
effects are the same.
RFID or bar-code - What's the difference?
Are there any products that cannot be equipped with RFID chips?
Items that contain liquids or metal only badly suited to use with RFID.
Liquids simply absorb most of the electro-magnetic energy transmitted by
the reading device, which the chip needs to send out the data contained on
it. Metals reflect the radio waves and throw them back unpredictably
into any direction. These two effects lead to disturbances in the RFID signals
which a reading device sends out to a chip or vice versa. These problems are
being investigated further.
You could use this information about metal to your benifit.
The cooling bags you use for your frozen shopping goods, or the aluminium foil
from chocolate bars can be helpful in protecting hidden RFIDs in your
loyalty cards from transmitting any data, since they are made of or lined with
metal.
Keep your eyes open: Has "your" shop been refurnished lately, and have the
usual metal shelves been replaced by plastic? (In order to prevent irritation
of RFID communication?) Then be on your guard.
What risks lie in a broad introduction of RFID?
Through unique numbering and contactless readability, an item can be registered
each time it passes a reading device. These reading devices or scanners can be
hidden from your sight, and thus one could track you wherever you go, without you
noticing it or having any knowledge about this. That is, only as long as there
are scanners anyway near, of course.
This way, for example your shoppig behaviour could be tracked: How long do you
linger in front of a shelf, which part of the shop do you stay away from, among
other things.
Can shopping habits be stored?
Yes.
This will be possible, at the latest, at the time when RFIDs are contained
in customers' cards. But it is possible even now, for example when you pay
with your credit card, or when you reveal yourself via your "loyalty card" as a
customer of some kind of special naivity. With these means, you will be
identified only at the check out as the person you are, up to now. But with
RFID you will be recognised even as you enter the shop (by a reading device
at the entrance). Thus, it will not only be memorised what you have bought,
but, via RFID, also what you only looked at: "Customer took 'Pantene' shampoo
from the shelf, put it back again"; or: "Customer spent 27 minutes at the
news stand, browsed through titles a, f, and z".
Through your customer's number, prices can be adjusted individually, in such
a way that you just ever so marginally are prepared to pay the amount shown
for any item but are not in danger of doing your shopping somewhere else.
Which may mean that you, as a top level single male with a good income, much
free time and a nice new sports car, might pay '''less''' for an item than
a single mother of three without a car. Your shopping behaviour tells a lot
about you. And you become a "more interesting" customer for a retailer if you
buy useless trinkets which hold a large profit margin, rather than if you
can be trusted to buy only your daily supply of milk, eggs, bread and butter.
Through custom-made "offers" specially made for you, you will be manipulated in
such a way that you give the "margin" you promise to this shop. But this will
always be to (also) your disadvantage, or else all these tricksy mechanisms
wouldn't be necessary.
Who would be interested in these data?
These data are very interesting for the retail business as a whole, which
is always interested in optimising its advertising and its placement of branches.
But once such data are collected in grand style, other parties will come up
who are also interested in them: If only your local department of public order
wanting to find out who has dumped what "illegal" piece of waste in the wrong
place. Or the crime-protection forces... (For example when RFID has been
embedded in money bills. See below: "Is it true that RFID chips are to be built into
money bills?")
The firms that want to introduce RFID argue against people's concernes
about data protection that they would never intend to pass on their collected
data to other firms. But looking behind the scenes, this is clearly what is
intended by the massive introduction of RFID and the EPC (Electronic Product Code)
going along with it: The exchange of data beyond the borders of the individual firms
involved. In order to do this and for this exchange to be functional, the
ONS (Object Name System) is being built up at the moment. The ONS works
similar to the identification of a computer on the internet. With the internet,
we call this the DNS (Domain Name System).
After the unification of UCC and EAN International, Linda Dilman
(CIO Wal-Mart), Zygmunt Mierdorf (CEO Metro Group), Steve David
(CIO P&G), Dick Cantwell (Gillette), Prof. Sanjay Sarma (Auto-ID Center MIT),
EPCglobal chief Margaret Fitzgerald, and representatives of national EAN organisations
such as Steve Coussins (UK), Hiroshi Sakai (Japan) and Sergio Ribinik (Brazil),
will be members of the representative board of EPCglobal. The sheer number of
their representatives in this board underlines the importance such players as
Wal-Mart, Metro, Procter&Gamble and Gillette see in the future of not only
RFID, but also its unified, standardised employment within a global framework.
If we look at the fact the the US government is suddenly interested in the
meal choices of plane passengers during their flights, it would be ludicrous
to assume that other governments and their related parties would not be
interested in such data. At the time we are writing this, some politicians will
be coming up with new regulations fighting against privacy. They will be calling
this "fighting terrorism", though.
Is price discrimination possible?
Yes.
With a combination of RFID in customer's cards and RFID in the wares it is
possible to make tailor-made prices, according to the customer's personal data.
This is quite easy with RFIDs, since they are readable without contact or
line of sight, and with an RFID tag in a customer's card the individual
customer can be individually recognised. In a whiff, the price tags can be
changed accordingly. As yet, there is no legislation against this practice.
On the contrary: the relating German laws have been abolished years ago,
without anybody asking or remembering why they had been set up in the first
place.
I have been paying with my EC or credit card for years, and I don't feel threatend by that.
Of course, it has always been possible to track your shopping behaviour
by means of your credit cards. But RFID, if implanted in customers' cards,
allow identification of a customer even at entering the shop. Thus, it is
also possible to find out what parts of the shop you go to and, naturally,
what you buy, and to react to your behaviour and try to manipulate it.
Remember: manipulation works '''because''' you think that all of this
is actually quite practical and helpful. You will not or only after some
consideration be aware that you don't want one or the other thing. An example?
Many people answer the question of whether they are for or against video
surveillance for more security by saying that they don't mind video monitoring.
Only when asked what they do want: video monitoring '''or''' security, they
realise that they have been manipulated with the first question already, which
equals security with monitoring. Up to now, however - who'd 'a thunk it -
there is no evidence that video monitoring would boost security.
The EC card system used to be a very secure system, having been developed
in the old tradition of banking and banking security. The EC card system even
once was the most secure card system in the world. By now, this system has been
abolished. Up to now, most credit card firms haven't dared yet to make their
wishes to sell banking information really public. Not so "American Express",
who call this kind of sale of data their kernel business. VISA is also in the
front line of the meanies in this respect: with the help of so-called
direct banks, and coupled credit cards, a lot of people have waived their
bank secrecy anyway - without being aware of that. Their contracts incorporate
what in Germany is called the "Schufa-Klausel", which gives a large number
of address-collectors and scoring enterprises access to customers' data,
such as their credit-worthiness, for example.
What is worse about RFID than about mobile phones? (Locating of people)
RFID can normally only be read out over a relatively short distance of
about one or two metres. That means one cannot have long distance tracking,
as with mobile phones, but a very detailed collection of data within
somewhat limited space. Also, for tracking beyond the capacities of an
individual reading device it is enough to place scanners in strategically
opportune places, like house entrances and/or exits or shop shelves, in order to
collect all the data necessary for exact locating of the targeted subject or
object. Please remember that scanners will by and by installed at bus stops,
construction sites on the roads, parking lots, train stations, auditoriums of
universities, etc.
Oh, and: You can turn your cell phone off or cancel your contract. You can't
do that with RFIDs.
RFID technology uses radio waves, i.e. radiation. When this technology is introduced on a broad scale, the amount of radiation you will be subjected to will increase. According to type and reading range aimed for, one needs more or less powerful transmission of radio waves. There is not much known about the risks of this radiation -- like about that of mobile phones and their related transmission masts -- but some concerns have been raised. For some test- and research implementations (not only in protected laboritories) a number of special permissions have been applied for and granted so that one can test radiation beyond the limits that normally would be rated as dangerous. This especially affects the employees who come into daily contact with the radiation, but of course every customer also.
The RFID technology has been devised in order to automate a number of tasks. Probably there will be a number of additional jobs created, e.g. in order to inform the people about the new technology. In the long run, however, a lot of jobs will be lost, e.g. in the logistics chain, but also among shop employees: The technology is meant, after all, to make as many things cheaper as is at all possible. And personnel often is a very expensive factor (many managers do actually see it like that).
Our demands have been publicised in our position paper
Should you find out that certain shops use RFID you should make them
clearly understand that you are not satisfied with this policy and
perhaps (if that doesn't help) look for another shop to do your shopping.
The FoeBuD e.V. will set up a list where you can tell us where you have met
with RFID.
How can I make RFID chips useless?
Can a magnet destroy an RFID chip?
No. The chip information is not stored magnetically. Use of a magnet or
other erasing devices has no effect whatsoever on the chip. In December
2003 we tried the professional hard-disk eraser
"Degauser" from IBAS: The chip remained functional without any
disturbance.
Can I put products in a micro-wave oven to destroy hidden RFID tags?
An RFID tag can really be destroyed by microwaves. A couple of milliseconds
with low energy are enough to make the chip blow up in an impressive blue flame.
But it is very probable that not only the chip will burst into flames but also
everything else near it. The packaging or the product itself are just as
easily destroyed, and also the microwave oven will be polluted with metal or
plastic vapours afterwards.
Because it is so difficult to destroy RFID chips, we need a clear legislation,
forbidding hidden attachment of these chips. Or to say it plainly: We need
obligatory indication of goods with RFIDs.
Can chips "survive" in pieces of clothing, washing machines and tumblers?
Yes.
RFID chips are designed in such a way as to survive normal wear and tear
for years, washing and drying included. We even know of at least one
lender of uniforms in the USA who employs RFID in order to keep track of their
inventory and assignments after cleaning. That means that the chips whithstay
even industrial standards of use and cleaning.
What do I do if I find an RFID chip? Can I de-activate or destroy it?
You can render an RFID chip useless by breaking the connection of the chip
to its antenna. It is normally pretty obvious where the chip sits: All
antennas run towards it. If you have found the tiny dark square you can
try and scratch through the conducting parts of the antenna. You could cut
into the "Schokoticket" of the VRR, for example, for about half an inch so
that the antenna in it will be destroyed and your child's data can no longer
be read out.
In order to be half-way sure that the chip will no longer be readable,
you could poke a needle through it, squash it or rub it to bits. (Aside:
Burning or microwaves can also destroy a chip, we we warn you against
this, because of the possibly severe side-effects.) You shouldn't try to
"drown" the chip -- water normally doesn't harm the chips in the least.
Treating the chip with a magnet equally comes to no avail.
There are de-activator devices, isn't that enough?
No.
The METRO Group have installed a so-called "deactivator" in their Extra
Future Store only after our protests. But that is not good enough:
No.
About this we have an extra text which you can read on another web site of ours.
What technologies and standards will be coming?
What is EPC (Electronic Product Code)?
The Electronic Product Code is the standard building the basis for the allotment of unique serial numbers to the individual RFID chips. The range of possible numbers has been chosen in such a way that in very many products really all items produced can be uniquely tagged - and that means unique for several hundred years.
What is ONS (Object Name Service)?
With the Object Name Service EPC numbers can be resolved or translated to certain services or web sites. The structure is similar to that of the Domain Name Service System, which is used for resolving web addresses like www.foebud.org to numbers of servers or computers (IP-numbers).
Who is experimenting with or already using RFID, and where do I come into contact with RFID?
How widely spread is use of RFID already?
Here is a list of 103 firms which have sponsored the "Auto-ID Center" at the
MIT
(Massachusetts Institute of Technology)
http://www.spychips.com/rfid_sponsors.htm.
The Auto-ID Centre is the organisation under whose roof the RFID infra-structure
was developed with the help of such international players as Gillette,
Unilever and Procter & Gamble. We assume that these firms will be the
first to employ this technology. In the list you will find quite a number of
firms you have never heard about. But mind that these big enterprises often
operate under quite different brand names. While not allowing customers theirs, such
enterprises often like to keep their anonymity. The METRO Group, e.g., which
most Germans only know as a "wholesaler" is owner of retail chains such as
Kaufhof, Extra, real, MediaMarkt, Saturn and Praktiker. Also "Reno Schuhe"
was part of it until recently.
As yet, the use of RFID in or on products is not very wide spread.
But there are tests made by Gillette, Gerry Weber and Metro and their
respective retail chains. It is to be assumed that use of RFID will
increase. Especially so, since the RFID tags grow cheaper virtually by
the minute and the technology does spread to ever new implementations.
Is it true that RFID chips are to be built into banknotes?
Hitachi is working together with the European Central Bank (ECB) on the
idea to embed RFID chips in Euro notes. With this, the anonymity of cash
money would be abolished because individual banknotes could be tracked.
You would, as it were, "register" your cash money when you get it from a
bank clerk or the machine on the wall. Euro notes could be equipped with
RFID beginning in 2005. The ECB to date does not comment.
As soon as this idea is put into action you couldn't use money without
danger to one's privacy any longer in its normal functions such as
payment among friends, or as a gift, or for donations, i.e. any not
normally registered transaction. If the money turns up in a criminal
investigation it is '''you''' who is the last entry in the related
data base, and you would have to be prepared for some very uncomfortable
questions by the powers that be, even if you have nothing to do with it,
apart from being the one the respective bills have been issued to.
You have nothing to hide, because you don't do anything evil? Then you
have never experienced how a criminal investigation is led. If only
after a routine interrogation at your working place, your boss will look upon
you with different eyes. If you want to avoid this you will have to stop
using cash money. If you don't, you will be in the hands of a means of
payment that is trackable per se.
Another point of concern is that owing to RFID's readability through your
wallet or purse, and the small size of modern RFID scanners, thieves and pickpockets
could carry such scanners and scan the purses of their prospective victims
without them noticing. And thus pick themselves the most lucrative
pieces of booty at their leasure.
Details: "Euro Notes May be Radio Tagged",
http://news.zdnet.co.uk/story/0,,t295-s2135074,00.html.
Is there evidence of use of RFID in shoes?
Shoes can almost always be traced back to exactly one person wearing them. This is what makes attachment of RFID tags to and especially in shoes very problematic. We know of at least one firm that uses embedded RFID technology in shoes. According to this firm, the RFID tags they use do not contain uniquely identifiable information but are only there for setting off the alert in cases of shop lifting. The producer "Alien Technologies", however, did present a "Wal-Mart Athletic Works" running shoe at an RFID-conference in Chicago in June 2003. This shoe had an RFID tag attached under the inner sole. "Alien Technologies" said that this was only a presentation model and that there were no actual or planned tests or implementations of these models. Nevertheless, there was great enthusiasm at this conference about the possible uses of RFID chips in shoes. The official reason for the interest in RFID in shoes was that this way one could keep sizes and pairs together. We, on the other hand, believe, that the permeation of the shoe market with RFID technology will constitute a frightening reality, if we don't make it clear to the big players that we will not buy products that are equipped with RFID.
References, Disclaimer and Credits
Wikipedia about RFID
RFID overview (English)
StopRFID Site of C.A.S.P.I.A.N. (USA)
The standard reference text about RFID-technology as a book
Metro Future Store site of the FoeBuD e.V.
Laudation of the BigBrotherAwards 2003
Disclaimer
Reading this, you will have sensed that we couldn't refer to all and everything
here. Also, this text will become - at least partially - obsolete by and by.
Please feel invited to make us aware of any mistakes and omissions! But don't feel
offended if we don't build in every hint immediately but collect and check contributions
first, before entering them here.
Support us!
Credits
Thanks to all who helped in assembling this FAQ:
Axel Rüweler
Frank Landgraf
Jan E. Hennig
padeluun
Katherine Albrecht
Supervising editor:
Claudia Fischer
English translation:
Harald Manninga