[Peace-discuss] Fwd: RFIDs Redux

[Al Kagan]

Big Brother is here.

>
>
>Globalization (globalization at iatp.org) Posted: 01/31/2004 By mritchie at iatp.org
>============================================================
>
>Bug devices track officials at summit
>
>By Audrey Hudson
>THE WASHINGTON TIMES
>December 14, 2003
>
>Officials who attended a world Internet and technology summit in
>Switzerland last week were unknowingly bugged, said researchers who attended
>the forum.
>
>Badges assigned to attendees of the World Summit on the Information
>Society were affixed with radio-frequency identification chips (RFIDs), said
>Alberto Escudero-Pascual, Stephane Koch and George Danezis in a report
>issued after the conference ended Friday in Geneva. The badges were handed
>out to more than 50 prime ministers, presidents and other high-level
>officials from 174 countries, including the United States.
>
>The trio's report said they were able to obtain the official badges with
>fraudulent identification only to be stunned when they found RFID chips - a
>contentious issue among privacy advocates in the United States and Europe -
>embedded in the tags.
>
>Researchers questioned summit officials about the use of the chips and
>how long information would be stored but were not given answers.
>The three-day WSIS forum focused on Internet governance and access,
>security, intellectual-property rights and privacy. The United States and
>other countries defeated an attempt to place the Internet under supervision
>of the United Nations.
>
>RFID chips track a person's movement in "real time." U.S. groups have
>called for a voluntary moratorium on using the chips in consumer items until
>the technology and its effects on privacy and civil liberties are addressed.
>Mr. Escudero-Pascual is a researcher in computer security and privacy at
>the Royal Institute of Technology in Stockholm. Miss Koch is the president
>of Internet Society Geneva, and Mr. Danezis studies privacy-enhancing
>technologies and computer security at Cambridge University.
>
>"During the course of our investigation, we were able to register for
>the summit and obtain an official pass by just showing a fake plastic
>identity card and being photographed via a Web cam with no other document or
>registration number required to obtain the pass," the researchers said.
>The researchers chose names for the fake identification cards from a
>list printed on the summit's Web site of attendees.
>
>The hidden chips communicate information via radio frequency when close
>to sensors that can be placed anywhere "from vending machines to the
>entrance of a specific meeting room, allowing the remote identification and
>tracking of participants, or groups of participants, attending the event,"
>the report said.
>
>The photograph of the person and other personal details are not stored
>on the chip but in a centralized database that monitors the movement.
>Researchers said they are concerned that database will be used for future
>events, including the next summit to be hosted by Tunisian authorities.
>
>"During the registration process, we requested information about the
>future use of the picture and other information that was taken, and the
>built-in functionalities of the seemingly innocent plastic badge. No public
>information or privacy policy was available upon our demands that could
>indicate the purpose, processing or retention periods for the data
>collected. The registration personnel were obviously not properly informed
>and trained," the report said.
>
>The lack of security procedures violates the Swiss Federal Law on Data
>Protection of June 1992, the European Union Data Protection Directive, and
>United Nations' guidelines concerning computerized personal-data files
>adopted by the General Assembly in 1990, the researchers said.
>
>"The big problem is that system also fails to guarantee the promised
>high levels of security while introducing the possibility of constant
>surveillance of the representatives of civil society, many of whom are
>critical of certain governments and regimes," the report said.
>
>"Sharing this data with any third party would be putting civil-society
>participants at risk, but this threat is made concrete in the context of
>WSIS by considering the potential impact of sharing the data collected with
>the Tunisian government in charge of organizing the event in 2005," it said.
>
>The organization Reporters Without Borders was banned from attending the
>summit and launched a pirate radio broadcast to protest the ban and detail
>press-freedom violations by some countries attending the meetings, including
>Tunisia.
>
>"Our organization defends freedom of expression on the Internet on a
>daily basis. Our voice should therefore be heard during this event, despite
>this outrageous ban," said Robert Menard, secretary general of Reporters
>Without Borders.
>
>Tunisia is among several countries Reporters Without Borders has accused
>of censoring the Internet, intercepting e-mails and jailing
>cyber-dissidents.
>
>
>Summit group confirms use of ID chip
>
>By Audrey Hudson and Betsy Pisik
>THE WASHINGTON TIMES
>December 18, 2003
>
>Organizers of the World Summit on the Information Society yesterday
>confirmed that badges worn by high-level attendees were affixed with
>identification chips some say were unknown to the forum's participants.
>
>However, a spokesman for the International Telecommunication Union
>(ITU), which was the host of the three-day event in Geneva last week,
>scoffed at concerns by privacy advocates that the technology could monitor
>an individual's movement or that the data it collects could be misused.
>
>Three European researchers who discovered the chips in their badges,
>first reported by The Washington Times on Sunday, said participants were not
>told about the chips.
>
>ITU spokesman Gary Fowlie confirmed during an interview from Geneva that
>radio frequency identification chips (RFIDs) were embedded in the passes and
>that data readers were in place to record information transmitted by the
>chip.
>
>Mr. Fowlie disputed that RFIDs have long-range tracking capability, and
>called The Times story "really off base."
>
>"Transmission distance is 1 to 2 centimeters. You have to put your badge
>right up to the screen," he said.
>
>But U.S. and European privacy advocates and critics of RFID technology
>said the story was on target, and that the use of the chips at the summit
>has caused an uproar in the United States and Europe.
>
>"It sent off a shot heard round the world," said Katherine Albrecht,
>director of Consumers Against Supermarket Privacy Invasion and Numbering
>(CASPIAN), a leading opponent of RFID technology.
>
>"We're rolling in e-mails on this thing. It's confirmation this is real,
>it is here, and it's being abused already."
>
>Last week's summit, which was partly organized by the United Nations,
>focused on Internet governance and access, security, intellectual-property
>rights and privacy. The badges were worn by more than 50 prime ministers,
>presidents and other high-level officials from 174 countries, including a
>representative from the United States, John Marburger, head of the White
>House Office of Science and Technology Policy.
>
>In a lengthy statement to The Times yesterday, summit officials said
>participants were notified some personal information would appear on the
>Internet, but declined to say whether participants were told of the embedded
>technology.
>
>The passes were intended "to facilitate identification by security at
>entry checkpoints," and participants had to swipe the badges across the
>readers to gain access to the summit and meeting rooms, the statement said.
>
>"Readers were quite prominently displayed and were only placed at entry
>checkpoints," WSIS spokeswoman Francine Lambert said. "The data stored on
>our servers do not and cannot monitor movement."
>
>U.S. companies use RFID chips to track inventory from the factory to
>stores. Manufactures also are testing a system that tracks products leaving
>the shelves and alerts employees to restock.
>
>EZ Pass, used at toll booths, uses RFID technology. Authorities
>investigating the murder of federal prosecutor Jonathan P. Luna learned that
>he had made repeated trips to Philadelphia during the past six months by
>tracking electronic data gathered at toll booths in Pennsylvania and
>Delaware.
>
>The Defense Department is requiring its top 100 suppliers to implement
>RFID technology by 2005 to track inventory. The remainder of its 43,000
>suppliers must ship items RFID-ready by 2006.
>
>But privacy advocates say the technology Mr. Fowlie described in use at
>the summit can be used on humans.
>
>"It's going to be used to track us," said Barry Steinhardt, director of
>the technology and liberty program for the American Civil Liberties Union in
>New York.
>
>The ACLU said it has received complaints from Europeans concerned about
>how data collected at the summit will be used at the 2005 summit, where
>Tunisia plays host.
>
>"There is a lot of concern this data will be transferred to Tunisia and
>used to punish citizens or residents, or to keep tabs on the participants
>who are coming there, perhaps deny entry," Mr. Steinhardt said. "There is a
>lot of concern that this data will be transferred to a less-than-democratic
>nation."
>
>Ms. Lambert said the data was stored for one day on the readers and
>erased, but did not say how long data was stored on the database or if it
>was ever erased.
>
>"The actual data submitted by participants was stored on ITU-secured
>servers that were not accessible by any other party than the [ITU, United
>Nations, and WSIS executive secretariat], and the data has not been
>communicated to any other party," she said.
>
>The personal data was obtained from visa applications.
>
>"This has tremendous value for intelligence gathering," said Alberto
>Escudero-Pascual, a researcher in computer security and privacy at the Royal
>Institute of Technology in Stockholm.
>
>The chips were discovered by Mr. Escudero-Pascual, Stephane Koch,
>president of Internet Society Geneva, and George Danezis, a researcher of
>privacy-enhancing technologies and computer security at Cambridge
>University.
>
>When the card containing an RFID chip is swiped onto the reader, the
>location information is sent via the chip's antenna to a database that
>contains information on the subject.
>
>Mr. Escudero-Pascual said he witnessed the data collected by the summit
>when his information flashed on a computer screen at an entry point. The
>information included a picture of the participant, name, occupation,
>organization, a time stamp of all main entry points and each time the
>participant passed a line into a room.
>
>The data is stored in chronological order, allowing readers to determine
>when, where and which participants are walking into the room.
>
>"They might want to know, 'Who has Alberto been queuing with for the
>last few days?' and they can basically see who Alberto is working with or
>talking to by who he enters with," Mr. Escudero-Pascual said.
>
>"This is not a conspiracy theory. We use these systems in our daily
>lives to open garages, but people are not aware" of other ways the
>technology can be used, he said.
>
>RFID chips are embedded in many "smart card" systems used for access to
>military bases, airports, gated communities, hospitals, state parks and
>country clubs. RFID chips also can alert government agencies to a host of
>law-breaking activities, such as expired insurance policies or license
>plates.
>
>But tagging participants in a political summit raises privacy and
>security issues, and privacy advocates think the summit's organizers might
>have broken laws by not disclosing the chips' presence.
>
>At least one of the researchers said it violates the Swiss Federal Law
>on Data Protection of June 1992.
>
>"They may be exempt from those laws, but they certainly violated the
>spirit of the law by collecting highly personal information without their
>knowledge or consent," Mr. Steinhardt said.
>
>--
>S.Michael Malinconico
>School of Library and Information Studies
>The University of Alabama
>Box 870252
>Tuscaloosa, AL  35487-0252
>
>Tel:  +1(205)348-8824
>Fax:  +1(205)348-3746
>
>"But to live outside the law you must be honest."  R.Zimmerman


-- 


Al Kagan
African Studies Bibliographer and Professor of Library Administration
Africana Unit, Room 328
University of Illinois Library
1408 W. Gregory Drive
Urbana, IL 61801, USA

tel. 217-333-6519
fax. 217-333-2214
e-mail. akagan at uiuc.edu