RFID: Applications, Security, and Privacy / Edition 1

Hardcover (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $4.99
Usually ships in 1-2 business days
(Save 91%)
Other sellers (Hardcover)
  • All (11) from $4.99   
  • New (4) from $14.92   
  • Used (7) from $4.99   
Close
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
$14.92
Seller since 2008

Feedback rating:

(1758)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

New
2005 Hardcover New Ships out next day, click expedited for faster shipping.

Ships from: cadiz, KY

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$15.26
Seller since 2008

Feedback rating:

(1758)

Condition: New
2005 Hardcover New Ships out next day, click expedited for faster shipping.

Ships from: cadiz, KY

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$54.45
Seller since 2014

Feedback rating:

(267)

Condition: New
Brand New Item.

Ships from: Chatham, NJ

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$60.00
Seller since 2014

Feedback rating:

(148)

Condition: New
Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Close
Sort by

Overview

“RFID is the first important technology of the twenty-first century. That’s an awesome responsibility. How can we know when and how RFID is being used? How can we make sure it is not misused? How can we exercise choice over how it affects us personally? How do we ensure it is safe? This book is a valuable contribution to the ongoing effort to find the answers.”
—From the Foreword by Kevin Ashton, cofounder and former executive director, Auto-ID Center; vice president, ThingMagic Corporation

Radio frequency identification (RFID) technology is rapidly becoming ubiquitous as businesses seek to streamline supply chains and respond to mandates from key customers. But RFID and other new wireless ID technologies raise unprecedented privacy issues. RFID: Applications, Security, and Privacy covers these issues from every angle and viewpoint.

Award-winning technology journalist and privacy expert Simson Garfinkel brings together contributions from every stakeholder community—from RFID suppliers to privacy advocates and beyond. His contributors introduce today’s leading wireless ID technologies, trace their evolution, explain their promise, assess their privacy risks, and evaluate proposed solutions—technical, business, and political. The book also looks beyond RFID, reviewing the privacy implications of Wi-Fi, Bluetooth, smart cards, biometrics, new cell-phone networks, and the ever-evolving Internet. Highlights include

  • How RFID and other wireless ID technologies work
  • RFID applications—from gas stations and pharmacies to the twenty-first century battlefield
  • RFID, privacy, and the law—in theUnited States and around the world
  • RFID, security, and industrial espionage
  • How Bluetooth and Wi-Fi can track individuals, with or without their permission
  • Technical solutions to wireless ID privacy concerns—their values and limitations
  • Stakeholder perspectives from EPCglobal, Inc., Gemplus, The Procter & Gamble Company, and other industry leaders
  • The future of citizen activism on privacy issues

Clear, balanced, and accessible, this is the indispensable primer for everyone involved in RFID: businesses implementing or evaluating RFID; technology suppliers responding to user concerns; and policymakers and privacy advocates who want a deeper understanding of the technology and its implications.

Includes contributions from

AIM Global, Inc.
CASPIAN
Center for Democracy and Technology
EPCglobal, Inc.
The Galecia Group
Gemplus
IDAT Consulting & Education
Institute for the Future
Matrics, Inc.
MIT Computer Science & Artificial Intelligence Laboratory
MIT Media Laboratory
OATSystems
Privacy Journal
The Privacy Rights Clearinghouse
The Procter & Gamble Company
RSA Laboratories
UCLA Department of Geography
Wayne State University Law School


Read More Show Less

Product Details

  • ISBN-13: 9780321290960
  • Publisher: Addison-Wesley
  • Publication date: 6/17/2005
  • Edition description: New Edition
  • Edition number: 1
  • Pages: 608
  • Product dimensions: 7.18 (w) x 9.44 (h) x 1.32 (d)

Meet the Author

Simson Garfinkel is a computer security researcher and an award-winning commentator on information technology. Among his twelve books are Database Nation: The Death of Privacy in the 21st Century (O’Reilly, 2001) and Practical UNIX and Internet Security, Third Edition (O’Reilly, 2003). A columnist for CSO magazine, Garfinkel’s columns earned the 2004 and 2005 Jesse H. Neal National Business Journalism Award. He recently received his Ph.D. in computer science from MIT.

Beth Rosenberg is a writer, editor, and journalist with fifteen years of experience in emerging technologies. She has written for the Boston Globe, Boston magazine, and the Christian Science Monitor, and edited a book for Harvard’s Kennedy School of Government.

Read More Show Less

Read an Excerpt

There’s a school bus stopped outside a middle school Spring, Texas, a wealthy suburb on the northern edge of Houston’s metropolitan sprawl. Inside the bus several well-dressed and obviously well-off children stand in the aisle waiting to get off. Sandra Martinez, a 10-year-old with a thick brown braid and a charcoal grey blazer, pauses while she takes her ID card, hanging from a lanyard around her neck, and presses it against the large grey panel that’s mounted on the big padded barrier that divides the stairwell from the passenger compartment.

The panel beeps.

Sandra descends the school-bus steps and the next student fumbles for her ID card. Meanwhile, a computer onboard the bus is hard at work. First the computer takes a geospatial reading from the Global Positioning System receiver that’s mounted inside the bus. Next, the computer, using an onboard digital cell phone, sends to Spring Independent School District the precise time and location that Martinez left the bus using an onboard digital cell phone. This information is made instantly available on a Web site where it can be accessed by Martinez’s parents, the school administration, or anyone else with the appropriate access codes. The purpose of the system, which was installed at a cost of $180,000, is to let parents know precisely when and where their children get on or off the school bus. “If it works one time, finding a student who has been kidnapped, then the system has paid for itself,” Brian Weisinger, the head of transportation for the Spring district, told the New York Times.1

No student has ever been kidnapped in Spring, Texas.

A slightly differentstudent tracking is in use at the Enterprise Charter School in Buffalo, New York. There, a pair of kiosks that were purchased at a cost of $40,000 read ID tags as students enter and exit the building. Mark Walter, head of technology for the Buffalo school, told the New York Times that initially, the system failed to register some students, but now it works pretty well. Advocates of the technology say that it just might even be expanded—for example, with readers placed on individual classroom doors to see if students are attending their classes.

Some students, of course, invariably forget their tags at home or lose them. Some might even purposely throw them away. Even for these students, technology has an answer: In late 2004, the U.S. Food and Drug Administration approved for general use a tiny radio tag that can be implanted under the skin. Similar technology has been used to track household pets since the 1990s.

Meanwhile, by the time this book is in print, the U.S. State Department will probably have started issuing passports that carry a tiny RFID chip that includes 64 kilobytes of memory and, alas, can be covertly read at a distance of 30 feet by anyone with a suitable reader and a good antenna.2 The State Department says that there’s no need to worry: The data on the chip will reportedly be encrypted, so anybody who reads it will only read gibberish. The RFID Controversy and the Technology That Fuels It

Radio Frequency Identification—better known as RFID—is fast becoming one of the most controversial technologies of our era.

Proponents of RFID say that the tiny tags, made out of silicon chips and radio antennas, can stamp out counterfeit drugs, fight terrorism, and at the same time help Wal-Mart keep its shelves stocked. They say that widespread adoption of RFID will allow companies to improve efficiency, cut costs, and offer dramatic new products and services to their customers. Most proponents scoff that the technology has a downside at all—other than perhaps the cost of the tags, and the cost of tags is dropping fast.

But RFID has many critics. The most vocal are privacy activists who argue that the technology’s unprecedented ability to track the movement of individually serialized objects could be turned around and used to track the people carrying those objects. They worry that the RFID readers across the nation could report back to a single global network that could be used by the government as a kind of roving geographical wiretap.

Many critics argue that RFID is a threat not just to individuals, but to corporations and governments as well. In a few years, RFID readers at warehouse doors will allow companies to inventory the contents of cartons without opening them. But without the proper controls, the technology could also facilitate industrial espionage by giving competitors unprecedented access to a company’s inventory. And once you begin thinking about RFID as an offensive technology, a lot of possibilities start emerging. Just as toll roads can use RFID to read E-ZPass tags and automatically debit drivers’ accounts, an RFID-equipped bomb could wait patiently until it senses the tag of a particular individual driving above, and then detonate. Want to falsely implicate someone in a crime? Just clone one of their RFID tags and then arrange for it to pass by a particular reader just minutes before a murder.

This book is the first of its kind to explore the wide range of security and privacy issues that are being raised by RFID technology. It is the first book to bring together advocates and opponents from across the RFID spectrum. In its pages you will find chapters from companies that are producing RFID readers; from companies that are busy putting products with embedded RFID-tags on their shelves; and from the very privacy activists who are trying to stop them. Bringing together this diverse group of individuals and organizations has taken a lot of time and work. The result is the most balanced and accurate discussion you will find of RFID technology and its attendant controversy anywhere on the planet.RFID: What Is It?

As its name implies, the term RFID is generally used to describe any technology that uses radio signals to identify specific objects. In practice, this means any technology that transmits specific identifying numbers using radio. Electronic Article Surveillance (EAS) systems, used by many clothing and music stores to set off an alarm when a shoplifter steals an item, are not RFID because the EAS tags do not have individual codes or serial numbers that can be read remotely. The Mobil Speedpass system used to pay for gas is an RFID system: Each Speedpass tag contains a unique serial number that is used to identify the tag’s owner.

Each RFID tag consists of a silicon chip, an antenna, and some kind of housing. The tags come in sizes as large as a paperback book and smaller than a grain of rice. So-called active tags contain batteries, while passive tags are powered directly by the radio frequencies used to read them. The reading range of a tag depends on many factors, including the tag’s electronics, its antenna, the reader, the radio frequencies used, and decisions made at the time the system is deployed. It is therefore inaccurate to state a “typical tag’s” read range without first specifying what kind of tag you are using. (I explain these technical issues and others in Chapter 2, Understanding RFID Technology.)

Already, RFID technology is broadly deployed within the United States. Between the “proximity cards” used to unlock many office doors, and the automobile “immobilizer chips” built into many modern car keys, it’s estimated that roughly 40 million Americans carry some form of RFID device in their pocket every day. I have two: Last year MIT started putting RFID chips into the school’s identity cards, and there is a Philips immobilizer chip inside the black case of my Honda Pilot car keys.

Many of today’s media accounts of RFID aren’t about these proprietary devices or RFID in general, but the standardized Electronic Product Code (EPC) chips that were developed by the Auto-ID Center and are now being overseen by EPCglobal, a trade organization. RFID systems have been around for more than thirty years, opening office doors and tagging laboratory animals, but when the EPC was introduced, these systems were too expensive for mass deployment. By standardizing on a simple chip design and over-the-air protocol, EPC is able to take advantage of mass production’s efficiencies.

EPC tags are designed to replace today’s ubiquitous Universal Product Code (UPC) bar codes, except instead of identifying the maker and kind of product, the 96-bit EPC code will give every package of razors, box of pancake mix, and pair of sneakers its own unique serial number. The tags, which operate in the unlicensed radio spectrum between 868 MHz and 965 MHz, can be read at a distance of many feet and through paper, fabric, and some plastics. And although the tags can cost as much as a 40 cents today, when purchased by the millions, the cost rapidly decreases to 10 cents per tag or less. (Sanjay Sarma, one of the founders of the Auto-ID center, explains the birth of the Auto-ID center and the EPC in Chapter 3, A History of the EPC.)RFID Comes of Age

I had my first experience with RFID technology in January 1984. I was a freshman at the Massachusetts Institute of Technology and had just taken a job at one of MIT’s new biology labs. For added security, the lab had installed a keyless entry system. The lab gave me thick blue card to put in my wallet. To get into the secure area, all I had to do was wave my wallet in front of a special reader. Within a few days I learned that I could just bump against the reader, leaving my wallet in my pocket. It was very cool and high-tech and allegedly very secure.

After a few weeks in my wallet, the top layer of the card’s plastic was starting to peel away. And a few days after I quit that job, I ripped open the card to see how it worked. Underneath the laminate I found a printed circuit board, a chip that was the size of a postage stamp, and a dozen or so metal pads, some of them shorted together with a dab of solder.

It was immediately clear that my card’s serial number was determined by which pads were soldered together and which had been left open. My ID number had been canceled when I resigned, but in theory I could have changed my card’s ID to someone else’s simply by making or breaking a few connections on the card. I never tested this hypothesis, but there is no reason why it shouldn’t have worked. (Twenty years later, the security of many proximity card systems has only marginally improved; Jonathan Westhues explores other ways of subverting the security of proximity cards in Chapter 19, Hacking the Prox Card.)

I promptly forgot about RFID for the next ten years. Then, in 1994, my editor at Wired Magazine asked me to write a brief article about ID chips that were being injected into cats and dogs. I called up the chip manufacturer and learned that the technology was being used for far more. Some firms were using RFID to track the movement of gas cylinders; other companies were using it to follow the paths of tools at job sites. A few nursing homes were even experimenting with tagged bracelets that could automatically set off alarms when Alzheimer patients wandered out the back door.

A few months later I learned that highway authorities from Massachusetts and New York to California were in the final stages of testing RFID-based Electronic Toll Collection (ETC) systems for a variety of highways and bridges. The tags, which could be read at speeds of up to 100 miles per hour, would cut traffic jams and the resulting levels of smog at toll booths. But it was also clear that the new ETC systems would also create a huge database recording the precise time and location of every toll crossing by every tagged car.

The planners of those early RFID systems said that it was important to establish policies that would prevent toll-crossing information from being used for purposes unrelated to traffic management. But such policies were never adopted. These days ETC databases are routinely used by law enforcement agencies to track the movement of suspect cars—and by both divorce and labor lawyers to track the movements of people under investigation. I spoke with these technologists in the 1990s: None of them wanted to create a ubiquitous surveillance system that would permanently record the movements of cars on the highways and make that information available to anybody with a subpoena. Yet somehow, that’s the system we got.RFID: A Choice We Face

Newspaper and magazine stories about RFID frequently present the technology as one that forces us to make trade-offs and compromises. Almost always, RFID is portrayed as promising some new convenience or security feature, but in return, consumers must be willing to give up a little privacy to reap these benefits.

ETC is perhaps the best example of this tradeoff. With an E-ZPass tag you can speed through the toll booths on the George Washington Bridge, but that nasty divorce attorney will be able to get a blow-by-blow record of every time you entered and left Manhattan for the past year.

But making E-ZPass a combination toll payment and surveillance system was a conscious choice on the part of the engineers who designed the system and the highway administrators who approved it. Instead of broadcasting a serial number that’s used to debit an account, the creators of E-ZPass could have adopted a more complex over-the-air protocol based on anonymous digital cash. Such a system would actually have been more secure—that is, more resistant to various kinds of cloning, fraud and abuse—than the account-based systems in a growing number of states. But as near as I have been able to determine, the system based on digital cash was never seriously considered.

The question of whether or not the nation’s ETC system should preserve privacy or be a tool for surveillance should have been a subject of public debate. But it wasn’t. Instead, policy was determined by a small number of technologists and administrators with virtually no input from either the public or elected officials.

In Massachusetts, for instance, when the Massachusetts Turnpike Authority (MTA) issued its request for proposal (RFP) to contractors interested in supplying the ETC technology to the state, the RFP mandated that respondents propose only account-based systems similar to New York’s E-ZPass. (Not surprisingly, a Boston-area company called ATCom, which had a system based on anonymous digital cash, cried foul, arguing that they had been frozen out of the bidding process because they had a technology that preserved privacy!)

John Judge was the MTA official responsible for the decision. When I called him up to ask about the RFP, he told me in 1997 that “privacy is a non-issue.”

I think that is the experience nationwide, as least as it relates to electronic toll collection. Privacy has not been an issue that has emerged nationally. I think that is principally because it is a voluntary system. If you are of a mind where you might be concerned about privacy issues, you just don’t have to join the program and can use the traditional toll collection methods. I don’t think that it is any more an issue than credit cards.3

Did John Judge and other MTA administrators not hear an outcry from an enraged electorate because the electorate simply wasn’t informed about any decisions? Wide-scale public notification of the system’s design happened only after contracts were signed, equipment was installed, and administrators were trying to accelerate the public’s adoption of Massachusetts’ “FastLane” technology. At that point it was too late to challenge the system’s underlying design. Instead, consumers were simply given a “take it or leave it” choice for the convenient but admittedly invasive technology. RFID Is Different

For the record, John Judge was wrong. The privacy and security considerations of RFID systems are profoundly more complex than those associated with credit cards.

For starters, radio waves are both invisible and penetrating. I cannot read your credit card if it is in your pocket, but I can read a proximity card or even an RFID-enabled credit card in that same place. Every E-ZPass or FastLane tag has a small battery that lasts for five years or so; without significantly increasing costs, each E-ZPass tag could have been equipped with a tiny speaker that would “beep” whenever the tag was read. Because they are not, there is no simple way for users of E-ZPass and the like to audit the system for themselves. Are there hidden E-ZPass readers scattered around New York City or Washington, D.C.? If each E-ZPass tag had a tiny speaker, it would be a simple matter to find out about unpublicized reader deployments.

The choice between using or abstaining from RFID-based payment systems on the highway is profoundly different from the choice between using cash and using credit in another important way. Whether you buy your lunch with cash or a credit card, the length of the overall transaction is about the same. With RFID this is not the case. At Boston’s Logan Airport on a typical weekday night, you might wait in line for ten minutes or longer to make it through the tolls. But if you’re willing to give up your privacy, you can sail through the FastLane electronic toll lane at 100 miles per hour—well, at 40 miles per hour, at least. So unlike people who buy their lunch with cash, people who try to travel the highways with cash end up paying a considerable penalty for the privilege of preserving their privacy.

It’s probably too late to change the toll payment system used by Connecticut, Maine, Massachusetts, New Jersey, New York, Pennsylvania, and a growing number of other states. Today’s highway regulators aren’t interested in experimenting with new RFID systems; they’re interested in seeing a single system deployed throughout the United States so that drivers can travel coast-to-coast without reaching for their coins. Once a technological direction is embarked upon, it is very difficult to start making incompatible choices.

This is not to say that privacy on the highway is lost. We can still have the privacy of our toll crossings; we just can’t assure that privacy through technical means. But states or the federal government could pass legislation—if there were political will, to set a high threshold for protecting toll-crossing information. Such legislation could make RFID-collected toll crossing information “off limits” for use in divorce proceedings, for instance, much in the way that the Video Privacy Protection Act of 1988 (18 U.S.C. Sec. 2710) made videotape rental records off limits. (The VPPA, better known as the Bork Bill, was passed after Judge Bork’s video rental records were obtained by Washington, D.C.’s City Paper. The bill sped through Congress soon afterwards—allegedly because lawmakers were worried that their own video rental records might be similarly obtained and published.) RFID-protection legislation could set standards that needed to be followed for the protection of the information, and it could establish a “data retention” policy that required RFID-collected information to be destroyed after six months.

Our lawmakers could pass such legislation quickly. All it takes is the political will. (Stephanie Perrin and Jonathan Weinberg explore global and national privacy regulations and discuss how those regulations apply or could be applied to RFID in Chapter 4, RFID and Global Privacy Policy, and Chapter 5, RFID, Privacy, and Regulation, respectively.)

Alternatively, privacy protections can be built directly into RFID technology itself. The EPC standard, for instance, supports a “kill” command that makes it possible to permanently disable tags after they are no longer needed. If tags might be needed for some kind of post-sale use—for example, enabling a product return—it might be possible to remove the tag’s antenna so that the reader needs to be in physical contact with the device. Yet another approach is the so-called RFID blocker tag, which jams all RFID transmissions within a sphere around the holder—think of this as a kind of “sphere of privacy.” (Ari Jules, one of the co-inventors of the blocker tag, explores these and other technological solutions to the RFID privacy problem in Chapter 21, Technological Approaches to the RFID Privacy Problem.)RFID Is Not Different

But on a deeper level, John Judge was right—just not for the reason that he thought. Privacy on the highways is a non-issue because the right to anonymous travel had already been considered at the dawn of the automobile and was rejected.

Horses and buggies didn’t have to be registered, but soon after motorized vehicles were introduced, they were required to display license plates in every state of the United States. The explicit purpose of the plates was to make every car different and, by so doing, eliminate anonymity.

These days the technology for reading and automatically recognizing license plates has been virtually perfected. RFID-based systems are more accurate than optical license plate readers: They can read when the car is moving at a higher speed, and they are not affected by mud, rain, or fog. But the fundamental question of anonymous travel on the roads has already been resolved in the negative: Americans don’t have it—at least not if they want to drive their own car.

And here, RFID promoters maintain, is the fundamental problem in discussing the technology in a vacuum: Practically without exception, every threat to privacy that could conceivably be caused by RFID can already be accomplished using some combination of other technologies. The cat is already out of the bag! What the RFID industry really needs to do, noted Canadian computer columnist Peter de Jager argues in Chapter 30, Experimenting on Humans Using Alien Technology, is to stop scaring the public with frightening scenarios and product names and instead clearly articulate to the public the advantage that will come from the technology—be that advantage improved customer service, lower costs, or decreased fraud.

Such thinking might be dangerous, however. Privacy activists like Beth Givens (Chapter 29, Activists: Communicating with Consumers, Speaking Truth to Policy Makers) argue that before we deploy this technology, we should more carefully assess its impact—something that really hasn’t been done to date. Although it is true that stores can use store loyalty cards, credit cards, and even face-recognition technology to track people and their purchases, it may be that the increased accuracy of an RFID tag hidden in your clothing or buried in the sole of your shoe fundamentally changes the kinds of applications that stores and other businesses are willing to deploy. RFID and the Public’s Right to Know

Whether RFID presents a doomsday scenario or not, I believe that at the very least we have a right to know when we are being monitored by radio frequency devices. Because radio waves are invisible and penetrating, RFID has the potential to be a uniquely covert technology. I can’t tell if there is an RFID tag buried in the sole of my shoe. I can’t see if a store’s RFID reader is silently and invisibly inventorying the clothes on my body.

Philips Semiconductors, one of the worldwide leaders in RFID, claims that it has shipped more than a billion RFID devices worldwide. This astonishing figure was announced by Mario Rivas, the company’s executive vice president for communications, at the MIT RFID Privacy Workshop.

Many people in the audience were visibly shocked when Rivas made his statement. After all, RFID is usually presented in the popular press as something of a fledgling technology that is still being tried out, not as a mature technology that has a solid role in the worldwide marketplace. But over the past ten years, RFID has made stunning gains. Indeed, Mark Roberti, editor of the RFID Journal, estimates that between 20 and 50 million Americans carry an RFID chip in their pocket every day—either in the form of a proximity card used for entering buildings and garages or else an automobile key with an immobilizer chip molded into the key’s plastic handle.

One way to make the invisible visible is through the use of regulations and laws. Two years ago I called upon the RFID industry to adopt an RFID consumer “Bill of Rights,”4 in which the industry would pledge to refrain from various nefarious practices, such as hiding RFID chips in clothing or other consumer products without notification, having secret RFID readers, and giving consumers the option of having chips deactivated in products that they purchase. Other policy suggestions included in this book are: Privacy Rights Clearinghouse position paper (Appendix A), a position paper from the Electronic Frontier Foundation (Appendix B), and Japan’s METI Draft Guidelines on the use of RFID (Appendix C).

Some of these proposals are actually in the “Guidelines on EPC for Consumer Products”5 (Appendix E), which are on the Web site of EPCglobal, the internal consortium that is overseeing the allocation of RFID serial numbers used in many consumer products. But the guidelines are considerably watered down from what I and others have proposed. For example, EPC guidelines say that consumers should have the right to know if an EPC RFID tag is inside a product that is purchased, but they don’t have a right to know about the presence of readers in a store or other public places. Instead of giving consumers the right to have a tag removed or deactivated (killed), the guidelines instead say that consumers have to be told whether or not they have such a right. Instead of giving consumers a right to know what the RFID information is being used for, the policies simply call for companies to publish their policies regarding “Record Use, Retention, and Security” on their Web sites.Organization of This Book

This book is divided into 5 parts; it includes 32 chapters and 6 appendixes.

Part I, Principles, examines the history, underlying technology, and public policy debates that affect RFID technology in general.

Chapter 1, Automated Identification and Data Collection: What the Future Holds, by Dan Mullen and Bert Moore, looks at the past, present, and future of Automatic Identification and Data Collection technologies, from the bar code to advanced RFID systems. Dan Mullen is president of AIM Global, the Association for Automatic Identification and Mobility. I met him when I was serving on the Auto-ID Center’s outside public policy committee. Bert Moore is director of IDAT Consulting & Education, a technology-agnostic, vendor-independent firm that helps companies understand, evaluate, select, and implement automatic identification and data collection (AIDC) solutions. Think of this chapter as the RFID industry’s position paper of what can be done with the technology.

Chapter 2, Understanding RFID Technology, by Henry Holtzman and me, is a brief tutorial on how RFID systems work. Henry Holtzman is Research Scientist at the MIT Media Laboratory and the founder of Presto Technologies, which developed an RFID-based payment system back in the go-go 1990s. My contributions to this chapters are based, in part, on Matt Reynolds’s presentation at the RFID Privacy Workshop, which Henry and I organized in the fall of 2003. In this chapter, you’ll learn the theoretical range at which RFID devices can be read. You’ll learn of some basic RFID applications that aren’t covered elsewhere in this book.

Chapter 3, A History of the EPC, by Sanjay Sarma, looks specifically at the history and development of the Electronic Product Code and the Auto-ID center. Sanjay Sarma is the cofounder of the Auto-ID center; we are honored to have his personal perspective on the history of what may be the twenty-first century’s most important commercial code.

Chapter 4, RFID and Global Privacy Policy, by Stephanie Perrin, introduces the reader to various international conventions and national laws on data protection and shows how those rules are likely to affect the deployment and use of RFID systems. Based in Montreal, Stephanie Perrin is a recipient of the Electronic Frontier Foundation’s Pioneer Award for her role as a global privacy advocate. These days she spends her time consulting on various privacy issues to the Canadian government and global corporations.

Chapter 5, RFID, Privacy, and Regulation, by Jonathan Weinberg, explores how U.S. law might respond to RFID technology. Jonathan Weinberg, a professor of law at Wayne State University, has written extensively about privacy and Internet law and regulation.

Chapter 6, RFID and the United States Regulatory Landscape, by Doug Campbell, is an in-depth examination of how RFID technology is likely to be regulated by the U.S. federal bureaucracy. In this chapter, Doug Campbell looks at issues such as government access to stored data, the impact on health, impact on labor regulations, and ways various actors are likely to respond to changing frameworks.

Chapter 7, RFID and Authenticity of Goods, by Marlena Erdos, explores uses of RFID tags in product authenticity. The chapter looks at the interaction of authentication of tags and the authentication of goods and at other related authentication issues. Marlena Erdos is an expert in secure distributed computing systems, having architected, designed, and implemented them for well over a decade. Recent interests (and work assignments) have led her into analysis and design of secure RFID-based systems.

Chapter 8, Location and Identity: A Brief History, by Michael R. Curry, explores the evolution of “location” as a concept throughout the ages. The author is an associate professor at the University of California, Los Angeles, department of geography. This chapter spans three thousand years of history and asks whether or not the “time-honored” ways of identifying places and things are in fact far more complicated than the notion that everything has a place and every event takes place at a particular time. It’s certainly the only chapter in this book to discuss both Aristotle and Lee Harvey Oswald.

Chapter 9, Interaction Design for Visible Wireless, by Chris Noessel, Simona Brusa Pasque, and Jason Tester, looks at techniques for making RFID and other wireless technology visible to nontechnical users. The trio of designers began working with RFID while attending the Interaction Design Institute Ivrea in Italy. Noessel has gone on to a job in research. Busa Pasque is pursuing studies in industrial design in Milan. Tester is working with the Institute for the Future in Palo Alto, California.

Part II, Applications, looks at specific consumer-facing RFID applications that have been or are about to be fielded.

Chapter 10, RFID Payments at ExxonMobil, looks at one of the most successful RFID deployments to date: the Speedpass payment system developed by

Read More Show Less

Table of Contents

Ch. 1 Automatic identification and data collection : what the future holds 3
Ch. 2 Understanding RFID technology 15
Ch. 3 A history of the EPC 37
Ch. 4 RFID and global privacy policy 57
Ch. 5 RFID, privacy, and regulation 83
Ch. 6 RFID and the United States regulatory landscape 99
Ch. 7 RFID and authenticity of goods 137
Ch. 8 Location and identity : a brief history 149
Ch. 9 Interaction design for visible wireless 163
Ch. 10 RFID payments of ExxonMobil 179
Ch. 11 Transforming the battlefield with RFID 189
Ch. 12 RFID in the pharmacy : Q&A with CVS 201
Ch. 13 RFID in healthcare 211
Ch. 14 Wireless tracking in the library : benefits, threats, and responsibilities 229
Ch. 15 Tracking livestock with RFID 245
Ch. 16 RFID : the doomsday scenario 259
Ch. 17 Multiple scenarios for private-sector use of RFID 275
Ch. 18 Would Macy's scan gimbels? : competitive intelligence and RFID 283
Ch. 19 Hacking the prox card 291
Ch. 20 Bluejacked! 303
Ch. 21 Technological approaches to the RFID privacy problem 329
Ch. 22 Randomization : another approach to robust RFID security 341
Ch. 23 Killing, recoding, and beyond 347
Ch. 24 Texas instruments : lessons from successful RFID applications 359
Ch. 25 Gemplus : smart cards and wireless cards 367
Ch. 26 NCR : RFID in retail 381
Ch. 27 P&G : RFID and privacy in the supply chain 397
Ch. 28 Citizens : getting at our real concerns 413
Ch. 29 Activists : communicating with consumers, speaking truth to policy makers 431
Ch. 30 Experimenting on humans using alien technology 439
Ch. 31 Asia : billions awaken to RFID 451
Ch. 32 Latin America : wireless privacy, corporations, and the struggle for development 467
App. A Position statement on the use of RFID on consumer products 481
App. B RFID and the construction of privacy : why mandatory kill is necessary 497
App. C Guidelines for privacy protection on electronic tags of Japan 507
App. D Adapting fair information practices to low-cost RFID systems 515
App. E Guidelines on EPC for consumer products 525
App. F Realizing the mandate : RFID at Wal-Mart 529
Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted June 28, 2006

    speculative deployments

    The chapters are written by different authors, concerning various aspects about RFID. The topics give an idea of the scope of RFID deployment. None of the chapters would be considered technical. You are not required to be an electrical engineer to follow any chapter. One chapter talks about inserting RFID tags into livestock. In part to combat the age old problem of rustling, which still exists. The chapter has an engagingly termed section 'World Livestock Roundup', which showcases RFID in livestock in several countries. The deployment is quite advanced. Already, the EU and New Zealand mandate it for all livestock, and have done so for over 5 years. Given the cost of a cow or sheep, the tags are quite affordable. This chapter is significant. Unlike virtually the rest of the book, it demonstrates RFID as already existing in a mature deployment, and not as blue sky musings. Other chapters are more speculative. In part because when the tags might be associated with or carried by people, serious issues of privacy arise. Some deployments are described under the rubric of enhancing child safety. But the extension to adults is highly contentious. Even more so when one considers not the carrying of a tag, but the insertion of a tag into a person's skin. In the US, we can readily envisage deep discontent over this, from libertarians to the religious right. It turns out that many of the suggested difficulties are not primarily technical. Rather, they exist in the business or social realm, and may be harder to solve.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)