rfid – Techdirt (original) (raw)

Stories filed under: "rfid"

Egyptian Government Plans To Track The Movement Of 10 Million Vehicles With Low-Cost RFID Stickers

from the just-for-traffic-management,-you-understand dept

Just under three years ago, Techdirt wrote about China’s plan to install satnav tracking devices on vehicles in Xinjiang. That was just one of several early signs of the human rights abuses happening there. Today, people are finally waking up to the fact that the indigenous turkic-speaking Uyghur population is subject to some of the harshest oppression anywhere on the planet. Tracking huge numbers of vehicles might seem to be a typically over-the-top, money-no-object Chinese approach to total surveillance. Unfortunately, there are signs the idea is starting to spread, as this story in RFID Journal explains:

Egypt’s Ministry of Interior (MOI) plans to identify millions of vehicles as they travel on the country’s roads, using an RFID solution from Go+, with hardware and software provided by Kathrein Solutions in cooperation with Wireless Dynamics. The system, which will be implemented across approximately 10 million of the country’s vehicles throughout the next five years, consists of passive UHF RFID stickers attached to each car’s windshield, as well as tags on headlamps that respond to interrogation from readers installed above roadways, even at high speeds.

One justification for the move is to provide information on traffic flows. Another is to identify drivers who have been found guilty of traffic violations, and who should therefore not be on the roads. But plans to send all the data to a cloud-based data center will create a database that will eventually track every vehicle in the country. That will clearly be an invaluable resource for the country’s police and security forces, which unfortunately seem to take China’s approach to anyone who voices opposition to the authorities. Here’s what Human Rights Watch wrote in its most recent report on the country:

Since President Abdel Fattah al-Sisi secured a second term in a largely unfree and unfair presidential election in March, his security forces have escalated a campaign of intimidation, violence, and arrests against political opponents, civil society activists, and many others who have simply voiced mild criticism of the government. The Egyptian government and state media have framed this repression under the guise of combating terrorism, and al-Sisi has increasingly invoked terrorism and the country?s state of emergency law to silence peaceful activists.

As well as the negative impact on human rights in Egypt, there is another troubling aspect to this move. According to the RFID Journal article, the company providing the new system, Go+, is “in discussions with four other countries about the possibility of implementing this solution once the Egyptian system is fully deployed.” China’s mass tracking of the Uyghurs in Xinjiang using satnav devices pioneered the idea of carrying out vehicle surveillance on a hitherto unseen scale, regardless of the cost. Egypt’s use of the much cheaper RFID trackers represents a worrying evolution of the idea. If the roll-out is successful, it could encourage other governments to adopt a similar approach, to the detriment of civil liberties in those countries.

Follow me @glynmoody on Twitter, Diaspora, or Mastodon.

Filed Under: egypt, privacy, rfid, tracking

Malaysia To Introduce RFID Tracking For Every Vehicle

from the what-could-possibly-go-wrong? dept

Here on Techdirt, nationwide tracking schemes tend to raise a red flag. In Malaysia, by contrast, there seem to be no such worries, as ambitious plans to introduce RFID tagging for all vehicles, reported by The Sun Daily, indicate:

> A new vehicle security tracking system suitable for all types of vehicles — the Radio Frequency Identification (RFID) — will be implemented nationwide by the Road Transport Department (JPJ) by 2018.

According to the article, there are plenty of advantages of doing so:

> This new system will enable the police and other authorities to effectively track down criminals

And:

> the RFID technology will herald a new era for vehicle security in Malaysia and it could be the answer to combat vehicle theft and cloned vehicle syndicates.

Moreover:

> the RFID can also be used to provide real-time monitoring on road traffic situation.

And if you’re worried that ne’er-do-wells might seek to avoid being tracked simply by ripping off said RFID tags, fear not, Malaysia has that covered:

> theSun understands that the RFID tag is designed to shatter should any one attempt to tamper with it and can transmit a warning to the JPJ and police, should any one try to remove the sticker.

Sounds pretty foolproof. So why aren’t other countries rushing to adopt this approach?

> Interestingly, RFID technology has been criticised in many countries for its effectiveness to track vehicles movement and citizens. It has been widely accused for invasion of privacy in Belgium, Italy, UK and US.

I just can’t imagine why.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: cars, driving, malaysia, privacy, rfid, surveillance, tracking

NYC Tracking E-ZPass Tags All Over The City, Without Telling Drivers

from the big-brother-is-watching dept

New York, and many states in the northeast and midwest, use an RFID toll-paying solution called E-ZPass (the system works in multiple states — but not all, which is why, for example, you can’t use the E-ZPass on California’s Fastrak system). Ever since E-ZPass came into existence, some have expressed concerns that the tags would be used for tracking, rather than just for more convenient and efficient toll-paying. And, in fact, the toll-paying records have been used in a variety of legal cases, from catching an official who falsified time sheets to being used as evidence in divorce cases. But all of those still involved using the records at the actual tolls, where everyone knows the tags are being read.

However, it turns out that New York City has had an ongoing program to surreptitiously scan the tags in a variety of places supposedly for monitoring traffic. Indeed, you could see how that sort of traffic information might be useful, though these days with many other forms of traffic monitoring systems out there, it’s probably a lot less necessary than before. But this was only discovered because a hacker going by the name Puking Monkey (one assumes this was not his given name) got suspicious and hacked up an E-ZPass to light up and make a sound whenever it was read. Then he drove around Manhattan, and voila, the tag kept going off:

As Kash Hill’s article at Forbes notes, this has been going on for years, though, the various agencies involved have been rather quiet about it, and (perhaps most importantly) this type of usage does not appear to be disclosed in the terms and conditions for the E-ZPass. Oops.

The technology company that makes the devices insists that it’s not being used for any surveillance:

“The tag ID is scrambled to make it anonymous. The scrambled ID is held in dynamic memory for several minutes to compare with other sightings from other readers strategically placed for the purpose of measuring travel times which are then averaged to develop an understanding of traffic conditions,” says TransCore spokesperson Barbara Catlin by email. “Travel times are used to estimate average speeds for general traveler information and performance metrics. Tag sightings (reads) age off the system after several minutes or after they are paired and are not stored because they are of no value. Hence the system cannot identify the tag user and does not keep any record of the tag sightings.”

Of course, even if that is true today, that doesn’t mean it will always be true. We’re already well aware of how the NYPD is known for the extreme lengths it will go in terms of surveillance, including the fact that it’s set up its own intelligence division that many say rivals the intelligence operations of entire nations. Since the folks behind E-ZPass didn’t seem to think it was necessary to tell people that their devices would be used for traffic monitoring, how likely is it that anyone would be told if it was used for surveillance as well?

Filed Under: e-zpass, nyc, rfid, tolls, tracking, traffic

Texas School District Drops Embattled RFID Student IDs; Opts For Tons Of Cameras Instead

from the No-Child-Left-Unwatched dept

The Northside Independent School District (NISD) of Texas, best known for being sued by a student over its mandatory RFID card policy, is dropping the technology that originally landed it in the courtroom.

These chipped student ID cards were deployed to track students in hopes of bumping up the district’s attendance numbers — thus increasing its share of funding tied to daily attendance. Despite the court deciding in its favor, declaring the cards didn’t violate the students’ privacy or “right of religion,” the district has decided to abandon the RFID tracking system. Apparently, the technology wasn’t quite the attendance silver bullet administration thought it would be, as Slate’s Will Oremus discovered.

Northside Independent School District spokesman Pascual Gonzalez told me that the microchip-ID program turned out not to be worth the trouble. Its main goal was to increase attendance by allowing staff to locate students who were on campus but didn’t show up for roll call. That was supposed to lead to increased revenue. But attendance at the two schools in question—a middle school and a high school—barely budged in the year that the policy was in place. And school staff found themselves wasting a lot of time trying to physically track down the missing students based on their RFID locators.

Great. So something was so direly important it needed to be battled in court, but so ultimately useless the district abandoned it a year later. The failure of RFID cards to attach these Texas schools to the state money train probably won’t deter other schools from implementing this technology. If anything, the court’s ruling will make it easier for other districts to defend themselves against privacy complaints.

The most disappointing aspect is that the district has decided to swap one form of surveillance for another.

Meanwhile, Gonzalez told me Northside plans to capture the safety and security benefits of RFID chips through other technological means. “We’re very confident we can still maintain a safe and secure school because of the 200 cameras that are installed at John Jay High School and the 100 that are installed at Jones Middle School. Plus we are upgrading those surveillance systems to high-definition and more sophisticated cameras. So there will be a surveillance-camera umbrella around both schools.”

Some call it a panopticon. Some call it an umbrella. Using the word “umbrella” lends it a protective aspect, which is a bit misleading. This tactic seems unlikely to increase attendance and there’s very little evidence that indicates more cameras = more safety.

The district’s administrator also took care to point out that dropping the RFID cards was not a victory for civil liberties advocates.

But the backlash and the lawsuit weren’t the deciding factors, Gonzalez told me. “While [privacy groups] are extolling the fact that they won, the fact is that that was a very minor part of our conversation, because the federal court and the court of appeals both upheld Northside’s position on that. We were on solid ground.”

Well, whatever justifies the district’s actions, I guess. Gonzalez’ statement isn’t very flattering though, painting him as someone who values control over providing a welcoming learning environment.

Filed Under: cameras, rfid, students, surveillance, texas
Companies: northside independent school district

School District Wins Suit Filed Against It By Student Who Refused To Wear School-Issued Location Tracking ID Cards

from the another-'win'-for-school-administration----go-school! dept

Back in November we covered the story of a Texas student whose refusal to wear a school-issued ID card with an embedded RFID chip led to her suspension. Her family, along with the Rutherford Institute, took the school district to court, seeking a temporary restraining order which would allow the student to return to her school without wearing the Smart ID card.

The student's parents cited religious objections to the ID card/tracking device and the filing pointed out that requiring her to wear the badge violated both her First Amendment rights (by compelling speech — conveying a message she didn't agree with) and the Texas Freedom of Religion Act.

Considering the whole program itself was implemented almost solely in hopes of securing more funding by boosting attendance numbers and that the district had no specific policies in place when it began requiring the ID cards, one would hope that we'd be hearing of the student's return to school sans ID when the decision came down.

Unfortunately, the court's decision went the other way, and Andrea Hernandez has until January 18th to decide whether to wear the badge and return to her original school or transfer to another district school that has yet to implement the Smart ID cards.

A Texas high school student who claimed her student identification was the “Mark of the Beast” because it was implanted with a radio-frequency identification chip has lost her federal court bid Tuesday challenging her suspension for refusing to wear the card around her neck…

[Judge Orlando Garcia] tentatively halted the suspension, but changed course Tuesday after concluding that the 15-year-old’s right of religion was not breached…

Hernandez's family feels the ID card and embedded chip represent the “Mark of the Beast” as detailed in Revelations 13:16-18. The school's counteroffer — to have Andrea wear the badge without the RFID chip — was rejected by her family, which still felt the badge itself was representative of the Antichrist. Judge Garcia saw it differently, however.

“The accommodation offered by the district is not only reasonable it removes plaintiff’s religious objection from legal scrutiny all together,” (.pdf) U.S. District Judge Orlando Garcia wrote.

The Rutherford Institute plans to appeal this decision, claiming this decision is “not permissible under our constitutional scheme” and turns the district court into “an arbiter of what is and is not religious.”

The Institute has a point, for whatever it's worth. Hernandez's parents claimed that both the ID card and the embedded chip were offensive to their religious beliefs but the court here seems to have decided the compromise offered by the district negates the family's opinion on the chip-less ID card. The school's offer to transfer the student to another school within the district is also reasonable on its face, but it does take away a few options — namely, the classes Hernandez was attending this specific school for.

The school's interest in having Hernandez only appear to support the program could probably use some further examination as well, although angling for outward complicity isn't a violation of rights in and of itself. It does “compel” speech in a way, but more than simply rubbing the First Amendment the wrong way, it sends a message about what's truly important to the school district: that students show “support” for the district's policies… even if they object to them.

Filed Under: free speech, religion, rfid, school district, texas

Court Temporarily Blocks School District From Suspending Student For Refusing To Wear Student ID/Tracking Device

from the maybe-someone-should-ask-the-administration-to-wear-one-during-the-work-day dept

A few months back, Tim Geigner covered the story of a Texas school district's efforts to track its students' whereabouts using student ID cards with embedded RFID chips. The district attempted to paint this “students-as-livestock/prisoners” effort as being there for the safety of students and staff. But underneath all the “safety” talk was a large pile of money that the school district hoped to pocket. The so-called “Student Locator” project Texas' Northside Independent School District was implementing put school officials within handout distance of nearly $1.7 million in state government funds.

Although many students and parents have expressed their displeasure with the new program, it wasn't until a student at John Jay High School's Science and Engineering Academy opted out that any punishment had been handed out in connection with the RFID cards. Andrea Hernandez has refused to wear the ID card, citing religious and privacy reasons. In response, the school district has suspended her indefinitely, moving her to another high school in the same district that has not yet implemented the Smart ID policy.

Despite all the talk about “safety,” the school district was more than happy to undercut the entire stated purpose of the Smart ID in order to keep Hernandez and her family from speaking out against the program.

The school offered a special lanyard with the RFID tag removed, in the hopes to put a damper on the whole situation. The student’s father refused the deal, however, because it came with strings attached.

“He told me in a meeting that if my daughter would proudly wear her student ID card around her neck so everyone could see, he would be able to quietly remove her chip from her student ID card,” Steve Hernandez told WND. “He went on to say as part of the accommodation my daughter and I would have to agree to stop criticizing the program and publicly support … it. I told him that was unacceptable because it would imply an endorsement of the district’s policy and my daughter and I should not have to give up our constitutional rights to speak out against a program that we feel is wrong.”

Apparently, the ID cards are so essential that the school district is willing to suspend a student for not wearing one, but not essential enough that the ID card needs to be fully functioning. Any stated concerns about “safety” are completely laughable if the district is willing to let students wander the school grounds untracked, sporting only plastic badges.

It's pathetic that this attempt was even made. The school district's main concerns seem to be a) having students appear to support the program, b) using the RFID cards to provide proof of attendance in exchange for funding and c) shutting down criticism.

Unfortunately for the school, the attempted suspension is now on hold.

The Hernandez family decided to take action against the school with the help of the Rutherford Institute, a civil liberties and human rights group which immediately took the view that the school district is looking for more public funding, which it can only receive if there is proof of positive student attendance rates. Rutherford attorneys filed a petition for the aforementioned TRO, as well as immediate injunctive and declaratory relief alleging that the school’s actions violate Hernandez’s rights under Texas’ Religious Freedom Act, the First Amendment, and the Fourteenth Amendment.

“The court’s willingness to grant a temporary restraining order is a good first step, but there is still a long way to go—not just in this case, but dealing with the mindset, in general, that everyone needs to be monitored and controlled,” John W. Whitehead, president of The Rutherford Institute, said in a statement. While the TRO has been granted, a hearing on the preliminary injunction will take place next week.

The Rutherford Institute's filing (PDF) states that the district currently has no policy or procedure in place that deals directly with the RFID badges, much less one stating that students can be suspended for failing to wear the new IDs. It also points out that requiring Hernandez to wear a nonfunctioning ID as a “show of support” for the Student Locator Project violates her First Amendment rights by compelling her to convey a message she does not agree with. The filing also claims that the school district's ID program clearly violates both her Fourteenth Amendment rights as well as Texas Freedom of Religion Act. According to Hernandez, many other students have refused to wear the ID cards, but none of them have been punished to the extent that she is, prompting claims of religious persecution.

All in all, this doesn't look good for the school district, which has pushed through an intrusive student surveillance program in order to secure additional government funding. The “safety” of the student body is just the sales pitch. Any supposed “concern” for student safety went out the window, along with the legitimacy of the program, the moment the district offered to remove the tracking chip. The audacity of the district's actions is breathtaking — both the implementation of such a controversial program, and its response to this student's refusal to participate.

The only other situation in which human beings might need to be constantly surveilled at an individual level is at a maximum security prison. But if you're willing to treat minors looking for an education like dangerous convicted criminals, there's no telling what your next “bright idea” might be. Here's hoping this early effort leads to the entire program being scrapped before it can do any more damage.

Filed Under: rfid, schools, students, texas, tracking

RFID Tagging Students Is All About The Money

from the chips-for-dough dept

Usually when I think of RFID chips, I tend to think of them being used for safety purposes. After all, my dog is chipped in case she decides to run off for greener pastures or tastier treats (DAMN IT, DOG, I GIVE YOU BACON ALL THE TIME!). But, despite safety often being the front man for using RFID technology, it often ends up being more about the money, such as when we previously wrote about Cleveland chipping citizens’ garbage and recycling cans because recycling was a financial benefit for the city.

So reading the Wired article covering a Texas school district’s decision to impliment RFID student cards, I wasn’t surprised to find that it looks like this is about cash rather than keeping students safe. Now, as you’d expect, proponents of the system, did trot out their “for the children” cannon and set it on full auto.

[District spokesman Pascual Gonzalez] said the chips, which are not encrypted and chronicle students only by a serial number, also assist school officials to pinpoint where kids are at any given time, which he says is good for safety reasons. “With this RFID, we know exactly where the kid is within the school,” he said noting students are required to wear the ID on a lanyard at all times on campus.

Unfortunately, as the article notes less vulgarly, that’s a big steamy pile of bullshit for two reasons. First, due to lack of encryption and the nature of the technology, any tech-savvy kid can fool the system.

The lack of encryption makes it not technically difficult to clone a card to impersonate a fellow student or to create a substitute card to play hooky, and makes the cards readable by anyone who wanted to install their own RFID reader, though all they would get is a serial number that’s correlated with the student’s ID number in a school database.

If you’re wondering, like I did, why they would allow such a gap in the system through which their safety-minded goals could be subverted, the likely answer is that they don’t care. Because this doesn’t appear to be about safety at all; it appears to be about federal funding based on attendance.

Like most state-financed schools, their budgets are tied to average daily attendance. If a student is not in his seat during morning roll call, the district doesn’t receive daily funding for that pupil, because the school has no way of knowing for sure if the student is there. But with the RFID tracking, students not at their desk but tracked on campus are counted as being in school that day, and the district receives its daily allotment for that student.

So, with the chip system, even if a student is not in class and is just wandering around campus, he’s counted as being in attendance and the school gets their funding. It’s essentially a high tech way to game the federal funding metrics. It doesn’t help keep students safe. It doesn’t help make sure the kids are actually in class or learning. It’s a money grab. And all this, despite the concerns of privacy advocates like the EFF and the ACLU, who signed on to a paper (pdf) blasting use of the chips, citing health concerns over electromagnetic radiation as well as the dehumanizing of children through constant surveillance.

A tip for school districts: if you’re going to use RFID chips as a way to get more federal funding while pretending it’s about student safety, pretend harder.

Filed Under: encryption, rfid, students, texas

Big Brother In Your Garbage Cans

from the rfid-me dept

Reader Stan alerted us to a recent report out of Cleveland, where the city will apparently be placing RFID chips in recycling bins to monitor whether or not you’ve been a good little earth saver lately. The way it works, apparently, is that the system will monitor whether or not you bring your recycling bin to the curb, and if you haven’t in a while, “a trash supervisor will sort through the trash for recyclables” on the assumption that if you’re not recycling, you’re probably throwing stuff out. After checking those trash cans for recyclables, if more than 10 percent recyclable material is found, a $100 fine could be assessed to the home owner.

Not surprisingly, the reasoning for this has a lot more to do with money than saving the earth’s resources:

Recycling is good for the environment and the city’s bottom line, officials said. Cleveland pays 30atontodumpgarbageinlandfills,butearns30 a ton to dump garbage in landfills, but earns 30atontodumpgarbageinlandfills,butearns26 a ton for recyclables.

While perhaps it’s a good thing to see something “good” like recycling line up with a way for the city to earn extra money, it still seems pretty intrusive to monitor how often people recycle.

Filed Under: cleveland, garbage cans, rfid

Texas Instruments Denies Adam Savage's Story About Killing RFID Mythbusters Episode

from the he-said,-she-said dept

In a followup to the story about credit card company lawyers killing an episode of Mythbusters concerning RFID vulnerabilities, Daniel Terdiman got a response from Texas Instruments, who had organized the call that Mythbusters host Adam Savage had described. TI’s spokesperson tells a somewhat different story:

“In June 2007, MythBusters was interested in pursuing some great myth-busting ideas for RFID. While in pursuit, they contacted Texas Instruments’ RFID Systems, who is a pioneer of RFID and contactless technology, for technical help and understanding of RFID in the contactless payments space,” TI spokesperson Cindy Huff said. “Some of the information that was needed to pursue the program required further support from the contactless payment companies as they construct their own proprietary systems for security to protect their customers. To move the process along, Texas Instruments coordinated a conversation with Smart Card Alliance (SCA) who invited MasterCard and Visa, on contactless payments to help MythBusters get the right information. Of the handful of people on the call, there were mostly product managers and only one contactless payment company’s legal counsel member. Technical questions were asked and answered and we were to wait for MythBusters to let us know when they were planning on showing the segment. A few weeks later, Texas Instruments was told by MythBusters that the storyline had changed and they were pursuing a different angle which did not require our help.”

This bit of he-said/she-said could actually be true from both ends, with each side having a rather different perception of the call in question. The folks on the call may have been a bit combative over certain issues, and that resulted in Discovery producers getting worried about the episode and “changing the storyline.” Either way, if what Huff says is true, is Texas Instruments willing to get the credit card companies to publicly agree that Mythbusters and Discovery should move forward on a story about RFID vulnerabilities? Update: Now Savage is backing down and saying he got the facts of the story wrong…

Filed Under: adam savage, mythbusters, rfid
Companies: texas instruments

Credit Card Companies Gagged Mythbusters Over RFID Vulnerabilities?

It’s amazing to watch just how sensitive some companies are concerning the rather well-known security vulnerabilities associated with RFID tags and smart cards. We’ve seen time and time again, companies try to suppress such research from getting published — and every single time, those efforts to suppress the publication of the vulnerabilities backfires, often badly.

But that never seems to stop companies from flexing their legal muscles.

The latest example comes to use via the Consumerist blog, who dug out a clip of Adam Savage from the TV show Mythbusters talking about what happened when the show tried to do an episode on RFID vulnerabilities:

Texas Instruments comes on along with chief legal counsel for American Express, Visa, Discover, and everybody else… They were way, way outgunned and they absolutely made it really clear to Discovery that they were not going to air this episode talking about how hackable this stuff was, and Discovery backed way down being a large corporation that depends upon the revenue of the advertisers. Now it’s on Discovery’s radar and they won’t let us go near it.

Check out the video of him saying this (while admitting he’s probably not supposed to talk about it) here:

Perhaps it’s an exaggeration by Savage, but do the credit card companies really think that security through obscurity (with a healthy dose of legal threats) is the best way to protect their customers?

Filed Under: adam savage, gagged, mythbusters, rfid, smart cards, vulnerabilities