RFID

Simson Garfinkel is a computer security researcher and an award-winning commentator on information technology. Among his twelve books are Database Nation: The Death of Privacy in the 21st Century (O’Reilly, 2001) and Practical UNIX and Internet Security, Third Edition (O’Reilly, 2003). A columnist for CSO magazine, Garfinkel’s columns earned the 2004 and 2005 Jesse H. Neal National Business Journalism Award. He recently received his Ph.D. in computer science from MIT. Beth Rosenberg is a writer, editor, and journalist with fifteen years of experience in emerging technologies. She has written for the Boston Globe, Boston magazine, and the Christian Science Monitor, and edited a book for Harvard’s Kennedy School of Government.

Foreword.

Preface.

Acknowledgments.

I: PRINCIPLES.

1. Automatic Identification and Data Collection: What the Future Holds.

    Introduction

    A Brief History of AIDC

    The "Industry" That Isn't

    The Interconnected World

    Clear and Present Benefits

    Future Applications

    Conclusions

2. Understanding RFID Technology.

    Introduction

    RFID Technology

    RFID Applications

    Conclusions

3. A History of the EPC.

    Introduction

    The Beginning

    A Mini-Lecture: The Supply Chain

    The Auto-ID Center

    Harnessing the Juggernaut

    Conclusions

4. RFID and Global Privacy Policy.

    Introduction

    Definitions of Privacy

    Mapping the RFID Discovery Process

    Privacy as a Fundamental Human Right

    Privacy Through Data Protection Law and Fair Information Practices

    Conclusions

5. RFID, Privacy, and Regulation.

    Introduction

    Some Current and Proposed RFID Applications

    Whither Item-Level Tagging?

    Understanding RFID's Privacy Threats

    Conclusions

6. RFID and the United States Regulatory Landscape.

    Introduction

    Current State of RFID Policy

    RFID Policy Issues

    Government Versus Individual Context

    Business Versus Individual Context

    Industry Leadership

    Options for Government Leadership

    Snapshot of Current Status

    Policy Prescriptions

    The Case for, and Limits of, EPCglobal Leadership

    Conclusions

7. RFID and Authenticity of Goods.

    Introduction

    A Few Important Concepts in Authentication

    Authenticity of Tags and Authenticity of Goods

    Authenticity of Goods and Anticounterfeiting Measures

    Authentication of Readers

    Authentication of Users Across the Supply Chain (Federation)

    Conclusions

8. Location and Identity: A Brief History.

    Introduction

    Place and Identity in a World of Habits and Symbols

    Locational Technologies

    Rethinking Identity: Beyond Traits and Names

    On RFID

    Conclusions

9. Interaction Design for Visible Wireless.

    Introduction

    The Role of Interaction Design

    A Common Vocabulary

    Designing and Modifying WID Systems

    Conclusions

II: APPLICATIONS.

10. RFID Payments at ExxonMobil.

    Introduction

    Interview with Joe Giordano, ExxonMobil Corporation

11. Transforming the Battlefield with RFID.

    Introduction

    Logistics and the Military

    Conclusions

12. RFID in the Pharmacy: Q&A with CVS.

    Introduction

    CVS and Auto-ID

    Project Jump Start

    RFID in the Store

    Making RFID Work: The Back End

13. RFID in Healthcare.

    Introduction

    Home Eldercare

    Challenges

    Conclusions

14. Wireless Tracking in the Library: Benefits, Threats, and Responsibilities.

    Introduction

    RFID System Components and Their Effects in Libraries

    RFID Standards

    RFID in U.S. Libraries

    Best-Practices Guidelines for Library Use of RFID

    Conclusions

15. Tracking Livestock with RFID.

    Introduction

    RFID Has to Prove Itself

    Putting RFID to Work

    RFID and Livestock Marketing

    RFID World Livestock Roundup

III: THREATS.

16. RFID: The Doomsday Scenario.

    Introduction

    RFID Tags and the EPC Code

    A Ubiquitous RFID Reader Network

    Watching Everything: RFID and the Four Databases It Will Spawn

    Corporate Abuse

    Government Abuse

    Conclusions

17. Multiple Scenarios for Private-Sector Use of RFID.

    Introduction

    Scenario 1: "No One Wins"

    Scenario 2: "Shangri-La"

    Scenario 3: "The Wild West"

    Scenario 4: "Trust but Verify"

    Conclusions

18. Would Macy's Scan Gimbels?: Competitive Intelligence and RFID.

    Introduction

    In-Store Scenarios

    So, Who Wants to Know?

    Conclusions

19. Hacking the Prox Card.

    Introduction

    Reverse-Engineering the Protocol

    Security Implications

    Protecting Against These Types of Attacks

    Conclusions

20. Bluejacked!

    Introduction

    Bluetooth

    Bluetooth Security and Privacy Attacks

    Conclusions

IV: TECHNICAL SOLUTIONS.

21. Technological Approaches to the RFID Privacy Problem.

    Introduction

    The Technical Challenges of RFID Privacy

    Blocker Tags

    Soft Blocking

    Signal-to-Noise Measurement

    Tags with Pseudonyms

    Corporate Privacy

    Technology and Policy

    Conclusions

22. Randomization: Another Approach to Robust RFID Security.

    Introduction

    The Problems in RFID Security

    Conclusions

23. Killing, Recoding, and Beyond.

    Introduction

    RFID Recoding and Infomediaries

    Infrastructure Issues

    Conclusions

V: STAKEHOLDER PERSPECTIVES.

24. Texas Instruments: Lessons from Successful RFID Applications.

    Introduction

    Toll Tracking: Who Knows Where You Are Going?

    Contactless Payment: Are Safeguards Already in Place?

    RFID and Automotive Anti-Theft: Staying Ahead of the Security Curve

    How and What We Communicate

    Conclusions

25. Gemplus: Smart Cards and Wireless Cards.

    Introduction

    What Is a Smart Card?

    Smart Card Communication and Command Format

    Card Life Cycle

    Smart Card Applications

     "Contactless" Cards

    Protocols and Secure Communication Schemes

    Constraints of Contactless Products

    Contactless Products and the Contact Interface

    Conclusions

26. NCR: RFID in Retail.

    Introduction

    Payment Applications

    Inventory Management Applications

    Hybrid Scanners

    Privacy Concerns

    RFID Portal

    Conclusions

27. P&G: RFID and Privacy in the Supply Chain.

    Introduction

    Procter & Gamble's Position

    RFID Technology and the Supply Chain

    Global Guidelines for EPC Usage

    Conclusions

28. Citizens: Getting at Our Real Concerns.

    Introduction

    Prior to the Point of Sale

    After the Point of Sale: Nonconsumer Goods

    After the Point of Sale: Consumer Goods

    After the Point of Sale: Privacy Interests

    Eliminating the RFID Threats to Privacy

    Conclusions

29. Activists: Communicating with Consumers, Speaking Truth to Policy Makers.

    Introduction

    RFID Characteristics That Threaten Privacy

    Proposed Technology-Based Solutions

    Is Consumer Education the Answer?

    Calling for a Technology Assessment

    Conclusions

30. Experimenting on Humans Using Alien Technology.

    Introduction

    The Surveillance Society: It's Already Here

    A Trick to Overcome Resistance

    Constituents to Change-and to Stasis

    Privacy Advocates Own This Story

    Privacy, Change, and Language

    How to Make Consumers Demand Change (and RFID)

    Conclusions

31. Asia: Billions Awaken to RFID.

    Introduction

    Factors Separating Western and Asian RFID Experience

    The Extant Paper Database and Electronic Credit Card Systems

    RFID in India

    RFID Across Asia

    Conclusions

32. Latin America: Wireless Privacy, Corporations, and the Struggle for Development.

    Introduction

    An Overview of Wireless Services Penetration into Central America

    Pervasiveness of Telecommunications in Central America

    Privacy Concerns

    An Overview of Privacy Across Latin America

    Conclusions: Privacy, Poverty, and the Future

APPENDIXES.

Appendix A: Position Statement on the Use of RFID on Consumer Products.

Appendix B: RFID and the Construction of Privacy: Why Mandatory Kill Is Necessary.

Appendix C: Guidelines for Privacy Protection on Electronic Tags of Japan.

Appendix D: Adapting Fair Information Practices to Low-Cost RFID Systems.

Appendix E: Guidelines on EPC for Consumer Products.

Appendix F: Realizing the Mandate: RFID at Wal-Mart.

Index.