Slashdot Log In
Labelling RFID Products
Posted by
michael
on Tue Jun 24, 2003 04:52 PM
from the bright-ideas dept.
from the bright-ideas dept.
John3 writes "Following Wal-Mart's recent announcement that they plan to push RFID in their stores, CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) has posted proposed legislation that would require a product to be labeled if it contained an RFID tag. Beyond the label requirement, the proposed legislation also sets up some strict restrictions on the use of RFID data. Even though RFID is not in widespread use, it's probably best to start working on these types of protections before the products are on the shelves."
This discussion has been archived.
No new comments can be posted.
Labelling RFID Products
|
Log In/Create an Account
| Top
| 325 comments
(Spill at 50!) | Index Only
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Katherine Albrecht on Rense (Score:5, Informative)
(Last Journal: Wednesday August 27 2003, @08:03PM)
Better stop them before they arrive... (Score:4, Insightful)
Think about it, if nothing is done to restrict the use of RFID information, corporations/government will become happy with their presence. If you try to take these RFID data that is collected away from them, they will use their money to lobby against it.
Why do we have to use our social security numbers for everything these days? They were only invented for tax purposes, but because this is a juicy bit of information corperations want, they have lobbied, and won, the rights to ask for this info for say, signing up for your cell phone.
Moral is, if you don't get $100 you will not miss it as much as you will when someone takes it back after giving it to you. The same thing will happen with RFID tags and the information databases that will be associated with them.
Once companies have this data and ways to track it, they will NEVER want to give it back. And little guys usually have trouble fighting the big guys with even bigger wallets.
What's the problem? (Score:5, Interesting)
Re:What's the problem? (Score:4, Insightful)
(Last Journal: Thursday July 10 2003, @02:03PM)
And the numbers are unique. Unique means that there isn't another article that has the same ID. This means that they DON'T have to be destroyed at point of sale, as the scanners will check to see if the item you're trying to carry in or out is in the database, and if so, if it has been listed as sold or not. Something you buy at another store won't be listed as inventory.
The other problem is that the RFID's can be sewn in to clothing, or become part of the packaging, (like a cereal box), which means it's very difficult to dispose of.
I'll repeat my above comment, watch "Minority Report" if you want an idea as to why this RFID thing could be a bad idea.
Re:What's the problem? (Score:4, Informative)
(Last Journal: Thursday July 10 2003, @02:03PM)
And there are ALREADY systems in place that can do exactly the kind of tracking you're talking about. Have you ever been to Gameworks? You get a card that has a unique ID. This card plugs in to every reader in the center, and those readers talk to a central database that tells them how much money is left, and recieves instructions to debit a certain amount. Do you have any idea how many of these cards Gameworks goes through in a week? And they're ALL unique. Hell, you could apply the same concept with credit and debit cards. The only difference is is you're tracking inventory instead of money, and you're using radio frequency instead of a mag-strip. Everything else is the same.
And don't kid yourself. Stores ALREADY have inventory tracking systems in place, that tell them how much of what item should still be in the store, based on how many of xx UPC has been listed as sold. RFID makes the process more precise, through easier tracking, and unique identification. Another added benefit if they place scanners throughout the store, is they can locate items that have "moved", and direct customers to the location of the item they want, or more easily put it back on the correct shelf.
BTW, they're much closer to the 5 cent mark than the 30-50 cent mark. Wal-Mart wouldn't even consider the use of these if they weren't dirt-cheap already.
Re:Better stop them before they arrive... (Score:5, Informative)
(http://baby.boondock.org/ | Last Journal: Friday August 04 2006, @11:41AM)
They have the right to ask. They also have the right to ask your underwear size. But, while they might deny you service if you refuse to tell them your underwear size, you have no obligation to give them your social security number. The legal protections have gotten more stringent in the last few years; last summer while I was temping the word came down that our time cards, which we were supposed to fill in our SSN on, should no longer bear that information. The reason was because most people faxed them in, and a new law dictated that an entity that requires SSNs for tax or benefit purposes has an obligation to ensure that NO ONE who does not need the information has access to it... not even *within the company*.
The only people you ever *have* to give your SSN to are the IRS and the Social Security Administration (and, if you insist on driving, sometimes the DMV... they've gotten more picky in recent years about confirming your identity).
My god... (Score:5, Interesting)
(http://www.anomalouscow.com/ | Last Journal: Friday March 29 2002, @11:28AM)
barcodes? (Score:5, Funny)
Where have you been, man?
Re:My god... (Score:5, Informative)
Re:My god... (Score:4, Insightful)
(http://john.daltons.info/)
The Australian Government accidentally released an uncensored report into cryptography and other things (the Walsh Report [efa.org.au]). The uncensored version was withdrawn a few weeks after release, but by then people (such as the EFA [efa.org.au]) had taken copies.
Here is section 6.3.4 of the Walsh Report. It is in red, which means it was removed from th ecensored version.
The 'fly-buys' (my emphasis) mentioned is Australia's version of 'Airmiles'. Basically, the Australian government thinks 'fly-buys' is a good thing since it allows them to track cash transactions. That was back in the 1990's, so by now there is a fair chance tracking has actually been implemented. I can't imagine the US government is any different. It also explains why the government has not eliminated 'fly-buys' as a breach of competition law.Re:My god... (Score:5, Interesting)
(http://www.cornells.com/john.htm | Last Journal: Friday January 28 2005, @10:26PM)
Imagine if an RFID kiosk at the entrance identified that you were wearing stain blocker Dockers and announced "I see you are wearing stain blocker pants...we stock a complete selection in your size, and today they are on sale".
Re:My god... (Score:4, Informative)
Dude, I think it was Tom Cruise. But good point. It's still scary.
Re:My god... (Score:4, Funny)
For that matter, I think Meg Ryan would have been great as that psychic chick in the milk jacuzzi.
Re:My god... (Score:5, Funny)
(http://www.dailyhaiku.com/)
Is that the same Tom Hanks that dumped that delicious Nicole Kidman? If so, screw him, he needs nother eye transplant or his money back! She's a fox. Oh well, what can you do, he's been a jerk ever since Welcome Back Kotter got canned.
And don't get me started on Battlefield Earth. He wouldn't be squat without Tarantino pulling his career back from the pits of disco hell.
Tom Hanks, what a lamer.
-dameron
Re:My god... (Score:5, Informative)
(http://home.comcast.net/~stefan_jones | Last Journal: Monday May 16 2005, @06:21PM)
Walk into a store wearing a tagged garment, and your presence could be noted. Prices could magically change as you approach a shelf. Security could get alerted based on your pauper status.
This is a far from perfect association, of course. You could be buying a garment as a gift, or for a child. Of course, if a person wearing a tagged garment makes a purchase, and the association doesn't match, the information could be updated.
Re:My god... (Score:5, Informative)
(http://mspencer.net)
Merchants are allowed to store the customer name, card number, and expiration date from the magnetic stripe.
What does a customer name, card number, and expiration date get you? (besides 'paid for your transaction') Assuming the name isn't already unique...
Sales can happen in one of two major "processing environments": card-present (where the merchant swipes the card, and proves to the issuing bank that the card really was there, by demonstrating knowledge of some of that secret card-verification information on the card), and card-not-present (where the card number is sent via mail/phone/fax/internet).
In card-present sales, the merchant only has the card number and name. If companies (like Radio Shack perhaps) insist on having a name and address on file for each customer, they could run into problems: if a customer finds that such-and-such company is refusing to accept Visa/Mastercard CARD-PRESENT sales when the customer refuses to provide a name and address, the customer can complain to their issuing bank or to Visa or Mastercard directly. Those payment-transfer-organizations might conduct their own investigation (plain-clothes customers), and if the merchant is found to be refusing to accept Visa/MC card-present sales without address information, they can be stiffly fined or have their processing priviledges revoked.
In card-not-present sales, the threat model you discussed is reasonable. Best-practices say the merchant should perform an address-verification check, confirming that the address the customer provides matches the billing address the issuing bank mails statements to. If the customer claims they are shipping the goods to another address, the merchant should require the customer to contact their bank and have the bank "whitelist" the new shipping address, because the bank can then confirm all the personal information the merchant isn't allowed to have.
So I guess a merchant in California could be paid off by some marketing company, and could ship RFID-enabled goods to a customer in New York, and report the RFID information so it's trackable.
You could NOT, however, reasonbly expect that by just swiping your credit card in Wal Mart, Wal Mart suddenly has all your personal information. They could, possibly, associate different products with the same customer, but they wouldn't know anything other than the card number and name.
----------
In general, keep this in mind: the Visa and Mastercard corporations are profitable. They are 'payment transfer organizations' and want to maximize the amount of money that travels through their system, because they make a *lot* of money off of processing fees charged to merchants. If something happens that makes customers nervous, or makes merchants nervous, they will pass new regulations that try to make that fear go away.
But of course if there's no widespread customer knowledge of this possible threat, there won't be any significant nervousness to worry about.
--Michael Spencer
First National Merchant Solutions
(a credit card processor or 'acquirer')
First National Tower, 27th floor
1620 West Dodge, Omaha Nebraska, 68197
http://www.foomp.com
The opinions stated above are my own opinions, and do not reflect the opinions of my employer, First National Merchant Solutions.
Re:My god... (Score:5, Insightful)
The world is beginning to deal with an issue that of which our ancestors would never have dreamt. Technology has progressed to the point where ubiquitous surveillance/monitoring is not just feasible but cost effective. Our ability to keep our lives private is quickly eroding and it is important to wrestle with the issues now before the situation gets out of hand.
The problem lies in the fact that our privacy is not removed overnight, but gradually, as the technology advances. Often each step is accompanied by only an incremental degredation of privacy which is, in many cases, compensated for by some benefit (think supermarket savings cards). At the level of individual choice, it is easy to rationalize such an incremental step: "Who cares if they can track my supermarket purchases, it's not like I'm an alcoholic (substitue vice here)." Over time, however, the amount of data collected about an individual is astounding. And as companies work together and exchange collected data and begin to correlate it, decisions will be made that may directly affect your ability to get a job, buy a house, be admitted to school, etc. These decisions will be heavily influenced by a karma score spit out by a computer that won't have all the data, just a lot of it (think being charged more for health insurance because you only bought mac & cheese and frozen pizza at the grocery store, never mind the fact that you get all your meat from your ostrich rancher uncle and have a garden where you home grow all sorts of natural goodies. Oh wait - This is slashdot. We're all just eating frozen pizza and mac & cheese.)
There are a lot of doomsday predictions surrounding this technology. But there is some real benefit to companies that can leverage it for supply chain and inventory issues as well. What we need to realize is that even if it begins with good intentions, there will always be some asshole who wants to exploit it and will never once give any thought to the fact that what he/she is doing is not accepted by consumers as a legitamite use (example: spam companies). This means we need to be cautious now and carefully examine this budding technology and enact thoughtful legislation that can adapt to future needs of corporations without sacrificing every last vestige of consumer privacy on the altar of corporate greed. Because on the level of societal choice the sacrifices are significant. But I should stop dreaming, because when has congress ever enacted insigtful legislation in any technology area?
Re:My god... (Score:5, Insightful)
While this technology can be helpful in targeting vendors products towards your shopping preferences, it can be abused when too much information is leaked.
Imagine if all consumer product that you own had an RFID. Clothes, housewares, pharaceutical products, etc. Somebody with a specially equipped van could drive by your house and start scanning and cataloging these things.
Companies can start tallying your products and assess your financial situation: How much money are you spending? Do you purchase more brand names over generic items? Do you buy more "ethnic" type products? What kind of medications do you buy? Do you have any medical conditions that would cause you to buy those medications?
If you bought a certain creme to help with a certain embarassing problem like hemorroids, they would know it and be able to share it with others. Would you want people to know that you normally buy the extra, extra small condoms?
That's just the start.
Re:My god... (Score:4, Insightful)
The range is determined by the power output of the READER, not the actual chip itself. The RFID is excited by radio frequency, and starts broadcasting based on an outside power source.
The range of that power source can be amplified by increasing the power to the reader. Granted, it's not a linear relationship for power -> range, as the range is a function of a square (i think, im not a rf expert) but it still is not necessarily limited to just a few feet.
Re:Not just for tagging consumers' clothes (Score:5, Insightful)
What a load of crap. By your own statements most of these "slaves" come here to find arranged jobs. Why have "tags" and risk being caught in a crowded airport with some kind of radio. "Officer that man just waved somekind of radio at me. Stop him I think he is a terrorist!"
All you have to do is just wait till the woman shows up at your doorstep to go to work. DUH! They already have a method of rounding up slaves. Your thinking too much. Try again.
You laughed and mocked.... (Score:4, Funny)
Two sides (Score:4, Insightful)
(Last Journal: Sunday December 08 2002, @12:20AM)
Seems to me (Score:5, Insightful)
I'm missing one thing... (Score:5, Insightful)
Re:Cigarrete packaging? (Score:4, Funny)
(http://focasmi.org/ | Last Journal: Saturday September 20 2003, @07:34AM)
Best post-purchase RFID kill method (Score:5, Interesting)
But earlier and later in the FAQ, they mention tags placed into the soles of shoes. Since this is done during the manufacturing process and would require slicing open the sole to find/destroy the tag (if you even knew where specifically it was), it doesn't seem there is an effective tag killer in this instance (and any other where the tags are deeply embedded).
So, anybody else know of an effective tag killer that doesn't involve destroying the item and/or setting it on fire?
Why not disable them once purchased? (Score:3, Insightful)
This would negate the privacy concerns and let them reap the benefits of using RFID inventory.
RFID isn't exactly perfect in itself... (Score:5, Interesting)
so, what happens when someone is checking out, and the computer fails to record all of the RFID tags because of interference, but the person has legitimately purchased something? When they go to return it, the computer could possibly say that it wasn't purchased, and then the individual is left with more headaches.
I think that the FCC should require that business-use devices like this be licensed, and each one individually identified in a publicly searchable database. I also believe that reissues of identification should be prohibited. This would work quite strongly to curtail use of RFID for tracking mechanisms.
Ignore the man behind the curtain ... (Score:5, Insightful)
OK, now on to Big Bros. MIB knows that corps want RFID to save bucks (and maybe marketing, see above). Cool, MIB can maybe utilize it too (hey Joe bought a sixpack, how interesting, glad we have all these scanners everywhere). Best thing is, while everyone hoots and hollers about RFID, they fail to notice those "security" cams that can see your face + see what you bought + see the license plate of your car, all of which can be done TODAY, IF anyone really gave a crap that you bought some weiners and diet coke. We won't even talk about the instance when you use your CC. OK, so if Osama buys some slacks from Banana Republic using cash, we'll be able to tell if he tries to hop a Greyhound to Walla Walla because his RFID will set off the scanner. Assuming he's stupid enough to not be aware of the fact that RFID's are EVERYWHERE now, what are the odds that he can either disable, or better yet, make copies and distribute them EVERYWHERE, totally making the system worthless?
Like others have said, privacy, forget it. All us cell phone toting, internet using, CC charging, electricity using folks aint got no privacy at all. If RFID makes Walmart more efficient so it can hire more people, drop more prices, fatten their wallets, I say more power to'em. We techno elitest getting all scared and up in arms about tech, we have to take the good with the bad, once you open the box, you can't filter what escapes.
Yeah, Except... (Score:5, Insightful)
(http://www.flying-rhenquest.net/)
Privacy (Score:5, Insightful)
(http://mypuppet.net/ | Last Journal: Monday June 23 2003, @01:58PM)
RFID hackers (Score:4, Interesting)
(http://gould.cx/ted | Last Journal: Wednesday June 05 2002, @12:30PM)
Now that's what I'm interested in. I want to be able to grab the numbers, and then change them. I want to be able to walk into a store and instead of "How did you like those pants?" I want it to say "How did you like those extra-large elephant sized condoms you bought last week?" :)
There are just so many possibilities to hack these things and have tons of fun with retail stores if they use them for anything useful. Maybe I should start my own organization: The Anti-Datamine (TAD). And we'll go around trying to screw with all the data mining techniques out there.
$20 RFID Reader (Score:5, Insightful)
The good thing is that if RFID tags become omnipresent then so will RFID tag readers. As such an RFID tag reader should be small, simple to use, portable, and dirt cheap.
In fact the RFID Journal [rfidjournal.com] has a story [rfidjournal.com] about just such a reader being developed.
I guess I'll be buying one as soon as they come to market.
Hey, You Might Be A WalMart Candidate (Score:4, Funny)
"higher"???
Yeah, we know what you mean.
Re:$20 RFID Reader (Score:4, Informative)
Palm -- http://www.ie-oem.com/rfid/pda-rfid.htm [ie-oem.com]
you can take this seriously (Score:3, Interesting)
(http://www.ecis.com/~alizard)
However, business from WalMart on down will unite to fight any restriction or product labeling requirements.
Remember, there are people who want a Minority Report style future. There are others who simply see it as a way to make money... there are people who see "You wear adult diapers? We have Depends on sale" as simply an opportunity to make money.
It is the job of your Congressperson to make sure that his consituents are served. His constituents are the people who send him checks and only those people.
And if your RFID tag gets missed at checkout, it'll be your word against the store's that it's their fault. Enjoy your stay in jail.
build an RFID killer (Score:4, Interesting)
(Last Journal: Monday February 20 2006, @09:53AM)
Those are tiny little radios - find out the frequency they use, rig up $10 worth of Radio Shack parts, hook it up to a 9v battery, and go for a walk in the offending store.
If you feed them an order of magnitude more energy than they're designed to take in exactly the band they're using
Yes, you can know the operating frequency without a fancy spectrum analyzer - the data sheets on those things are pretty much public knowledge
Why this will never succeed (Score:3, Interesting)
(http://www.joblessjimmy.com/ | Last Journal: Tuesday January 07 2003, @09:27AM)
First, there is perhaps .01% of the population who even know what these RFID devices are, never mind the alleged societal dangers that lurk within them. Very few politicians are going to fight very hard to pass a piece of legislation that has so little public spotlight. Most politicians, especially the powerful ones who can sway votes, are media whores. No one is going to get on a network Sunday morning political program talking about RFID tags.
Second, the political winds are blowing gale force in the anti-regulation direction. Any piece of legislation that isn't privatizing workers or loosening government oversight is pretty much dead in the water without some kind of immediate crisis (like the recent corporate scandals). The best that could be hoped for is that congressional folks would say, "let's see what the free market does with these devices first and then regulate them if need be."
Third, Wal-Mart & Co., if there was a miraculous surge in support for this legislation, would easily lobby to defeat the bill or get it placed into committee for further study which would effectively kill the bill. A grassroots campaign would be too disorganized, too broke, and too unsophisticated to ever hope to win such a battle.
I'm not recommending whoever is sponsoring this bill to give up. I'm a firm believer that even losing battles are important to fight because they do raise awareness and keep alive the chance for change sometime in the future.
How to scam walmart (Score:3, Insightful)
1. Take individual products out of main container.
2. Replace products with bricks and RFID tags.
3. Place main container in inventory.
4. PROFIT!
Seriously, if they are going to do inventory without actually opening boxes and COUNTING individual pieces then they are going to have alot of shrink and no one will know about it until the main carton is cracked open to stock the shelves.
-ted
SUMMARY OF THE BILL (Score:5, Informative)
(http://www.byzantinecommunications.com/adamhoward | Last Journal: Wednesday May 25 2005, @02:26PM)
RFID Right to Know Act of 2003
Proposed legislation to mandate labeling of RFID-enabled products and consumer privacy protections
SUMMARY OF THE BILL
AN ACT
To require that commodities containing radio frequency identification tags bear labels stating that fact, to protect consumer privacy, and for other purposes.
SEC. 1. SHORT TITLE.
This section shortens the title of the bill to "RFID Right to Know Act of 2003."
SEC. 2. AMENDMENTS TO THE FAIR PACKAGING AND LABELING PROGRAM.
This section amends the Fair Packaging and Labeling Program by inserting language under subsection (a) of paragraph (6). This section requires that a consumer commodity or package that contains or bears a radio frequency identification tag shall bear a label as provided in the paragraph below.
It also defines the term "radio frequency identification" or "RFID" to mean technologies that use radio waves to automatically identify individual items. It defines the term "tag" to mean a microchip that is attached to an antenna and is able to transmit identification information.
Finally it describes that the label should state, at a minimum, that the consumer commodity or package contains or bears a radio frequency identification tag, and that the tag can transmit unique identification information to an independent reader both before and after purchase; and be in a conspicuous type-size and location and in print that contrasts with the background against which it appears.
SEC. 3. AMENDMENTS TO THE FEDERAL FOOD, DRUG, AND COSMETIC ACT RELATING TO MISBRANDING.
This section amends the federal Food, Drug and Cosmetic Act by inserting language under the sections relating to misbranding of commodities. It says that a food, cosmetic, drug or device is misbranded if the product or package contains an RFID tag, unless it bears a label stating, at a minimum, that the consumer commodity or package contains or bears a radio frequency identification tag, and that the tag can transmit unique identification information to an independent reader both before and after purchase. It also prescribes that the label must be in a conspicuous type-size and prominent location and in print that contrasts with the background against which it appears.
SEC. 4. AMENDMENTS TO THE FEDERAL ALCOHOL ADMINISTRATION ACT.
This section states that a person shall not manufacture, import, or bottle for sale or distribution in the United States any alcoholic beverage unless its container bears a label. That label must state at a minimum, that container contains or bears a radio frequency identification tag, and that the tag can transmit unique identification information to an independent reader both before and after purchase. The label must also be in a conspicuous type-size and prominent location and in print that contrasts with the background against which it appears.
SEC. 5. AMENDMENTS TO TITLE 15, CHAPTER 36--CIGARETTE LABELING AND ADVERTISING.
This section states that a person shall not manufacture, import, or package for sale or distribution in the United States any cigarettes unless its container bears a label. That label must state at a minimum, that container contains or bears a radio frequency identification tag, and that the tag can transmit unique identification information to an independent reader both before and after purchase. The label must also be in a conspicuous type-size and prominent location and in print that contrasts with the background against which it appears.
SEC. 6. AMENDMENTS TO TITLE 15, CH. 94--PRIVACY.
This section goes directly to protecting the privacy of consumers. First it directs that a business shall not combine or link an individual's nonpublic personal information with RFID tag identification information, beyond what is required to manage inventory. Second, a business shall not, directly or through an affiliate, disclose to a nonaffili