RFID, Privacy and the Surveillance Society

If incorporating personal details into an RFID (radio-frequency identification) chip implanted into a passport or driver’s license may sound like a “smart” alternative to endless lines at the airport and intrusive questioning by securocrats, think again.

Since the late 1990s, corporate grifters have touted the “benefits” of the devilish transmitters as a “convenient” and “cheap” way to tag individual commodities, one that would “revolutionize” inventory management and theft prevention. Indeed, everything from paper towels to shoes, pets to underwear have been “tagged” with the chips. “Savings” would be “passed on” to the consumer. Call it the Wal-Martization of everyday life.

RFID tags are small computer chips connected to miniature antennae that can be fixed to or implanted within physical objects, including human beings. The RFID chip itself contains an Electronic Product Code that can be “read” when a RFID reader emits a radio signal. The chips are divided into two categories, passive or active. A “passive” tag doesn’t contain a battery and its “read” range is variable, from less than an inch to twenty or thirty feet. An “active” tag on the other hand, is self-powered and has a much longer range. The data from an “active” tag can be sent directly to a computer system involved in inventory control–or surveillance.

But as Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN), the American Civil Liberties Union (ACLU), the Electronic Frontier Foundation (EFF) and the Electronic Privacy Information Center (EPIC) state in a joint position paper, “RFID has the potential to jeopardize consumer privacy, reduce or eliminate purchasing anonymity, and threaten civil liberties.” As these organizations noted:

While there are beneficial uses of RFID, some attributes of the technology could be deployed in ways that threaten privacy and civil liberties:

* Hidden placement of tags. RFID tags can be embedded into/onto objects and documents without the knowledge of the individual who obtains those items. As radio waves travel easily and silently through fabric, plastic, and other materials, it is possible to read RFID tags sewn into clothing or affixed to objects contained in purses, shopping bags, suitcases, and more.

* Unique identifiers for all objects worldwide. The Electronic Product Code potentially enables every object on earth to have its own unique ID. The use of unique ID numbers could lead to the creation of a global item registration system in which every physical object is identified and linked to its purchaser or owner at the point of sale or transfer.

* Massive data aggregation. RFID deployment requires the creation of massive databases containing unique tag data. These records could be linked with personal identifying data, especially as computer memory and processing capacities expand.

* Hidden readers. Tags can be read from a distance, not restricted to line of sight, by readers that can be incorporated invisibly into nearly any environment where human beings or items congregate. RFID readers have already been experimentally embedded into floor tiles, woven into carpeting and floor mats, hidden in doorways, and seamlessly incorporated into retail shelving and counters, making it virtually impossible for a consumer to know when or if he or she was being “scanned.”

* Individual tracking and profiling. If personal identity were linked with unique RFID tag numbers, individuals could be profiled and tracked without their knowledge or consent. For example, a tag embedded in a shoe could serve as a de facto identifier for the person wearing it. Even if item-level information remains generic, identifying items people wear or carry could associate them with, for example, particular events like political rallies. (“Position Statement on the Use of RFID on Consumer Products,” Privacy Rights Clearinghouse, November 14, 2003)

As the corporatist police state unfurls its murderous tentacles here in the United States, it should come as no surprise that securocrats breathlessly tout the “benefits” of RFID in the area of “homeland security.” When linked to massive commercial databases as well as those compiled by the 16 separate agencies of the “intelligence community,” such as the Terrorist Identities Datamart Environment (TIDE) that feeds the federal government’s surveillance Leviathan with the names of suspected “terrorists,” it doesn’t take a genius to conclude that the architecture for a vast totalitarian enterprise is off the drawing board and onto the streets.

As last week’s mass repression of peaceful protest at the Republican National Convention in St. Paul amply demonstrated, the Bush regime’s “preemptive war” strategy has been rolled out in the heimat. As the World Socialist Web Site reports,

On Wednesday eight members of the anarchist protest group the Republican National Convention Welcoming Committee (RNCWC) were charged under provisions of the Minnesota state version of the Patriot Act with “Conspiracy to Riot in Furtherance of Terrorism.”

The eight charged are all young, and could face up to seven-and-a-half years in prison under a provision that allows the enhancement of charges related to terrorism by 50 percent. …

Among other things, the youth, who were arrested last weekend even prior to the start of the convention, are charged with plotting to kidnap delegates to the RNC, assault police officers and attack airports. Almost all of the charges listed are based upon the testimony of police infiltrators, one an officer, the other a paid informant. (Tom Eley, “RNC in Twin Cities: Eight protesters charged with terrorism under Patriot Act,” World Socialist Web Site, 6 September 2008)

As the ACLU pointed out, “These charges are an effort to equate publicly stated plans to blockade traffic and disrupt the RNC as being the same as acts of terrorism. This both trivializes real violence and attempts to place the stated political views of the defendants on trial,” said Bruce Nestor, president of the Minnesota Chapter of the National Lawyers Guild. “The charges represent an abuse of the criminal justice system and seek to intimidate any person organizing large scale public demonstrations potentially involving civil disobedience,” he said.

An affidavit filed by the cops in order to allow the preemptive police raid and subsequent arrests declared that the RNCWC is a “criminal enterprise” strongly implying that the group of anarchist youth were members of a “terrorist organization.”

Which, as we have learned over these last seven and a half years of darkness, is precisely the point: keep ‘em scared and passive. And when they’re neither scared nor passive, resort to police state tactics of mass repression. While the cops beat and arrested demonstrators and journalists outside the Xcel Energy Center, neanderthal-like Republican mobs chanted “USA! USA!” while the execrable theocratic fascist, Sarah Palin, basked in the limelight. But I digress…

Likened to barcodes that scan items at the grocery store check-out line, what industry flacks such as the Association for Automatic Identification and Mobility (AIM) fail to mention in their propaganda about RFID is that the information stored on a passport or driver’s license is readily stolen by anyone with a reader device–marketers, security agents, criminals or stalkers–without the card holder even being remotely aware that they are being tracked and their allegedly “secure” information plundered. According to a blurb on the AIM website,

Automatic Identification and Mobility (AIM) technologies are a diverse family of technologies that share the common purpose of identifying, tracking, recording, storing and communicating essential business, personal, or product data. In most cases, AIM technologies serve as the front end of enterprise software systems, providing fast and accurate collection and entry of data. (“Technologies,” Association for Automatic Identification and Mobility, no date)

Among the “diverse family of technologies” touted by AIM, many are rife with “dual-use” potential, that is, the same technology that can keep track of a pallet of soft drinks can also keep track of human beings.

Indeed, the Association touts biometric identification as “an automated method of recognizing a person based on a physiological or behavioral characteristic.” This is especially important since “the need” for biometrics “can be found in federal, state and local governments, in the military, and in commercial applications.” When used as a stand-alone or in conjunction with RFID-chipped “smart cards” biometrics, according to the industry “are set to pervade nearly all aspects of the economy and our daily lives.”

Some “revolution.”

The industry received a powerful incentive from the state when the Government Services Administration (GSA), a Bushist satrapy, issued a 2004 memo that urged the heads of all federal agencies “to consider action that can be taken to advance the [RFID] industry.”

An example of capitalist “ingenuity” or another insidious invasion of our right to privacy? In 2006, IBM obtained a patent that will be used for tracking and profiling consumers as they move around a store, even if access to commercial databases are strictly limited.

And when it comes tracking and profiling human beings, say for mass extermination at the behest of crazed Nazi ideologues, IBM stands alone. In his groundbreaking 2001 exploration of the enabling technologies for the mass murder of Jews, communists, Roma and gays and lesbians, investigative journalist Edwin Black described in IBM and the Holocaust how, beginning in 1933, IBM and their subsidiaries created technological “solutions” that streamlined the identification of “undesirables” for quick and efficient asset confiscation, deportation, slave labor and eventual annihilation.

In an eerie echo of polices being enacted today against Muslims and left-wing “extremists” by the corrupt Bush regime in their quixotic quest to “keep America safe” in furtherance of capitalist and imperialist goals of global domination, Black writes:

In the upside-down world of the Holocaust, dignified professionals were Hitler’s advance troops. Police officials disregarded their duty in favor of protecting villains and persecuting victims. Lawyers perverted concepts of justice to create anti-Jewish laws. Doctors defiled the art of medicine to perpetrate ghastly experiments and even choose who was healthy enough to be worked to death–and who could be cost-effectively sent to the gas chamber. Scientists and engineers debased their higher calling to devise the instruments and rationales of destruction. And statisticians used their little known but powerful discipline to identify the victims, project and rationalize the benefits of their destruction, organize their persecution, and even audit the efficiency of genocide. Enter IBM and its overseas subsidiaries. (IBM and the Holocaust: The Strategic Alliance Between Nazi Germany and America’s Most Powerful Corporation, New York: Crown Publishers, 2001, pp. 7-8)

As security and privacy analyst Katherine Albrecht writes describing IBM’s patented “Identification and Tracking of Persons Using RFID-Tagged Items in Store Environments,”

…chillingly details RFID’s potential for surveillance in a world where networked RFID readers called “person tracking units” would be incorporated virtually everywhere people go–in “shopping malls, airports, train stations, bus stations, elevators, trains, airplanes, restrooms, sports arenas, libraries, theaters, [and] museums”–to closely monitor people’s movements. (“How RFID Tags Could Be Used to Track Unsuspecting People,” Scientific American, August 21, 2008)

According to the patent cited by Albrecht, as an individual moves around a store, or a city center, an “RFID tag scanner located [in the desired tracking location]… scans the RFID tags on [a] person…. As that person moves around the store, different RFID tag scanners located throughout the store can pick up radio signals from the RFID tags carried on that person and the movement of that person is tracked based on these detections…. The person tracking unit may keep records of different locations where the person has visited, as well as the visitation times.”

Even if no personal data are stored in the RFID tag, this doesn’t present a problem IBM explains, because “the personal information will be obtained when the person uses his or her credit card, bank card, shopper card or the like.” As Albrecht avers, the link between the unique RFID number and a person’s identity “needs to be made only once for the card to serve as a proxy for the person thereafter.” With the wholesale introduction of RFID chipped passports and driver’s licenses, the capitalist panoptic state is quickly–and quietly–falling into place.

If America’s main trading partner and sometime geopolitical rival in the looting of world resources, China, is any indication of the direction near future surveillance technologies are being driven by the “miracle of the market,” the curtain on privacy and individual rights is rapidly drawing to a close. Albrecht writes,

China’s national ID cards, for instance, are encoded with what most people would consider a shocking amount of personal information, including health and reproductive history, employment status, religion, ethnicity and even the name and phone number of each cardholder’s landlord. More ominous still, the cards are part of a larger project to blanket Chinese cities with state-of-the-art surveillance technologies. Michael Lin, a vice president for China Public Security Technology, a private company providing the RFID cards for the program, unflinchingly described them to the New York Times as “a way for the government to control the population in the future.” And even if other governments do not take advantage of the surveillance potential inherent in the new ID cards, ample evidence suggests that data-hungry corporations will.

I would disagree with Albrecht on one salient point: governments, particularly the crazed, corporate-controlled grifters holding down the fort in Washington, most certainly will take advantage of RFID’s surveillance potential.

In 2005 for example, the Senate Republican High Tech Task force praised RFID applications as “exciting new technologies” with “tremendous promise for our economy.” In this spirit, they vowed to “protect” RFID from regulation and legislation. Needless to say, the track record of timid Democrats is hardly any better when it comes to defending privacy rights or something as “quaint” as the Constitution.

Under conditions of a looming economic meltdown, rising unemployment, staggering debt, the collapse of financial markets and continuing wars and occupations in Iraq and Afghanistan, U.S. imperialism, in order to shore up its crumbling empire, will continue to import totalitarian methods of rule employed in its “global war on terror” onto the home front.

The introduction of RFID-chipped passports and driver’s licenses for the mass surveillance and political repression of the American people arises within this context.

RFID Fears and Myths

In an effort to dispel some of the privacy concerns surrounding radio frequency identification technology (RFID), the Information Technology Association of America has issued a white paper covering what the technology is and is not capable of.

The report “RFID Myths and Urban Legends,” available from the ITAA Web site, cites some of the benefits of the technology, including identity management, supply-chain efficiency, pharmaceutical tracking, food safety/recall, security, and stock control. RFID has the potential to have profound impact on industry.

As you know, RFID is an automated data-capture technology. The technology consists of RFID tags, RFID readers, and a data collection and management system. Because RFID can be used for personal identification, there are privacy and security concerns regarding the technology. The ITAA white paper is a useful resource to counter some of these concerns in your company by correcting misinformation:

* Companies and governments plan to track you using RFID.

Not true because an RFID tag has no awareness of geographical data. An RFID tag must be within 10 to 30 feet of a reader – outside of that range, tags don’t emit a signal. “Big Brother” type surveillance would require billions of readers and antennas within that range.

* RFID creates a database in the sky.

When it’s so difficult for companies to integrate their disparate sources of data, is it really realistic to believe there will be a single database that tracks all your purchases? RFID doesn’t change the way information is used or stored.

* RFID will spur drive-by reads.

RFID requires direct line of sight within the 10- to 30-foot range. It does not work through walls, so it’s highly unlikely someone could park at the curb to find out what’s in your medicine cabinet unless your lawn was dotted with readers.

* RFID can lead to identity theft.

The tags do not usually contain personally identifiable information. Rather, they transmit unique identifiers that function like license plates. You’d need access to a database that should be secured with encryption and all the other usual standard forms of protection.

Outspoken Bloggers Arrested by Government

The University of Washington is revealing new information about the human rights of bloggers.

Last year, three times as many people were arrested for their posting political views on their blogs than in 2006, according to the World Information Access (WIA) report.

In fact, the report said since 2003, 64 people have been arrested for publishing their views on a blog. More than half of all of these occurred in China, Egypt and Iran. Phil Howard, an assistant professor of communication at the University of Washington, said the report shows that these places are the most dangerous for bloggers.

“The real number of arrested bloggers is probably much higher, since many arrests in China, Zimbabwe, and Iran go unreported in the international media,” Howard added.

But these arrests have even been on the rise in the U.K., France, Canada and the U.S., where bloggers have also been arrested for voicing their opinions.

Collectively, bloggers have served 940 months of jail time in the last five years, the researchers found
. During those years, the average prison term for citizen journalists was 15 months.

“Many countries have political bloggers, and many persecute journalists,” Howard said. “More and more citizens are expressing themselves online, and being punished for it.”

The lowest punishment reported was a few hours and the longest was eight years.

Nine of Egypt’s 14 known blogger arrests occurred in 2007, an election year. In 2005, Iranian blogger Mojtaba Saminejad was arrested for writing about the arrests of other bloggers.

“Some people blog about their arrests as soon as they get out of jail,” Howard said.

The report noted that the obvious rise in the number of arrests showed that blogging was gaining political importance across the world. It also showed that arrests tended to increase during times of “political uncertainty”, such as around general elections or during large scale protests.

The report also noted that many nations, perhaps as many as 30, imposed technological restrictions on what people can do online. In nations such as China this made it difficult for people to use a blog as a means of protest.

Presidential Directive Pushes Biometrics

The latest Big Brother police state measure emanating from the Bush administration, with virtually no press coverage, is NSPD 59 (HSPD 24) entitled Biometrics for Identification and Screening to Enhance National Security [Complete text of NSPD 59 (HSPD 24)

NSPD is directed against US citizens.

It is adopted without public debate or Congressional approval. Its relevant procedures have far-reaching implications.

NSPD 59 goes far beyond the issue of biometric identification, it recommends the collection and storage of "associated biographic" information, meaning information on the private lives of US citizens, in minute detail, all of which will be "accomplished within the law":

"The contextual data that accompanies biometric data includes information on date and place of birth, citizenship, current address and address history, current employment and employment history, current phone numbers and phone number history, use of government services and tax filings. Other contextual data may include bank account and credit card histories, plus criminal database records on a local, state and federal level. The database also could include legal judgments or other public records documenting involvement in legal disputes, child custody records and marriage or divorce records."

The directive uses 9/11 as an all encompassing justification to wage a witch hunt against dissenting citizens, establishing at the same time an atmosphere of fear and intimidation across the land.

It also calls for the integration of various data banks as well as inter-agency cooperation in the sharing of information, with a view to eventually centralizing the information on American citizens.

In a carefully worded text, NSPD 59 "establishes a framework" to enable the Federal government and its various police and intelligence agencies to: "use mutually compatible methods and procedures in the collection, storage, use, analysis, and sharing of biometric and associated biographic and contextual information of individuals in a lawful and appropriate manner, while respecting their information privacy and other legal rights under United States law."

The Directive recommends: "actions and associated timelines for enhancing the existing terrorist-oriented identification and screening processes by expanding the use of biometrics".

"Other Categories of Individuals"

The stated intent of NSPD 59 is to protect America from terrorists, but in fact the terms of reference include any person who is deemed to pose a threat to the Homeland. The government requires the ability:

"to positively identify those individuals who may do harm to Americans and the Nation... Since September 11, 2001, agencies have made considerable progress in securing the Nation through the integration, maintenance, and sharing of information used to identify persons who may pose a threat to national security.

The Directive is not limited to KSTs, which in Homeland Security jargon stands for "Known and Suspected Terrorists":

"The executive branch has developed an integrated screening capability to protect the Nation against "known and suspected terrorists" (KSTs). The executive branch shall build upon this success, in accordance with this directive, by enhancing its capability to collect, store, use, analyze, and share biometrics to identify and screen KSTs and other persons who may pose a threat to national security.

The executive branch recognizes the need for a layered approach to identification and screening of individuals, as no single mechanism is sufficient. For example, while existing name-based screening procedures are beneficial, application of biometric technologies, where appropriate, improve the executive branch's ability to identify and screen for persons who may pose a national security threat. To be most effective, national security identification and screening systems will require timely access to the most accurate and most complete biometric, biographic, and related data that are, or can be, made available throughout the executive branch."

NSPD 59 calls for extending the definition of terrorists to include other categories of individuals "who may pose a threat to national security".

In this regard, it is worth noting that in the 2005 TOPOFF (Top officials) anti-terror drills, two other categories of individuals were identified as potential threats: "Radical groups" and "disgruntled employees", suggesting than any form of dissent directed against Big Brother will be categorized as a threat to America.

In a previous 2004 report of the Homeland Security Council entitled Planning Scenarios, the enemy was referred to as the Universal Adversary (UA).

The Universal Adversary was identified in the scenarios as an abstract entity used for the purposes of simulation. Yet upon more careful examination, this Universal Adversary was by no means illusory. It included the following categories of potential "conspirators":

"foreign [Islamic] terrorists” ,

“domestic radical groups”, [antiwar and civil rights groups]

“state sponsored adversaries” ["rogue states", "unstable nations"]

“disgruntled employees” [labor and union activists].

According to the DHS Planning Scenarios Report :

“Because the attacks could be caused by foreign terrorists; domestic radical groups; state sponsored adversaries; or in some cases, disgruntled employees, the perpetrator has been named, the Universal Adversary (UA). The focus of the scenarios is on response capabilities and needs, not threat-based prevention activities.”

Under NSPD 59, biometrics and associated biographical information will be used to control all forms of social dissent.

Domestic radical groups and labor activists envisaged in various counter terrorism exercises, constitute in the eyes of the Bush administration, a threat to the established economic and political order.

In the text of NSPD 59, these other categories of people have been conveniently lumped together with the KSTs (“known and suspected terrorists”), confirming that the so-called anti-terror laws together with the Big Brother law enforcement apparatus and its associated data banks of biometric and biographic information on US citizens are intended to be used against all potential domestic “adversaries” including those who oppose the US led war in the Middle East and the derogation of the Rule of Law in America.

It is worth noting that NSPD 59 was issued on June 5, 2008, 4 days prior to the publication of Rep. Dennis Kucinich’s Articles of Impeachment of President George W. Bush by the House of Representatives. Article XXIII of the Articles Impeachment underscore how in derogation of the Posse Comitatus Act, which prevents the military from intervening in civilian law enforcement, President Bush:

“a) has used military forces for law enforcement purposes on U.S. border patrol;

b) has established a program to use military personnel for surveillance and information on criminal activities;

c) is using military espionage equipment to collect intelligence information for law enforcement use on civilians within the United States”

In Article XXIV the president is accused on Spying on American Ctizens without a court-Ordered Warrant , In Violation of the Law and the Fourth Amendment.

Biometrics for Identification and Screening to Enhance National Security [Complete text of NSPD 59 (HSPD 24)

Are Fingerprints Personal Data?

Fingerprints are considered to be among the most personal of information, and fingerprint databases created and proposed in the name of national security have generated much debate. Recently, “Server in the Sky” — a proposed international database of the fingerprints of suspected criminals and terrorists to be shared among the U.S., U.K. and Canada — has ignited a firestorm of controversy. As have cavalier comments by Homeland Security Secretary Michael Chertoff that fingerprints aren’t “personal data.”

Yet earlier this week, a measure creating a federal fingerprint registry totally unrelated to national security passed a U.S. Senate committee almost without notice. The legislation would require thousands of individuals working even tangentially in the mortgage and real estate industries — and not suspected of anything — to send their prints to the feds. The database and fingerprint mandates were tucked into housing and foreclosure assistance bills that just passed the Senate Banking Committee by a vote of 19-2.

The measure the committee passed states that “an indvidual may not engage in the business of a loan originator without first … obtaining a unique identifier.” To obtain this “identifier,” an individual is requiredto “furnish” to the newly created Nationwide Mortgage Licensing System and Registry “information concerning the applicant’s identity, including fingerprints for submission” to the FBI and other government agencies.

The fingerprint provisions are contained in a “manager’s amendment” that was hammered out by committee Chairman Chris Dodd, D-Conn, and Ranking Member Richard Shelby, R-Ala., on Monday and attached the next day to a broader housing bailout bill that had been scheduled for a comittee vote. That bill, the “Federal Housing Finance Regulatory Reform Act of 2008,” expands the lending authority of the Federal Housing Administration and the government-sponsored enterprises Fannie Mae and Freddie Mac to refinance the mortgages of troubled borrowers and banks.

The amendment adopted the fingerprint provisions in a section called the “S.A.F.E. Mortgage Licensing Act.” The fingerprints will be part of what the amendment calls “a comprehensive licensing and supervisory database.”

And the database would cover a broad swath of individuals involved with mortgage lending. The amendment defines “loan originator” as anyone who “takes a residential loan application; and offers or negotiates terms of a residential mortgage loan for compensation or gain.” It states that even real estate brokers would be covered if they receive any compensation from lenders or mortgage brokers. Since many jobs in both real estate and mortgage lending are part-time and seasonal, even some of the most minor players in the mortgage market may have to submit their prints.

Justifications listed in the bill for this database include “increased accountability and tracking of loan originators,” “enhance[d] consumer protection,” and “facilitat[ing] responsible behavior in the subprime mortgage market.”

I conducted a wide Internet search and found fingerprint provisions in some state bills, but I don’t know if any, or how many passed. But in my search, I could find no arguments explaining how, specifically, collecting the fingerprints of loan originators would better serve borrowers getting mortgages. I called the Senate Banking Committee asking this question, but my call has not been returned yet. (I will update OpenMarket readers when and if it is.)

I imagine that, yes, a fingerprint registry might stop an ex-con from handling loans, but I doubt it will make even a dent in the lending problems the bill aims to stop. And I would venture to guess that the vast majority of the problem mortages were handled by employees with no criminal record. Rather, this seem like another thoughtless idea that lets politicians brag that they are “getting tough” about a particular problem.

But this fingerprint database, in addition to the privacy violations, might create a host of new problems of mortgage fraud. Identity theft involving fingerprints is becoming a major concern among data security experts. Security consultant Bruce Schneier has argued that hackers can steal electronic images of fingerprints directly from the databases they are stored in. And there is virtually nothing in this bill about security procedures that would apply to this database.

It amazes me. We have wrenching debates about privacy and freedom vs. national security when it comes to proposed anti-terrorist programs. But then a smililar scheme is done in response to an economic problem, and it almost escapes without notice. A similar thing has happened with anti-money laundering requirements that mandate that banks effectively spy on their customers for possible violations of everything from drug laws to the tax code.