RFID : Applications, Security, and Privacy (Hardcover)
Simson Garfinkel, Beth Rosenberg
Radio frequency identification (RFID) technology is rapidly becoming ubiquitous as businesses seek to streamline supply chains and respond to mandates from key customers. But RFID and other new wireless ID technologies raise unprecedented privacy issues. RFID: Applications, Security, and Privacy covers these issues from every angle and viewpoint.
Award-winning technology journalist and privacy expert Simson Garfinkel brings together contributions from every stakeholder community—from RFID suppliers to privacy advocates and beyond. His contributors introduce today’s leading wireless ID technologies, trace their evolution, explain their promise, assess their privacy risks, and evaluate proposed solutions—technical, business, and political. The book also looks beyond RFID, reviewing the privacy implications of Wi-Fi, Bluetooth, smart cards, biometrics, new cell-phone networks, and the ever-evolving Internet. Highlights include
- How RFID and other wireless ID technologies work
- RFID applications—from gas stations and pharmacies to the twenty-first century battlefield
- RFID, privacy, and the law—in the United States and around the world
- RFID, security, and industrial espionage
- How Bluetooth and Wi-Fi can track individuals, with or without their permission
- Technical solutions to wireless ID privacy concerns—their values and limitations
- Stakeholder perspectives from EPCglobal, Inc., Gemplus, The Procter & Gamble Company, and other industry leaders
- The future of citizen activism on privacy issues
Clear, balanced, and accessible, this is the indispensable primer for everyone involved in RFID: businesses implementing or evaluating RFID; technology suppliers responding to user concerns; and policymakers and privacy advocates who want a deeper understanding of the technology and its implications.
Table of Contents:
1. Automatic Identification and Data Collection: What the Future Holds.
A Brief History of AIDC
The "Industry" That Isn't
The Interconnected World
Clear and Present Benefits
2. Understanding RFID Technology.
3. A History of the EPC.
A Mini-Lecture: The Supply Chain
The Auto-ID Center
Harnessing the Juggernaut
Definitions of Privacy
Mapping the RFID Discovery Process
Privacy as a Fundamental Human Right
Privacy Through Data Protection Law and Fair Information Practices
5. RFID, Privacy, and Regulation.
Some Current and Proposed RFID Applications
Whither Item-Level Tagging?
Understanding RFID's Privacy Threats
6. RFID and the United States Regulatory Landscape.
Current State of RFID Policy
RFID Policy Issues
Government Versus Individual Context
Business Versus Individual Context
Options for Government Leadership
Snapshot of Current Status
The Case for, and Limits of, EPCglobal Leadership
7. RFID and Authenticity of Goods.
A Few Important Concepts in Authentication
Authenticity of Tags and Authenticity of Goods
Authenticity of Goods and Anticounterfeiting Measures
Authentication of Readers
Authentication of Users Across the Supply Chain (Federation)
8. Location and Identity: A Brief History.
Place and Identity in a World of Habits and Symbols
Rethinking Identity: Beyond Traits and Names
9. Interaction Design for Visible Wireless.
The Role of Interaction Design
A Common Vocabulary
Designing and Modifying WID Systems
10. RFID Payments at ExxonMobil.
Interview with Joe Giordano, ExxonMobil Corporation
11. Transforming the Battlefield with RFID.
Logistics and the Military
12. RFID in the Pharmacy: Q&A with CVS.
CVS and Auto-ID
Project Jump Start
RFID in the Store
Making RFID Work: The Back End
13. RFID in Healthcare.
14. Wireless Tracking in the Library: Benefits, Threats, and Responsibilities.
RFID System Components and Their Effects in Libraries
RFID in U.S. Libraries
Best-Practices Guidelines for Library Use of RFID
15. Tracking Livestock with RFID.
RFID Has to Prove Itself
Putting RFID to Work
RFID and Livestock Marketing
RFID World Livestock Roundup
16. RFID: The Doomsday Scenario.
RFID Tags and the EPC Code
A Ubiquitous RFID Reader Network
Watching Everything: RFID and the Four Databases It Will Spawn
17. Multiple Scenarios for Private-Sector Use of RFID.
Scenario 1: "No One Wins"
Scenario 2: "Shangri-La"
Scenario 3: "The Wild West"
Scenario 4: "Trust but Verify"
18. Would Macy's Scan Gimbels?: Competitive Intelligence and RFID.
So, Who Wants to Know?
19. Hacking the Prox Card.
Reverse-Engineering the Protocol
Protecting Against These Types of Attacks
Bluetooth Security and Privacy Attacks
IV: TECHNICAL SOLUTIONS.
21. Technological Approaches to the RFID Privacy Problem.
The Technical Challenges of RFID Privacy
Tags with Pseudonyms
Technology and Policy
22. Randomization: Another Approach to Robust RFID Security.
The Problems in RFID Security
23. Killing, Recoding, and Beyond.
RFID Recoding and Infomediaries
V: STAKEHOLDER PERSPECTIVES.
24. Texas Instruments: Lessons from Successful RFID Applications.
Toll Tracking: Who Knows Where You Are Going?
Contactless Payment: Are Safeguards Already in Place?
RFID and Automotive Anti-Theft: Staying Ahead of the Security Curve
How and What We Communicate
25. Gemplus: Smart Cards and Wireless Cards.
What Is a Smart Card?
Smart Card Communication and Command Format
Card Life Cycle
Smart Card Applications
Protocols and Secure Communication Schemes
Constraints of Contactless Products
Contactless Products and the Contact Interface
26. NCR: RFID in Retail.
Inventory Management Applications
27. P&G: RFID and Privacy in the Supply Chain.
Procter & Gamble's Position
RFID Technology and the Supply Chain
Global Guidelines for EPC Usage
28. Citizens: Getting at Our Real Concerns.
Prior to the Point of Sale
After the Point of Sale: Nonconsumer Goods
After the Point of Sale: Consumer Goods
After the Point of Sale: Privacy Interests
Eliminating the RFID Threats to Privacy
29. Activists: Communicating with Consumers, Speaking Truth to Policy Makers.
RFID Characteristics That Threaten Privacy
Proposed Technology-Based Solutions
Is Consumer Education the Answer?
Calling for a Technology Assessment
30. Experimenting on Humans Using Alien Technology.
The Surveillance Society: It's Already Here
A Trick to Overcome Resistance
Constituents to Change-and to Stasis
Privacy Advocates Own This Story
Privacy, Change, and Language
How to Make Consumers Demand Change (and RFID)
31. Asia: Billions Awaken to RFID.
Factors Separating Western and Asian RFID Experience
The Extant Paper Database and Electronic Credit Card Systems
RFID in India
RFID Across Asia
32. Latin America: Wireless Privacy, Corporations, and the Struggle for Development.
An Overview of Wireless Services Penetration into Central America
Pervasiveness of Telecommunications in Central America
An Overview of Privacy Across Latin America
Conclusions: Privacy, Poverty, and the Future
Appendix A: Position Statement on the Use of RFID on Consumer Products.
Appendix B: RFID and the Construction of Privacy: Why Mandatory Kill Is Necessary.
Appendix C: Guidelines for Privacy Protection on Electronic Tags of Japan.
Appendix D: Adapting Fair Information Practices to Low-Cost RFID Systems.
Appendix E: Guidelines on EPC for Consumer Products.
Appendix F: Realizing the Mandate: RFID at Wal-Mart.