[LINK] Re: RFID Blocker from RSA: can it do a useful job? will it just make RFID killer stations impossible?

[Marcus Wigan]

>[Sounds like a circumvention device to me  (:-)} ]*
>
>"RSA's patent-pending Blocker Tag works by "shielding" chips within 
>close proximity, but the blocker does not interfere with normal RFID.
>
>"Blockers can't be used to circumvent theft-control systems or to 
>mount denial-of-service attacks," Kaliski says. "Instead, they work 
>by creating a hostile environment for scanners that are not 
>authorised to read information from legitimately purchased items."

This still cant work unless such a blocker chip is either carried on 
the person or attached to every RFID tagged item! It also begs the 
question as to what exactly authorises scanners to be able to read 
the chips anyway...

So, if someone wants to scan all the clothes in a cloakroom, or -say- 
a passport being physically checked, then such a blocker chip will 
not have any effect

How many people will carry-or be able to carry- an rfid blocker chip 
in a swimming pool etc? However it makes a (small) difference to the 
association of person and tag-perhaps.. as it is clear that the 
primary objective of dataveillance (to associate a person with a tag) 
is left unchanged- the credit card transaction will still be linked 
to the person at the place of purchase.. so any pickup of the rfid 
when the item is not with the person subsequently (at the dry 
cleaners?) will enable the trail to continue to be built up...

Id love to have someone explain to me how a blocker chip of this kind 
could do a lot.. consumers need-badly- to be able to turn off rfid 
chips permanently--- but this may now be another safeguard that will 
be debarred one way or another to support the ICAO passport biometric 
noncontact rfid embedded chips requirements being pushed through 
without any serious consideration of the implications (yes, I did 
secure all the ICAO materials on this area, and spent time with the 
Passport Act "consultation" which was more a sales pitch than a 
consultation, as we have become all too familiar with over recent 
years in all too many areas). So I can see two new problems

1. if such a chip as RSA is building is in wide circulation it will 
(as described) not be capable of doing anything very much to protect 
people from dataveillance after all

2 there will be a move to 'protect' the rfid noncontact passports- 
probably by making the use of a masking chip - or even if the rfid 
chip is disabled permanently intentionally or unintentionally a major 
offence (you know the terrorist thing). This would work so simply: if 
a noncontact rfid check of a passport (which of course can be done 
covertly and not just at the border check) comes up without a 
response then the carrier gets flagged to a lane that assumes no rfid 
style passport.. if the passport is later produced and is clealry a 
biometric/rfid passport (as will be obvious as it is waved over the 
reader) then the carrier gets flagged again and probably gets 
subjected to acute attention.. certainly any rfid blocker chip would 
quickly become forbidden in border crossing areas.. and this scenario 
even makes rfid burn out facilities (a logical and sensible way of 
dealing with leaving shops where RFID tagged goods are purchased (or 
suspected to have ben purchased) by the consumer..if the latter is a 
facility put in place by shopkeepers to enable public acceptance of 
RFID int he supply chin (and it may well prove to be necessary) what 
happens when an rfid biometric passport is being carried when any 
such temporary or permanent off-switch facility was being used?

3. The Passport Act civil servants were resolutely against even 
hearing any comments about the use and impacts of RFID biometric 
passports OUTSIDE birder crossing points.. you can see why...


4. The biometric aspects of the new USA mandated passport system seem 
to be less important (in some ways) than the uncontrolled tracking of 
passport carriers in foreign countries OUTSIDE border crossing 
points...ie anyone carrying a non-contact rfid chip equipped passport 
will be in exactly the same position as someone who unknowingly has a 
similar chip embedded in their precursor rfid equipped Gillette Mach 
3 razor pack or Benetton sweater..

its getting increasingly difficult to avoid the conclusion that 
privacy activists must develop a coherent and clear code of practice 
for all these related outcomes: the RFID noncontact biometric 
equipped passport is but a precursor to a national ID card with the 
same alarming features.. and the debates on national ID cards, RFID 
equipped driving licences and undisclosed noncontact active and 
passive (usually passive due to cost) rfid equipped items in the 
supply chain

The interactions between the different approaches are already making 
this a complex and difficult task.. and in an environment where 
dataveillance is hoped to assist in anti terrorist actions it is 
highly unlikely that any consumer protections from unexpected uses of 
these aspects of rfid equipped items will be permitted by 
governments, as the universal tracking of all the population is now 
in sight.. and how convenient that would be administratively (think 
centreLink think HIC think PBS.. etc)

This discussion was stimulated by the possibility of a blocking chip, 
and how it might actually help: it is clear that it cannot do what 
one might  hope for, and than RFID-Killer stations are going to be 
essential to maintain consumer confidence-- yet we now have (through 
the biometric noncontact rfid passport) a powerful argument for 
governments to debar even  simple rfid killer stations at supermarket 
checkouts ("they could be used to erase a passport chip....so they 
must not be permitted")..



So is the RSA blocking chip likely to be of any real citizen value? 
Will it simply make it harder to have an 'rfid cleaner station' 
service? Assuming that the passive rfid chips can be' burned ou't and 
not just temporarily switched off, as i think is the case...

Can anyone on the list comment on that specific point?

marc Wigan


*As Roger hints, Im also not entirely certain if the DCMA (we have 
"free trade" Howard style remember?) might not be usable to block 
such a blocker in the first place..


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.anu.edu.au/pipermail/link/attachments/20040406/5633652d/attachment-0001.htm