« September 2006 | Main | November 2006 »

October 27, 2006

Spychipped Credit Card Q & A

rfid-card-151.JPG

The recent NY Times article that reveals the security flaws of RFID-enabled credit cards has consumers wondering if the cards in their own wallets are putting them at risk. We've been getting lots of questions and thought it might be helpful to share some thoughts here about what steps cardholders can take to protect themselves and their identities.

Q. Am I really at any risk if I carry an RFID-enabled credit card?

A. Security researchers have demonstrated that someone can siphon your name, credit card number and other information from these cards right through your purse, backback, or wallet--without your knowledge or consent. If you tote the "spychipped" cards, you could be opening yourself up to identity theft and surreptitious tracking of your movements and behavior. This "someone" could be the credit card issuer or a retail store--it could also be a stalker or thief.

Q. Does my credit card contain an RFID tag? How can I tell?

A. Call your credit card company and ask if your card contains an RFID tag. RFID tags are so small and thin that they can be hidden within the plastic. An RFID tag communicates by silent, invisible radio waves. If you don't ask, you might never know that your card can beam back information like your credit card number, name etc. The exception is the American Express Blue card. You can see the RFID tag through the clear plastic.

Q. Don't credit card companies tell you when they send RFID-enabled credit cards and alert consumers to the information security issues?

A. Millions of RFID-enabled credit cards have been issued with innocent-sounding names like "Blink" and "EasyPay." Most consumers don't understand this is a way the card companies have been trying to get the public to accept the cards without needing to explain the serious privacy concerns. After all, the RFID industry's own studies have shown that 75% of consumers object to RFID on privacy grounds once they understand how it works and how companies plan to use it.

Q. What credit card brands contain RFID tags that have security issues?

A. I spoke with one of the researchers quoted in the NY Times article. He wouldn't reveal the names of the issuers of cards tested in the sample, but he said the team found problems across all brands, including Visa, MasterCard, and American Express.

Q. What should I do if my credit card contains an RFID tag?

A. We believe credit card companies should recall RFID-enabled credit cards that leak information about consumers. However, we haven't heard of any company taking this responsible action. It's going to be up to you to demand a replacement card that is spychip-free.

Most credit card issuers will send you a new card without an RFID tag at no charge. However, we've heard that American Express customer service representatives are telling consumers who call with concerns not to worry because they can disable the RFID functionality from headquaters.

The RFID-enabled American Express Blue card has dual functionality and contains two distinct credit card numbers. One number resides on the mag stripe. The other number resides on the embedded RFID tag. AMEX customer service representatives are likely disabling the card number that resides on the RFID tag in the company database. This should help prevent unauthorized purchases via numbers read by radio waves. HOWEVER, this is only a partial solution.

The tag within the card could still be read by authorized and unauthorized persons and be used to track you and your behavior. We are recommending that consumers demand a spychip-free version or take their business elsewhere. Do you really want someone to scan information about you through your purse, backpack or wallet without your knowledge or consent?

Note: Do not mail or throw away the RFID-enabled credit card before destroying the RFID tag. Tags can be read right through envelopes and trash. You can destroy the tag by shredding the card or by cutting or crushing the chip.

Q. Can I disable the RFID tag in my microwave?

A. Don't do it. While putting an RFID tag in the microwave can disable a tag, doing so can also start a fire and damage the microwave. (We recount our microwave disabling trials in our book "Spychips.")

If you have any other questions, send them to me, and I'll try to share an answer:

Liz@spychips.com.

- Liz McIntyre

Posted by liz at 5:54 PM | Comments (5)

Texas counties sign anti-NAIS resolutions

texas-road-sign.jpgDon't mess with Texas! I've said many times since 1999 when I first started CASPIAN that Texans are some of the most ornery, feisty, freedom-loving individuals in the country. And I love 'em to death.

The latest battle to hit Texas involves resistance to a Big Brother scheme to tag, number, and monitor every chicken, cow, and goat in America under the USDA's National Animal Information System (NAIS). The plan involves identifying all premises with livestock and registering them in a federal database. ("The first step in implementing the NAIS is registering each premises in the United States and assigning that location its own unique identification number," is how the USDA puts it.)

When NAIS becomes mandatory, if you own a food animal or a horse you will also be required to number it with an RFID tag or other numbering system and register it with the federal government. Then you'll have just 24 hours to report the birth, death, slaughter, transport, or sale of each and every animal -- or face huge fines.

That's the background, and it looked like the scheme was moving forward in Texas when state legislators agreed to comply last year. But the people who cooked this up didn't count on fierce resistance from Texas ranchers and small farmers. There's been a lot of hollerin' in Texas over this, and yesterday two Texas counties, Bandera County and Blanco County, signed anti-NAIS resolutions. The anti-NAIS farmers even got front page coverage in the Bandera Bulletin newspaper with a headline reading "Ranchers Prepare for a Revolution."

For those wanting more information on NAIS, click the extended entry below for links to the regulations, commentary, groups you can join, and various legislative efforts related to NAIS.

- Katherine Albrecht

Further resources on the National Animal Identification System (NAIS)

============

USDA NAIS website
http://animalid.aphis.usda.gov/nais/index.shtml

============

Yale-educated attorney Mary Zanoni's comments on NAIS
(Includes discussion of its constitutionality and enforceability)
http://www.organicconsumers.org/ofgu/ID060202.cfm

============

Clearinghouse for NAIS opposition
Run by Vermont farmer Walter Jeffries
http://nonais.org/

============

Farm and Ranch Freedom Association
Texas group opposing NAIS nationwide
http://www.farmandranchfreedom.org./

============

Tennessee legislation to prevent the state from participating in NAIS
http://www.spychips.com/blog/2006/03/tennessee_members_help_stop_an.html

See full text of the bill and actions taken to date here:
http://www.legislature.state.tn.us/

============

Texas legislation related to NAIS

First the bad news:

The Texas Legislature passed HB 1361 in 2005 authorizing the Texas Animal Health Commission (TAHC) to "develop and implement an animal identification system consistent with the U.S. Department of Agriculture's National Animal Identification System (NAIS)."

HB 1361
Signed into law 5/05, Effective 9/05
Text here:
http://www.capitol.state.tx.us/tlodocs/79R/billtext/html/HB01361F.htm

Then the good news:

TEXAS HB 47 would amend the statute making it voluntary, not mandatory

HB 47: Relating to prohibiting mandatory participation in an animal
identification system
http://www.capitol.state.tx.us/BillLookup/History.aspx?LegSess=793&Bill=HB47

Bill text:
http://www.capitol.state.tx.us/tlodocs/793/billtext/html/HB00047I.htm

Would repeal this section of the agriculture code:
http://tlo2.tlc.state.tx.us/statutes/docs/AG/content/htm/ag.006.00.000161.00.htm#161.056.00

============

Posted by Katherine Albrecht at 4:41 PM | Comments (1)

Aaron Russo's movie now widely available

freedom-to-fascism-poster.jpgThis just in from Aaron Russo, producer of the must-see film "America: From Freedom to Fascism":

"The time has arrived we are now offering the DVD for sale at the website for 19.95 or you can watch it on pay per view for $5 with the highest quality resolution on the internet or you can watch it for free on google video in a lower resolution. All of this can be done by going to the Freedom to Fascism.com website and clicking on your choice of how you want to view the film. The objective is to see the movie and wake up America! Have house parties and spread the message of freedom to fascism across the world. You may also sign up to become an affiliate. the ball is now in your court!"

I highly recommend this film as an eye-opening look at what's happening in America today and how it all got started. You can't leave the theater (or the pay-per-view, in this case) without feeling like you've just had your world shaken.

By the way, I am in the film (towards the end) where I discuss the VeriChip and RFID. (See my earlier blog entry on this). However, I should point out that I earn nothing from video sales. My desire here is simply to get as wide a viewship as possible for the important information this movie contains.

-Katherine Albrecht

Posted by Katherine Albrecht at 7:15 AM | Comments (0)

October 18, 2006

Getting chipped in Sin City

vegas-chip-implant-news-3-5550364_BG4.jpgvegas-poker-chips-548131_poker_chips_2.jpg

News 3 Las Vegas


This week in Las Vegas, supposedly "dozens of people" were implanted with VeriChip microchips at an osteopathic medical convention.

That's already weird, since osteopaths seem like the least likely people to want to turn human beings into numbered cyborgs. But several other things made this news story even weirder. First, there was the obvious enthusiasm shown by Las Vegas News 3 reporters Steve Crupi and Nina Radetich around the chipping.

The segment opens with Nina gushing:

"This afternoon, News 3's Steve Crupi watched several people get the computer chips inserted into their arms, which I'm sure was a blast!"

A blast? I'm guessing most people (even those who like VeriChip) instinctively flinch when they see huge needles piercing human flesh. Watching people get chipped sounds like about as much fun as watching spleen surgery.

But it gets worse. The people interviewed make wildly inaccurate statements that go uncorrected in the news story. Here's an example:

News 3 Reporter Steve Crupi: "Does it freak you out at all that you have this microchip in your body now?"

Newly chipped osteopathic physician Matthew Duke: "No, not at all... According to the manufacturer it has no problems with MRI scans or any problems along those lines. And if I want to take it out, it can be easily removed."

But the MRI incompatibility issue was clearly identified by the FDA as a problem. And the chips are anything but easy to remove.

By the way, chipped doctor Matthew Duke (who has no worries about the microchip implant) was the subject of an investigation by his state medical licensing board earlier this year. They issued him a "Letter of Concern" in July over an allegation of improper patient care. Sounds like he may be as careless about his patients as he is about his own wellbeing -- and his facts.

In another case of misleading and inaccurate information, VeriChip spokesman Marc Poulshock says that the implant contains "no antenna" -- which is completely false.

His exact quote is: "That's complete sci-fi. It's a passive chip, there's no power source on it whatsoever There's no antenna on it. There's no GPS feature to it at all."

But that's nonsense. In his 2005 testimony to a government comittee, VeriChip VP Richard Seelig explained that one of the principal components of a VeriChip is its antenna:

"The functional components [of an implantable VeriChip transponder] are an RFID (Radiofrequency identification) integrated circuit, a capacitor, and an antenna."

Will VeriChip spokespeople ever learn how to get through an interview without this kind of factual error? (I've heard them say far worse.) But News 3 just laps it up and asks for more -- Steve Crupi even enthuses over the advantages of someday chipping the military.

This is not the first time Las Vegas station KVBC (a local NBC afilliate) has promoted human chipping. Earlier this year, the station commissioned a poll showing many Las Vegas residents in favor of chipping immigrants. And in 2005 they promoted a plan to implant microchips into one thousand Las Vegas pets.

If you're concerned about the biased coverage of VeriChip by this station, take a moment to drop the reporters and producers a line:

Nina Radetich: nradetich@kvbc.com

Steve Crupi: scrupi@kvbc.com
Judy Greene, News 3 Producer: jgreene@kvbc.com

News 3 viewers deserve to get the whole story on human chipping, including the privacy downsides and medical risks.

Sources:

Print story: "Microchips becoming the latest medical accessory"
KVBC News 3, October 17, 2006

The video clip can be found on KVBC's page above, or find it mirrored here:
http://hoanewsnetwork.com/media/node/1539/play

- Katherine Albrecht

Posted by Katherine Albrecht at 12:24 PM | Comments (1)

October 17, 2006

Special Thanks to Cyber Line!

cyberline2.jpg
Research Engineer Kris (back left), Jessie Hail Storm (back right), and "Video Bob" Byron (front) pose for a picture after the show

Special thanks to Mick Williams' Cyber Line for inviting me out to the Dallas studio Saturday night. Nothing like live, in-person radio!

Golden throated Mick Williams was on leave so Video Bob took me and the crew out on the "flying sub" for a 1.5 hour cruise to the world of spychips, with an extended port call in VeriChip land. There we spent time carefully examining the the glass encapsulated tags for human flesh and comparing the injector device to things like razor sharp cocktail straws. (VeriChips are much larger than a grain of rice, and the guys are prepared to take evasive action after seeing these menacing tools.)

cyberline3a.jpg

You can tune in to Mick Williams' Cyber Line from 9 PM to 12 AM Central Time Saturdays on the USA Radio Network or on line at http://www.cyber-line.com. We'll post a link to the October 14 show as soon as it hits the Cyber Line archives.

- Liz McIntyre

Posted by liz at 10:27 PM | Comments (0)

October 14, 2006

Chip implants may work for animals, but not children

vets-office-260749_exam_room_2.jpg

The Houston Chronicle is reporting on a dog that was returned to its owner after straying 1,400 miles from home. The recovery was only made possible, the article implies, because the owners had injected a microchip into the dog's flesh.

Unfortunately, stories like this rarely explain exactly what the microchip does or how it is used to recover lost pets, leading many people to conclude that chip implants can be used to find anything that goes missing. But it doesn't work that way. If someone steals your dog or kidnaps your kid, the microchip in their flesh will not alert anyone to the crime, nor can it be used to track down the missing pet or child through some all-seeing satellite in the sky. That's because the read range on an animal (or human) implant is only around 12 inches.

Pet recovery scenarios only work if a missing dog winds up at an animal shelter or a veterinarian's office where the chip can be scanned. When staffers see a stray animal without a collar, they run an RFID reader over its flesh to look for a microchip implant. If the pet has been chipped, the implant will emit a 10-digit code that can be cross-referenced with a registry to identify and contact the owner.

This may work well for pets, but it would have no value at all in recovering abducted children, hikers lost in the woods, captured soldiers or kidnapped business executives. The chances of any of these people coming in contact within an implant reader are practically zero.

(Thanks to Rhonda for the link.)

- Katherine Albrecht

Posted by Katherine Albrecht at 7:28 AM | Comments (6)

October 13, 2006

Cashless cafe puts an end to anonymous meals?

cash-519778_money_1.jpg

National Public Radio is reporting on a cafe in Washington D.C. called "Snap" that won't accept cash. [Click NPR's "Listen" link to hear the audio.]

Though the story claims that refusing cash is legal in DC., it got me thinking about cash. The text on banknotes informs us that they are "legal tender for all debts public and private." But if this is really the case, shouldn't we have a legal right to use cash to settle a debt, regardless of a particular merchant's policy?

I had an experience a few years back where I incurred a debt for car repairs, but the dealer refused to take my cash as payment. When I arrived with several hundred dollars in hand to pick up my car, I was told that they would only take a check or a credit card. Only after a lengthy discussion, the threat of a lawsuit, and several phone calls, did they finally relent and give me back my car. One of my arguments centered around the "legal tender" language on the bills. "Do I owe you money?" "Yes." "Would you consider that a debt?" "Yes." "Then you are obligated to take this cash to settle the debt." It worked.

Whether the "debt" issue kicks in at the D.C. cafe is another question. Since it could be argued that a customer does not incur a debt until he or she consumes the restaurant's wares, a lot depends on how the restaurant is set up..If the cafe is the kind where customers put food on a tray and pay at a cashier station before eating it, the policy seems legally defensible.

If, on the other hand, customers order from the menu and consume the food or drink before the bill arrives, they have incurred a legitimate debt and should be able to use cash as "legal tender" to satisfy it.

It would be interesting to get the views of a lawyer on this issue. Does "legal tender for all debts public and private" really mean what it says? Several people have written to me over the years saying that they would consider filing lawsuits to retain their right to use cash to settle debts. If the cashless restaurant idea catches on, it may soon be coming to that. And people like me will be getting mighty hungry.

- Katherine Albrecht

Posted by Katherine Albrecht at 9:14 AM | Comments (1)

October 12, 2006

Do young people want microchip payment implants? Not really.

chip-implant-lies-flipped-501777_horror.jpg

The sky is falling! Or is it? .

A breathless report in yesterday's UK Daily Mail proclaimed that "young shoppers want to pay with chip in skin." While this headline is certainly explosive (it got the attention of the Drudge report), it is also utterly preposterous. If you read the article, you will quickly discover that young people do NOT want to "pay with a chip in the skin." Indeed, 92% of them said they did not.

Picking up a survey in which virtually all respondents say they would NOT do something and reporting it as a ringing endorsement is misleading journalism, plain and simple. The Daily Mail should be ashamed.

But assuming there was some real news here, how significant is it that 8% of teens said they'd get a payment chip? Just for kicks, I looked around the net at other studies of UK teens. Let's compare a few statistics. While 8% of teens say they would consider a payment chip implant, another survey shows that 20% of teens are experiencing psychological problems at any given time, and nearly a third of college students have contemplated suicide at some point in their lives. Contemplating suicide would seem far more dramatic than considering a chip implant, yet we don't read stories proclaiming that UK youth are lining up in droves to kill themselves.

What's more, a third of UK teens reported vandalizing property within the last year, a quarter reporterd shoplifting, forty percent had binged on alcohol, and half reported committing at least one criminal act. [Source] In other words, teens (as we know) are still trying to figure out the basic rules of social behavior and self-control, and are likely to harm themselves in the process.

Given these other eye-opening statistics, the amazing part of the chipping study is that more teens didn't agree, even on paper (where there's no reality check in the form of a massive hypodermic needle), to get a chip implant.

What all this boils down to is that, statistically speaking, teens prefer suicide over chip implants. The headline should instead read, "I'd sooner kill myself than get chipped."

-Katherine Albrecht

Posted by Katherine Albrecht at 10:38 AM | Comments (3)

Retinal Scans can reveal sensitive health and lifestyle info

retinal-scan-608275_iris.jpg

The eyes are the window to the soul, say the poets, but they may also reveal some very private information about you. Researchers have developed a scanning device that takes photos of the retina, then analyzes them for everything from medical conditions like high blood pressure and AIDS to drug use and pregnancy.

According to the article:

Many health problems show up in your eyes, potentially creating non-invasive tests for everything from cocaine to sickle cell anemia. Cocaine, alcohol, and other drugs can make the OSI a non-invasive drug test. Infectious diseases such as malaria, AIDS, syphilis, Lyme disease, and chicken pox all show up in your eyes. Interestingly enough, so does pregnancy–no more pink lines.... Even genetic diseases like leukemia, lymphoma, Stevens-Johnson syndrome, and sickle cell anemia affect the eyes. In addition, your eyes show signs of chronic health conditions like bleeding or clotting disorders, congestive heart failure, arthrosclerosis, and high and low cholesterol. Other poisons like botulism manifest themselves in the eyes, too.

Source: Retinal Scans Do More Than Let You In The Door
Physorg.com, August 31, 2006
http://www.physorg.com/news6134.html

The next time someone proposes retinal scanning as a security measure, say, at an airport terminal or for access to a job site, be sure to point out the potentially invasive nature of such scans.

-Katherine Albrecht

Posted by Katherine Albrecht at 8:12 AM | Comments (4)

October 5, 2006

Schwarzenegger's Support of RFID Tracking Technology No Shock

Arnold.jpg

Governor Schwarzenegger's veto of a bill aimed at protecting California citizens from surreptitious RFID tracking should come as no shock if you understand his penchant for paternalistic power.

In a 1990 U.S. News interview he was quoted as saying "My relationship to power and authority is that I'm all for it. People need somebody to watch over them. Ninety-five percent of the people in the world need to be told what to do and how to behave."

Senate Bill 768, known as the Identity Information Protection Act of 2006, was passed by state legislators last month. It was drafted to prohibit abusive tracking of people through RFID tags and give Californians control over personal information stored on RFID-laced identity documents.

Among other things, the bill would have provided "... that a person or entity that intentionally remotely reads or attempts to remotely read a person’s identification document using radio waves without his or her knowledge and prior consent...shall be punished by imprisonment in a county jail for up to one year, a fine of not more than $5,000, or both that fine and imprisonment." (See http://info.sen.ca.gov/pub/bill/sen/sb_0751-0800/sb_768_bill_20060901_enrolled.pdf)

Schwarzenegger was apparently aware that his failure to sign the bill could open the door to more Big Brother surveillance on California soil. He issued a statement explaining that he vetoed the bill because it could conflict with new government standards for identity documents like those to be issued for driver's licenses under the Real ID Act. (See http://gov.ca.gov/pdf/press/sb_768_veto.pdf)

The Real ID Act, passed in the spring of 2005, gives the Department of Homeland Security the right to set new federal driver's license standards. Privacy advocates and civil libertarians are not only concerned that these new standards will create a de facto national ID, but that this national ID will contain remotely readable RFID tags.

Homeland Security is already testing RFID tags in visitor documents, and it is on record as shopping for a very powerful form of the technology that could allow law enforcement to read documents secured in purses, wallets and even in cars speeding by at 55 miles per hour.

It wouldn't surprise me if the governor has already read our book "Spychips" and understands how RFID technology could be used to track, monitor, and control citizens. He's just the sort of character who would find added value in RFID deep organ implants for humans and IBM's RFID-based "PERSON TRACKING UNIT" that can follow people in places like shopping malls, libraries, theaters, museums, elevators and even restrooms. Why, with that kind of power, he could most certainly keep track of the 95 percent of his constituents that he seems to believe need close supervision and instructions on proper behavior.

For more on this story, see Martin Bosworth's article Schwarzenegger Terminates Spychip Bill at www.consumeraffairs.com/news04/2006/10/ca_spychips.html
and
Arnie Terminates RFID Bill at www.theregister.co.uk/2006/10/05/california_rfid_bill_terminated/

-- Liz McIntyre

Posted by liz at 3:01 PM | Comments (1)

October 4, 2006

Tracking Where You've Been

If you've read the foreward to Spychips, you know that sci-fi writer and futurist Bruce Sterling is up on all things RFID. He did a stint last year as Art Center College of Design's "Visionary in Residence," where he assigned his class to use their industrial and graphic design skills to come up with novel uses for RFID. Then he invited me to fly out to California and throw in my two cents at the end of the semester.

Some of the designs were nutty (a retirement home for the oversexed was one standout example, though the RFID connection was tenuous). Others were inventive, like the power diet that would turn you into Vince Lombardi if only you'd continually scan the spychips on all your food and workout equipment.

But one project really stood out in my mind, perhaps because the danger in it was so difficult for the students who'd created it to grasp. It was called "Kilroy," as in "Kilroy was here" of 1960's graffiti fame. The idea was to place passive RFID tags in the form of little stickers in public locations, like the doorways of clubs, music stores, restaurants, etc. as a sort of spychip graffiti. Whenever you saw one of these dots, you could aim your cellphone at it and download information about the venue from a social network, or add your own thoughts on the venue. ("The pad thai here is great, but avoid the duck salad," or "Look out, the bouncer at this place is a real jerk.".)

bruce-sterling-class-kilroy-rfid-stickers.jpg

That all sounds pretty cool, but a very different scenario immediately occurred to me. "Wait a minute, guys," I said. "If you put these things everywhere, bad people will use them to keep track of where you've been."

"Huh?" they responded."These things aren't readers, they're tags. They can't track anything."

"Maybe not, but if you put them everywhere, they'll act like little real world cookies, and eventually some device you carry around with you will suck the data off these tags as you pass, as a way to monitor your travels and activities. Somebody could download the data and see everywhere you've been and when."

"Huh?" they replied again unfazed and uncomprehending. I tried a few more times then finally gave up with a sigh.

I'd almost forgotten about that incident until this morning, when I learned that someone else has been thinking along the same creepy lines as me. But it's not your friend Sarah or Jodie wanting to tell you about the pad thai down at the Siam Palace. It's NTT, the mobile phone provider to most of Japan, one of the planet's biggest megacorps.

"...NTT DoCoMo recently developed a system that utilizes mobile phones and RFID tags to monitor and infer people's behaviors and deliver relevant information. The system uses mobile phones that have the RFID reader capability. Those RFID reader phones read tags embedded in retail stores, for example, and the software running on the phones sends out information such as the stores people visited.."

Source: Picturephoning.com (a trippy weblog with lots of RFID tidbits)
and Keitai Watch (In Japanese)

Sometimes it sucks to be right.

-Katherine Albrecht

Posted by Katherine Albrecht at 4:58 AM | Comments (5)

October 3, 2006

PC Magazine: "It's Time to Chip Yourself"

pc-mag-chip-yourself-headline-smaller.jpg

Hard to believe, but PC Magazine is advocating that people chip themselves with RFID. Never mind that the chips in question are not to be used for human implantation, per the company's own warning.

The text and images speak for themselves.

pc-mag-chip-yourself-image2.jpg

-Katherine Albrecht

Posted by Katherine Albrecht at 3:46 PM | Comments (3)