A Response to AIM Global's Toothless Critique of Spychips
by Liz McIntyre, Spychips co-author


Spychips AIM Global* sinks its gums into our book, shaking it almost imperceptibly from side to side before collapsing into agreement with us in its recent critique of Spychips: How Major Corporations and Government Plan to Track Your Every Move with RFID. After some yowling and scratching around in a gratuitous showing for its members, AIM reluctantly comes out with it: The planned RFID applications revealed in Spychips are "more than a little disquieting" and "the book does contain some valid concerns."

AIM attributes these "disquieting proposals" to to unnamed "marketers who were testing their customers' reactions." But these proposals are hardly the work of anonymous peons. For the record, they include IBM's patent pending "Identification and Tracking of Persons Using RFID-Tagged Items," Procter & Gamble's patent pending "Systems and Methods for Tracking Consumers in a Store Environment," and NCR's patented "Automated Monitoring of Activity of Shoppers in a Market." We bag some big game in the pages of Spychips.

Those with the patience to read through AIM's rambling review will see how carefully it avoids mentioning the fate of its corporate masters in what winds up as a heroic, but ultimately feeble attempt at damage control. We've caught key players red-handed with their own people tracking plans, and it's all documented and footnoted in Spychips. No wonder the RFID industry is doing everything it can to keep the world from reading what we've found.

* AIM Global is trade association that represents the interests of the automatic identification industry. Its members are "manufacturers or service providers of technologies such as radio frequency identification." AIM's vision is "To be the leading force that will drive the pervasive use of AIDC technologies and services in all geographies and industries."


AIM Global writes:

To truly point out all of the flaws in this tome would, itself, require an entire book, but it is important for us to point out the most egregious errors and faults immediately. Left unchecked, consumers, the media, business leaders, and government officials could proliferate this misinformation, draw faulty conclusions, and ignore the current benefits and promise of RFID.

AIM Global never delivers on its promise to point out "errors and faults" in its opinion piece, "Spychips: Fact or Fiction?". Read past the opening bravado and you'll find that AIM Global not only fails to point out "egregious errors and faults" but it actually ends up agreeing with us that "there is reason to be concerned." Consumers, the media, business leaders, and government officials would do well to read Spychips to see what has Aim Global so alarmed.


AIM Global continues:

For conspiracy buffs, this book makes a great read. It has just enough technical detail to lend it an air of credibility and more than enough nightmarish speculation to make it truly frightening -- which is exactly the point of any good horror novel.

We've been told that Spychips reads like a techno-thriller, but its contents are based on the RFID industry's own sworn public documents, statements, and promotional materials. If AIM finds these plans frightening, it's hardly our fault.


AIM Global continues:

As a fact-based book, it's sadly flawed. The foreword by Bruce Sterling of Wired.com sums up the fundamental problem with the book.

According to Sterling, "But RFID [radio frequency identification] is not high-tech or hard to understand. It is not confusing, sophisticated, or arcane. RFID is very dumb computer tech, the kind of computer tech that even grocers can understand."

It's true, in the same way that rocket science isn't really high-tech, confusing or arcane. It's something lots of elementary school students understand. After all, all you have to do is fill a tube with some kind of fuel, point it in the right direction, provide some rudimentary guidance and light it off. Simple.

Of course, there are all these nasty, complicated details about metallurgy, aerodynamics, electronics, chemistry and stuff like that if you want to build a real rocket but, fundamentally, rocket science is no big deal.

The same is fundamentally true of RFID. The concept is fairly simple. Take a basic memory chip capable of containing data, make it capable of responding to an interrogating RF signal and develop a way to read the response. Fairly basic. Understanding the physics that governs the propagation of RF and developing functional systems are considerably more of a challenge.

AIM Global seems disappointed that we didn't write an RF compendium a la Klaus Finkenzeller. How silly! Our goal was to lay out the planned future of RFID so citizens can protect their privacy and civil liberties, not write an engineering textbook.

When Philips applies for a patent that talks about placing an RFID tag in your shoe in order to track you with a reader in the floor, it doesn't take a degree in RF engineering to see how that poses a threat to your privacy.


AIM Global continues:

The book does contain some valid concerns and highlights some of the more outlandish claims made by RFID proponents. There's no denying that there is reason to be concerned -- not so much about RFID technology but about the security of databases that already contain detailed information about consumers' purchasing habits and other intimate details. And there's no denying that marketers have posited some rather disquieting proposals.

If anything, the invasiveness of today's databases should be a warning cry against futher empowering corporate snoops with the power of RFID. AIM Global is correct that "there is reason to be concerned" about databases--even more so if those databases are enhanced with tracking information from RFID tags. That's precisely why we wrote the book.

The databases that exist today are child's play compared to the ones planned for the RFID-enabled future. While today's databases prove the desire of companies to amass huge amounts of information about us, they are limited by existing technology. What we lay out in Spychips are detailed plans to pad those databases with information that would be impossible to catalog and collect in other ways.


AIM Global continues:

What the book mostly offers up, however, is a lot of conjecture, old news, unfounded assumptions, and a hodgepodge misrepresentation of the capabilities of various types of RFID -- even as the book admits the technology's limitations.

What AIM Global fails to recognize is that we're not making this up: The industry is. Companies like IBM, Procter & Gamble, Philips, BellSouth, Bank of America, and NCR have been thinking up invasive applications of the technology for several years, unbeknownst to most people outside of the industry's inner circle. We assume that even AIM Global was unaware of them. Or is the organization saying it also knew about plans for people tracking and simply looked the other way?

What's more, this is by no means old news. Even today, invasive RFID patent applications continue to be filed with alarming regularity.

If RFID technology isn't up to the task represented in sworn patent documents on file at the United States Patent and Trademark Office, then we have yet another problem. Prior to filing for a patent, the inventor must sign a statement swearing the information to be submitted is true. What's more, false statements are punishable by fine, imprisonment, or both. Here's the language from the patent application form:

"I hereby declare that all statements made herein of my own knowledge are true and that all statements made on information and belief are believed to be true; and further that these statements were made with the knowledge that willful false statements and the like so made are punishable by fine or imprisonment, or both, under 18 U.S.C. 1001 and that such willful false statements may jeopardize the validity of the application or any patent issued thereon."

We encourage AIM Global or anyone else who has proof the patents exposed in our book contain false or misleading statements about RFID technology to contact us. That's a story we promise we would follow through to conviction and sentencing--guaranteed!


AIM Global continues::

Interestingly, it claims that "The Internet of Things" that visionaries postulate will be facilitated through RFID, "…was supposed to be invisible to all but its corporate and military masters" as if the authors were unaware of the many websites and public presentations promoting the technology and the "Internet of Things." This make-believe conspiracy then makes everything that follows seem far more credible.

Here AIM Global is commenting on the foreword written by noted Wired commentator and bestselling author Bruce Sterling, who also happens to be the visiting RFID scholar at Art Center College. We agree with Sterling on his assessment of the industry strategy as would anyone familiar with the cache of confidential RFID industry documents we exposed in the summer of 2003.

These documents included public relations plans outlining how to "drive adoption" despite the industry's own internal studies that showed 78 percent of consumers objected to RFID on privacy grounds. A June 2002 PR document "Message Development" advised, "The best communication strategy appears to be positioning the technology simply as an improved barcode" because "'selling' the technology, the vision or the consumer benefits exacerbates consumer's problems." The document also discussed "construct[ing] a proactive message framework to minimise negatives arising," and developing "best messages to pacify" should unfavorable press stories arise. The industry realized that if people knew the details about what was planned, there would be a public backlash.


AIM Global continues:

The book also claims that an electronic listening device developed by the Soviet Union in the 1950s was the prototype for modern RFID tags. How a microphone and active transmitter equate to a dumb memory chip without an active transmitter is not explained. Nor is the fact that RFID was developed by the Allies in the 40s as a friend/foe identification for aircraft.

Soviet school children gave U.S. Ambassador Averell Harriman a carved wooden replica of the Great Seal of the United States on July 4, 1945, just prior to the end of World War II. Harriman hung the gift on the wall of his Russian embassy office, unaware the plaque contained hidden passive radio frequency technology inside that could be used to listen in on his conversations.

We believe AIM Global is confused about the time frame because, believe it or not, the U.S. government didn't find the covert radio frequency device hidden inside the plaque until 1952--over six years later--precisely because the device was passive, just like most RFID tags planned for consumer products. (There was no active transmitter!) Russian agents could activate the hidden passive technology by aiming invisible radio waves at the plaque in his office from a van parked outside, then turn off the waves during bug sweeps to avoid detection.

It would be a convenient move to narrow the definition of radio frequency identification in order to distance the technology from some of the original, stealthy uses, but we're not going to let the industry off the hook that easy.

In a whitepaper titled "RFID Explained," one of the industry's most respected chroniclers of the technology, IDTechEx, defined RFID as "any device that can be sensed at a distance by radio frequencies with few problems of obstruction or misorientation." Certainly, the Great Seal device fits that definition, and referring to it as an "early form of RFID in its debut performance as a spying technology" is appropriate.


AIM Global continues:

Cataloging all the book's flaws would require a book in itself.

Once again, we're told that it would take an entire book to document the supposed numerous errors, but we're nearly half-way through the review and have yet to see a valid argument against the book's contents. For those who hate suspense, we'll tell you up front, there aren't any to follow, either. But do read on.


AIM Global continues:

However, there are some common threads for the majority of the book's attacks on RFID.The fundamental flaw of the book is that it supposes that any RFID tag could be read at a great distance and even through a brick wall.It doesn't actually come out and say that, however. It just mentions all the different capabilities of RFID without differentiating between the very different characteristics of each frequency and type of RFID.

AIM is right. We don't say that any RFID tag could be read at a great distance. In fact, we make sure to point out in our chapter "Adapt or Die" that a short read-range can be more invasive than a long read range in some cases. You don't need to be able to read tags from hundreds of feet away or from a satellite to invade people's privacy. For example, if you want to read an RFID tag in someone's shoe to determine exactly who is standing in a particular place, a short read range would be more effective than one that would pick up all the tags in the room.


AIM Global continues:

The book also states there's a computer in the tag -- something that's true only of one type of RFID, the aptly-named "smart card" (with an effective read range of about 10 cm or 4 inches). But the book makes no mention of that fact.

We never state anywhere in the book that "there's a computer in the tag." We do mention the silicon computer chip in our RFID definition. Perhaps AIM Global is confusing our work with that of its member company Intermec Technologies. Intermec answers the rhetorical question "What is RFID?" in its white paper "RFID Technology in Retail" posted at AIM Global's own website. In that paper, Intermec explains that "An RFID system typically includes...a tag or label that is embedded with a single chip computer and an antenna." [emphasis added]. Oops.


AIM Global continues:

Once the inference about the broad capabilities of the technology is made, however, it is an easy hop-skip-and-jump to the assumption that it will be easy to covertly read a plethora of tags on a person or in a wallet or purse from a distance. While there are sections in the book that acknowledge that existing tags aren't capable of such performance, the self-titled "nightmare scenarios" in the book act as if this is a fact. The book assumes that "as technology improves" it will become possible.

Most of the "spying" and "nightmare" scenarios are based on this misrepresentation of the technology and its capabilities.

Actually, the self-titled "nightmare scenario" we lay out in our chapter of the same name says nothing at all about reading tags at a distance. It requires no advances in technology and needs only a few centimeters of read range. We write in that chapter that "in a cashless society where an ID swipe is required for nearly every activity, pay phones could be programmed to withhold dial tones, subway gates could remain firmly closed, and store equipment could refuse to ring up [purchases]… for the "wrong" kind of person." (p. 211) The technologies needed to do these things exist now and are being more broadly adopted every day.

As for scenarios requiring a longer read range, AIM Global should address those "nightmare scenarios" with the companies filing for patents and distributing promotional materials that spell out ways to track people at a distance. We encourage AIM Global to expose any misrepresentations these companies may have made in their sworn patent filings. Remember: we are just the messengers. The book is based on the industry's own words and ideas.


AIM Global continues:

The book suggests that governments will soon begin tagging currency to remove the anonymity of cash transactions. However, on March 18, 2004, Katherine Albrecht, speaking on Alex Jones' radio program, admitted that this wasn't practical and, in fact, there were less expensive ways already in existence to do just this. But it remained in the book.

In Spychips we mention that both the Japanese Government and the European Union reportedly have discussed putting RFID Mu chips in their currency. We cite a 2003 Infoconomy article by journalist Rob Buckley who reported "[Hitachi] is already in talks with Japanese and European currency printers to embed [Mu] chips into high denomination Yen and Euro notes."

Common sense and efficiency haven't been hallmarks of government programs in the past, and we have no reason to believe inefficiencies would stop any government from chipping cash, even our own. Reminder to Katherine: don't give the g-men too much credit.


AIM Global continues:

It also supposes a massive database that collects information on every item bought by every individual that could be used to track them wherever they go utilizing an amazingly complex network of readers in strategic locations throughout the country, in individual's backpacks -- and even in your bathroom. Again, it "could" be possible.

First, it's not a far-fetched notion that point of sale records would be collected and consolidated. Information aggregators like Information Resources, Inc. (IRI) are already doing this with data from thousands of U.S. food, drug, and mass merchandise stores. Why wouldn't companies like this one day include RFID tag numbers in their data offerings?

Second, the United States government is already purchasing and fishing through private sector transaction information to find interesting relationships and, yes, even do some tracking of activities. And, of course, the Defense Department's Total Information Awareness program was supposed to consolidate not only all purchase records, but even phone records and bank records. (While the program was defunded, some believe it is still operating outside the purview of Congressional oversight.)

Third, the industry has already developed the means to consolidate and share data from RFID tags through the Internet in real time. As AIM Global should know, this EPC Network (aka "The Internet of Things") has been on the drawing board for years.

The RFID industry's own insider literature has promoted "a world in which low-cost RFID tags are put on every manufactured item and tracked using a single, global network as they move from one company to another and one country to another. Indeed, we envision individual items _ cans of Coke, pairs of jeans and car tires _ being tracked from the moment they are made until the time they are recycled."

With the quick proliferation of WI-FI hotspots, why would AIM Global question the industry's vision for "a single, global network" of strategically placed readers?


AIM Global continues:

The book does cite a variety of published statements and patent applications -- and some of these citations are, in fact, more than a little disquieting. However, the book assumes that even the most hair-brained of these statements or strangest patent applications will be employed. Many statements were made by academicians and marketing theorists exploring possible uses -- or worse -- by technology marketers who were testing their customers' reactions. What's more, companies file many patent applications in hopes that one of them will pay off some day -- directly or indirectly.

We are certainly hoping these "disquieting" RFID applications are never deployed. We believe our book will be instrumental in helping prevent such ideas from every being foisted on the public. By the way, we think it's a good idea to put a name and face to the "marketers" who AIM claims are "testing their customers' reactions" to invasive people tracking plans. For the record, the "disquieting" applications and "hair-brained" statements are made in patent filings assigned to companies like IBM, Procter & Gamble, NCR, Philips, BellSouth, and Bank of America.


AIM Global continues:

The real problem with the book is that these concepts are often spun off into speculation about what might be the "logical" extreme of a particular thought. These conjectures are then later used as supporting "evidence" for other, equally far-fetched conjectures.

For example, in referring to the REAL ID Act, which mandates standardization of information on U.S. drivers' licenses and a machine-readable representation of its data, the book concludes that RFID will be the machine-readable method of choice. It ignores the fact that the existing two-dimensional bar code on licenses already contains much of this information and could easily contain all that's been mandated.

If AIM Global honestly thinks the United States government wouldn't embed RFID tags in driver's licenses, its executives need to take a look at the State Department's plans for RFID-enabled passports.

What's more, they should read the details of a July 2005 RFP (request for proposal) RFI-05-01 posted by the U.S. Department of Homeland Security. While the stated aim of this RFP is to evaluate RFID tags attached to visitor documents for the U.S. Visit program, the announcement adds that "the potential applications" for such technology are "broad." Driver's licenses aren't mentioned directly, but some of the capabilities the Department is seeking should have us all objecting if it even suggests embedding RFID tags in driver's licenses. Here are just a few of the "high level goals" that submitted RFID solutions are supposed to meet:

— The solution must support the need to identify the exact location of the read such as a specific pedestrian or vehicle lane in which the token is read.

— The solution presented must sense the remote data capture technology carried by a pedestrian traveler (i.e.,the token) at distances up to 25 ft.

— The solution presented must sense all tokens carried by travelers seated in a single automobile, truck, or bus at a distance up to 25 ft while moving at speeds up to 55 mph.

— For bus traffic, the solution must sense up to 55 tokens.

— The accuracy and reliability goals of the data capture process are 100%.

— For a successful read, the traveler should not have to hold or present the token in any special way to enable the reading of the token's information. The goal is for the reader to sense a token carried on a traveler's person or anywhere in a vehicle.


Aim Global continues:

It also misrepresents the FDA's encouragement of RFID tagging of shipments of Class 1 pharmaceuticals and, eventually, all pharmaceuticals in the supply chain. The book suggests that this will automatically extend to your purse or medicine cabinet. No such mandate is issued or anticipated. The purpose is to track cartons and pallets and help ensure pharmaceutical purity. But this is somehow bad, despite the fact that drug counterfeiting is now more lucrative for organized crime than illegal drug traffic.

Our representation of the FDA's actions are entirely accurate. We never claim the FDA would issue a mandate that medications be tracked in your purse or medicine cabinet. What we do say, however, is that the industry wants to monitor people's medicine cabinets. On pages 114-115 of Spychips we explain how both Intel and Accenture have developed ways to do just that.

But the FDA should not be let off the hook so easily, either, since it continues to escalate the talk about RFID-tagging of pharmaceuticals to the point of absurdity. In a September 20, 2005, speech, Scott Gottlieb, Deputy Commissioner for Medical and Scientific Affairs at the FDA, suggested going beyond the tagging of pharmaceutical bottles that might be found in purses or medicine cabinets. He suggested that one day there might be RFID tags within the individual pills themselves.


AIM Global continues:

The book's purpose is clear from the beginning. It instantly demonizes the technology by labeling everything a "spychip." (The chapter suggesting both Stalin and Hitler would have loved RFID was especially moving.) Were anyone to suggest the authors were "fear mongers" or "publicity seekers" rather "concerned citizens" and "privacy advocates," there would be an immediate, negative reaction -- and justifiably so. Using inflammatory terms in a supposedly serious work tends to undermine the work's authority. However, the book does consistently uses pejoratives in referring to the technology and its potential use -- even if it has to really stretch a point to do so -- as if to rouse an emotional rather than intellectual response.

For example, where RFID tags were used to track patients in an emergency room trauma center, the book calls this "spying" on patients and treating them like "objects." When it was suggested geriatric patients might benefit from having RFID monitoring of their activities and medications, the book leaps to a scenario where the individual is actually controlled by the monitoring system -- in effect, made a prisoner in his or her own home.

We've never masqueraded as cheerleaders for RFID technology. We oppose its use on consumer items, and make no bones about it. It's hard to feel warm and fuzzy about a technology that gives rise to creations like IBM's "person tracking unit."


AIM Global continues:

The book also pretends that there has been no response from professional organizations such as the International Association of Privacy Professionals (IAPP) which has presented seminar sessions on RFID and privacy concerns for the past two years.

On the contrary. There has been a tremendous outcry against the technology from privacy professionals. As we highlight in the book, over 40 of the world's leading privacy and civil liberties organizations joined with us in endorsing the "Position Statement on the Use of RFID in Consumer Products." In that statement, well-known organizations including Privacy Rights Clearinghouse, the ACLU, Privacy International, the Electronic Frontier Foundation (EFF), the Electronic Privacy Information Center (EPIC), and individuals like noted tech reporter, author, and MIT researcher Simson Garfinkel called for a voluntary moratorium on item-level RFID tagging of consumer products. We are not the only ones concerned about the potential end game for this technology.


AIM Global continues:

It also acts as if there has been no positive response to the concerns of privacy advocates from industry. Both EPCglobal, the group responsible for turning MIT's theories into a workable system, and AIM Global, the trade association representing RFID manufacturers, have both issued policy statements on RFID and privacy that closely resemble CASPIAN's "Bill of Rights."

AIM's policy states:

AIM Global believes that policies and procedures should be put into place to ensure consumers rights, namely:

The right to know whether products contain RFID tags.

The right to have RFID tags removed or deactivated when they purchase products.

The right to opt out of RFID-enabled services.

The right to access an RFID tag's stored data.

The right to know when, where and why the tags are being read

Sure, AIM Global and EPCglobal have recommended RFID guidelines, but without an enforcement mechanism, they are meaningless. For example, a prominent member of EPCglobal, Checkpoint Systems, Inc., has a business model predicated on violating the notice provision of EPC's guidelines--hiding RFID tags in consumer items for theft prevention. When asked about this practice, EPCglobal president Mike Meranda told Katherine that since adherence to the standards is "voluntary," EPCglobal would take no actions to stop Checkpoint from flaunting its guidelines.

How would the mere existence of such unenforceable guidelines prevent companies from making good on their patent pending plans to spy on us in invasive ways?

By the way, CASPIAN has never written a "Bill of Rights" for RFID. We're hoping consumers will vote "no" to the technology with their pocketbooks so such a bill will never be necessary.


AIM Global continues:

What's more, AIM Global took on the challenge of producing a distinctive emblem to be placed on any RFID label or tag to indicate the type of RFID being used -- an emblem that is being incorporated into standards on the international level.

We understand that AIM Global has developed an emblem, called "The Mark™" as a means to indicate when RFID is present. AIM should know that the emblem's designation as "The Mark™" has already raised considerable concern in the Christian community because some are making a connection with the mark described in Revelation, the last book of the Christian Bible. Placing "The Mark™" on consumer items or using it to indicate the presence of human RFID implants would create a spectacular backlash.


AIM Global continues:

If this book had been published in 2003, some points that were raised might have been valid. The fact is, however, many of the concerns expressed in the book have either been (or are being) addressed, and many of the scary "facts" have been shown to be highly overstated, not technically feasible, or just plain bad judgment on the part of some marketing concerns.

Once again, we encourage AIM Global to report any false statements on industry patent documents....<Yawn>


AIM Global concludes:

AIM remains committed to ensuring that the right technology is applied to the right situation in the right way. AIM is also committed to education of its members, the public, businesses and governments about privacy concerns and to exposing bad implementations of the technology. AIM publishes a free e-newsletter on RFID (both the good and the bad) as well as relevant news. It, and other information, can be found at www.rfid.org.

Given its commitment to to exposing "bad implementations" of RFID technology, we're sure AIM Global will find Spychips an invaluable reference. ;-)

Liz McIntyre


###

home | overview | faq | blog | press | get involved | about us

The Spychips website is a project of CASPIAN, Consumers Against Supermarket Privacy Invasion and Numbering.
2003-2007 Katherine Albrecht and Liz McIntyre. All Rights Reserved.