Dismantling the RFID Journal's critique of Spychips
by Katherine Albrecht, co-author of Spychips
November 14, 2005

This was written in response to a critique titled "Spychips Book Fails to Make its Case" published in the RFID Journal on October 24, 2005.


SpychipsIt's little surprise the RFID industry and its corporate supporters have come out swinging against our new book, Spychips: How Major Corporations and Government Plan to Track Your Every Move with RFID. After all, the book devastates their claims that RFID poses no risks to personal privacy and that no one wants to abuse the technology. We show indisputably that many key players in the industry have some very bad plans.

The truth is that RFID could soon become one of the most powerful surveillance tools in history, giving its corporate masters unprecedented ability to track and control people. With hundreds of footnotes and impeccable research, Spychips makes an air-tight case that some of the biggest corporations in the world have spent plenty of time and money developing ingenious ways to do just that.

The word is getting around quickly. On its release last month, Spychips flew to the top of the Amazon bestseller charts as a #1 "Mover and Shaker," hit the top ten Nonfiction bestseller list, and spent over a month as a Current Events bestseller. In a single month, the book has sold thousands of copies and is now in its fourth printing. What's more, it has received rave reviews from the journalistic and privacy communities, who have called it "brilliantly written," "stunningly powerful," and "scathing."

No wonder the industry is scared.

Anyone who has read the book knows that as soon as the general public discovers what's being planned for RFID there will be hell to pay. The threat is being taken seriously enough that major RFID promoters like Mark Roberti, editor of the RFID Journal, have devoted considerable effort to stemming the damage. At least that's the most obvious explanation we could find for Mr. Roberti's expending five pages of prime Internet real estate to discussing everything about our book except its central point -- namely that:

Major corporations have been caught red-handed describing ways to use RFID to spy on the rest of us.

Reading Mr. Roberti's rebuttal is like entering an alternate universe. Though he states that "the authors' claims go to the heart of the privacy issue and, therefore, deserve to be examined in depth," he gives our claims only the most cursory mention, ignoring scores of pages of evidence and documentation that prove companies not only recognize RFID's human tracking capability but have developed ways to harness it.

Why doesn't Mr. Roberti mention sworn patent documents from IBM describing ways to secretly follow innocent people in libraries, theaters, and public restrooms through the RFID tags in their clothes and belongings? Where is his outrage over BellSouth's patent-pending plans to pick through our garbage and skim the data contained in the RFID tags we discard? To the extent Mr. Roberti mention patents at all, he dismisses them as reflecting a desire to serve customers better, but the disturbing patents we have found reveal a corporate mindset that cannot be so easily dismissed.

In his five-page rebuttal, Mr. Roberti completely avoids other embarrassing corporate schemes, too. There is no mention of Philips' plans to capture "hidden" RFID data from the products in our homes and send the results to marketers -- through our own appliances, no less. Of course, since Philips is a major RFID Journal advertiser, it shouldn't surprise us that Mr. Roberti also neglects to tell his readers that the company has patented plans to place nearly imperceptible RFID tags in shoes -- with the goal of later interrogating them through readers in the floor.

Those aren't the only cold, hard facts in our book that Mr. Roberti ignores. Much of his nearly 3,400 word critique is spent on politics, despite that fact that only a small portion of our book deals with that topic. Given his obvious interest in government abuse, we might have expected Mr. Roberti to have at least mentioned the fact that hundreds of people were tracked with RFID animal tagging technology designed for use on feed cattle and lab rats -- by our own government. And Mr. Roberti steers way clear of mentioning deep organ implants that can remotely electroshock people, and bulletproof, hypodermic needle armbands that can knock individuals to the ground unconscious.

Of course, we recognize that Mr. Roberti cannot directly acknowledge the dirty laundry we've exposed by detailing the embarrassing plans of key RFID industry advertisers and longstanding sponsors. As the industry's chief "journalistic" cheerleader, the RFID Journal knows that part of its job is to make the industry look good and divert attention away from scandals that could taint its reputation.

Considering how hard it is to attack a book without discussing its central content matter, however, Mr. Roberti would have been well advised to leave our book on the shelf. Unfortunately for his corporate sponsors, he chose the less prudent path and waded in deep. In the following pages. we take a look at the numerous factual and logical errors Mr. Roberti commits in his critique of Spychips.


MR. ROBERTI'S ERRORS

For each point, we re-state Mr. Roberti's position in his own words, followed by a correction, comment, or admonishment of our own.

#1: Stating that CASPIAN wants a "ban" on RFID
#2: Misrepresenting the purpose of "Spychips"
#3: Claiming that companies will never obtain each other's data
#4: Suggesting that it is admirable to spy on customers
#5: Suggesting that RFID-based watching systems are the same as human salesmen
#6: Dismissing the feasibility of a power-saving Peeping Tom system
#7: Believing that consumers must somehow "agree" to wear spychipped clothing
#8: Casting false aspersions on the quality of our research
#9: Claiming that patents don't matter
#10: Using convoluted logic: Suggesting that since CASPIAN is keeping society safe from RFID abuse, we should stop alerting the public to planned abuses (Huh?)

#11: Suggesting that Marks & Spencer's use of RFID exonerates others
#12: Believing that technologically advanced countries wouldn't abuse RFID
#13: Claiming that people could easily escape a nightmare RFID world
#14: Stating that totalitarianism is not about tracking people
#15: Ignoring the power of technologically-enhanced secrecy
#16: Grossly underestimating the effects of a bloody dictatorship
#17: Shifting blame from abusive companies onto activists' shoulders
#18: Holding others to a journalistic standard he himself does not meet


ROBERTI ERROR #1:
INCORRECTLY STATING THAT CASPIAN WANTS A "BAN" ON RFID

“It is easy to criticize any book if one can falsify what the book says”
                                                            -- Thomas DiLorenzo

The claim that we have called for (or even want) a ban on RFID is such a fundamental factual error that it calls Mr. Roberti's entire critique into question.

We do not currently, nor have we ever in the past called for a ban on RFID technology. What's more, we have strenuously opposed government-imposed restrictions and regulations on RFID that go beyond labeling. Just last month, in fact, I argued against a proposal to mandate an RFID point-of-sale "kill" feature before the New Hampshire House Commerce Committee, calling it "paternalistic." (Mr. Roberti's RFID lobbyist friends can attest to this, since they were there.)

Despite our clear and oft-stated position, Mr. Roberti stunned us by writing in his critique that:

the authors [of Spychips] ... want a complete and total ban on the use of RFID for all consumer applications

This is ridiculous. Either Mr. Roberti knows it's untrue and he's intentionally misleading RFID Journal readers, or he simply hasn't read our book.

Had Mr. Roberti actually read Spychips before penning his critique, he might have seen that on page 225 we wrote:

"We believe the only appropriate role for RFID legislation is to require that companies tell us whether or not products contain RFID tags so we can make our own informed decisions about whether or not to buy them."

Or had he clicked up the "About Us"/FAQ page on our website, he could have read the following statement -- which has been posted there in plain sight for over a year:

Q. Does CASPIAN want RFID banned?

A. No. We have never called for legislation to ban either RFID tags or supermarket loyalty cards. 

It doesn't get much clearer than that.

This significant error reveals that not only does Mr. Roberti miss the central activist message of Spychips (which calls on citizens to vote against spychips through conscientious purchasing decision in the free marketplace), he also profoundly fails to understand our organization. Anyone wishing to oppose CASPIAN would do poorly to seek strategy tips from Mr. Roberti.

BACK TO TOP


ROBERTI ERROR #2:
MISREPRESENTING THE PURPOSE OF "SPYCHIPS"

Mr. Roberti writes:

The book does not include one single concrete example of someone whose privacy was invaded because of RFID. That's right. Not one.

Reading this out of context, one might wrongly conclude that we failed our mission. However, our goal was to lay out what's being planned for the future, and in this goal the book absolutely succeeds. We illustrate these plans through sworn patent filings, promotional materials, and statements straight from the RFID promoters. There is no arguing around this evidence -- it is documented in black in white, in quotation marks, with footnotes. Period.

That said, we beg to differ with Mr. Roberti on whether privacy abuses around RFID have already occurred. They most certainly have. Mr. Roberti writes:

"Even with the proliferation of RFID tags in access control cards, car keys and toll collection systems, the authors could not cite one instance where RFID tags tied to personally identifiable information was used to infringe on someone's privacy."

While we do not cite them in the book, the RFID-based systems Mr. Roberti cites are certainly being used today to invade people's privacy. A recent Rand study titled "Case studies of Radio Frequency Identification Usage in the Workplace" found that employers regularly use records obtained from RFID-based access cards to monitor and closely watch employees. According to the study, some employers have even gone so far as to link employees' RFID-based movement logs with their medical records. Workers are rarely informed of these practices and have little if any protection against abuse.

And RFID-based toll collection systems have already posed a privacy problem for many American motorists. Between 1998 and 2003, the New York Thruway system alone received 128 subpoenas from law enforcement and turned over 61 records in response. [See, for example, http://fleetowner.com/news/fleet_electronic_toll_records/]

Further, tagging Haitian refugees with RFID-based animal tracking technology, as we describe on pp, 167-169, was certainly a violation their privacy, and also violated their dignity as human beings.

BACK TO TOP


ROBERTI ERROR #3:
CLAIMING THAT COMPANIES WILL NEVER OBTAIN EACH OTHER'S DATA

Mr. Roberti writes:

Theoretically, lots of things are possible, but in the real world, companies don't share information about their customers with other companies. Do the authors really believe Philips will make data available on its customers so Sony can do a Google search and learn everything it needs to know to steal those customers away?

Actually, companies regularly make their point-of-sale (POS) data available to outside companies who consolidate it in massive databases. We detail in the book how Information Resources, Inc. (IRI) regularly collects and combines POS records from tens of thousands of retail locations (See p. 51), including companies who are fierce competitors with one another. We also describe how retailers have begun sharing POS data on individual purchasers with outside companies that maintain refund databases. (See Spychips, p. 79 for the footnoted reference).

We doubt that EPC-based POS data will be somehow exempted from these existing trends. Just last month, Mark Roberti wrote an article titled "Target, Wal-Mart Share EPC Data" describing how "as part of a pilot, the two retailers are sharing Electronic Product Code data with 13 manufacturers in a standard format."

While all of this sharing of data has taken place with the full support and cooperation of the companies involved, data (including but not limited to EPC data) is also at a risk of being leaked or compromised. For example, Wharton School researchers Anand and Goyal describe how easy it is for data to be accidentally and deliberately leaked to competitors. They detail how Newbury Comics sales data was transmitted to a private company called SoundScan and then leaked to other stores like Wal-Mart and Kmart. Dozens of similar examples are available from the literature. Any form of data sharing involves a risk that information could reach competitors, and EPC data is no exception.

Ironically, Mr. Roberti himself admits this in a later portion of his critique, where he writes:

...the point [the Spychips authors] miss is that digital information is nearly impossible to control, no matter how powerful you are. You only have to look at how hackers are able to do so much damage to corporate networks despite the billions spent to stop them, or how music companies and movie studios are struggling—and largely losing the battle—to prevent the sharing of songs and movies over the Internet. The only way to control the flow of information would be to shut down the Internet.

Right. And the only way to prevent item-level EPC data from being misused would be to prevent EPC tags from being deployed at the item level. This is our point exactly.

As a final note, even if retailers could assure the public that EPC data gathered at the point of sale would never be sold, traded, or accidentally leaked, it would still be at the mercy of a government data grab. The Total Information Awareness program proposed by DARPA (later defunded by Congress) is just one example of how such a data grab might occur. (See p. 195 of Spychips for more on this.)

BACK TO TOP


ROBERTI ERROR #4:
SUGGESTING THAT IT IS ADMIRABLE TO SPY ON CUSTOMERS

Mr. Roberti writes:

What these patents [revealed in "Spychips"] show is that many companies would like to use RFID to better understand their customers, or to identify them so they can serve them in a more personal way. That's hardly a revelation. Companies want to use almost any new technology to better understand their customers, so they can offer the things people want to buy and—sin of sins!—make more money.

It may not be a "revelation" that companies want to closely track and monitor customers, but it's news to most customers who would be appalled at how invasive these tracking plans have become.

Spying on customers without their knowledge or permission is not a benevolent act, it is invasive and abusive. Few people would relish the prospect of being tracked and manipulated through the RFID-based applications we document in Spychips. These include inventions like IBM's "person tracking unit," designed to observe innocent people in public space, and Phillips' plan to use home appliances to "exploit hidden information" contained on RFID tags and secretly send it to marketers.

Likewise, few would like having their individual movements "precisely tracked in real time" by NCR, being followed by NCR's "pan and tilt cameras," and seeing the shelf price of items go up as they approach. Nor are people likely to embrace P&G's plan to have their televisions run ads for Pepsi when they remove the last spychipped Coke from their RFID-monitored refrigerators. And BellSouth's proposal to pick through and analyze their RFID-tagged garbage in order to sell the details to marketers will probably raise a few people's blood pressure.

The simple reality is that the majority of average consumers simply have no idea of the EXTENT of customer spying, and if they did, they would be appalled. Once again, because there's a knowledge disconnect between buyer and seller, we're seeing a distortion of the free market.

There's something else Mr. Roberti has wrong. We've never said that making money was a sin. On the contrary, we believe in free enterprise and want nothing more than for ethical companies to positively wallow in profits. Had Mr. Roberti actually read the book (as opposed to skimming it), he would know that we encourage shoppers to richly bestow their shopping dollars on companies that respect their privacy:

Businesses can choose to respond to our demands for spychip-free products or not, but the market will punish those who fail to pay attention to consumer concerns. Of course, the flipside of punishing corporations that behave badly is lavishing rewards on those that respect our privacy and treat us with dignity. We should pledge our business to companies that take a public stand against item-level RFID tagging and promise their products will be spychip-free. This is the beauty of the free market. When it works correctly, both parties are happy with the relationship and everyone benefits. (p. 222)

BACK TO TOP


ROBERTI ERROR #5:
SUGGESTING THAT RFID-BASED WATCHING SYSTEMS ARE THE SAME AS HUMAN SALESMEN

Mr. Roberti writes:

The authors also lead the reader to believe that every time an RFID tag is read, that automatically constitutes an invasion of your privacy, even if you are completely anonymous. For instance, the authors present a patent application filed by NCR in which a smart shelf could track when a customer picks up a can of corn [even though the tracking could be done anonymously]....

The authors find it outrageous that an RFID interrogator in a shopping cart could detect that a customer (who could be completely anonymous) put a high-end brand of pasta in their cart, and that the interrogator could then send a message to a computer screen mounted on the cart recommending a high-end brand of tomato sauce. This might annoy some customers, but it's no different from a salesperson in a clothing store suggesting you try on a pair of Prada shoes based on the fact that you have been looking at Armani suits.

At issue is whether consumers will accept RFID-based plans to watch, time, and catalog their every action in retail stores. We believe these plans constitute a serious breach of individual privacy. Mr. Roberti apparently does not. This boils down to a simple difference of opinion.

Where Mr. Roberti is wrong, however, is in saying that computerized customer watching systems are "no different from a salesperson in a clothing store." The differences are stark and disconcerting. The salesman's efforts, annoying or not, are open for all to see. The salesman's record of his observations is limited to what a single human can capture. There is no video tape to be replayed later, no frame-by-frame analysis of every move the customer has made, no automatic cataloging and recording in the database of how many seconds she spent looking at the Armani suit. A year later, the salesman has probably forgotten the details of the exchange. The computer, on the other hand, remembers forever.

Where a shopper has a great deal of control over her dealings with a human salesman, she has none over an impersonal, computerized watching system. A customer who is annoyed or offended by a salesman's interventions can move away, shoot him a warning look, or simply ask him to leave. She can also tell when he is gone and breathe a sigh of relief at being left alone. With NCR's ambitious, all-watching retail surveillance plans, however, consumers who feel "annoyed" at being closely watched and targeted with sales messages will have no such means of escape. The system will be built into the very shelves of the store.

BACK TO TOP


ROBERTI ERROR #6:
DISMISSING THE FEASIBILITY OF A POWER-SAVING PEEPING TOM SYSTEM


Mr. Roberti writes:

Sometimes, [Spychips'] discussion of potential abuses is downright silly, because of the authors’ failure to think through how RFID systems work. For instance, in a chapter on the potential uses of RFID by stalkers and perverts, the authors mention that one problem modern-day peeping Toms have is that when they install cameras in a female shower stall or under the desk of a female colleague, the cameras use a lot of energy and the batteries die quickly. They suggest RFID could be used to conserve battery power—that the camera would turn on only when an RFID tag in a garment worn by the stalking target was detected by an interrogator.

But there are a couple of problems with this RFID-enabled peeping Tom system. First, it assumes people will agree to wear garments with functioning RFID tags in them, which is by no means a given. More important, a battery in the RFID interrogator would run out just as fast as a battery in a camera because it would have to emit radio waves constantly to detect a tag entering its field.

Mr. Roberti may be one of the top RFID journalists in the world, but he has apparently not kept up with the state of the art in his own field. Far from being silly, using RFID readers to conserve power is a well-developed concept. More than two years ago, IBM inventors applied for a patent titled "Power Management" that describes how RFID can be used to extend battery life for "portable devices [that] typically depend upon batteries of some sort for their energy requirements."  Here’s how it works, according to IBM's patent filing:

A device is equipped or connected with a low power detector that can detect the proximity of an RFID tag… placed in, embedded in, [or] fabricated in ... an article typically worn by a user. Illustrations of common such articles are wristwatch, corporate identification badge, jewelry, shoes, etc.... If the device detects the [tag] is near the device, then the device manages power differently than when the user is not near the device.

In other words, the reader remains in low power mode until a tag comes within range. It then powers up briefly, takes a read, and performs a given action. For example, the reader could very well signal a video camera to begin filming, as we describe in the book.

IBM is not the only company working on this idea. Another company, Bosco Electronics, developed an RFID reader with a "special power saving feature" that allowed it to run for months or even years on a single AA Sonnenschein SL-760 battery. The company explains that:

The [RFID] reader under this concept includes the power management circuit which provides two working modes: idle and active. When the reader is idle the supply current is less than 50 µA, so battery life achieves 3-4 years in this mode. All the other subsystems are switched off except the proximity sensor. When a customer approaches [with] a transponder close to the reader antenna, the sensor detects a transponder presence. The power management circuit switches to the active mode. The reader circuit and the controller are switched on and the supply current achieves usual 20 - 40 mA. After executing a program and reading/writing transponder, the reader returns to the idle mode.

We rest our case.

BACK TO TOP


ROBERTI ERROR #7:
BELIEVING THAT CONSUMERS MUST SOMEHOW "AGREE" TO WEAR SPYCHIPPED CLOTHING


Continuing his commentary on the video voyeur scenario above, Mr. Roberti writes:

...there are a couple of problems with this RFID-enabled peeping Tom system. First, it assumes people will agree to wear garments with functioning RFID tags in them, which is by no means a given....

But agreement implies some degree of volition. In order for people to "agree" to wear RFID-tagged clothing, they must first be made aware that the tags are even present.

As we indicate on page 52 of our book, companies have developed rather ingenious ways to hide RFID tags in clothing.

Because RFID tags can be deployed in such secret and almost imperceptible ways, we have called for legislation that would require them to be clearly labeled. Unfortunately, RFID industry lobbyists have systematically quashed this legislation in every state where it has been proposed. As a result, there is currently no requirement anywhere in the country that manufacturers must tell consumers when a spychip has been woven into their clothing. Nor must retailers and others tell consumers when reader devices have been hidden in the floor or elsewhere to query the hidden tags.

This means that millions of people could one day find themselves wearing RFID-tagged garments without ever having "agreed" to do so. In fact, for all we know, people may be wearing such garments today.

BACK TO TOP


ROBERTI ERROR #8:
CASTING FALSE ASPERSIONS ON THE QUALITY OF OUR RESEARCH


Mr. Roberti takes an unwarranted jab at our research, albeit a backhanded one, when he writes:

The authors are very good at providing footnotes, which are meant to give the book the credibility of a well-researched tome. 

We're not sure what Mr. Roberti is implying by this, but the book has the credibility of a well-researched tome because it is a well-researched tome. Mr. Roberti's insinuation here is vague and amorphous. We challenge him to cite a specific page number and footnote that undermines the credibility of our research.

In Chapter One, we explain that:

For nearly three years, we have devoted ourselves full time to combing every article, reading every white paper, pursuing every insider tip, and scanning through thousands of patent documents to piece together a picture of this planned RFID future. We've attended trade shows, sat in on top-level meetings, and had long talks with the people implementing these plans.

If there is one thing we're good at it's research, and the book shows it. Our credibility is further bolstered by our professional credentials and combined decades of research experience. I am a Harvard-trained academic researcher and my co-author Liz McIntyre is a former bank examiner. Mr. Roberti would be hard-pressed to challenge or match these impeccable credentials.

BACK TO TOP


ROBERTI ERROR #9:
CLAIMING THAT PATENTS DON'T MATTER


Mr. Roberti writes:

...the authors often ignore historical facts. For instance, more than 100,000 patents are granted in the United States alone each year, and it's widely known that the vast majority of these never become products. Several years ago, RFID Journal wrote about a company using RFID to track shopping carts around stores to measure customer flow. I'm not aware if any retailer deployed it, or if the vendor that created it is even in business, but the authors present their patent information as though these ideas will certainly be implemented in a couple of years and consumers won't be able to do anything except passively submit to being tracked.

It's true that many patents never come to fruition. Nevertheless, patents provide a powerful insight into the thought processes of the corporations who file them. We didn't claim that Company X will track you with RFID. We simply point out that Company X is thinking about tracking you with RFID, and probably wants to. A good way to predict what a company is going to do is to examine what it says it wants to do.

An amusing aside: Mr. Roberti's shopping cart tracker example makes our point brilliantly. RFID tags attached to grocery carts have most definitely been used to track and observe people's movements in stores -- without their knowledge or consent. Customers in Hannaford Brothers stores in Maine (See "Tracking grocery 'hot spots'," Portland Press Herald, 1/27/04) and Thriftway stores in Oregon (See "What People Buy, and How They Buy It," eWeek, http://www.eweek.com/article2/0,1759,1248092,00.asp) were observed in exactly the way Mr. Roberti describes.

While Mr. Roberti may quickly forget about the proposed invasive notions he writes about, we follow such things closely.

Finally, we're puzzled by Mr. Roberti's implication that customers may be able to do something other than "passively submit to being tracked." What is their alternative? Customers who do not know they are being tracked will "passively submit" by default. They could hardly be expected to do otherwise.

BACK TO TOP


ROBERTI ERROR #10:
USING CONVOLUTED LOGIC: SUGGESTING THAT SINCE CASPIAN IS KEEPING SOCIETY SAFE FROM RFID ABUSE, WE SHOULD STOP ALERTING THE PUBLIC TO PLANNED ABUSES

(Huh?)

Mr. Roberti writes:

It’s ironic that when the authors do present examples from history, they invariably show RFID will not be a threat to privacy....on one hand, the authors claim powerful corporations are going to force this technology on you, then on the other present solid evidence that powerful companies will back off ...the moment consumers object....

It's fair to say that almost the entire book is based on the premise that evil corporations will force customers to wear clothing and carry objects that contain functioning RFID transponders so that these transponders can identify and track customers. The problem is, at the same time, the authors themselves present evidence that this is unlikely to happen. They rightly point out, for instance, that when a technology company [RFID Journal advertiser, Philips. - K.A.] announced it would sell Benetton RFID tags that Benetton planned to use in its Sisley line of clothing, CASPIAN opposed the move and Benetton dropped the plans.

Of course we believe that powerful companies will back off from invasive and abusive programs once they're exposed. That's the whole point of the book! If it weren't for the alarm we sounded in 2003, millions of women would be wearing spychipped Benetton clothing right now.

...In fact, CASPIAN's success in raising awareness about RFID and getting big companies to back down from plans to tag clothes is evidence that information technologies can be used to spread the word about potential abuses of RFID and, on a small scale in this case, organize people to oppose something.

Right -- and thank goodness we did! But it's hilarious how Mr. Roberti illogically uses the fact of our past successes preventing RFID abuse to somehow criticize us for alerting the public to further planned abuses. Let me see if I've got this straight. Since CASPIAN is keeping the world safe from RFID, there is no need for an organization like CASPIAN. See a problem with this logic?

How will consumers know to object if we keep quiet like Mr. Roberti apparently wants us to? Is he suggesting we keep mum about what we know and let consumers somehow try to figure it out for themselves? Even he will have to admit that it might be tough for a school teacher in Peoria to figure out that Benetton placed a spychip in her bra or that Philips has hidden a tiny conductive thread in her shoe that can be scanned by a device in the shopping mall floor.

Is Mr. Roberti seriously suggesting that we are what is keeping society safe from RFID abuses? If so, he should be singing our praises, not taking pot shots at us.

BACK TO TOP


ROBERTI ERROR #11:
SUGGESTING THAT MARKS & SPENCER'S USE OF RFID EXONERATES OTHERS

Mr. Roberti writes:

The authors also conveniently ignore the fact that Marks & Spencer (M&S), the one retailer currently tagging clothing items, is putting the RFID tag on the price tag so that it will be cut off before being worn. And since the tag only contains a random number, scanning someone's garbage would not provide any information about the person who bought the garment. M&S has handled the privacy issue well... At RFID Journal LIVE! Europe, James Stafford, the head of M&S's RFID efforts, said he couldn't swear his company would never use RFID at the point of sale, but that he could see no advantages to outfitting cash registers with RFID interrogators.

We grant that M&S has been more responsible with RFID deployment than some other manufacturers and retailers. In part, this is because M&S has  acknowledged the privacy risks posed by RFID and worked with CASPIAN and other groups to mitigate them. Other retailers like Tesco and Wal-Mart have simply denied such risks exist.

That said, it is still worrisome that M&S executives have disregarded the request by CASPIAN and others to observe a voluntary moratorium on item-level tagging for consumer products. As Mr. Roberti points out, M&S executives can't guarantee how their technology will be used down the road. RFID tags deployed with the best of intentions can be ripe for abuse by future employees or outside parties. Our book shows that there are many major players who would jump at the chance to misuse the RFID tags deployed by Marks & Spencer and others.

One company's less-invasive use of RFID does not exonerate other companies.

BACK TO TOP


ROBERTI ERROR #12:
BELIEVING THAT TECHNOLOGICALLY ADVANCED COUNTRIES WOULDN'T ABUSE RFID

Mr. Roberti writes:

The authors could look at the world today and see that North Korea, the most technologically backward society on earth, is the most totalitarian, and that the most technologically advanced countries are the freest. They could also examine history and see that neither the Soviet Union, the People's Republic of China nor Nazi Germany used technology to control people. Such observations might lead them to conclude correctly that RFID will not inevitably lead to totalitarianism.

This is an odd thesis -- that technological advancement varies inversely with totalitarian tendencies. North Korea, a country that utilizes fissionable nuclear material (perhaps in questionable ways) is hardly the most technologically backward society on earth. What's more, North Korea has already begun to embrace RFID based "smart cards" and other RFID-based products.

The truth is that tight government control over the populace occurs in both "advanced" and "backward" nations. Singapore, for example, is one of the more technologically developed nations on Earth, and also one of the more restrictive of its press and civil liberties.

Recent headlines illustrate that as people-tracking technologies grow cheaper, the divide between the technology "haves" and the "have nots" is narrowing. Governments around the world -- both rich and poor -- are using technology to more closely track and control their citizens. Here are just a few headlines from my own email out box:

  • Morocco To Issue National ID Cards
  • Denmark gears up to monitor all public travel with national smart card
  • India to issue chip-based ID cards to 600 million people
  • Burma (Myanmar) uses US technology to control Internet access
  • Missouri assigns 10-digit ID number to public school students
  • Thailand introduces national ID with biometric technology
  • Body scan machines to be used on London Tube passengers

Of course, it is entirely possible that a country like North Korea, Burma, or China might deploy RFID to expand its draconian control over the population -- an application to which RFID is particularly suited. We detail in the book how Chinese officials expressed an interest in secretly tagging citizens with implantable RFID devices, despite the plan's impracticality (pp. 191-193). But a country needn't belong to the third world to use RFID to control "undesirable" citizens or groups.

In the opening to the people tracking chapter, we describe how US officials used RFID animal tags to number, monitor and control Haitian refugees fleeing repression in their homeland (pp. 167-169). And had RFID animal tags been available during WWII, they would have almost certainly been used on American citizens, too. After all, the United States used every means possible, including data from the census, to identify and process 120,000 Japanese-Americans for internment camps. 

Mr. Roberti further states that:

[The authors of Spychips] could also examine history and see that neither the Soviet Union, the People's Republic of China nor Nazi Germany used technology to control people.

This is demonstrably false, at least in the case of Nazi Germany. Evidence shows that the Nazis used extraordinarily advanced (for its time) technology to carry out the identification, tracking, and control of Jews to carry out the genocide. Ironically, this technology was supplied to Hitler by IBM, the same company that today has a pending patent for the RFID-based "Person Tracking Unit" we detail in Spychips.

BACK TO TOP


ROBERTI ERROR #13:
CLAIMING THAT PEOPLE COULD EASILY ESCAPE A NIGHTMARE RFID WORLD

Mr. Roberti writes:

The authors point out that during World War II, some Jews removed the Star of David they were forced to wear and disguised themselves as non-Jewish Germans to survive. With RFID, they claim, no such ruse would be possible to escape a dictator because Big Brother would use RFID tags in your clothes, and maybe even embedded in your body, to identify you and track you. So even though it’s easy to destroy RFID tags, remove them from under the skin, detect and jam readers, destroy data with computer viruses and so on, the reader is led to believe that no one in the future would be able to figure out how to do such things.

If we ever have to face a future in which we must covertly "remove [RFID devices] from under the skin, detect and jam readers, destroy data with computer viruses and so on," (as Mr. Roberti puts it) we grant that some patriotic individuals may indeed be courageous enough to do so.

However, those who could successfully "figure out how to do such things" would constitute a minority of the population overall, as did those Jews who successfully evaded the Nazis. While we applaud such successful minorities, we believe it makes more sense to think preemptively about protecting the unlucky majorities.

BACK TO TOP


ROBERTI ERROR #14:
STATING THAT TOTALITARIANISM IS NOT ABOUT TRACKING PEOPLE

Mr. Roberti writes:

...the authors fail to understand that totalitarianism is not about tracking people and never has been.

We scratched our heads at this one. After all, isn't “Big Brother is watching you” the hallmark of totalitarianism?

It's all about intimidation and control of information, both internal and external.

Yes, we agree absolutely. Being watched is an essential element of being controlled. How is this at odds with our premise?

BACK TO TOP


ROBERTI ERROR #15:
IGNORING THE POWER OF TECHNOLOGICALLY-ENHANCED SECRECY


Mr. Roberti writes:

During World War II, Germans had no means of getting news of Hitler’s atrocities to the outside world.

Actually, a growing number of historians maintain that the West was fully aware of what was happening in Germany and chose not to act for political reasons. (See Arthur Morse's "While Six Million Died" for more on this.) U.S. Treasury Secretary Henry Morgenthau himself wrote that:

"We knew in Washington, from August 1942 on, that the Nazis were planning to exterminate all the Jews of Europe. Yet, for nearly 18 months after the first reports of the Nazi horror plan, the State Department did practically nothing....18 terrible months of inefficiency, buck-passing, bureaucratic delay and sometimes what appeared to be calculated obstructionism."
                -- Cited in
Nora Levin's, The Holocaust, p. 669

Mr. Roberti continues:

Dictators—such as Stalin in the Soviet Union and Mao during the Chinese Cultural Revolution—have always depended on complete control of information and secrecy, by and large, from the outside world.

Yes, undoubtedly. Secrecy is a key component to abusive control. That's why it concerns us that so many of the RFID deployments we've uncovered and describe in "Spychips" -- inventions like the "Person Tracking Unit" and Philips' plans to transmit information on our home activities and send them to third parties through the Internet -- are designed to be deployed secretly. RFID is perfectly suited to invisible, noiseless scanning and tracking.

With the Internet, satellite TV, cell phones and other ubiquitous forms of communication in advanced society, however, such secrecy is no longer possible.

Actually, the opposite case can be made. Technology enables sophisticated forms of invisible surveillance that would never have been possible in the past. It used to be that if government agents wanted to watch what you did in your back yard, for instance, they would have to physically travel to your property and look. Nowadays, they could simply turn a spy satellite in your direction. Agents tiptoeing through your back yard, no matter how stealthily, would still be a lot easier to spot than an imperceptible narrowing and focusing of a camera lens miles overhead.

Likewise, technology makes it possible to hide surveillance devices to observe what you say and do in your home over long stretches of time, use wiretaps to monitor your conversations,  track your television viewing habits, record your shopping patterns, catalog your purchase history, even film your leisurely strolls through the mall -- all silently and without your knowledge. It simply flies in the face of reality to say that technology has reduced the amount of secrecy associated with intrusions into our privacy. If anything, technology has enhanced and expanded the watchers' ability beyond their wildest dreams.

Finally, Mr. Roberti writes:

If dictators tried to take over a democratic country, opponents would have the means to respond in ways unlike anything dictators have seen before. In other words, technology will save us, not enslave us.

It has the potential to do both, depending on who is wielding it.

BACK TO TOP


ROBERTI ERROR #16:
GROSSLY UNDERESTIMATING THE EFFECTS OF A BLOODY DICTATORSHIP

Mr. Roberti writes:

So now imagine a world where RFID is ubiquitous and people are forced to have functioning tags in their clothes. Retailers have deployed interrogators to gather data on their customers or better serve them (depending on how you view things). But a dictator overthrows a democratic government and decides to use RFID to track people and squelch opposition. How does he do that? Does he seize all the databases so he knows the ID tags in his political opponents' clothes? That would be damaging to the companies, so they might not be too supportive of this dictator, but what about all the people in those companies with the lock codes? They could publish those on the Internet, and people could change the numbers in the tags, rendering the databases useless. A very simple process, actually.

The authors claim a dictator could mandate that tags not be killed, so perhaps the dictator could mandate that tags not be rewritten. But the point they miss is that digital information is nearly impossible to control, no matter how powerful you are....

Let's recap this argument: (1) There's a working, ubiquitous RFID infrastructure that can track people, (2) A dictator comes along, but (3) nobody likes him, and so they immediately dismantle the RFID infrastructure. (4) Since there's no working infrastructure, there's nothing to worry about.

This same argument can be used to suggest we need not fear dictators at all, since if they happen to come along, they will quickly be dispatched by the opposition. But history proves this thesis wrong. In suggesting this scenario, Mr. Roberti ignores the fact that dictators generally enjoy broad public support as they come to power, and that resistance to such dictators generally comprises a small minority of the population.

What's more, getting rid of a dictator typically takes years, during which time he can wreak a tremendous amount of damage. While it's true that the world got rid of Hitler eventually, it was not before he had slaughtered millions of innocent people. And Pol Pot managed to kill 20% of the Cambodian population in just three short years before being deposed. 

We agree with Mr. Roberti that it is possible -- even likely -- that opposition would eventually bring down an evil RFID-enabled dictator. We also agree that  technological warfare would play a key role. But that's a lot of angst to put a society through. Wouldn't an ounce of prevention be better than the cure?

BACK TO TOP


ROBERTI ERROR #17:
SHIFTING BLAME FROM ABUSIVE COMPANIES ONTO ACTIVISTS' SHOULDERS

Mr. Roberti writes:

Still, the book does expose a threat to consumers, and it's not what you might think.

The Real Threat to Consumers

One great irony of this book is that the authors don't seem to understand that it is their desire to dictate the future—they want a complete and total ban on the use of RFID for all consumer applications —that represents a threat to consumers. Why?

As pointed out above, we have never advocated a ban on the use of RFID. We have fought hard for mandatory labeling practices, and have requested that companies abide by a voluntary moratorium on the use of item-level tagging.

Mr. Roberti goes on to say that:

...in their haste to destroy RFID technology, they also destroy the possibility that consumers could use RFID to get information about their government or companies that break the law.

Perhaps the same Mr. Roberti who feels we have been not been specific enough about actual RFID abuses to date could lead by example and provide us with specific examples of how consumers have used RFID to get information about their government or companies that break the law.

We note Mr. Roberti's curious preference for the past and present tenses when discussing risks and problems associated with RFID, and his singular use of the future tense when discussing benefits.

Isn't it possible that two well-meaning authors could do more harm than good to the consumers they want to protect? Consider this Orwellian twist. Let's say two authors had decided in 1995 that the Internet represented a threat to privacy because it would enable governments and corporations to pry into our everyday lives and see what we read, what we buy, what our interests are. And let's say they succeeded in getting use of the Internet banned. Albrecht and McIntyre, who spread the word about RFID via their Web site, would never have had an opportunity to mobilize opposition to RFID, which they believe is bad, because there would be no World Wide Web.

This analogy doesn't hold water. We want consumers to have the power to choose to buy or not buy products with RFID tags in them—a point we make over and over in the book. If the majority of people choose not to have RFID in their products, should their opinions be overridden by giant corporations? The Internet exists and thrives because people want it. They do not, by and large, want RFID. Corporations do.

BACK TO TOP


ROBERTI ERROR #18:
HOLDING OTHERS TO A JOURNALISTIC STANDARD HE HIMSELF DOES NOT MEET

Mr. Roberti writes:

—and [the authors] almost never mention all the potential consumer benefits of RFID. Moreover, when the authors do talk about some potential beneficial applications, they tend to suggest you'll be forced to accept a lot of negatives that go along with them.

Yes. As Rush Limbaugh used to say, “I AM equal time.”

Funny how Mr. Roberti almost never mentions all the potential consumer downsides of RFID. Does he wish to seriously suggest that his own position on RFID is entirely neutral? That he provides an impartial analysis of the benefits and risks associated with the technology? Or that business players associated with RFID (manufacturers, consultants, retailers, etc.) are all entirely unbiased on the issue? Of course not.

It's not Schick's job to mention the potential benefits of Gillette razor blades, nor would anyone expect them to. Mr. Roberti has been in the pay of the RFID industry for a long time. (He wrote a promotional brochure called the "Sponsor's Guide" for the Auto-ID Center back in 2003.) Mr. Roberti is just one of hundreds, if not thousands of well-funded corporate voices touting the "benefits" of RFID and issuing voluminous quantities of pro-RFID information. He can continue to do so without our help; it is not our job to make Mr. Roberti's case for him.

Spychips advances a very specific thesis -- that RFID is dangerous and that consumers would be well advised to avoid it.  Mr. Roberti is free to advance competing theses on his own time and in his own writing.

BACK TO TOP


home | overview | faq | blog | press | get involved | about us

The Spychips website is a project of CASPIAN, Consumers Against Supermarket Privacy Invasion and Numbering.
2003-2007 Katherine Albrecht and Liz McIntyre. All Rights Reserved.