This was written in response to a critique titled "Spychips Book Fails to Make its Case" published in the RFID Journal on October 24, 2005.
Anyone who has read the book knows that as soon as the general public discovers what's being planned for RFID there will be hell to pay. The threat is being taken seriously enough that major RFID promoters like Mark Roberti, editor of the RFID Journal, have devoted considerable effort to stemming the damage. At least that's the most obvious explanation we could find for Mr. Roberti's expending five pages of prime Internet real estate to discussing everything about our book except its central point -- namely that:
Reading Mr. Roberti's rebuttal is like entering an alternate universe. Though he states that "the authors' claims go to the heart of the privacy issue and, therefore, deserve to be examined in depth," he gives our claims only the most cursory mention, ignoring scores of pages of evidence and documentation that prove companies not only recognize RFID's human tracking capability but have developed ways to harness it.
Why doesn't Mr. Roberti mention sworn patent documents from IBM describing ways to secretly follow innocent people in libraries, theaters, and public restrooms through the RFID tags in their clothes and belongings? Where is his outrage over BellSouth's patent-pending plans to pick through our garbage and skim the data contained in the RFID tags we discard? To the extent Mr. Roberti mention patents at all, he dismisses them as reflecting a desire to serve customers better, but the disturbing patents we have found reveal a corporate mindset that cannot be so easily dismissed.
In his five-page rebuttal, Mr. Roberti completely avoids other embarrassing corporate schemes, too. There is no mention of Philips' plans to capture "hidden" RFID data from the products in our homes and send the results to marketers -- through our own appliances, no less. Of course, since Philips is a major RFID Journal advertiser, it shouldn't surprise us that Mr. Roberti also neglects to tell his readers that the company has patented plans to place nearly imperceptible RFID tags in shoes -- with the goal of later interrogating them through readers in the floor.
Those aren't the only cold, hard facts in our book that Mr. Roberti ignores. Much of his nearly 3,400 word critique is spent on politics, despite that fact that only a small portion of our book deals with that topic. Given his obvious interest in government abuse, we might have expected Mr. Roberti to have at least mentioned the fact that hundreds of people were tracked with RFID animal tagging technology designed for use on feed cattle and lab rats -- by our own government. And Mr. Roberti steers way clear of mentioning deep organ implants that can remotely electroshock people, and bulletproof, hypodermic needle armbands that can knock individuals to the ground unconscious.
Of course, we recognize that Mr. Roberti cannot directly acknowledge the dirty laundry we've exposed by detailing the embarrassing plans of key RFID industry advertisers and longstanding sponsors. As the industry's chief "journalistic" cheerleader, the RFID Journal knows that part of its job is to make the industry look good and divert attention away from scandals that could taint its reputation.
Considering how hard it is to attack a book without discussing its central content matter, however, Mr. Roberti would have been well advised to leave our book on the shelf. Unfortunately for his corporate sponsors, he chose the less prudent path and waded in deep. In the following pages. we take a look at the numerous factual and logical errors Mr. Roberti commits in his critique of Spychips.
#1: Stating that CASPIAN
wants a "ban" on RFID
ROBERTI ERROR #1:
The claim that we have called for (or even want) a ban on RFID is such a fundamental factual error that it calls Mr. Roberti's entire critique into question.
We do not currently,
nor have we ever in the past called for a ban on RFID technology.
What's more, we have strenuously opposed government-imposed restrictions
and regulations on RFID that go beyond labeling. Just last month,
in fact, I argued against a proposal to mandate an RFID point-of-sale
"kill" feature before the New Hampshire House Commerce Committee,
calling it "paternalistic." (Mr. Roberti's RFID lobbyist friends
can attest to this, since they were there.)
This is ridiculous. Either Mr. Roberti knows it's untrue and he's intentionally misleading RFID Journal readers, or he simply hasn't read our book.
Had Mr. Roberti actually read Spychips before penning his critique, he might have seen that on page 225 we wrote:
Or had he clicked up the "About Us"/FAQ page on our website, he could have read the following statement -- which has been posted there in plain sight for over a year:
It doesn't get much clearer than that.
This significant error reveals that not only does Mr. Roberti miss the central activist message of Spychips (which calls on citizens to vote against spychips through conscientious purchasing decision in the free marketplace), he also profoundly fails to understand our organization. Anyone wishing to oppose CASPIAN would do poorly to seek strategy tips from Mr. Roberti.
ROBERTI ERROR #2:
Mr. Roberti writes:
Reading this out of context, one might wrongly conclude that we failed our mission. However, our goal was to lay out what's being planned for the future, and in this goal the book absolutely succeeds. We illustrate these plans through sworn patent filings, promotional materials, and statements straight from the RFID promoters. There is no arguing around this evidence -- it is documented in black in white, in quotation marks, with footnotes. Period.
That said, we beg to differ with Mr. Roberti on whether privacy abuses around RFID have already occurred. They most certainly have. Mr. Roberti writes:
While we do not cite them in the book, the RFID-based systems Mr. Roberti cites are certainly being used today to invade people's privacy. A recent Rand study titled "Case studies of Radio Frequency Identification Usage in the Workplace" found that employers regularly use records obtained from RFID-based access cards to monitor and closely watch employees. According to the study, some employers have even gone so far as to link employees' RFID-based movement logs with their medical records. Workers are rarely informed of these practices and have little if any protection against abuse.
And RFID-based toll collection systems have already posed a privacy problem for many American motorists. Between 1998 and 2003, the New York Thruway system alone received 128 subpoenas from law enforcement and turned over 61 records in response. [See, for example, http://fleetowner.com/news/fleet_electronic_toll_records/]
Further, tagging Haitian refugees with RFID-based animal tracking technology, as we describe on pp, 167-169, was certainly a violation their privacy, and also violated their dignity as human beings.
ROBERTI ERROR #3:
Actually, companies regularly make their point-of-sale (POS) data available to outside companies who consolidate it in massive databases. We detail in the book how Information Resources, Inc. (IRI) regularly collects and combines POS records from tens of thousands of retail locations (See p. 51), including companies who are fierce competitors with one another. We also describe how retailers have begun sharing POS data on individual purchasers with outside companies that maintain refund databases. (See Spychips, p. 79 for the footnoted reference).
We doubt that EPC-based POS data will be somehow exempted from these existing trends. Just last month, Mark Roberti wrote an article titled "Target, Wal-Mart Share EPC Data" describing how "as part of a pilot, the two retailers are sharing Electronic Product Code data with 13 manufacturers in a standard format."
While all of this sharing of data has taken place with the full support and cooperation of the companies involved, data (including but not limited to EPC data) is also at a risk of being leaked or compromised. For example, Wharton School researchers Anand and Goyal describe how easy it is for data to be accidentally and deliberately leaked to competitors. They detail how Newbury Comics sales data was transmitted to a private company called SoundScan and then leaked to other stores like Wal-Mart and Kmart. Dozens of similar examples are available from the literature. Any form of data sharing involves a risk that information could reach competitors, and EPC data is no exception.
Ironically, Mr. Roberti himself admits this in a later portion of his critique, where he writes:
Right. And the only way to prevent item-level EPC data from being misused would be to prevent EPC tags from being deployed at the item level. This is our point exactly.
As a final note, even if retailers could assure the public that EPC data gathered at the point of sale would never be sold, traded, or accidentally leaked, it would still be at the mercy of a government data grab. The Total Information Awareness program proposed by DARPA (later defunded by Congress) is just one example of how such a data grab might occur. (See p. 195 of Spychips for more on this.)
Mr. Roberti writes:
It may not be a "revelation" that companies want to closely track and monitor customers, but it's news to most customers who would be appalled at how invasive these tracking plans have become.
Spying on customers without their knowledge or permission is not a benevolent act, it is invasive and abusive. Few people would relish the prospect of being tracked and manipulated through the RFID-based applications we document in Spychips. These include inventions like IBM's "person tracking unit," designed to observe innocent people in public space, and Phillips' plan to use home appliances to "exploit hidden information" contained on RFID tags and secretly send it to marketers.
Likewise, few would like having their individual movements "precisely tracked in real time" by NCR, being followed by NCR's "pan and tilt cameras," and seeing the shelf price of items go up as they approach. Nor are people likely to embrace P&G's plan to have their televisions run ads for Pepsi when they remove the last spychipped Coke from their RFID-monitored refrigerators. And BellSouth's proposal to pick through and analyze their RFID-tagged garbage in order to sell the details to marketers will probably raise a few people's blood pressure.
The simple reality is that the majority of average consumers simply have no idea of the EXTENT of customer spying, and if they did, they would be appalled. Once again, because there's a knowledge disconnect between buyer and seller, we're seeing a distortion of the free market.
There's something else Mr. Roberti has wrong. We've never said that making money was a sin. On the contrary, we believe in free enterprise and want nothing more than for ethical companies to positively wallow in profits. Had Mr. Roberti actually read the book (as opposed to skimming it), he would know that we encourage shoppers to richly bestow their shopping dollars on companies that respect their privacy:
ROBERTI ERROR #5:
Mr. Roberti writes:
At issue is whether consumers will accept RFID-based plans to watch, time, and catalog their every action in retail stores. We believe these plans constitute a serious breach of individual privacy. Mr. Roberti apparently does not. This boils down to a simple difference of opinion.
Where Mr. Roberti is wrong, however, is in saying that computerized customer watching systems are "no different from a salesperson in a clothing store." The differences are stark and disconcerting. The salesman's efforts, annoying or not, are open for all to see. The salesman's record of his observations is limited to what a single human can capture. There is no video tape to be replayed later, no frame-by-frame analysis of every move the customer has made, no automatic cataloging and recording in the database of how many seconds she spent looking at the Armani suit. A year later, the salesman has probably forgotten the details of the exchange. The computer, on the other hand, remembers forever.
Where a shopper has a great deal of control over her dealings with a human salesman, she has none over an impersonal, computerized watching system. A customer who is annoyed or offended by a salesman's interventions can move away, shoot him a warning look, or simply ask him to leave. She can also tell when he is gone and breathe a sigh of relief at being left alone. With NCR's ambitious, all-watching retail surveillance plans, however, consumers who feel "annoyed" at being closely watched and targeted with sales messages will have no such means of escape. The system will be built into the very shelves of the store.
ROBERTI ERROR #6:
Mr. Roberti may be one of the top RFID journalists in the world, but he has apparently not kept up with the state of the art in his own field. Far from being silly, using RFID readers to conserve power is a well-developed concept. More than two years ago, IBM inventors applied for a patent titled "Power Management" that describes how RFID can be used to extend battery life for "portable devices [that] typically depend upon batteries of some sort for their energy requirements." Here’s how it works, according to IBM's patent filing:
In other words,
the reader remains in low power mode until a tag comes within range.
It then powers up briefly, takes a read, and performs a given action.
For example, the reader could very well signal a video camera to begin
filming, as we describe in the book.
We rest our case.
ROBERTI ERROR #7:
But agreement implies some degree of volition. In order for people to "agree" to wear RFID-tagged clothing, they must first be made aware that the tags are even present.
As we indicate on page 52 of our book, companies have developed rather ingenious ways to hide RFID tags in clothing.
Because RFID tags can be deployed in such secret and almost imperceptible ways, we have called for legislation that would require them to be clearly labeled. Unfortunately, RFID industry lobbyists have systematically quashed this legislation in every state where it has been proposed. As a result, there is currently no requirement anywhere in the country that manufacturers must tell consumers when a spychip has been woven into their clothing. Nor must retailers and others tell consumers when reader devices have been hidden in the floor or elsewhere to query the hidden tags.
This means that millions of people could one day find themselves wearing RFID-tagged garments without ever having "agreed" to do so. In fact, for all we know, people may be wearing such garments today.
We're not sure what Mr. Roberti is implying by this, but the book has the credibility of a well-researched tome because it is a well-researched tome. Mr. Roberti's insinuation here is vague and amorphous. We challenge him to cite a specific page number and footnote that undermines the credibility of our research.
In Chapter One, we explain that:
If there is one thing we're good at it's research, and the book shows it. Our credibility is further bolstered by our professional credentials and combined decades of research experience. I am a Harvard-trained academic researcher and my co-author Liz McIntyre is a former bank examiner. Mr. Roberti would be hard-pressed to challenge or match these impeccable credentials.
ROBERTI ERROR #9:
It's true that many patents never come to fruition. Nevertheless, patents provide a powerful insight into the thought processes of the corporations who file them. We didn't claim that Company X will track you with RFID. We simply point out that Company X is thinking about tracking you with RFID, and probably wants to. A good way to predict what a company is going to do is to examine what it says it wants to do.
An amusing aside: Mr. Roberti's shopping cart tracker example makes our point brilliantly. RFID tags attached to grocery carts have most definitely been used to track and observe people's movements in stores -- without their knowledge or consent. Customers in Hannaford Brothers stores in Maine (See "Tracking grocery 'hot spots'," Portland Press Herald, 1/27/04) and Thriftway stores in Oregon (See "What People Buy, and How They Buy It," eWeek, http://www.eweek.com/article2/0,1759,1248092,00.asp) were observed in exactly the way Mr. Roberti describes.
While Mr. Roberti may quickly forget about the proposed invasive notions he writes about, we follow such things closely.
Finally, we're puzzled by Mr. Roberti's implication that customers may be able to do something other than "passively submit to being tracked." What is their alternative? Customers who do not know they are being tracked will "passively submit" by default. They could hardly be expected to do otherwise.
ROBERTI ERROR #10:
Mr. Roberti writes:
Of course we believe that powerful companies will back off from invasive and abusive programs once they're exposed. That's the whole point of the book! If it weren't for the alarm we sounded in 2003, millions of women would be wearing spychipped Benetton clothing right now.
Right -- and thank goodness we did! But it's hilarious how Mr. Roberti illogically uses the fact of our past successes preventing RFID abuse to somehow criticize us for alerting the public to further planned abuses. Let me see if I've got this straight. Since CASPIAN is keeping the world safe from RFID, there is no need for an organization like CASPIAN. See a problem with this logic?
How will consumers know to object if we keep quiet like Mr. Roberti apparently wants us to? Is he suggesting we keep mum about what we know and let consumers somehow try to figure it out for themselves? Even he will have to admit that it might be tough for a school teacher in Peoria to figure out that Benetton placed a spychip in her bra or that Philips has hidden a tiny conductive thread in her shoe that can be scanned by a device in the shopping mall floor.
Is Mr. Roberti seriously suggesting that we are what is keeping society safe from RFID abuses? If so, he should be singing our praises, not taking pot shots at us.
ROBERTI ERROR #11:
Mr. Roberti writes:
We grant that M&S
has been more responsible with RFID deployment than some other manufacturers
and retailers. In part, this is because M&S has acknowledged
the privacy risks posed by RFID and worked with CASPIAN and other groups
to mitigate them. Other retailers like Tesco and Wal-Mart have simply
denied such risks exist.
Mr. Roberti writes:
This is an odd thesis -- that technological advancement varies inversely with totalitarian tendencies. North Korea, a country that utilizes fissionable nuclear material (perhaps in questionable ways) is hardly the most technologically backward society on earth. What's more, North Korea has already begun to embrace RFID based "smart cards" and other RFID-based products.
The truth is that tight government control over the populace occurs in both "advanced" and "backward" nations. Singapore, for example, is one of the more technologically developed nations on Earth, and also one of the more restrictive of its press and civil liberties.
Recent headlines illustrate that as people-tracking technologies grow cheaper, the divide between the technology "haves" and the "have nots" is narrowing. Governments around the world -- both rich and poor -- are using technology to more closely track and control their citizens. Here are just a few headlines from my own email out box:
Of course, it is entirely possible that a country like North Korea, Burma, or China might deploy RFID to expand its draconian control over the population -- an application to which RFID is particularly suited. We detail in the book how Chinese officials expressed an interest in secretly tagging citizens with implantable RFID devices, despite the plan's impracticality (pp. 191-193). But a country needn't belong to the third world to use RFID to control "undesirable" citizens or groups.
In the opening to the people tracking chapter, we describe how US officials used RFID animal tags to number, monitor and control Haitian refugees fleeing repression in their homeland (pp. 167-169). And had RFID animal tags been available during WWII, they would have almost certainly been used on American citizens, too. After all, the United States used every means possible, including data from the census, to identify and process 120,000 Japanese-Americans for internment camps.
Mr. Roberti further states that:
[The authors of Spychips] could also examine history and see that neither the Soviet Union, the People's Republic of China nor Nazi Germany used technology to control people.
This is demonstrably false, at least in the case of Nazi Germany. Evidence shows that the Nazis used extraordinarily advanced (for its time) technology to carry out the identification, tracking, and control of Jews to carry out the genocide. Ironically, this technology was supplied to Hitler by IBM, the same company that today has a pending patent for the RFID-based "Person Tracking Unit" we detail in Spychips.
Mr. Roberti writes:
If we ever have to face a future in which we must covertly "remove [RFID devices] from under the skin, detect and jam readers, destroy data with computer viruses and so on," (as Mr. Roberti puts it) we grant that some patriotic individuals may indeed be courageous enough to do so.
However, those who could successfully "figure out how to do such things" would constitute a minority of the population overall, as did those Jews who successfully evaded the Nazis. While we applaud such successful minorities, we believe it makes more sense to think preemptively about protecting the unlucky majorities.
ROBERTI ERROR #14:
Mr. Roberti writes:
We scratched our heads at this one. After all, isn't “Big Brother is watching you” the hallmark of totalitarianism?
Yes, we agree absolutely. Being watched is an essential element of being controlled. How is this at odds with our premise?
Actually, a growing number of historians maintain that the West was fully aware of what was happening in Germany and chose not to act for political reasons. (See Arthur Morse's "While Six Million Died" for more on this.) U.S. Treasury Secretary Henry Morgenthau himself wrote that:
Mr. Roberti continues:
Yes, undoubtedly. Secrecy is a key component to abusive control. That's why it concerns us that so many of the RFID deployments we've uncovered and describe in "Spychips" -- inventions like the "Person Tracking Unit" and Philips' plans to transmit information on our home activities and send them to third parties through the Internet -- are designed to be deployed secretly. RFID is perfectly suited to invisible, noiseless scanning and tracking.
Actually, the opposite case can be made. Technology enables sophisticated forms of invisible surveillance that would never have been possible in the past. It used to be that if government agents wanted to watch what you did in your back yard, for instance, they would have to physically travel to your property and look. Nowadays, they could simply turn a spy satellite in your direction. Agents tiptoeing through your back yard, no matter how stealthily, would still be a lot easier to spot than an imperceptible narrowing and focusing of a camera lens miles overhead.
Likewise, technology makes it possible to hide surveillance devices to observe what you say and do in your home over long stretches of time, use wiretaps to monitor your conversations, track your television viewing habits, record your shopping patterns, catalog your purchase history, even film your leisurely strolls through the mall -- all silently and without your knowledge. It simply flies in the face of reality to say that technology has reduced the amount of secrecy associated with intrusions into our privacy. If anything, technology has enhanced and expanded the watchers' ability beyond their wildest dreams.
Finally, Mr. Roberti writes:
It has the potential to do both, depending on who is wielding it.
ROBERTI ERROR #16:
Mr. Roberti writes:
Let's recap this argument: (1) There's a working, ubiquitous RFID infrastructure that can track people, (2) A dictator comes along, but (3) nobody likes him, and so they immediately dismantle the RFID infrastructure. (4) Since there's no working infrastructure, there's nothing to worry about.
This same argument can be used to suggest we need not fear dictators at all, since if they happen to come along, they will quickly be dispatched by the opposition. But history proves this thesis wrong. In suggesting this scenario, Mr. Roberti ignores the fact that dictators generally enjoy broad public support as they come to power, and that resistance to such dictators generally comprises a small minority of the population.
What's more, getting rid of a dictator typically takes years, during which time he can wreak a tremendous amount of damage. While it's true that the world got rid of Hitler eventually, it was not before he had slaughtered millions of innocent people. And Pol Pot managed to kill 20% of the Cambodian population in just three short years before being deposed.
We agree with Mr. Roberti that it is possible -- even likely -- that opposition would eventually bring down an evil RFID-enabled dictator. We also agree that technological warfare would play a key role. But that's a lot of angst to put a society through. Wouldn't an ounce of prevention be better than the cure?
Mr. Roberti writes:
As pointed out above, we have never advocated a ban on the use of RFID. We have fought hard for mandatory labeling practices, and have requested that companies abide by a voluntary moratorium on the use of item-level tagging.
Mr. Roberti goes on to say that:
Perhaps the same Mr. Roberti who feels we have been not been specific enough about actual RFID abuses to date could lead by example and provide us with specific examples of how consumers have used RFID to get information about their government or companies that break the law.
We note Mr. Roberti's curious preference for the past and present tenses when discussing risks and problems associated with RFID, and his singular use of the future tense when discussing benefits.
This analogy doesn't hold water. We want consumers to have the power to choose to buy or not buy products with RFID tags in them—a point we make over and over in the book. If the majority of people choose not to have RFID in their products, should their opinions be overridden by giant corporations? The Internet exists and thrives because people want it. They do not, by and large, want RFID. Corporations do.
Mr. Roberti writes:
Yes. As Rush Limbaugh used to say, “I AM equal time.”
Funny how Mr. Roberti almost never mentions all the potential consumer downsides of RFID. Does he wish to seriously suggest that his own position on RFID is entirely neutral? That he provides an impartial analysis of the benefits and risks associated with the technology? Or that business players associated with RFID (manufacturers, consultants, retailers, etc.) are all entirely unbiased on the issue? Of course not.
It's not Schick's job to mention the potential benefits of Gillette razor blades, nor would anyone expect them to. Mr. Roberti has been in the pay of the RFID industry for a long time. (He wrote a promotional brochure called the "Sponsor's Guide" for the Auto-ID Center back in 2003.) Mr. Roberti is just one of hundreds, if not thousands of well-funded corporate voices touting the "benefits" of RFID and issuing voluminous quantities of pro-RFID information. He can continue to do so without our help; it is not our job to make Mr. Roberti's case for him.
Spychips advances a very specific thesis -- that RFID is dangerous and that consumers would be well advised to avoid it. Mr. Roberti is free to advance competing theses on his own time and in his own writing.
The Spychips website is a project of
CASPIAN, Consumers Against Supermarket Privacy Invasion and Numbering.
© 2003-2007 Katherine Albrecht and Liz McIntyre. All Rights Reserved.