|
FOR IMMEDIATE RELEASE
July 7, 2003
RFID Site Security Gaffe Uncovered by
Consumer Group
CASPIAN asks,
"How can we trust these people with our personal data?"
CASPIAN (Consumers
Against Supermarket Privacy Invasion and Numbering) says
anyone can download revealing documents labeled "confidential" from the
home page of the MIT Auto-ID Center web site in two mouse clicks.
The Auto-ID Center is the organization entrusted
with developing a global Internet infrastructure for radio frequency identification
(RFID). Their plans are to tag all the objects manufactured on the planet
with RFID chips and track them via the Internet.
Privacy advocates are alarmed about the Center's
plans because RFID technology could enable businesses to collect an unprecedented
amount of information about consumers' possessions and physical movements.
They point out that consumers might not even know they're being surveilled
since tiny RFID chips can be embedded in plastic, sewn into the seams
of garments, or otherwise hidden.
"How can we trust these people with securing
sensitive consumer information if they can't even secure their own web
site?" asks CASPIAN Founder and Director Katherine Albrecht.
"It's ironic that the same people who assure
us that our private data will be safe because 'Internet security is very
good, and it offers a strong layer of protection' [see http://www.autoidcenter.com/new_media/media_kit/questions_answers.pdf]
http://cryptome.org/rfid/questions_answers.pdf
would provide such a compelling demonstration to
the contrary," she added.
Among the "confidential" documents available on the
web site are slide shows discussing the need to "pacify" citizens who
might question the wisdom of the Center's stated goal to tag and track
every item on the planet [ http://www.autoidcenter.com/media/communications.pdf
],
http://cryptome.org/rfid/communications.pdf
along with findings that 78% of surveyed consumers
feel RFID is negative for privacy and 61% fear its health consequences
[ http://www.autoidcenter.org/media/pk-fh.pdf ].
http://cryptome.org/rfid/pk-fh.pdf
PR firm Fleischman-Hillard's confidential "Managing
External Communications" suggests a variety of strategies to help the
Auto-ID Center "drive adoption" and "neutralize opposition," including
the possibility of renaming the tracking devices "green tags." It also
lists by name several key lawmakers, privacy advocates, and others whom
it hopes to "bring into the Center's 'inner circle'" [ http://www.autoidcenter.com/media/external_comm.pdf
].
http://cryptome.org/rfid/external_comm.pdf
Despite the overwhelming evidence of negative
consumer attitudes toward RFID technology revealed in its internal documents,
the Auto-ID Center hopes that consumers will be "apathetic" and "resign
themselves to the inevitability of it" instead of acting on their concerns
[ http://www.autoidcenter.com/publishedresearch/cam-autoid-eb002.pdf
].
http://cryptome.org/rfid/cam-autoid-eb002.pdf
Consumer citizens who are not feeling apathetic
will be pleased to learn that the site provides names and contact information
for the corporate executives who oversee the Center's efforts. Since
the phone list isn't labeled "confidential," we're assuming that Auto-ID
Center Board members are open to calls and mail that might help them
better understand public opinion on this important subject.
Anyone interested in speaking with Dick Cantwell,
the Gillette VP who heads the Center's Board of Overseers, for example,
can find his direct office number listed on the Auto-ID Center's website
here:
http://www.autoidcenter.com/uploads/226691160-list_board_of_overseers.pdf
http://cryptome.org/rfid/226691160-list_board_of_overseers.pdf
To experience the Auto-ID Center's security
holes firsthand, simply visit the web site at http://www.autoidcenter.org
and type "confidential" in the site search
box. The Center encourages such site exploration: "Our website has Research
Papers and other information that anyone can download for free. There
is also a Sponsors Only area of the site, which includes information
and materials not available to the public at large. We encourage you
to visit our site frequently to stay up to date with the Center's many
activities."
Following are other examples of sensitive
documents available at the site:
February 27, 2003 Board minutes:
http://www.autoidcenter.com/media/feb03_board/joint_minutes_feb03.pdf
http://cryptome.org/rfid/joint_minutes_feb03.pdf
ONS server schematics:
http://www.autoidcenter.com/media/feb03_board/oatsystems.pdf
http://cryptome.org/rfid/oatsystems.pdf
EMS documentation:
http://www.autoidcenter.com/media/software.pdf
http://cryptome.org/rfid/software.pdf
Doumentation of RFID field tests:
http://www.autoidcenter.com/media/field_test_nov02.pdf
http://cryptome.org/rfid/field_test_nov02.pdf
Consumers Against Supermarket Privacy Invasion
and Numbering (CASPIAN) is a grass-roots consumer group fighting retail
surveillance schemes since 1999. With members in all 50 U.S. states
and 15 nations across the globe, CASPIAN seeks to educate consumers
about marketing strategies that invade their privacy and to encourage
privacy-conscious shopping habits across the retail spectrum.
For more information about CASPIAN, visit
http://www.nocards.org.
|
