FOR IMMEDIATE RELEASE

July 7, 2003

RFID Site Security Gaffe Uncovered by Consumer Group
CASPIAN asks, "How can we trust these people with our personal data?"

CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) says anyone can download revealing documents labeled "confidential" from the home page of the MIT Auto-ID Center web site in two mouse clicks.

The Auto-ID Center is the organization entrusted with developing a global Internet infrastructure for radio frequency identification (RFID). Their plans are to tag all the objects manufactured on the planet with RFID chips and track them via the Internet.

Privacy advocates are alarmed about the Center's plans because RFID technology could enable businesses to collect an unprecedented amount of information about consumers' possessions and physical movements. They point out that consumers might not even know they're being surveilled since tiny RFID chips can be embedded in plastic, sewn into the seams of garments, or otherwise hidden.

"How can we trust these people with securing sensitive consumer information if they can't even secure their own web site?" asks CASPIAN Founder and Director Katherine Albrecht.

"It's ironic that the same people who assure us that our private data will be safe because 'Internet security is very good, and it offers a strong layer of protection'


http://www.autoidcenter.com/new_media/media_kit/questions_answers.pdf [removed]
mirrored at:
http://cryptome.org/rfid/questions_answers.pdf
would provide such a compelling demonstration to the contrary," she added.

Among the "confidential" documents available on the web site are slide shows discussing the need to "pacify" citizens who might question the wisdom of the Center's stated goal to tag and track every item on the planet,

http://www.autoidcenter.com/media/communications.pdf [removed]
mirrored at:
http://cryptome.org/rfid/communications.pdf

along with findings that 78% of surveyed consumers feel RFID is negative for privacy and 61% fear its health consequences.

http://www.autoidcenter.org/media/pk-fh.pdf [removed]
mirrored at:
http://cryptome.org/rfid/pk-fh.pdf

PR firm Fleischman-Hillard's confidential "Managing External Communications" suggests a variety of strategies to help the Auto-ID Center "drive adoption" and "neutralize opposition," including the possibility of renaming the tracking devices "green tags." It also lists by name several key lawmakers, privacy advocates, and others whom it hopes to "bring into the Center's 'inner circle."

http://www.autoidcenter.com/media/external_comm.pdf [removed]
mirrored at: http://cryptome.org/rfid/external_comm.pdf

Despite the overwhelming evidence of negative consumer attitudes toward RFID technology revealed in its internal documents, the Auto-ID Center hopes that consumers will be "apathetic" and "resign themselves to the inevitability of it" instead of acting on their concerns.

http://www.autoidcenter.com/publishedresearch/cam-autoid-eb002.pdf  [removed]
mirrored at:
http://cryptome.org/rfid/cam-autoid-eb002.pdf

Consumer citizens who are not feeling apathetic will be pleased to learn that the site provides names and contact information for the corporate executives who oversee the Center's efforts. Since the phone list isn't labeled "confidential," we're assuming that Auto-ID Center Board members are open to calls and mail that might help them better understand public opinion on this important subject.

Anyone interested in speaking with Dick Cantwell, the Gillette VP who heads the Center's Board of Overseers, for example, can find his direct office number listed on the Auto-ID Center's website here:

http://www.autoidcenter.com/uploads/226691160-list_board_of_overseers.pdf [removed]
mirrored at:
http://cryptome.org/rfid/226691160-list_board_of_overseers.pdf

To experience the Auto-ID Center's security holes firsthand, simply visit the web site at http://www.autoidcenter.org and type "confidential" in the site search box. The Center encourages such site exploration: "Our website has Research Papers and other information that anyone can download for free. There is also a Sponsors Only area of the site, which includes information and materials not available to the public at large. We encourage you to visit our site frequently to stay up to date with the Center's many activities."

Following are other examples of sensitive documents available at the site:

February 27, 2003 Board minutes:

http://www.autoidcenter.com/media/feb03_board/joint_minutes_feb03.pdf
http://cryptome.org/rfid/joint_minutes_feb03.pdf

ONS server schematics:

http://www.autoidcenter.com/media/feb03_board/oatsystems.pdf
http://cryptome.org/rfid/oatsystems.pdf

EMS documentation:

http://www.autoidcenter.com/media/software.pdf
http://cryptome.org/rfid/software.pdf

Doumentation of RFID field tests:

http://www.autoidcenter.com/media/field_test_nov02.pdf
http://cryptome.org/rfid/field_test_nov02.pdf


###

 

home | overview | faq | blog | press | get involved | about us

The Spychips website is a project of CASPIAN, Consumers Against Supermarket Privacy Invasion and Numbering.
2003-2007 Katherine Albrecht and Liz McIntyre. All Rights Reserved.