Schneier on Security
A blog covering security and security technology.
« A Model Regime of Privacy Protection |
| Passlogix Misquotes Me in Their PR Material »
February 6, 2006
Embedded RFID for VIP Status
This Barcelona club requires an embedded RFID chip for VIP status. (Note that the article is from October 2004.)
Posted on February 6, 2006 at 2:26 PM
• 24 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Note that the reporter is the first to ask to have the chip removed, and has some difficulty in doing so.
Not only was the reporter the first to have it removed but the club had claimed that it would be a lot easier than it really was. I've never had a splinter that left a third of an inch scar behind.
I'd rather pay the old fashioned way and not be a VIP.
And of course the next question is how many of these can you have in one arm before they start interfering with each other.
No there isn't anything wrong with my left arm. It's just that I'm a VIP at 30 different clubs and can no longer pass through a metal detector without it going off.
Hmmm, makes sense. Celebs always complain about their loss of privacy, so someone has conflated the loss with success. Perhaps next the VIPs will shed clothing and doors to prove how important they are.
@zwack: I recall noticing that when I have multiple HID cards for door access, they tend to interfere with each other and not work. A bit of physical separation fixes the problem. "Oh, this club? that would be the lower half of my left calf... and to get into the club down the street, I'll have to take off my pants..."
"so someone has conflated the loss [of privacy] with success."
Less expensive then trying to offer MP3 and gizmo capabilities as suggested in a recent cartoon discussed here.
Next up, "The Emperor's New Chip" update to the "Emperor's New Clothing" tale.
"of course the next question is how many of these can you have in one arm before they start interfering with each other"
Multiple RFID surgeries might have the side-effect of bringing ritual scarification into vogue, perhaps even as another control point (secret patterns of incisions). Although I imagine in the world where "convenience is everything" the idea of having to constantly get tags inserted and removed could lead to some shortcuts and gaps (duping/selling of tags before authorization is removed at the club, or maybe even "master" and group tags). Revocation is always a pain.
I think these chips should be inserted deeply into the rectums of the people who cooked up such a stupid idea, assuming their heads aren't presently there already.
Personally, I have a very ill sense of foreboding as to what will be in store for the masses in the future once "chipping people" becomes less of a stupid fad and more of a requirement, e.g. a requirement of being assigned a social security number.
"And of course the next question is how many of these can you have in one arm before they start interfering with each other."
Quite a lot, actually. Standard RFID protocols include "singulation" or "anticollision" protocols to deal with the issue of multiple devices in the read field. The effect is that having multiple tags in the read field slows down the scan but doesn't stop it. The most common singulation protocol can deal with about 1,000 tags per second.
So the practical limit is probably nor RF issues but crippling the arm through scar tissue build up.
On another note, i wonder how long it will be before guest lists get stolen and distributed on the internet, so fans can make tracking devices for incognito celebrities?
One medical issue I recollect raised a year or so ago was the question if RFID implants would be safe in an MRI scan.
Some say no while others say yes. But many MRI facilities tend to be cautious and may bar a person with any metal, including such that may be in an implant. The US Food & Drug Administration also had raised the safety question concerning implants in general and RF risks in a draft guidance document a few years ago. (RFIDs not mentioned specifically.)
Unless there are certified safe-for-MRI implants, one might be trading a very useful diagnostic tool for an ID implant.
vanity => RFID tag
RFID => no MRI
no MRI => no early detection
no early detection => early demise
Looks like a practical application of natural selection to me :-)
I think the Baja Beach Club in Rotterdam does this as well. I'm also pretty sure it's not a "requirement" for VIP status, it's strictly optional.
Re: MRI scans
Small pieces of metal in skin are a problem. My father is a toolmaker, has worked with metal since he was a teenager, and has several ferrous splinters embedded in him (known hazard of the work he does). As the slivers of metal are hot when they enter the skin, they are sterile, and it is safer to leave them alone than remove them. He has been told in the past that toolmakers cannot have MRI scans, as the fields would pull the metal splinters out with quite spectacular results.
I don't know whether RFID tags would respond to magnetic fields, but this might put people off embedded RFID tags...
It also would make a great movie threat plot - get the president to drink some iron filings a day before his scan, and Jack Bauer only has 24 hours to stop the MRI scan taking place!
OOH, even better. Genetically engineer e. coli bacteria to make magnetite (probably been done already) and spray them in the White House. Two days later the president is touring a major magnetic field area like a particle collider and suffers an involuntary colostomy!
Not sure if this is the same old article that I read a while back, but there was a follow up to a similar one I read that said only a handful of people actually did this silliness.
@J.D. Abolins @Mitch @Rodent
With regard to NMRI (as it used to be called) the process is fairly simple,
Take one large and extreamly powerfull magnet, then put your test sample (ie you) in between the poles. This tends to align the spin of various atoms in the test sample with the field.
Then wrap a large RF tank circuit around the bits of the sample that sticks out. Finally generate an R.F. pulse around a quater of a megawatt in power for a very small fraction of a second.
The atoms in the test sample jump out of alignment with the magnatic field and then start to re align themselves. The atoms behave a bit like pendulums and swing backwards and forwards through the magnetic field as they re-align. In the process they give up the energy they absorbed from the R.F. pulse as V.H.F. radiation.
So if you have any metal or alloy with an appropriate charecteristic in you (iron chromium etc) then this may well be drawn out of you by the magnet (I have seen a bunch of keys moved well over three feet through the air by an early prototype magnet). Also any conductive medium (most metals) will distort the fields so will muck up the scan any way.
With regard to the RFID well it has this little RF coil in which it picks up the RF excitation field... I suspect that a quater megawatt of RF at any frequency is going to cause it to pick up a sizable amount of energy and either burn out or pop the electronics.
The question then is, would this be explosivly or by incandecance (think metal pattern on a plate in a microwave oven), either way I do not want it in my body when it happens...
So as I cannot see the medical profesion giving up NMRI any time soon I guess Governments will be a little reluctant to stick an RFID in you.
One thought though most people going in for an NMRI scan are often allowed to keep some of their clothes on. If RFIDs take off and manufactures start to put them in your under clothes this might well cause a few legal problems untill the NMRI technicians catch on ;)
Just read the artical, hmm you could hid the RFID in say a gift chocolate which you eat on entry as it where...
Reminds me of the bit from Babylon 5 from several years ago where the security chief tell on of the diplomats they put a "Nano tracker" in him (via a drink) that is embeded into his body.
After the diplomat leaves the security chief is asked if he really did. He replies no but then goes on to imagine what the diplomat is going to go through to try and find it...
"Multiple RFID surgeries might have the side-effect of bringing ritual scarification into vogue..."
I am remembering when it was fashionable to purchase false pager cases in order to look like you had a pager, and the attendant status. Does this mean that depressed teens with a penchant for self mutilation will now belong to the highest social order, able to enter any club based on the assumption that anyone with that many scars is somebody who should be in our club, too?
Um, that story is 16 months old...
For the record, I just called the Baja Beach in Barcelona, and they still use the chip for vips. I tried to get info on whether they are worried about verichips being cloned, but the guy I talked to didn't seem to know anything about it. I think I know where I'll get some free drinks next time I'm in Barcelona...
So what's the range of the detector/reader? Can I have an RFID tag-clone in my pocket or taped underneath my arm and still have the thing let me in? the bouncer isnt going to be able to tell what cause the device to beep (or however it indicates authority to enter).
You are welcome to call me a crackpot, but I believe this microchipping business is preparing us for Revelation 13:16-18. Especially the part where no one can buy or sell without "the mark of the beast" on their forehead or right hand. Chipping is voluntary ... for now. How much longer will cash remain with us?
CityWatcher.com is tagging their employees using VeriChip. They are doing so, because the RFID-Based ProxCards they used before might be _cloned_. Rather strange, I would agree if they were afraid of those ProxCards being _lost_ or _stolen_. But implementing the chips does not really solve the cloning issue, does it?
See (in German):
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.