Schneier on Security
A blog covering security and security technology.
« SHA-1 Cracked? |
| Debating Full Disclosure »
January 22, 2007
Great idea for livestock. Dumb idea for soldiers:
The ink also could be used to track and rescue soldiers, Pydynowski said.
"It could help identify friends or foes, prevent friendly fire, and help save soldiers' lives," he said. "It's a very scary proposition when you're dealing with humans, but with military personnel, we're talking about saving soldiers' lives and it may be something worthwhile."
Posted on January 22, 2007 at 12:27 PM
• 42 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Number of the Beast, baby. It'll be amusing to see how Bush&Co. react to this.
NPR had an interesting discussion this morning on people in Iraq having trouble finding missing, presumed dead, family members. The article went on to say some people have tattooed a contact phone number on their body so they can be identified in the event of their death and provides a way for their family to be notified.
While this approach is useful, it clearly doesn't SAVE lives, it just puts parents at peace that their son/daughters body has been found.
>>"It could help identify friends or foes"
If it has this kind of range, how long till the enemy can 'detect' American forces approaching, or be used to automatically trigger a device once enough RFID's are in a concentrated area.
Never let the guy talking to the reporter make up aplications as he goes along.
I remember an interview with one of the guys who first created a Bose condensate. They asked him what it was good for and he pointed out all the cool things they said we would do with lasers, comparing it to all the cool things we actually do with lasers and then said, "I don't know". This is exactly not like that.
If it's used to identify friend or foe, you're f**cked.
The range is 4 feet, as mentioned in the article.
Even if that range gets doubled or tripled with sensitive receivers or other technological improvements, you're still f**cked if your foe gets within 12 feet of you.
Even increased by an order of magnitude, 40 feet, how useful is it really going to be as an IFF system? Put 2 foes in a car, traveling at a mere 25 MPH, and 40 feet is still in the "You are dead" zone.
All in all, a remarkably stupid application for RFID ink.
"""Great idea for livestock. Dumb idea for soldiers^Whumans"""
Nice summary of RFID.
@Distal: "Even increased by an order of magnitude, 40 feet, how useful is it really going to be as an IFF system?"
Even (especially) if the range is increased to something incredible enough to be actually useful as an IIF, the ink tatoo clearly doesn't have enough processing power to distinguish between a legitimate IFf request from a bogus one. That means such a tatoo would simply and quickly become a targeting aid for enemy fire.
A trajectory-adjusting artillery shell broadcasts an IFF signal, then homes in on the strongest collection of responses. Or, more likely (as already suggested) improvised explosive devices are rigged to trigger when a strong-enough IFF signal is received. Since none of the non-American combatants is even going to have this "feature", they will be totally invisible to the IFF-triggered sensors.
"Hold on a second while I scan you to see if I should be shooting at you."
Decrease friendly fire? Yeah, right.
Despite what the article said (what!? the reporter and/or spokesman got it wrong!), I would presume the use for soldiers would be analogous to dog tags, not for identifying friend or foe during live fire. It would be good for identifying dead and wounded who cannot identify themselves.
Anything that compromises your location, even to friendlies, is a "Bad Thing." Especially if the enemy (whoever they are) can detect you through it - even POTENTIALLY detect you.
I'm certain that it'll be just a matter of time until someone figures out how to extend the range of this, not by looking for a specific signature from the RFID, so much as the disturbance more than one of these likely creates in electronic fields nearby.
"Despite what the article said (what!? the reporter and/or spokesman got it wrong!), I would presume the use for soldiers would be analogous to dog tags, not for identifying friend or foe during live fire. It would be good for identifying dead and wounded who cannot identify themselves." Anonymous 02:33 PM
That's already done, it's called "genetic profiling" and is held in reserve by the DoD. At the beginning of boot camp, a blood sample is taken and put on a sterile card. This sample can be run through PCR, amplified, and used to ID wounded or dead soldiers who're semi-ID'd by location/unit number with ease.
Modern Dog Tags can also have embedded RFID in them, and they're still taped/chained to the torso of the soldier, airman, or sailor while on duty.
This kind of a tattoo is no improvement over the 80+ years of having dog-tags.
I wonder if this technology could be used to tag someone without their being aware e.g. someone marks my jacket or shoes with colourless RFID ink then places a sensor at a location where they would like to know if I am there. There are lots of ways to do this already of course but most of them seem to involve attaching a bug or something to me. Discretely spraying my shoes or clothes with RFID ink when I am preoccupied seems plausible and would be virtually impossible to detect.
Everyone concerned about putting this on soldiers should look into the concept of man-portable blue force trackers. They are widely deployed already in certain military units. There use is destined to become more and more widespread as time goes on.
Rule #1 for using the radio - NEVER give your position in the clear (unencrypted). Let's charitably assume this product works. You're making a soldier use a technology that gives his postion in the clear ALL THE TIME, and he can't turn it off. Why not just give him a locator beacon, and make it easy for the enemy?
IFF systems rotate their codes, usually. This technology can't. Is this company proposing we take a piece of information anyone can read, never change it, and use it to identify friendlies? What could go wrong?
OK - IFF is an easy straw man to knock down. What about using this system to identify the remains of soldiers who have gone missing? DNA solves this problem now. This is a solution to a problem that already has a better solution.
Co-founder Pydynowski said, "It's a very scary proposition when you're dealing with HUMANS, but with military personnel..." Are military personnel not humans? Either this isolated technocrat presumes that soldiers have willingly given up all rights, or thinks of them as chattel. Either way, it's offensive. "It's for the soldiers" is almost as much of a red flag as "it's for the children."
The "humans" remark makes me hope this guy sinks a ton of capital into this product before it goes tits up.
RFID isn't necessary for livestock.
They might have a cost advantage in certain segments where lip or ear tattoos are common.
For most situations, plain old ear tags are cheaper and simpler and just as effective.
NAIDS is just a bit of security theater aimed to make people feel safer that "diseases can be tracked!" rather than addressing some of the industrial farming practices ("Hey, let's feed animal protein to herbivores!") behind some of the modern disease problems.
I wonder how we ever tracked and eliminated diseases like brucellosis, hoof-and-mouth, and turbucellosis without tracing technology more sophisticated then paper forms & pencils!
I'll echo the slip by one of our politians and suggest that not all our soldiers are the brightest bulbs. That's not an insult, just the recognition that many join up because they haven't the education or intellect for other pursuits. My concern would be scans of these rfid tags being taken for granted as friendly id... and the too gung-ho, too agressive, less cautious, or less independant thinkers not acting with adequate caution or reserve.
1) Burned and disfigured body of GI is found. RFID tag is present and over-reliance means body isn't as closely examined before body is taken to camp. Explosive device is present and detonates there instead of in field.
2) RFID tags are extracted from captured soldiers and inserted into enemy capable of passing as Americans. Lax security, brought on by reliance on RFID tag scans, allows enemy to penetrate perimeter.
3) RFID tags in American soldier(s) fail. Security, too confident of RFID presence and reliability, overreacts and, assuming disguised enemy combatant, injures or kills soldier in attempt to avert disaster.
The article also mentions being able to use this to track E coli outbreaks in spinach.
Are they gonna tattoo every spinach leaf? The bags or boxes of spinach being shipped?
Although this may be an asset to the military. It will be also an ideal treasure for the terrorists or badies
Any assumption that depends on the enemy not being as smart as you is doomed to failure. If this ever gets deployed you will see RFID detectors attached to boobytraps very shortly afterwards.
There is a reason the Hubris was considered a sin against the Gods.
What's this got to do with RFID? This looks like a biosafe barcode, not any form of RFID. except for the title of the article.
But maybe RFID doesn't actually mean RFID anymore. Is this newspeak?
You know, once someone comes out and says directly, "We want to tattoo numbers on people," any reasoned discussion of benefits or drawbacks is going to just go right out the window.
Genetic sampling, banking, and testing definately have a significant cost and time lag. This RFID tatoo technology may be cheaper and faster in important circumstances (e.g. IDing an injured soldier with missing tags in the field for medical history).
Note that it MAY be. I'm not saying it is. That is up to the vendor to prove it. But they don't have to prove it is better than or can replace genetic profiles or dog tags. If it does just part of the job better (e.g. faster, more reliably) or cheaply than those other two, it could be worthwhile.
If you want a way to ID injured soldiers, use a chip, not a tattoo. The tattoo brings nothing new to the table.
But if I were a company commander, I'm not sure I'd want my soldiers walking around with RFID tags embedded in them, for all the reasons already cited.
So you've tattoo'ed an RFID on a steer. Now it goes into the slaughterhouse. Which cuts of meat end up with the tattoo? I'm thinking "None", because the tattoo is in the hide, not the meat.
Granted, if the tattoo was inside the lip, it ends up in hotdogs, sausage, and ground beef. But if the lips from dozens of steers go into one batch of ground beef, how is that jumble of RFID data going to help you track an E. coli outbreak?
This doesn't seem too useful for the meat-product side of cattle production, either, although it may have some use while the cattle are still on the hoof.
Ideally, it can be stamped on, scanned, and tracked easily without requiring scanning barcodes, which may fade, or be disturbed by fluids on the surface of the meat/foodstuff. So, that's how it MAY be used. Frankly, there's a system for tracking the distribution of foods anyway.
In the battlefield, medical techs have a habit of writing summaries of injuries on the body of the injured. Unsurprisingly, these records and details are hard to lose. Usually, the body or person is ID'd before they're even medivac'd.
@ Anonymous 6:27PM
Agreed, it takes a little while to get the samples and run comparisons, but when a person is dead there's no real rush. The living, as a rule, have comrades who can ID them, and medical personnel are likely to have relevant records available with ease once the soldier is ID'd. RFID or other tagging won't speed this identification, not any faster than an equipped basic field hospital (trauma ward, ED, etc) can handle the injuries.
In the cases where there are only 13 or 14 people in a unit (crashed helicopter, for example), you have a list of who was on the vehicle and their serial numbers and identifying marks anyway. The RFID won't improve identification in any real manner, although it may improve tracking of the corpse once it's recovered.
We've already got ID cards with chips on them which are supposed to have all sorts of information stored inside--it's taking years to implement, and will probably never happen to the extent that we've been promised. So far, I don't think mine does anything but allow me to log onto the Army portal and change my password. Oh yes, and get me into the chow hall. Technology at its finest--I wonder how many billions we spent.
To use the time-honored military phrase:
"Not no, but HELL no!".
This won't happen; just some marketing droid daydreaming out loud. ID tags work just fine, thanks.
But, then again, they told us the DNA database was only for casualty indentification. However, there have been cases where those very samples have been used to match soldiers to DNA evidence, e.g. in rape cases. Hmmm....
One of the big differences between cattle and soldiers is that cattle pretty remain cattle for all their lives. Soldiers, unlike cattle, do have leaves, rotations back home, and, in many cases, leave the service. Unless the RF tattoos are easily removed and reapplied, they will be RF readable off-duty and post-service. OK, maybe RF tattoo removal is part of the honourable discharge process.
At various times, there has been advice for soldiers on leave to minimise their appearance as soldiers, not to advertise it lest they'd be targets. The RF-tattoos would "out" soldiers on leave. RF-shielding armbands as a counter-measure?
Now, taking a wild science-fiction speculation to examine RF tagging as a means of identifying soldiers: Could RF-tagging be deemed as key means of identifying certain combatants under international law someday?
Put in a slightly different way, would an untagged human possessing a weapon or providing combat support be deemed as an "unlawful combatant", spy (instead of scout/recon), saboteur, or terrorist lacking protection?
Also routed solders fleeing the enemy would not be able to effectively discard their uniforms and hide among non-combatants. The RF tagging may make perfidy, an intresting and somewhat obscure category of war crime, a bit more difficult. Duplicating the RF tags of another nation's forces would most likely be a violation. Shielding RF reading, other to pass as non-combatants, might fit under lawful ruses. (More info on peridy under Article 37 at http://www.unhchr.ch/html/menu3/b/93.htm)
I forgot to mention that the RF tattoos would make it easier for the authorities to spot deserters or AWOL soldiers. That's unless they avail of tattoo removals or RF shields.
Our rescued Siamese cat, Novalee, has a micro chip based on this technology. Had considered doing the same with the spousal unit, as we were traveling a lot for several years, some 66,000 miles in three years by RV, and if she got left behind a simple visit to any vet with a scanner could ID her for easy return. Was not worried about the cat, as she knew her way home.
I think the last (modern) army to tattoo id information on their soldiers was the SS divisions during WW2, something that doomed many soldiers both during and after the war. Not being able to remove the information meant that they had a far worse chance of deserting or surviving as PoW.
I am happy with my dog tags, thanks. I am not cattle.
It's gotta be a bad idea.
Every device has a unique analog fingerprint (...be it RF or Power Consumption) as a result of variation in manufacturing.
Read: "Device Identification via Analog Signal Fingerprinting: A Matched Filter
Approach" (2006) by Ryan M. Gerdes, Thomas E. Daniels, Mani Mina, Steve F. Russell. http://www.isoc.org/isoc/conferences/ndss/06/...
The technique has a patent application filed: http://www.freepatentsonline.com/20050213755.html
The technology (from this group) is in its early stages. It does not appear capable of distinguishing a single device from a very large set (thousands, millions), however with differential power-analysis / signal-analysis improving all the time, this type of approach can only improve ....
This appears to have serious long-term implications for Laptops (Wireless Ethernet) / Mobile Phones (bluetooth, gsm?) / RFID / Contact-based smart cards power consumption, etc.
This is exactly the sort of dumbass leading-edge high-tech low-value idea that the people who make purchasing decisions for the military will love.
They should also make a different marker for officers so they can be identified on the battlefield at a greater distance than soldiers.
"... the actual process is slightly different and proprietary."
This doesn't really look like RFID and they shouldn't have an issue disclosing their methods if they've properly applied for associated patents.
Even if it were a good idea for soldiers, I think most would prefer an implant that could be more easily removed after their service.
But, gee Bruce: You keep opposing these things, get labeled a bio-luddite, and find yourself on yet another watch list :-)
Great. Make it so that some part of a soldier's body is of extremely high value to enemies wishing to confound local security.
So, the ID is applied to the skin from a single-use vial of ink. If this is to be used in any kind of authentication / authorization application, disposal of the leftover ink is going to be a problem. One could pocket a vial from the waste port of the tattoo gun and impersonate a whole legion of people all at once.
To the anonymous who wrote:
"The article also mentions being able to use this to track E coli outbreaks in spinach."
They'll probably tag individual boxes or packages of spinach (i don't know if spinach is sold loose or packaged in the US) and combine the tag IDs with information about the source of the spinach in the box, and when and where it has been delivered. Then when an outbreak is detected, this data is taken out of the database and used to determine which stores have to be contacted to have spinach recalled. A similar system is used over here to track meat, with the result that the meat in a shrink-wrap retail package can be tracked to an individual animal. (And cows with a fashion sense: everybody wears yellow ear tags.)
Of course, to actually be safe, you'd have to stop sh!tting in your spinach...
I agree with Grahame; this doesn't sound like real RFID to me. It's probably something like a barcode with magnetic or conductive ink so a scanner can use a magnetic pickup or miniature radar to read it through the hair on a steer. Tattooing it on people is still a bad idea, but not because "the enemy might detect it". If you want to fuss around with electromagnetic detectors in the field (and I have doubts about reliability under field conditions), you'll set them to detect those large lumps of metal called "rifles" and "pistols", not little bits of ink.
But for body identification? What makes you think the tattooed portion of the body will be intact? We've got dogtags that are more likely to survive their wearer being blown up, and we've got DNA for the tough cases. Tattoos aren't going to add much.
The best way to stop friendly fire is stop the Americans going to war, or at least stop the British going with them everytime the British have gone to war along side the US we lose more soldiers to friendly fire by the US than we do the Enemy
So, no-one here even knows any Marines? It's semi-common to tattoo name/SSN/blood type on the side of your torso (called a "meat tag"), for exactly all the reasons given above.
"It's a very scary proposition when you're dealing with humans, but with military personnel, [...] it may be something worthwhile."
Yeah, military personnel are non-human as we all know.
RFID are NOT a good idea for livestock.
While they may be a good idea for individual livestock owners to tag their livestock, that is not necessarily true. But that is their own decision.
There is a massive effort to develop a system for tagging all livestock in the U.S. today and force it on all livestock owners. It is couched in terms of food safety and prevention of disease, but it is, in reality, purely a marketing effort pushed by certain enormously large corporations.
It affects not only cattle, but horses, poultry, pigs, goats, sheep, and more. So every time a calf jumps a fence and gets in with the neighbors herd the farmer will have 24 hours to notify the government of the event. Every time one of a small homesteader's chickens gets out into the roadway, the homesteader will have 24 hours to notify the government. Every time a cowboy takes his horse off his property to help a neighbor, he will have 24 hours to notify the government. Fail to notify the government, and there will be possible fines, maybe even forfeiture of the livestock, and in some cases the farmer/homesteader/cowboy may go to jail.
The threat usually cited is Mad Cow Disease. In reality, that has not been much of a problem at all in the United States. Ending Mad Cow Disease is much simpler than tagging livestock -- don't feed them neural tissue of dead livestock. In fact, it has been illegal to do that for some time.
In a few cases cattle with Mad Cow Disease have been imported into the U.S. from Canada. RFID tags would have made no difference. Those cattle were traced quickly and efficiently without creating another huge government bureacracy.
The real reason for the tagging effort is for marketing cattle to other countries, principally Japan. What goes unanswered is the question of why should all cattle in the U.S. be tagged for this purpose?
If someone wants to export their beef to Japan, they could accomplish the same thing by selling beef that has voluntarily beeen tagged and tracked since birth. Such animals would enjoy a bit of a premium which would most likely cover the cost of the tagging and tracking and at the same time those producing beef for their own use or for local markets would not be encumbered with a tedious and intrusive tracking system.
The fact is that the source of the occasional health problems in animal products is inevitably due to contamination at the packing plants. Nothing that whoever raised the animals can have any possible impact on the problem.
But with the animal tracking and our legal system, what we will see is that when someone gets sick or dies from an e-coli outbreak at some fast food joint, it will be possible to determine not only the packing plants where the contamination occurred, but everyone who ever owned the livestock prior to that. The lawyers, in their infinite wisdom, will use that information to file a lawsuit against everyone along the entire line.
While a meat packing company may be able to handle the lawsuits, some of the small farmers may only make $10,000 or $20,000 a year from their agricultural activities. Many may have even lost a few thousand dollars.
Imagine one outbreak of e-coli in the hamburger sales of one large chain. The beef involved may have ultimately come cattle purchased from hundreds of small farmers. Adding tens of thousands of dollars of legal expenses to their already limited income will only force them into bankruptcy and concentrate control among fewer and fewer large corporate farms.
It won't help a single consumer at all, but it will likely increase meat prices to the benefit of the few who will be able to remain in business.
In reality, the entire scheme is nothing but smoke and mirrors designed to fool the consumer into thinking he is getting something that he is not. It will do nothing to protect any consumer from anything. It will do nothing to promote marketing of beef to Japan that a voluntary program for those few who actually will market their beef to Japan cannot easily accomplish.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.