Schneier on Security
A blog covering security and security technology.
« Diplomatic Immunity |
| Dutch eVoting Scandal »
March 22, 2007
American Express Patenting Tracking People via RFID
Interesting story. I don't know how serious AmEx is about this, but it certainly is a good illustration of the possibilities of the technology.
Posted on March 22, 2007 at 3:31 PM
• 26 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Even if they offer a chipless version why on earth would anyone agree to be tracked like that? I'll bet the current administration would love it though.
There are people out there who would love it. And others who would pretend to love it if it got them on TV.
Not just the US administration, many companies would love it too, because t's a huge marketing opportiunity - the typical piece of flap used to describe it is "a gold mine".
The obvious next step would be to add an online shopping list. Before leaving home you'd tick off the list of things you want, and whenever you passed one of those items at a "participating" outlet your RFID card would be detected and some sort of display would happen to draw your attention to the nearby offerings. And this, too, would have its share of people willing to sign up.
Excuse me while I go stick a finger down my throat!
@Steve - Maybe for a 15% discount [lol]? People allow themselves to be tracked in supermarkets now via affinity cards so they can get discounts and airline miles.
However, I wouldn't want to be tracked just anywhere. So I'd opt for the chipless card. But if I could pick up a device to wear at the front door that I turn in at the register, then I might not mind.
If I have a shopping list, why would I want to buy things while I'm out doing non-shopping things? When you make a shopping list, it's to avoid the inconvenience of having to be continually shopping by grouping all shopping tasks into a single "go to the store" task.
Even better, why wouldn't the program that generates the shopping list just tell you where everything is located and design an optimal path from your current location to the stores with the best prices, factoring transportation costs?
That started out as a rebuttal of your post, but the inner nerd in me pointed out the obvious improvement that didn't involve rfid.
Ctrl-Alt-Del / Not-Shopping: Tying this to a shopping list would not be nearly as useful as letting people wander. The greatest value to a supermarket is seeing the patterns people take and how long they linger in some sections over others. Lingering means interest, but if no items were purchased at checkout then it can be deduced that while the customer wants those kinds of items, the store isn't carrying the right brands. E.g., customer is lingering by health food isle but if very few items are actually purchased from there the store knows that they should keep looking into healthy items but from different vendors.
I can see it now - electronic price tags that can change depending on your purchase history and credit availability.... He can afford a bit more! cha-ching!
I wonder how much people with ADD will screw up their shopping demographics.
Random wandering in stores trying to remember what you wanted in the first place or having random memories of what you wanted a couple years back, but forgot to buy...
Guess I'll have to do more of my shopping online.
Slightly off topic: yet another example of someone "inventing the bloody obvious" and slapping a patent on it.
American Express: Don't^H^H^H^H leave home without it ...
Cant anybody who REALLY have no means and intention to do such tracking take patent on it? I could make millions on lawsuits against busenisses and people trying to track other with RFID, and I wouldn't bother with letting anybody use the patent for any money in the world :D
I agree, but can they really enforce a patent like that? There would surely be prior art, as the idea has been around for absolutely ages.
This *is* the US patent system. I mean laser pointers for cats, sticks for dogs, swing sideways or fart powed toys.... Its all there.
Even crypto.. aka RSA was patented, and thats maths....I never understood that one.
"In response to CASPIAN concerns, American Express also promised that it would make a chip-free version of its credit card available to concerned consumers who ask for it. "
So if you don't ask for a chip-free version you get the card with a chip by default. How many people won't bother to ask or not realize there is a chip on their credit card?
Should it be the other way around the chip be only on the card if requested?
Well, in Chile already are making this, and people don't know it yet:
The story is in spanish, but basically is this:
Transantiago is the new public transportation system, with more than 2 millions passengers, each one has a proximity card used for payment.
You can look on the transantiago web site all the movements of the proximity cards, a tracking of all trips of people.
The site has bugs that allows anyone to see the personal data of everyone.
I have a corporate AmEx card. I guess in the future I will leave home without it, unless I need it.
Just a thought for design consideration: An off-off switch for RFID tokens.
Depending upon the token's use, the default might be off with a momentary contact on switching. (E.g.; when passing the credit/debit card by a reader at the checkout.)
Of course, the switch would have to be a real switch, not a dummy one slipped in on the notion "how will the average person know if the RFID tag is on or off".
Looks like I need to upgrade to a more powerful microwave oven.
If only taking out a patent meant the grantee gained a responsibility to make sure that no (eg. civil liberties) laws were breached by use of the patent technology.
"Cant anybody who REALLY have no means and intention to do such tracking take patent on it? I could make millions on lawsuits against busenisses and people trying to track other with RFID, and I wouldn't bother with letting anybody use the patent for any money in the world :D"
Sure, why not? The US patent system isn't there just for those who have the machinery to apply the process or invention. If you have the idea, you are free to claim the patent right to that idea. Then you are free to work with someone else (a licensee) who has the machinery to apply the process or idea, and you can profit from it. You also have the right to exclude others from using it (as they have not been granted a license).
What am I not as familiar with is failure to defend a patent. For example, the act of using a patent to prevent ANYONE from using it may be perfectly fine (the Eolas patent against IE strikes me as an example). It may also be not-so-fine. I just don't know.
Whether or not this patent should be granted is beyond me both legally and practically. There is plenty wrong with the US patent system, and many things patented under it that arguably should not be.
"Maybe for a 15% discount [lol]?"
Actually, the discount offerred by current customer tracking schemes (a.k.a "loyalty cards") is a LOT less than 15%! Most schemes are complicated enough that the consumer cannot easily work out what discount is actually offerred, so it has been analysed by consumer advocacy groups. It turns out to be somewhere between 2% and slightly less than 1%, as a rule.
There are exceptions, though; in at least one case the "loyalty discount price" was actually just bringing the price back down to the same RRP offered by other stores in the area without a card program. In another case, the Australian FlyBuys scheme (a combined frequent flyer and shopper tracking scheme) turns out to be actually worth less than 0.2% once you cut through the smoke and mirrors (as with most frequent flyer schemes, because of the complex rules the overwhelming majority of points lapse without ever being redeemed, thus enabling stores to "reward" the suckers with points that are probably worth nothing at all.)
I cry foul, the idea about tracking throug RFIDs etc is most definatly in the PUBLIC DOMAIN I amoungst others have put it there just search back through your Blog where you will find I very specificaly described the process at a checkout etc.
RFID tracking ... big deal ... most of us have and carry mobile phones with us all the time. Not only can they be used for tracking but for eavesdropping too.
1) I have a hard time seeing how such an idea could be patented (and defended) when people such as Bruce for years have been shouting from the roof tops about it.
2) Over the weekend I heard a radio story that we (U.S.) was no longer Capitalist...but Consumerist. And it made a lot of sense and puts foolishness like tracking consumers in perspective.
Capitalism = saving & wise investment --> Better goods & services
Consumerism = get people to spend.
So, I recently got my new AmEx card in the mail. It is very modernist in design, which is to say that it exposes its inner workings. Instead of the old smart card contacts, my card had a shiny antenna embedded in it, leading to a small area of the card that had been epoxied-over. I'm not sure if I should commend AmEx for their honesty, because I'm sure that their intention was not to warn cardholders that their cards had arphids, but I was pleased nonetheless. A few minutes of quality time with the dremel, and no more chip in my card.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.