Schneier on Security
A blog covering security and security technology.
« Bluetooth As a Laptop Sensor |
| Bluetooth Spam »
August 23, 2005
RFID in British License Plates
The British government is testing a scheme to put active -- the kind that are independently powered -- RFID chips in automobile license plates. They can be read at least 300 feet away, and probably much, much further.
Posted on August 23, 2005 at 7:24 AM
• 37 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
My guess is this is the first step towards road pricing (http://news.bbc.co.uk/1/hi/uk_politics/4610877.stm) or another way for the goverment to increase taxes under the guise of changing them as we prefer to call it
Well unless one avoids technology outright and lives in the wilds there are no more safe havens from government intrusion in public(!) outside or private(!)even in your home what with 365/7/24 tracking by national id cards, cameras, sensors, cell phone, internet, gps, rfid surveillance. Now freedom of movement may be taxed. Is everyone feeling safer now?
The British interest probably has more to do with turning central London into a giant toll road network. How is this different than integrating EZPass in every plate? I don't know that it sounds like such a big deal to me. You could probably deactivate it pretty easily with a putty knife or Tesla coil.
" You could probably deactivate it pretty easily with a putty knife or Tesla coil."
Then your car would fail its MOT, wouldn't it? A car can fail for dirty plates, even.
Backgrounder for colonials:
Ok, again the mass public will pay more basically for a more complex system for no apparent real purpose other then to restrict their freedom of movements in the end. Toll roads are an ancient system. Why not simply include the tax in the price of gas? Make em pay double for purchasing gas in near the city. The more you consume the more you pay. Ah yes but there are those reasons noted above. Would interferrence lend itself to a civil or criminal conviction. Ah more taxes. So the owner no longer owns his/her plate and its the property of the city, state, government? Why not simply build better transportation systems. Oh they need large sums of money for those. Ok I see.
"Toll roads are an ancient system. Why not simply include the tax in the price of gas?"
Gosh, you're not really up on UK politics, are you? The UK already has the highest petrol prices in the developed world, at £0.99/litre, thanks to taxation.
For some reason the state wants to remove some of that tax, and develop a hugely expensive and unlikely-to-be-successfully-implemented road-pricing scheme.
Well, I guess your heart's in the right place.
actually neven been to UK. here everything is prohibitively expensive save getting there. oh well.
Given that the UK government is now planning to add RFID to the much derided national ID card, which they are determined to go ahead with even though it clearly does not meet its stated aims:-
Now add mass vehicle tracking to this and it seems inescapable that they really are trying to build a mass surveillence infrastructure.
Why do I think this? Because if protecting citizens privacy was an issue it would be presented up front and the technological issues of doing so would get consideration in first place. No system would be fielded for trials without addressing the privacy issues first.
If a tracking system for road pricing was the goal it would be relatively trivial, given the state of the art, to make one that satisfied privacy issues. But that is not done, no. Instead systems are fielded (existing London congestion charging) and trialed (new RFID plates) that have no effective, non-bypassable, privacy protections in place. For most private individuals in the UK, a car registration number is as good as any other personal identifier for tracking them. If you are only concerned with intelligence then it doesn't matter that you can't prove a link between driver and car to legal standards of proof. it's good enough that most of the time you can make the correlation between the two.
Now, if you're using road pricing to roll out a nation wide network of RFID readers wouldn't it be convenient if they operated to the same technical standards as the ID card RFID chips. OK, so they might not read every passive ID card every time, but enough would pass close enough often enough to prov ide useful data. Once you've got the infrastructure you wait for another 9/11 or 7th July type incident to suddenly justify also using the road pricing readers to track ID cards in the hunt for the terrorists.
This may be paranoia, but history suggests that what often looks like paranoia before the event looks like insight after it. Once the infrastructure exists there WILL be people who would be prepared to misuse it.
Just to convert that into US Dollars - a US gallon is about 3.785 litres (UK gallon is 4.546) - so you'd be talking about $3.80 - compared to $2.61 record high reported on the Boston Globe website today.
On a litre of fuel at £1 per litre :
47.1p is Fuel Tax, 14.89p is VAT (Value Added Tax at 17.5%) which means that overall tax rate is 163.11%!
Forgot to include exchange rate :(
At 1.6 dollars to the pound it would be over $6 a US gallon.
And of course no one except authorized personnel will be able to query these tags. I can think of a whole raft of crimes that just got much easier.
At present there is a big problem in the UK of people “copying��? number plates so that they don’t have to pay parking or speeding files. The person that owns the car that the number plates was copied from is sent the fine and then has to “prove��? that it was not their car!
Any device that makes the copy MUCH harder to do is a good thing.
Any number plate can be read remotely at present just by using a CCTV system so I do not see what the big deal is. Driving a car is NOT a private activity, as my driving may put everyone else at risk, therefore everyone has to right to track my driving.
Driving per se might not be private, but the destinations certainly are. There are lots of personal reasons for people not wanting to be followed around which have nothing to do with illegal activities.
Visits to medical establishments, job interviews, pyschiatrist visits, banks and other financial institutions to name a few.
If the ability to track vehicles is introduced, this privacy will disappear. I for one will not be participating with any scheme for ID, car tracking or any other RFID scheme, especially given the risk of abuse. Just look to Black Hat / Defcon for the home built devices that can already access RFID, Bluetooth and other wireless devices from distances well beyond the manufacturing specs.
business case #1
At present there is a big problem in the UK of people “copying��? number plates so that they don’t have to pay parking or speeding files.
Posted by: Ian Ringrose at August 23, 2005 10:19 AM
So the value to be recovered from the above case will equal or exceed the anticipated returns on investment in this rights violating, freedom privacy unfriendly intrusive surveillance mechanism? There is nothing in the UK, USA nor western world which states that governments have the right to track individual citizens without reasonable facts that said citizens are not engaging in unlawful acts. Its a slippery slope. Ah but the pull of greater control, efficiency and effective enforcement of laws would be too much. Now all things of things are possible. Note the vehicle/personal information should be delinked deidentified, deobservable AND definitely not correlated, aggragated linked to other data stores without good reason. Its a minefield to which the UK government seems intent on throwing itself:
http://is.lse.ac.uk/idcard/ and not responding to those subject matter experts in this area.
Sure, driving is not private. Sure, the police and others can already track where we drive. Yes, number plates can be manually recovered from CCTV footage. Agree with all this.
The point is this: There is a big difference between simple surveillance and wholesale surveillance.
'Wholesale surveillance is not simply a more efficient way for the police to do what they've always done. It's a new police power ... And with any new police power, we as a society need to take an active role in establishing rules governing its use. To do otherwise is to cede ever more authority to the police.'
Third parties will eventually figure out how to read the RFIDs. Even if the data are encrypted, if each plate contains different data, once a bad guy has scanned your plate once, he can detect you from "at least 300 feet away, and probably much, much further". Great fun for private investigators, stalkers, or assassins.
Even if a special code has to be used to get the active RFID device to transmit its data, that will quickly be broken by the bad guys; they just record the signal when a cop scans the plates, and use a replay attack.
As an individual who is often involved in surveillance of various types I can categorically state that we really, genuinely are not interested in what average joe is doing, going, buying etc. etc. Really don'ty have the time or to be blunt the inclination to carry out general surveillance of random members of the public.
I know that most of the "human / personal /civil rights" paranoids will take this with a pinch of salt, but nevertheless it's true.
Morewover, to carry out surveillance on an individual one has to have the very best intelligence or evidence, and authority from someone about 5 steps higher than god.
Again I say to those paranoid that their "rights" are being infringed - unless you are or are believed to be doing something seriously illegal, no one *cares* about you enough to want to carry out surveillance on you.
News flash: X-Files | Real Life - 2 seperate things!
What a lot of people, for example ian Ringrose, don't seem to grasp with these things is the potential for abuse. They're fine if they were restricted to their stated use but they are constructed with little or no safeguards against misuse when often it is possible to completely remove many of the potential abuses.
Let's look at the RFID number plates. The intention of these is to form part of the infrastructure for a road pricing scheme in the UK. The idea is to remove the need for annual vehicle taxes and fuel taxes and replace them with a charge based on actual road usage. The claim/intention is that this will be a fairer method of taxation based on usage and will allow demand control so that road congestion can be reduced.
The problem with the system as proposed is that it starts by tracking vehicle usage and then does the charging element as a back end process. There are some safeguards proposed (*1) but the current scheme still results in a complete trace of a vehicles movements being stored. That isn't actually *necessary* to build a toll based system of taxation for the roads.
A system could just as well be built based on digital cash that would charge directly, via transponder, at the point of use without tracking vehicle movements and thus preserving anonymity. Vehicles that pass a checkpoint without "handing over" some digital cash could be photographed and offenders brought to book as currently happens with speed and traffic light enforcement cameras.
So now, at some point in the system, a complete log of vehicle movements exists. That log is open to abuse. The possibilities are obvious to all but the completely unimaginative. Staff at the toll operators could be bribed, blackmailed or threatened for this information. Data could also be abstracted by technical means.
That information could then be used to blackmail people who visit places like red light districts, or known homosexual cruising spots. The payout could be cash, state secrets or political favours. It could be used to stalk people for any of a number of unacceptable purposes. It could be used to track jurors in a criminal case to threaten them or their families. It could be used to track bank employees for the obvious criminal purposes.
And there are the obvious rogue state/agency misuses, either corporately or by individual officers. Please don't dismiss this threat as conspiracy theory fodder. There are enough documented cases of abuse by agencies in democratic countries that this *is* a real risk.
There is also the often ignored national security risk of use by a hostile invader. It might seem unlikely but if it was completely unlikely then we wouldn't need to maintain national defences, and we do.
The issue is that the system *could* be constructed just as effectively without the track of a vehicles movements. Without the ability to track vehicles most avenues of possible abuse are closed. Why build a system with all these risks when it can be built without them? One answer is stupidity, another is an eye on using them for mass surveillence, either overt or covert, either immediately or when some reason or excuse presents itself.
(*1) The pricipal safeguard is laughable. One agency will collect roadside number plate data and another will handle charging. The idea is that the roadside agency won't know who a particular registration number refers to and the charging agency won't know the tracking details just totals for a given registration number. Given that you can tie an individual to a registration number by watching them climb into their vehicle kind of does away with the need for some 'magic oracle' to make use of data obtained from the roadside agency.
This is a scheme rife with potential for civil disobedience. I have no doubt any number of the sorts of people who write for MAKE could find a way to pull the magnetron from a microwave and make it portable. One nice stroll through the parking lot and you've got hundreds of unwitting fellow protesters.
Good points, well made. However, your position is compatible with unlimited and unregulated police powers - a police state.
Is it not wise to constrain police powers at some level? A level above that dictated by paranoid libertarians, of course.
It's interesting to discuss where that level is, and how to express it in terms of new technologies. Such as mandatory personal RFID cards and license plates.
I absolutely agree that Police powers ought to be subjected to detailed, objective scrutiny, follow-up analysis and if thought necessary later review.
I suppose like everything we discuss here it's another trade-off between catching offenders and subjecting ordinary totally innocent MOPs to the potential for 3rd party abuse of something that they are forced to have.
I would like to highlight the fact that the spotlight ought to be on the enabling legislation itself and those that write it - are these things necessary? How much would they potentially help the cops to catch offenders? What are the disadvantages? Etc.
My personal viewpoint is that both RFID number plates and national ID cards are unecessary and are a waste of money that could be much better spent in recruiting extra personel, training etc. etc.
Again an example of the potential benefits of trained & experienced humans over yet another technological solution.
As an aside, I'm a great believer in doing things the old fashioned way. A couple of months ago I was asked to evaluate a piece of software that looked for changes in a CCTV image over time. Basically it was complete junk. It generated a vast amount of false positives: the neighbourhood cat, leaves blowing in the wind etc. which presents the problem of a horriffric amount of data dilution. So the result was that it took a person as long to check the flagged data as long as it would have done for a person with a set of binoculars & a camera to do the actual surveillance!!
It never ceases to amaze me how certain groups of people see the solution to all sorts of security problems as "throw technology at it & it will definitely be improved / solved / go away".
Having highly trained, motivated, intelligent & experienced 'boots on the ground' is & allways ahs been the best solution to the vast majority of security issues.
Again as an aside:
personally I see the definition of a police state being on in which individuals can not do an act unless it is specifically allowed by law. A free state (in theory) is one in which an individual can do any act as long as it is not specifically stated as being illegal in law.
Fortunately the latter has and I hope allways will be the basis of British law & custom. I don't want to carry an ID card any more than anyone else...
Let's not forget another thing about the wholesale collection of surveilence information on people: How long will this data be kept around? Who will have access to it? What can be done with it?
There's a fundamental change that happens to information once you put in a computer. You can start mining it and correlating it. As computers get more powerful and storage ever faster and cheaper you can do new things with old data that were just not feasible at the time it was collected. Weather forcasts used to be pretty crude and people joked about them because you'd get a better forecast by looking out the window. Today, I can sit at my computer and surf to weather.com and find out what the weather is going to be like anywhere I want. People don't joke about the weatherman (ahem, sorry, Meteorologist) anymore.
But it's hard to abuse a weather forcast, so let's move on.
Think about who's going to want this data. At present, it's taxing authorities and law enforcement. The government. But history shows that as these databases grow and governments get ever more strapped for cash they sell their data to businesses and individuals who have some use for it. State DMVs already sell driver license records to direct marketers. If you've gotten into an accidently lately or been issued a traffic citation you probably got contacted by some lawyers within a few days. Guess how they knew your name and address? It wasn't by sitting on the courthouse steps and watching you drive home.
Lots of companies on the Internet will search government databases, some public some not, on anyone for just a few dollars and a promise that you've got a legitimate right to the information. It used to be tedious to find out where any random person lived; today with a license plate number and a few bucks you can find out where someone lives, how much money they make, if they've ever been arrested or in rehab, if they're divorced and aren't paying their child support and a whole lot more. I'm sure nobody lies to get this data or misuses it, right?
Sure you're nobody now and going about your innocuous existence, but what about 10 years from now? Will someone be able to peer back in time and retroactively apply then-current standards to your past behavior? Or perhaps implicate you in a crime for no other reason than because you happened to drive by some random location on your way to work each day? You can bet that powerful persons will have their history expunged from the databases for "security" reasons -- national or notional, take your pick. But perhaps you'll decide to run for some public office above dog catcher in ten years. Will the encumbent have access to your travel history for the last ten years so he can try to find some incriminating trend? You certainly won't have access to his.
This may not happen at the local level, but something similar has already happened at the federal level. Bill Clinton had some 900 FBI files on promiment people in Washington hidden in a desk at White House even though he wasn't supposed to. What's to stop some future president from having 900,000 files on a computer disk? It'll be a lot easier to hide some bits in a computer than reams of paper, so we may never know about it. You don't have to go to the federal level, though. A few months back a scandal broke involving a collection agency bribing DMV employees to locate people with unpaid debts. Some 100,000+ records were given out by corrupt employees for $1-5 each.
Which is worse, singular abuse of power at the highest level or pervasive abuse at the lowest?
Why have I rambled on so long about this? Two reasons.
First, people are very good at finding patterns in data and information, _even_where_none_exist_. Some people see Jesus in the knots in the wood of their bathroom door or the Virgin Mary in their grilled cheese sandwich. Others just see random noise.
Second, it's very easy to make an accusation of impropriety, especially with a little tenuous "data" to back it up. Many people will believe there must be at least some truth to the charge or it wouldn't have been made. I have personally heard people say essentially that when reporting for jury duty. Maybe it's just to get out of service; maybe they really believe it.
You may be perfectly innocent, but the allegation is page-one, above the fold. The retraction when you're exonerated will be page 12, section d, in small print.
Time for the obligatory tin-foil-hat scenario:
You're married and you and your wife have a very active sex life. No kids, though. On your way home from work, every week or so you stop and a convenience store and buy some condoms. Thanks to your REAL ID(tm), some database somewhere knows that YOU buy these all the time. And because it's convenient, you usually get a few bucks from the ATM at the store to have some money in your pocket for the weekend.
You don't know it, but just a block away from the store is a popular hangout for drug dealers and prostitutes.
A few years later your wife is killed in a car accident by a drunk driver. You're devastated and you decide to compaign for tougher laws to crack down on people who drink and drive. You run for the state legislature. The encumbent you're running against, well he doesn't want to give up his seat so easily and starts mining your driving and purchasing history. And what does he find? You're a drug addict who cheated on his wife with prostitutes for years. It's all a fabrication, not a shred of truth to it, but enough people believe it and you lose the election.
Yeah, it's an extremely unlikely scenario. I've just throught up a frightening way to abuse information. But what scares me is the abuse I haven't thought of yet.
"Again I say to those paranoid that their "rights" are being infringed - unless you are or are believed to be doing something seriously illegal, no one *cares* about you enough to want to carry out surveillance on you."
Not true. Some background: In September 1984 Patrick Magee, a member of the IRA took a room in the Grand hotel in Brighton. During his stay he partially demolished a wall, installed a bomb in it, and repaired the wall to conceal the bomb. At 02:54 on 12th October 1984 this bomb exploded while attendees at the Conservative party annual conference were staying in the hotel. Hotel guests included the Prime Minister and the cabinet.
Several years later the Conservative party returned to again hold their conference in Brighton. During the preceeding three months Sussex Police questioned *everyone* staying in a hotel or guest house that was going to be used during the forthcoming conference. Anybody who they could not immediately establish bona-fides for was then further surveiled to a lesser or greater extent. Needless to say Special Branch (the UK's secret police) and MI5 were also involved.
A massive database was prepared with details from the hotel screening and surveillence operation. More proximate to the conference the movements of members of the public and vehicles through various checkpoints in the town was added to the database. The purpose of this database was not principally to prevent a bombing but to be in the position to immediately and effectively investigate one should it occur. After the operation was over the data gathered was archived onto mag tape to be kept indefinately. Specifically it was kept for cross-referencing in future political conference security operations.
The point here is that ordinary members of the public of no particular interest to the police or the security services can be caught up in a mass surveillence operation. With late eighties technology this was a massively labour intensive operation. The length and scope of the mass surveillence was limited by cost. If Sussex police had technologies like automatic number plate recognition, RFID ID cards etc. then they would have used it.
The operation in question *did* invade citizens privacy in destructive ways. There was a lot of joking in the incident room about affairs being inadvertently discovered and revealed to spouses when inquiry officers visited hotel guests home addresses to check their bona-fides.
Ok.. I haven't read every post in detail. In most countries there are restrictions on private infromation. You can't sell etc. Not like in the US were you can sell/buy just about anything quite leagaly.
Could the system be abused by police. No more than they can already abuse there power.
For example, Credit card records. All they need is the warrent to gain legal access, and just one person who does not need to see a warrent to gain illegal access.
Sure, it fails MOT test every year. I tell the inspector I have no idea how it happened and I'm sure it's the fault of the company that made the darn thingy. Sun spot damage I expect. They get me a new plate, and I put it on. That weekend, get out the old Tesla coil and I'm good to go for another year.
You see, my privacy is worth more to me than it is to folks who think RFID will get them a low cost solution. I prefer to exploit their over confidence in technology than re-edicate them. Just a personal preference, not something I'd want to legislate.
I am a little surprised that no-one has mentioned what to me is a little obvious about the whole proposal - the automated collection of revenue for 'offenses'. (Budget is a little low - lets review the offenses list to make a little more dosh!)
Consider Car drives past sensor 1 and then 5 minutes later sensor 2. Determine speed between sensors!
Consider 2. Unmarked car just drives down street - picks up all parked cars and determines if they are parked contary to time limits or on double yellow lines.
Personally I would not be burning out the RFID chips - I would be doing midnight excursions to swap chips - do it enough and you can invalidate the data to the point that changes would have to be made.
(BTW - I am well aware that the chips radiate 360 degrees - obviously any readers that I have mentioned in (1) and (2) would need wave guides!).
You're making a false assumption that the "MOT" failure will only be noticed once a year. It would be trivial enough to have "malfunctioning license RFID" classified as a traffic violation. Now it's a revenue-enhancing feature for city governments: they install the appropriate gear in police vehicles that will notice a car that's not transmitting.
Or those red-light-enforcement cameras will *also* snap a photo if you stop at a red light with a broken RFID. Each time, you get a traffic ticket and a fine. How many tickets will you pay in a given month before you give up and let the RFID chip remain active?
Look, it may be an intrusive mass surveillance measure, but it's justified because terrorists use cars, you know!
Oh wait a minute, no they don't, terrorists travel by Tube.
Make your own randon RFID reprogrammable chip. Have a xmittr sending out a rotating, random code. Maybe get creative and have it only xmit when it gets a "query" signal (I know that's not a proper term for it, but makes sense). Make sure you have a remote control (hidden in a keychain fob) to turn it off in case MOT needs to check it. The RFID, like the red light cameras aren't being used to make everybody safe by catching illegal activity, it's going to be used as easy money. I've noticed whenever a red light camera goes up, the yellow light gets shorter.
I'm certainly glad this sort of tracking capability isn't available in any other devices I'm physically associated with. ;-)
And we can't think of any recent instances where it was used by the State to track "bad guys". Like, perhaps a certain participant in the 7/21 failed bombings in London as he escaped to Italy.
Just as I can choose to leave my cellphone at home, I can choose to take public transit. But like most technologies, it can be used for good, or it can be abused. Is not having it at all really worth giving up its positive effects?
I have said two things before on many of Bruce's posts about UK Road / CCTV / National ID policy, so I will quickly re-iterate.
1, Tony Blair (the prime minister of the UK, and leader of the Labour party) Openly admitted on TV that the Labour Party would take money from whom ever gave it to them and it did not mater whom...
2, The Labour party has a problem, it buys votes with tax payers money. It has now taken just about as much money as it can by direct taxation and stealth taxes, and by fiddeling the Public Sector Borrowing figures via PPI / PFI and other back door scheams.
So with point 1 above, it may surprise some to know that the Labour party openly takes money from a pornographer, who pushes out various magazines, and telivision channels. Some of the stuff is so close to the line that it would be considered Pedaphilia in quite a few places in the world. This person also owns a "red Top" daily newspaper. He has also had considerable dealings with the American Maffia, and tried to "stiff" them so much so one of his senior assistants was badly beeten up, and currently has a court case running in the UK against his (now) formar emplyer (Dick "head" Desmond prop Daily Express, OK Magazine (US), Just Eighteen, etc. etc. etc.).
With regard to National ID cards and RFID number plates etc, other major Labour party fund contributors (both directly and by sponsoring events / providing facilities) are,
3, ATOS Origin
4, Sovereign Strategy
Unisys claims to be a world leader in ID cards, however Panama's electrol commision canncelled a four year deal and sacked them for security reasons. Why, a Columbian National was found to have 500 blank cards, and Unisys admitted it too had at least 30,000 blank cards (it apparently was not sure on the exact number or where they all where...)
Siemens has a long history of "government contracts" since Labour came to power, most (if not all) have made it into the news in one way or the other, with comments like "cost overruns", "Poor Requirments Analysis" and a few others. At least one Editorial commentator has refered to them as "notable cock-ups". However they use "Sovereign Strategy" who are notable through their various affiliates to be able to grease most polititions (one way or another) so the work will continue to flow in.
Seimens is also a major contributor to the Labour Prty coffers and funds the IPPR, labour think tank who formulate a lot of Labours policy. So it would not be to surprising to see which way IPPR lean.
Finaly ATOS Origin, well they have chosen amongst other people Phil Chalmers who used to be a spin doctor for Donald Dewar (before his untimly demise). During that time Phil had to resigne because he was caught by the police in one of Scotlands worst Red Light districts receiving the paid for services of a heroin-addicted prostitute (it is not known if he was enjoying the experiance or not).
ATOS also paid for a large number of adverts in various Labour Party Glossy Mags, and in the process showed extreamly poor judgment by also funding an article that basicaly said the 12Billion USD equivalent that the ID scheam was going to cost would be better spent on employing more police officers and intelligence officers.
Oh and the Ex-Labour Leader Neil Kinnock is known to activly support the National ID scheam. Heil is better currently known for his role in Europe, where he was the only person not to resign over fraud alegations, he has since gone on to mastermind the persecution of several EU accountant whistle blowers.
So there you have it, it's grab the money spin it up and find other more interesting ways to get money to buy yet more votes.
"...compared to $2.61 record high reported on the Boston Globe website today."
Wow... i just paid $2.91/gallon on the way into work today (ahem... los angeles)
This labour government is the worst in living memory and they wont be happy until they have everyone working in the public sector and they are taking as much money from the working man as possible to give to immigrants and malingerers, Blair and Brown should be tried for treason for ruining a once great country,
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.