Tracking People by their Sneakers

Researchers at the University of Washington have demonstrated a surveillance system that automatically tracks people through the Nike+iPod Sport Kit. Basically, the kit contains a transmitter that you stick in your sneakers and a receiver you attach to your iPod. This allows you to track things like time, distance, pace, and calories burned. Pretty clever.

However, it turns out that the transmitter in your sneaker can be read up to 60 feet away. And because it broadcasts a unique ID, you can be tracked by it. In the demonstration, the researchers built a surveillance device (at a cost of about $250) and interfaced their surveillance system with Google Maps. Details are in the paper. Very scary.

This is a great demonstration for anyone who is skeptical that RFID chips can be used to track people. It's a good example because the chips have no personal identifying information, yet can still be used to track people. As long as the chips have unique IDs, those IDs can be used for surveillance.

To me, the real significance of this work is how easy it was. The people who designed the Nike/iPod system put zero thought into security and privacy issues. Unless we enact some sort of broad law requiring companies to add security into these sorts of systems, companies will continue to produce devices that erode our privacy through new technologies. Not on purpose, not because they're evil -- just because it's easier to ignore the externality than to worry about it.

Posted on December 12, 2006 at 1:11 PM • 83 Comments

Comments

Swiss connectionDecember 12, 2006 1:36 PM

Another scary thing:

There is no security by obscurity either, once a RFID chip with a unique ID can be brought into association with your person, then, even if 9 out of 10 citizens use the Nike+iPod Sport Kit, you can be found and tracked.

walking advertismentDecember 12, 2006 1:41 PM

think of the directed spam as a result of this.. stores purchasing such that they can names of people as they walk buy.. cross reference mailing lists..

talk about directed and timed marketing!

SkateDecember 12, 2006 1:43 PM

The only way to insure that data remains private and secret is not to collect it in the first place and the only way to make sure that RFID data isn't collected not to have any RFID chips.

Legislation can make the data collecting illegal but it can't prevent people (or the NSA) from collecting the data illegally as long as RFID chips are allowed in end user items. The only legislation that will have true privacy impact is legislation that bans RFID chips in end user items. As it is, my local library already has them in all loanable items and tries to claim that they provide more privacy than the old printed bar codes based on the idea that the checkout clerk doesn't have to carefully look at the book you are checking out.

There may be a few horses out of the barn but that doesn't mean that we have to let the rest of them out...

ramananDecember 12, 2006 2:00 PM

You need to be within 60 feet of them for this to work, so don't you already need to be stalking them for this be a security threat? Or are you concerned about a big network of trackers being deployed in a citry?

cmillsDecember 12, 2006 2:16 PM

good point ramanan
As it is, I could go and buy this device and not lose any sleep wondering if it is being used to track my movement. However, if the government, companies, etc. begin to emplace rfid reader checkpoints, I would begin to worry a little more. Other than for marketing usage, how would the tracking of my movement through such technology be adversely used against me at this point in time?

However, what bothers me is that conventional rfid chips need to be in a very close proximity of a reader in order to be read, but devices like this (presumedly powered transmitters) that are meant for other purposes broadcast much further away.

ChessDecember 12, 2006 2:25 PM

@ramanan:

I'm concerned about a big network of trackers.

In five years, every store, every business with any level of inventory on hand, heck, every library is going to have RFID readers. At 60' range, that's going to be blanket coverage in a lot of areas.

Werner AlmesbergerDecember 12, 2006 2:30 PM

RFID readers gathering all IDs they can see would make as much sense as surveillance cameras: if anything happens, you can go through the data collected, and see if you can connect any of the IDs recently captured.

Since this would be even less visible than a well-hidden camera, there is little reason why banks, shops, police states, etc., wouldn't want to deploy such devices.

And once they have the data, there's no telling what other uses they'll find for it ...

- Werner

JamesDecember 12, 2006 2:38 PM

"The people who designed the Nike/iPod system put zero thought into security and privacy issues."

No the people who designed it really didnt think it would be such a big deal, which it is not honestly. In order for this to even remotely be used for tracking, you have to have a bank of sensors up, Im sorry but in five years I doubt even one major chain will have RFID trackers up in every store... why? because people have been talking about how scary this is since 1999 and guess what still only have test runs in a scant few stores because they dont really work right or are cheap enough to be used everywhere.

Jesus people are paranoid.

random engineerDecember 12, 2006 2:44 PM

If you're scared now by sneakers, prepare to be afraid, very afraid.

There will be a lot more devices coming out with built-in wireless, or wireless-only operation. Two examples: Wii and Zune.

If you think those won't be uniquely identifiable, think again. Even more are coming: the technology is affordable, so the value proposition is already strong.

Someone should just start a web page that catalogs all these "leaky" devices, rather than just writing up occasionaly shocking articles about isolated incidents.

cmillsDecember 12, 2006 2:48 PM

"still only have test runs in a scant few stores because they dont really work right or are cheap enough to be used everywhere."

Soon enough, the technology will be smaller, cheaper, and therefore ready to be mass marketed and implemented. This is the trend of all useful technology.

Criminalize-It!!December 12, 2006 2:54 PM

"Unless we enact some sort of broad law requiring companies to add security into these sorts of systems, companies will continue to produce devices that erode our privacy through new technologies."

Quick! Pass a law! There's no way there would be a multi-million dollar incentive for an entrepreneur to develop anti-tracking technology! And we can't wait that long! Hurry! The market will never respond fast enough! And there are NEVER externalities (hidden costs, unintended bad consequences) to illegalizing the creation of products!! Pass a law! Pass a law!

(It would be different if we weren't forced to wear these sneakers, for in that case we could solve the problem by choosing not to buy that model of sneakers. But since we are forced, our privacy's being eroded!) Pass a law! Pass a law!

False DataDecember 12, 2006 2:59 PM

"Unless we enact some sort of broad law requiring companies to add security into these sorts of systems, companies will continue to produce devices that erode our privacy through new technologies."

California has one. Unfortunately, it's a little too broad. Art. I section 1 of the California Constitution:

"All people are by nature free and independent and have inalienable rights. Among these are enjoying and defending life and liberty, acquiring, possessing, and protecting property, and pursuing and obtaining safety, happiness, and privacy."

http://www.leginfo.ca.gov/.const/.article_1

On a wild guess, there are probably a couple problems with using it. The first is does "privacy" mean not disclosing your personal information, or does it mean the right to be left alone? The second would be showing how disclosure of that information has caused you some sort of measurable harm.

Still, it might be interesting to talk with someone at the Privacy Rights Clearinghouse or the EFF about whether you could use it to go after a company.

McGavinDecember 12, 2006 3:00 PM

"Unless we enact some sort of broad law requiring companies to add security into these sorts of systems"

NO NO NO! I don't want to PAY for the cost of security in my NIKE/Ipod gadget. That is a consumer choice. It is bad business to implement security in these devices right now: people don't want it.

What happened to the economics/security relationship, Bruce? Did you forget?

BenDecember 12, 2006 3:01 PM

This problem would be made significantly worse if the `reporting` part of the equipment (the bit in the shoe) stores historic data and allows queries from the iPod.

I wonder how it easy it would be to break my old watch [ http://tinyurl.com/y3jy6q ]. I strongly suspect the `reporting` unit stores historic data [and thus must allow querying] and I doubt that data is transmitted securely.

McGavinDecember 12, 2006 3:03 PM

"whether you could use it to go after a company"

Don't go after the company, go after the spy!

PeterDecember 12, 2006 3:09 PM

Well, first there's no way to tie those sneakers with real person. Only Mr.X can be tracked and that's not a big threat.
Secondly, it's 60 feet, can't you SEE?

McGavinDecember 12, 2006 3:22 PM

"Well, first there's no way to tie those sneakers with real person."

You are thinking of mass surveillance. If I know the person (i.e. stalker), then I can tie the unique ID to the person quite easily.

Devil's AdvocateDecember 12, 2006 3:24 PM

A very interesting (and amusing) article. As Bruce says, the designers of this little gizmo did not think about security at all.

This bit of the University of Washington article got me thinking about a different angle on the security aspects of the Nike+iPod:

"our research shows that the wireless capabilities in this new gadget can negatively impact a consumer's personal privacy and safety."

Clearly, the article is discussing the possible risks of being tracked by an attacker but perhaps there are some situations when it could be an advantage to track someone's movements using a cheap radio transmitter linked to a shoe. I am thinking of people who have to do door-to-door or other outdoor work like meter readers, health workers, police and even prostitutes! The type of system I have in mind is something like this:

A device with the ability to send a distress signal including some location information if the wearer hits a panic button and/or automtically transmitts if no weight is detected on the wearers shoe after a short delay (because the wearer has been incapacitated).

Possible candidates for obtaining the wearer's location for a distress signal might be a local radio receiver/transmitter like the Nike+iPod, Wifi hotspot zone, mobile phone cell networks or even GPS (not sure how bulky GPS has to be).

Yes, I know, there are all sorts of technology and privacy issues to be worked out to get this idea doing something useful but I want to play the Devil's advocate for a change.

P.S.
Aside from privacy issues, anyone interested in building small portable computers may find the range of devices decsribed in the article that could be used as receivers quite interesting.

P.P.S
If you think that sex workers agreeing to mobile alarms is implausible then read the section headed "The Glasgow Prostitute Killer" at http://www.mayhem.net/Crime/killersatlarge.html. According to a friend of mine working in Glasgow at the time, the Glaswegian police were so concerned about a serial sex attacker that they did indeed issue personal alarms to some prostitutes. I don't know what technology the alarms used, they might just have been loud noisemakers. My friend also said there was a funny incident when an alarm was msitakenly set off; the unfortunate client found himself quickly surrounded by armed police and dogs :)

McGavinDecember 12, 2006 3:32 PM

"The people who designed the Nike/iPod system put zero thought into security and privacy issues."


No, they put minimal FINANCING into security and privacy issues. I'd bet there was thought, even discussions, about security and privacy.

UCAVDecember 12, 2006 3:51 PM

"NO NO NO! I don't want to PAY for the cost of security in my NIKE/Ipod gadget. That is a consumer choice. It is bad business to implement security in these devices right now: people don't want it."

Instead of "people don't want it" don't you mean "people don't know or care"?

The same argument could be made for cigarette warnings. People didn't demand those, but they serve a purpose.

Proposed RFID warning: "Side effects may include dizziness, nausea, panopticonism, and targeted advertising."

Steve LoughranDecember 12, 2006 3:52 PM

I dont think we should be picking on nike.

I ran an experiment at my house with a linux laptop and a class i bluetooth node, scanning and logging every discoverable bluetooth device that came in range. with a 30s scan cycle, it could catch everyone walking past. As I live on a main road in a european city, I collected a lot of data. Especially as I ran the experiment for a year.

I havent yet done a full analysis. But I will say that some people go past my front door at ten minutes to nine, every weekday, plus or minus one minute. Predictably. And they publish that fact to all bluetooth nodes nearby.

McGavinDecember 12, 2006 3:54 PM

"Instead of "people don't want it" don't you mean "people don't know or care"?"


To Nike, there is no difference.

-ac-December 12, 2006 4:12 PM

Think malls, airports, courts, parking lots, cafes and nightclubs. Think grand central station. Think of any public place with a congestion/"security" point through which all traffic has to pass.

Now think of this scary scenario:

An RFID tag is placed on a diplomat, spy, policitical candidate, witness, informant, etc. The target walks in the cafe and 2 minutes (or 2 seconds) later the bomb goes off.

Think: an RFID tag is planted on a well-dressed businessman/woman on the subway. Or on the wall of the car itself. The bomb in the subway tunnel is activated with devastating precision.

If you allow another disruptive technology "out there" you have to defend against it. Don't let it out there and save us the trouble. Please.

RoyDecember 12, 2006 4:15 PM

That figure of 60 feet is not a limit, only a waypoint. The dilution due to distance is an inverse square law. I don't know the carrier frequency involved here, but if it's microwave there'd be no problem building (or buying?) a high-gain antenna. And if the antenna were a phased-array microwave, you might not be able to tell what it is by looking at it. Thus range is a function of your budget.

PassTheBuckDecember 12, 2006 4:15 PM

"Unless we enact some sort of broad law requiring companies to add security into these sorts of systems, companies will continue to produce devices that erode our privacy through new technologies."

Good idea. For instance, what if you're driving home from your ex-girlfriend's one afternoon, and one of your wife's friends spots you through the transparent side window of your car! Better pass a law requiring car manufacturers to provide shading capability to all windows in all autos. After all, it's THEIR responsibility to protect your privacy!

Or what if you're standing in line at a convenience store, and someone else in line notices the titles of the magazines you have in hand, which you intend to buy. Well, your reading habits are certainly no business of theirs. Better require all convenience stores to wrap magazines in an opaque cover with no title, or at least forbid publishers from printing any type of photo on the cover of the magazine, so no one else can see what you're perusing. After all, it's THEIR responsibility to protect your privacy!

Or what if you're watching TV at home, and you turn up the volume so loud that your neighbors can hear the show you're watching? Well, your TV viewing habits are no business of theirs. Better require TV manufacturers to limit the decibel output of all TVs to about one-third of current volume limit, or at least require construction companies to build only sound-proof walls in all houses and apartment buildings. After all, it's THEIR responsibility to protect your privacy!

Making bad decisions shouldn't be YOUR fault. Nor should anything bad every happen to you as a result of your choice to go out into public. Pass on the costs to companies. After all, your privacy is their responsibility.

(Note: no surveillance device whatsoever is required for the 'privacy-violator' in any of these cases, which hints that it's even easier and cheaper to violate privacy in a myriad of similar ways. Someone must pay! Who's got the money to pay? Companies! Sock it to 'em!)

RoyDecember 12, 2006 4:15 PM

That figure of 60 feet is not a limit, only a waypoint. The dilution due to distance is an inverse square law. I don't know the carrier frequency involved here, but if it's microwave there'd be no problem building (or buying?) a high-gain antenna. And if the antenna were a phased-array microwave, you might not be able to tell what it is by looking at it. Thus range is a function of your budget.

TimDecember 12, 2006 4:22 PM

This is nothing new - my heart rate monitor has a unique ID (to prevent cross-talk with the other HRMs at the gym) and can be read from a distance. So it would be pretty easy to track me as I go on my daily run, assuming that sensors were already set up along the route that I take.

It would be a lot easier to track me using the cell phone that is always in my pocket.

pfoggDecember 12, 2006 4:31 PM

"Unless we enact some sort of broad law requiring companies to add security into these sorts of systems, companies will continue to produce devices that erode our privacy through new technologies."


The pattern that concerns me is where a device is introduced with no thought of privacy, and a dramatic, technically trivial exploit eventually occurs, so
legislators make the means of exploiting the security hole illegal in response to a public outcry. The result is increased paranoia about science and technology in general (and a growing fear and suspicion of the practitioners thereof), as well as a scattering of arbitrary, ill-considered technological restrictions. Even worse is when they try to fix the legislation with blanket provisions.

In the sneakers case, such a scenario might involve the sneakers becoming popular, a single dramatic case of a stalker using the information somehow (probably in only a marginally helpful way, due to the 60 foot limit), and then Congress placing restrictions on any electronics capable of operating on the relevant radio frequencies.

Also, Werner Almesberger has a point -- if there are enough RFID tags in things, then an intentionally deployed, general purpose 'RFID monitor' net might be proposed as a law enforcement/security enhancement in public areas (since people are less likely to be sensitive about 'anonymous' tags, it might be an easier sell than cameras).

ThorntonDecember 12, 2006 4:47 PM

Please do not suggest yet another reactionary law. People do not have to buy the shoes. If they do and later discover they are being tracked, they can throw away the shows.

RealistDecember 12, 2006 5:01 PM

This is truly an instance where consumers "can vote with their feet" by not purchasing these products...

PassTheBuckDecember 12, 2006 5:09 PM

See? Thornton and Realist see it clearly. Why does Schneier always use law as a first resort? It's as if he gives lip service to "the market" but doesn't believe a word he himself says.

AnonymousDecember 12, 2006 5:50 PM

For the people who haven't been paying attention, Bruce is generally in favor of laws which force companies to not ignore security consequences. He's in favor of legislation that would hold companies liable for security failures (i.e. force liability insurance). This should not come as a surprise to anyone. He's been in favor of security liability for a long time, at least a year or so.

I'm not saying he's right about this, nor am I saying he's wrong about it, all I'm saying is that some commenters could benefit from reading more than just one or two of Bruce's posts.

AnonymousDecember 12, 2006 5:53 PM

@ Devil's Advocate
Re: automatic alarms

There are already plenty of alarm technologies that do this. For example, consider a repurposed personal avalanche beacon, as can be bought at REI or any decent sports store.

There's also cell phones with GPS (and other devices with GPS).

I really don't see much advantage to deploying another technology to do this, esp not one with such short range, and esp not for such life-critical uses.

Craig HughesDecember 12, 2006 5:59 PM

Note that the 60-ft range is using what appears to be an omni-directional antenna (antenna details aren't discussed in the paper). With a higher-gain directional antenna (given that people normally don't walk through walls and things, and tend to stay with the feet near the ground, a directional antenna would likely work pretty well in lots of cases), I bet you could extend the range significantly without much trouble at all.

Glenn MaynardDecember 12, 2006 6:49 PM

"Unless we enact some sort of broad law requiring companies to add security into these sorts of systems, companies will continue to produce devices that erode our privacy through new technologies."

Legal restrictions are a solution far worse than the erosion of privacy it would attempt to prevent. Don't restrict my freedom (to create, sell and purchase goods) in order to protect my privacy.

Don't turn to the government to solve every problem. Educate the public, don't restrict the public.

RoxanneDecember 12, 2006 6:55 PM

So every inmate will be issued a pair of these shoes upon release from prison, eh? Sex offenders will be required to wear them. Sensors will be mounted outside of malls and elementary schools. Personal safety advocates will applaud their use.

Tell me: Are they allowed on airplanes? :-)

PassTheBuckDecember 12, 2006 7:42 PM

"[Bruce Schneier is] in favor of legislation that would hold companies liable for security failures..."

Oh we're aware he's in favor of that type of legislation. The question is WHY is he in favor of that type of legislation, and why as a first resort, when he claims to be "in favor of market capitalism"? Is he purposely disingenuous (doubtful)? Is he unaware of the conflict between those two alternatives (possible)? Does he simply believe that statism is the best political philosophy for our society (probable)?

He's like a cowboy from the Wild West of Big Government, with an Enact-A-Broad-Law six-shooter on his hip. And that trigger finger is itchy. Itchy, my friend. Like a prickly wool sweater on a humid Southeast Asian summer day at high noon (cue Clint Eastwood whistle music.)

And he don't take kindly to them company varmits. They ain't no match for this new Sheriff. So they best be ridin' on outta town, lest they find themselves strung up on a BroadLaw, I reckon.

Devil's AdvocateDecember 12, 2006 9:02 PM

@PassTheBuck

"Why does Schneier always use law as a first resort?"

Certainly it is always good to question Bruce's assertions but I suggest that Bruce has consistently argues for privacy laws that address the fundamental underlying privacy problems we face in the future instead of specific technologies. I find his ideas quite (devilishly) good.

@Roxanne

"So every inmate will be issued a pair of these shoes ..."

Regretably, I can see a future in which not 'volunteering' to wear some sort of tracking device is considered a sign that you have something to hide. I mean all of us, especially those of us who want a professional job, career, position of trust/influence. The mavericks in our society may be marginalised.

@Anonymous

"some commenters could benefit from reading more than just one or two of Bruce's posts."

Don't worry about those who read the posts; practically by definition, they are above the average in understanding the issues (you may commence the feel good glow right now!). The real challenge is to get average ordinary citizens (consumers) thinking about security.

@Anonymous

"There are already plenty of alarm technologies that do this."

Thanks. Perhaps I am behind the times (again). Your comment is encouraging in the sense that it suggests that there is a reasonable solution available to vulnerable workers. One of the reasons I made my post on this blog topic is an emerging story of a serial killer in Ipswitch, UK, who preys upon street prostitutes. It seems to me that there must be a way to improve local personal security, within a reasonable budget, by using more tracking technologies.

quincunxDecember 12, 2006 10:16 PM

@ Devil's Advocate

"Thanks. Perhaps I am behind the times (again). Your comment is encouraging in the sense that it suggests that there is a reasonable solution available to vulnerable workers. One of the reasons I made my post on this blog topic is an emerging story of a serial killer in Ipswitch, UK, who preys upon street prostitutes. It seems to me that there must be a way to improve local personal security, within a reasonable budget, by using more tracking technologies."

It's amazing that you have not considered that there is a more reasonable solution, something that requires no budget at all:

Stop making it illegal. Stop outlawing brothels.

That's the reason they are on the street in the first place!

You are just suggesting another intervention on behalf of old intervention.

"Certainly it is always good to question Bruce's assertions but I suggest that Bruce has consistently argues for privacy laws that address the fundamental underlying privacy problems we face in the future instead of specific technologies. I find his ideas quite (devilishly) good."

Yeah, it's too bad he doesn't address the even more fundamental laws that create the need to have new ones.

AndrewDecember 12, 2006 10:38 PM

At ASIS one of the most popular devices was a combination GPS/cell phone that could geo-fence people into certain areas. Tracking position, speed etc. http://microtrakgps.com/

The idea is to make your security guards wear it on the job, so you know they're not speeding with the company truck, sleeping on the job (lack of motion) or going off site (leaving the geofence).

It is now for sale at Sharper Image for $500.

You can make employees have it on their modern Verizon phones for considerably cheaper.

The privacy implications are outrageous. It's one thing for my employer to control my time when I'm on the clock. Yet another when I am off the clock -- let alone all the time, which is what some companies are going to want to do.

We don't need a law to protect consumers. We do need a law to protect workers, who are a vulnerable population because they need them paychecks.

AnonymousDecember 12, 2006 11:10 PM

@ Devil's Advocate
"It seems to me that there must be a way to improve local personal security, within a reasonable budget, by using more tracking technologies."

Only in a kindergarten.
Reality is not a kindergarten.

If the only secuirty you can think of is the technological equivalent of a cop on every corner, you should just skip the technology and instead put a cop on every corner. Don't forget to account for the budgent, personnel, and administrative costs.

the other GregDecember 13, 2006 1:12 AM

We used to have "a cop on every corner". They were called neighbours.

Now we have neighbours who are strangers, and cops who are not neighbours harrassing neighbourhoods where neighbours are still neighbours. Not to mention technologies claimed to be a lot cheaper than any of the above.


Nike will install security (of sorts) sometime near the end of the legal proceedings pursuant to Ms Yuppie being assailed and murdered by a stalker following her shoes. Or, more surely, when a bunch of Mr Yuppies put together a class-action around burglars tracking the comings and goings of their shoes.

jayDecember 13, 2006 3:03 AM

Good thing is, If someone steals it you will be able to track it down your self. Should be done before the thief gets beyond 60 feet away from the victim :)

BenDecember 13, 2006 5:14 AM

@Anonymous, "who buys this crap anyhow?"
Sporty types? Personally I own a Forerunner 201 [http://tinyurl.com/nphh ] which is a single unit and therefore does not transmit data via some wireless means [wired comms is possible to transfer recorded data]. It is an amazing piece of equipment and enhances my marathon training.

@Roxanne, "So every inmate will be issued a pair of these shoes ..."
There's no need for the shoes, electronic tagging already exists http://tinyurl.com/trzt9

@Andrew, take a look at the Active Badge experiment.

haspDecember 13, 2006 6:04 AM

Forget about the nike shoes and think about a supermarket. If every product is registered with an unique RFID, it would be very simple (and very interessting) to track the path of every customer through the racks. As addon you could easily connect creditcard-information with the unique rfid-ids ... the paper shows only that the costs are acceptable if somebody is interessted in such data (i think every supermarket-manager is) ....
... VERY SCARY ...

AnonymousDecember 13, 2006 7:19 AM

@hasp

I think it was IBM that ran a series of TV adds that had a bod with a long dark jacket wandering around a supermarket apparently shop lifting (ie hiding things inside his jacket).

The punch line was when the bod left the security gaurd came up to him with his recipt and thanked him for his custom...

So people have already thought about it quite seriously enough to invest a very large sum in advertising budget.

Devil's AdvocateDecember 13, 2006 7:46 AM

@quincunx

"Stop making it illegal."

That's a poltical/moral question.
You are off topic.
Everything that can be said on this issue already has been said elsewhere. I want to discuss ways of using technology to improve personal security.

@Anonymous

"If the only secuirty you can think of is the technological equivalent of a cop on every corner, you should just skip the technology and instead put a cop on every corner."

Your comment seems a bit defeatist to me. I suggest that we should all take some responsibility for our actions, including security decisions. Don't rely on the police or authority figure to do everything for you.

C GomezDecember 13, 2006 7:46 AM

I'd hate to see government enact a law providing bare minimum "standards" for privacy, just to see companies just uphold that minimum and declare their job is done. As a consumer, I'll sort out the products that invade my privacy.

JohnJDecember 13, 2006 9:43 AM

Well, now that passports from many governments are RFID-enabled, the government will have an incentive to deploy a net of readers. The reasoning will be a need to track those visiting the US to monitor for terror activities. Doesn't matter that it's not effective for it; that'll be the selling point.

The government net will start at federal offices/buildings but will quickly spread to airports, train stations, post offices, and other places on the critical infrastructure list. Then it will expand to include libraries and other state/local government facilities. By this time all government ID badges will be tagged, as will PCs, vehicles, and most any portable government property. Gotta track the assets, doncha know.

While this is happening, RFID will become cheaper to deploy and will show up in many consumer products. Of course, to further reduce theft retailers will deploy RFID to replace or supplement the current scanners at exit points that look for goods being stolen. As tags are unique, an API in to the retail system will show if unsold merchandise is leaving. It'll also show when existing customers return to the store wearing the tagged clothing they bought there, letting floor salespeople know who to pay more attention to.

Sometime later an event will trigger major office buildings and shopping malls to add such detectors at major entries and intersections. Tagged frequent shopper cards will replace the barcode/magstripe cards allowing targeted ads to be displayed to frequent shoppers as they enter and browse a store.

Readers deployed at major traffic intersections, again to "monitor for terrorist movement", and on interstate on/off ramps will track movement at the gross level. They could replace traffic cams and be used to send tickets to those who are speeding.

And because a subset of your tags always move together, all it really takes is just one of the 47 tagged items you carry with you to have an actual association with you to cause the whole chain to know that it's you who is moving about and not some anonymous John Q. Public.

AaronDecember 13, 2006 9:56 AM

I agree with some above posters.

Is anyone really worried about this Nike product? You're worried people will know that you're working out? You're already in plain sight, and probably on video surveillance cameras.

If you are worried, you'd better power down your cell phone and wireless laptop.

ReretiredDecember 13, 2006 12:10 PM

Which brings me to ask, "Does one have the right to be somewhere where he can't be found?" Is surreptecious tagging of an individual a violation of law? or civil rights? Does law inforcement need a warrent? Has this ever been challenged?

cmillsDecember 13, 2006 12:36 PM

@ devil's advocate
"...serial killer..." "It seems to me that there must be a way to improve local personal security, within a reasonable budget, by using more tracking technologies."

That sounds just like the propaganda that the government would put out to justify such intrusive measures of surveillance.

X the UnknownDecember 13, 2006 12:37 PM

@Criminalize-It!!: "Quick! Pass a law! There's no way there would be a multi-million dollar incentive for an entrepreneur to develop anti-tracking technology! And we can't wait that long! Hurry! The market will never respond fast enough! And there are NEVER externalities (hidden costs, unintended bad consequences) to illegalizing the creation of products!! Pass a law! Pass a law!"

If our experience with the RIAA is any indication, the laws most likely to be passed are those which prohibit disabling of such technology. Then, the entrepreneurial incentive devolves to black-market law-breakers.

Davi OttenheimerDecember 13, 2006 12:56 PM

"Is anyone really worried about this Nike product? "

More worried about people buying something without realizing the risks. The examples given above of transparent windows, magazine titles...what's missing is the sophistication of the risks that are virtually impossible for a reasonable consumer to measure and understand.

There are many examples of this, transfats included. As a consumer you often are in a position where you have to believe someone else's assessment of risk, as there is no feasible/reasonable way to do it yourself. In other words, do you believe the FDA, doctors, politicians, lawyers, the security experts...or do you give up your day job to gain the skills, experience and qualifications to measure the risks yourself?

TibbohDecember 13, 2006 1:52 PM

I think that the 'stalking' aspect is being overplayed.

1. As I understand it, the sensor is not an RFID tag like those being used for stock control (where the reader challenges the tag, and records the response). I would guess that in-store RFID readers would not detect or record the Nike sensor.

2. The mapping of a tag's movement reflects the tag being detected by detectors at known fixed points. It may be possible to build an antenna that detects the tag 2km away, but the only information that provides is that the tag is somewhere within a 2km radius of the detector (a 12.5sqkm area). I guess that triangulation from a detector network would be possible.

3. Given the cheap 60' radius detectors built as proof of principle ($250 each), it would be possible to deploy a large number to track a victim - if you know where they're going to be. If you want to track somebody throughout a city, that's a lot of detectors (and a large cash outlay).

quincunxDecember 13, 2006 3:10 PM

@ Devil's Advocate

"That's a poltical/moral question.
You are off topic.
Everything that can be said on this issue already has been said elsewhere. I want to discuss ways of using technology to improve personal security."

So you want to use technology, even though there is a simpler solution?

A solution that will genuinely protect the personal security of those concerned, rather than creating externalities for others.

In all honesty your response to Anon shows that you don't really care about using technology to improve personal security, you are simply interested in using technology, period.

Technocractic fetishism is what I call it.

derfDecember 13, 2006 3:13 PM

Just make sure you microwave all of your clothing before wearing it in public. Can we get a microwave emitter installed in the clothes dryer? Wouldn't that speed the drying process while protecting our security?

Devil's AdvocateDecember 13, 2006 3:45 PM

@cmills

I see what you're getting at but I did say "there are all sorts of technology and privacy issues" in my post.

Are you aware that people with jobs that involve visiting the public already have systems that track their location e.g. police will radio colleagues to say if they are visiting a house, especially alone; if they don't radio back after a set time, backup will be sent immediately.

The Ipswitch Serial Killer story is a particularly lurid one that might be used by a politician to push through somebody's pet surveillance project but the fact is 5 people with a risky occupation have been killed in 10 days; if they had some system for tracking their whereabouts they may have been a bit safer.


@quincunx

"Technocractic fetishism"

LOL

I am interested in technology and this is a great blog for some technology topics. I don't see why being interested in technology makes me technocratic (http://en.wikipedia.org/wiki/Technocratic_movement).
Personally, I think the University of Washington's report is about an unintended privacy risk created by a new use of radio technology. I clearly said I wanted to discuss ways that the technology could be used that are beneficial. If that makes me a fetishist then I'm in good company.

"even though there is a simpler solution?"

Sure, sometimes hi-tech is not best but that is not what I wanted to discuss and legalising brothels is definitely nothing to do with the blog topic.

Ctrl-Alt-DelDecember 13, 2006 6:58 PM

Such casual monitoring is actually more worrying than ID cards or chips in passports. What's more, forget 60 feet. Beyond about three metres (10 feet) the range of these things is not important, as a typical misuse would be to harvest all tags passing certain choke points such as doors or gates, and to dump the locations, tags and timestamps into a database. "They" don't care who owns each tag, and everyone passing that point will be less than three metres from the reader.

If a certain tag becomes of interest, "They" probably have enough collateral information from e.g. cameras, mobile phones, etc, to identify the wearer. Or working the other way, knowing the wearer, they can use the database to reconstruct the person's movements.

The intended benign purpose of the chips is irrelevant, and the "They" can be anyone - government, company, criminal. You will have no privacy and you'll be prey for the first predator that wants you. The predator's motives may be relatively benign (stock-keeping, targeted advertising) or sinister (identity fraud or profiling) but they won't have your privacy or your best interests as their first priority - even if they claim they do.

Passing a law won't stop this. Any security added to these things will use the cheapest standard that meets legal requirements - and will be ineffective by the time the ink is dry on the statutes.

Banning all transmitters and RFID tags won't work, either - too many loopholes and "special cases", too much money and power will be behind them.

Answers? Well, ensure that "deactivating" such tags is never criminalised. I like derf's solution: "microwave all of your clothing before wearing it in public". Don't buy keen-o electronic sports kits whose emissions are remotely identifiable. Turn off that handy "other bluetooth devices can discover me" feature on your phone.

You can't make yourself invisible in the surveillance society, but you can lower your profile and hope to be overlooked.

Tom DavisDecember 13, 2006 7:25 PM

This particular paper was specific to the Nike/iPod tracking potential, and this blog has illicited other tracking possibilities including RFID and Bluetooth. Bruce has suggested that a law be passed.

A law that would prevent the emmission of informative radiation signatures (including device identifiers in packet form or with unique analog characteristics) would, on the surface, prevent the use of most electronic devices. This is due in part to the nature of automatically configuring systems such as bluetooth which must in some way signal their existence and identity in order to interoperate without significant user interaction. Additionally, many interoperating standards allow enough flexibility in implementation that specific manufacturers and in some cases specific models can be identified [ http://www.sciencedaily.com/releases/2006/09/... ]. And of course because of imperfect manufacturing processes, it is probable that specific sets of radio frequency emmissions (including unintentional emmissions from electronic devices like computer screens, or hard disk motors) could also be used to uniquely identify the human carrying the device or a particular set of devices.

And of course that's today's technology. In the very near future we can expect to see the development of better face recognition software or possibly even of systems that would allow the identification of people walking through a store by measuring the sound of footsteps on the floor and correlating that to the credit cards swiped at the checkout counter.

Together, that means that outlawing the broadcast of unique identifiers would not be effective, and would certainly not be popular as it would require the loss of ease-of-use with many products. So the nature of the law would necessarily be something prohibiting the gathering of the information rather than its transmission. In the Nike/iPod case, that would mean that the designers would never have needed to consider security/privacy at all, but that the researchers would be liable for prosecution, as most likely would Bruce for linking to any such study.

On the other hand, there are no doubt people out there brighter than me who could come up with wording of a useful bill which could conceivably be passed. I would especially appreciate if some of you who do support legislation on this issue would come up with such a bill and maybe see if you could get some feedback from the Groklaw community. I would certainly trust a law created in such a manner more than one written by law school students interning on Capitol Hill with input exclusively from electronics manufacturers and passed by politicians without any expertise in security or radio frequency electronics.

ps: Please be mindful that the RFID tag in a shirt at Walmart is identifying Walmart property until after the customer has actually paid for the item. The law would hopefully not prevent Walmart from using electronic devices to reduce shoplifting.

quincunxDecember 13, 2006 8:13 PM

@ Devil's Advocate

"LOL
I am interested in technology and this is a great blog for some technology topics. I don't see why being interested in technology makes me technocratic...
Personally, I think the University of Washington's report is about an unintended privacy risk created by a new use of radio technology. I clearly said I wanted to discuss ways that the technology could be used that are beneficial."

OK, I understand. I in no way meant to imply that you actually sympathize with the formal technocratic movement.

The technology is already beneficial, otherwise no one would be buying it.

"If that makes me a fetishist then I'm in good company."

Some like to solve security issues by addressing the fundamentals, not coming up with patchwork solutions.

"Sure, sometimes hi-tech is not best but that is not what I wanted to discuss and legalising brothels is definitely nothing to do with the blog topic."

Sure it is. They too can use technology to conduct their business in a beneficial manner. Where is the concern for technology here?

Good technology should solve a practical problem created by natural circumstance. Bad technology aims at addressing problems caused by artificial circumstances, only to inflict worse problems on others.

RogerDecember 13, 2006 11:12 PM

A few thoughts:

0. Who will be using this?
Some of the comments on this thread seem to suggest that readers imagine lots of people wearing this device all the time. That is unlikely. It is intended to be used by joggers, whilst they jog, to help monitor one's training schedule. Conceivably it might also be used by people who want to monitor their walking (as a form of low impact exercise), but other devices for that already exist [1]. Whilst not enormously expensive, the price of the full kit (US $30 for the accelerometer/transmitter, $100 - $300 for the Nike running shoes, iPod purchased separately) is enough that not many people will be getting it unless they are significantly interested in tracking their training performance. Even among serious runners, third party hacks are already being sold to help fit it to your existing shoes as the total price is seen as a bit high for entry level users (and Nike is not actually a very popular brand with serious runners). Needless to say, joggers don't generally wear their expensive running shoes when not actually jogging. Even if they do so, the instruction manual specifically recommends removing the device and turning it off when not working out, so as to save the nonreplaceable, nonrechargeable battery [2]. (Yes, it does have an "off" button, and does not transmit at all when off.)

So 95% of the time, this will be used by moderately serious joggers, only whilst jogging.

1. Do people care about security?
My significant other purchased one of these recently. Generally speaking she has no interest in information security issues, and little exposure to the topic before meeting me. what exposure she has had since meeting me, she has found generally boring and somewhat paranoid. Nevertheless, when she was thinking of buying one she asked me what would be the maximum range at which the signal could be received. (I guesstimated 40 feet, which seems to be in the ballpark.) It turns out that she was doing her own informal security analysis, and frankly her reasoning and conclusion (that it's no big deal) were right on the ball.

I don't think it's true that "ordinary people" never consider security issues. They may not think of them as pervasively as us, and they may often miss the subtler implications, but they do think about it. In cases like this, the reason they often come up with different evaluations is simply less exacting standards. We can imagine scenarios where this device would be a severe security flaw. For example, if an undercover cop was using his morning jog to meet a narcotics informant, installing this device in his shoe could be disastrous. For a celebrity trying to exercise whilst incognito in a heavily trafficked public place, it could occasionally be a bit of a problem, although hardly a disaster. But for the average casual jogger, it really is no big deal.

2. Does it store/broadcast historical information?
No. The part that goes inside (or more usually, on) the shoe just sends instantaneous acceleration information. It has no memory, apart from its ID which is used to differentiate multiple devices in the same location. The "historical information" is stored on the iPod, then -- if you choose to do so -- uploaded to the website nikeplus.com. I have no idea of the security of the website side of things. However even that data isn't all that sensitive; it just stores your speed and distance. This distance does _not_ include endpoints or directions, and is only accurate to about ±2% (or as bad as ±10% if the user didn't bother to calibrate it). As such, it cannot readily be used to determine actual locations, just performance. I suppose that might be useful to a betting agent's spy in professional sports, but otherwise it is of little interest except to the jogger who produced it.

3. Security from stalkers.
It is actually fairly unlikely that people will be wearing these continuously. They are designed for use by joggers, whilst jogging. Joggers serious enough to shell out a couple of hundred dollars for training shoes and another $30 for the device, generally do not use their best training shoes for walking down to the shops. So what can the hypothetical stalker determine? If he already knows a jogging route with an accuracy of better than 20 metres, he can determine at what times the victim jogged along this route. Erm, so what? If he already knows the victim's habits well enough to locate a route with this accuracy, then he can probably also deduce the routine with sufficient accuracy (plus or minus an hour or so) to lie in wait. In fact, for most joggers I know well (about 5), the routine is much more regular than the routes, which change as often as daily. Routes vary for variety, for training reasons (e.g. schedule requires a 5% increment per week, which requires a totally different choice of routes if you want to start and finish at your front door), and for personal security. Yes, security; of two female and three male joggers I know really well, at least one female and two males already vary their routes semi-randomly when not jogging with a partner. It is actually quite common advice.

Saponas et al. also suggest that a "jealous boyfriend" would be able to obtain the UID of another kit which regularly jogged with his girlfriend. Maybe, but once again, so what? If a jogger jogs with one or more regular partners, that partner selection is most probably made on the basis of being free at similar hours of the day, and having similar splits (and the difficulty of finding such a partner is the reason most joggers run solo most of the time). That's all. If running splits make your eyes glaze over, the information that UID D853E12F has similar splits to your girlfriend is probably not of very much interest. Now, if the jealous boyfriend actually planted himself on the known route at about the known time, he would actually see who UID D853E12F is. That might be a much bigger deal. But he can do that even if the iPod sports kit had never been invented.

Even if a person does wear the transmitter continuously, a vast number of bugs would be required to obtain any useful information, unless the stalker already knows the victim's habits intimately -- in which case, the surveillance is largely pointless. For perspective, I did some BotE calculations on how much it would cost to completely monitor all my local routes and amenities in order to determine my habits -- assuming I had an iPod sports kit, and wore it at all times, which has near zero probability. With a 20 m radius outdoors, and $250 lowest cost per monitor, it comes in to around a quarter of million bucks to spy on me in just my local neighbourhood. If you spent all that money on sensors instead of PIs with a discreet car, it's wasted as soon as I get in a vehicle and head out of the neighbourhood. Which segues nicely into the next point:

4. Pervasive readers/tracking networks.
Casual readers seem to have gotten the impression that this device is an RFID device which will be readable by standard RFID portals in shops. This is completely wrong; apart from using EM waves to communicate, it has nothing whatever to do with RFID. It is a sensor plus microcontroller transmitting over a proprietary wireless link at 2.4 GHz. Saponas et al. speculate that the protocol is ANT, although they do not actually determine this (all their experimental devices contain actual iPod receivers to handle the wireless side of things.) ANT is a physical layer protocol with hundreds of channels, and is little used outside of sports equipment applications requiring ultra-low power consumption. The higher protocol layers on top of it are all proprietary, with every brand of sports device employing it using their own customised system. Developing a pervasive network monitoring all channels on this protocol would be technically possible, but incredibly expensive and largely pointless. It simply isn't going to occur on a wide scale unless someone comes up with a persuasive business model that will make money to pay for the millions of receivers required. And tracking random joggers sure as heck isn't that application.

5. Binding customer identity to UID:
Saponas et al. suggest that one malicious application might be to bind a customer's real world identity (e.g. through credit card history) with the UID of the iPod sports kit. Erm, how, exactly? Their existing solution only tells you that the chip with that UID is somewhere within a 60 foot radius, not that it is on the feet of the guy who just made a purchase. I can see a few ways to solve it, but unless you have a really large shop with really large turnover (in which case, you will soon be out of business), they are all complicated, expensive and error prone. And once again, what would they actually achieve? You already have this massive, dangerous penetration of privacy from the use of credit cards -- something that really is worth worrying about -- and to that, the shoes add the ability to detect when the guy enters or passes your store (but not which of several customers he may be), IF and only if he wears the same shoes. Pfft. What a lot of rubbish.

6. Mugging: the real issue.
It is quite true that on the streets, using an iPod or similar device is dangerous to the point of foolishness. You are much more likely to be involved in an accident, and much more likely to be mugged. I got flamed last time I mentioned this, so let me make clear: I am not blaming the victims for getting mugged. The blame rests on the mugger for attacking them. But the victim greatly increased his or her risk by using the iPod.

The reason has absolutely nothing to do with the sports kit. It is for two reasons: firstly, iPods are visible, highly tempting targets, with high black market resale values. This has a particular severe effect on jogger safety, since joggers otherwise carry nothing of any appreciable resale value (the shoes might be expensive, but they don't retain value very well!) Secondly, listening to loud music while walking or jogging along the street shuts down your body's 360° alert system: hearing. With your iPod on, you will not be aware of threats unless they are within your line of sight. So I strongly caution people not to jog with an iPod unless they can do so in an area that is both reasonably secure and off limits to vehicular traffic.

Now, Saponas et al. suggest that the sports kit will actually increase this risk. Their argument is that even if the iPod itself is concealed (by wearing generic headphones), a mugger can detect the transmitter and deduce that an iPod may be present. There is some rather curious logic in this argument. In all of their previous examples, it was taken as granted that the sports kit transmitter will be present and transmitting at all times, even if the iPod is not present. Now instead its transmissions are being taken as proof that an iPod _is_ present. In fact, the hypothetical mugger is now carrying around an expensive an elaborate device -- a device which a police officer might well find suspicious -- on the grounds that detecting a sensor chip will be a more reliable indicator of the presence of an iPod than simply guessing that black earphones might be camouflage. Well, maybe. I, for one, will continue to simply eschew iPods altogether when jogging on the street.


7. "Man down" alarms for high risk personnel:
Man down alarms for high risk personnel already exist. They are mainly used by firefighters, but sometimes also by police officers and prison officers. This device does not add anything to that equation, because it measures acceleration of the feet, which is not necessarily related to being knocked down. Existing alarms use a tilt switch mounted on the hip or upper thigh. It alarms if the body goes horizontal for more than a couple of seconds, or stops moving altogether for a longer period. While either can generate false alarms (which are dealt with by a radio call, "Patrolman Smith, are you OK?"), the foot mounted accelerometer would seem to be worse rather than better. Although, an acceleromter mounted on the head might be a useful adjunct; if one's head goes into freefall for >1/2 second, something is probably wrong.

____
Foornotes:
1. Actually, other devices which do everything the iPod sports kit does, and more (i.e. monitor heart rate and blood pressure) have already been available to serious runners and power walkers for years. However standard pedometers only give reasonably accurate results when walking, not when running, so to monitor distance performance when running, GPS based devices have been used. These are far more expensive than the iPod sports kit.
2. The laymen's summary of this research paper, at
http://www.cs.washington.edu/research/systems/...
contains the quote that ``The sensor has an "on-off" button, but the Nike+iPod Sport Kit online documentation says that "[m]ost Nike+iPod runners and walkers can just drop the sensor in their Nike+ shoes and forget about it," and we believe this to be the common case in practice.'' This is actually not from the online documentation, but from a FAQ, and is answering a question about battery life. I am unable to find this phrase anywhere in the actual online documentation, which is available at
http://manuals.info.apple.com/en/...
(4.7 MB PDF) and gives quite the opposite advice. It in fact says ``You can leave the sensor in your shoe when you aren't working out, but if you plan to wear your shoes for a long time without working out, we recommend replacing the sensor with the foam insert to save battery life.'' The battery is only good for 1,000 hours, and can neither be replaced nor recharged, so any active person who left it on all the time would find themselves having to completely replace the transmitter every couple of months. (A sedentary person need not worrry, as it has a power save mode when motionless for extended periods; however a sedentary person is hardly likely to want one in the first place.)

PodophileDecember 14, 2006 2:06 AM

"Some of the comments on this thread seem to suggest that readers imagine lots of people wearing this device all the time. That is unlikely. It is intended to be used by joggers, whilst they jog, to help monitor one's training schedule."

Thank you. The Nike shoes that accommodate the sensor are relatively high-end running shoes... not casual street shoes. It's unlikely that many people are wearing these shoes for anything other than jogging. If you're planning to wear your running shoes out on the town, and are concerned about being tracked, the sensor is easily removable from the shoe... it's not secretly built-in somehow.

Also of note, you don't need the special Nike shoes to use the Nike+iPod Sport Kit. It is easily attached to any pair of running shoes, as demonstrated here:
http://podophile.com/2006/11/30/...

BenDecember 14, 2006 9:16 AM

As a marathon runner who owns a pair of running shoes and forerunner 201 (GPS) watch I can confirm that I *only* ever wear my training kit whilst training. Why? Well I only need them whilst training! Why would I carry around a device which records my trip, reports my speed, time, distance, and more when I'm not training.

@Roger, excellent comments.
I think it was me that may have resulted in the question ``Does it store/broadcast historical information?" I wasn't actually refering to the device in question. Other devices may however do this.

I also agree that running with music can be dangerous since it lowers your awareness. This may put the runner and fellow pedestrians at risk, not just to muggings, but collisions (with cars, cyclists, pedestrians, dogs, ...) and therefore injury.

Fetishit (aka Devil's Advocate)December 14, 2006 2:00 PM

@quincunx

"Some like to solve security issues by addressing the fundamentals, not coming up with patchwork solutions."

That's seems like a good way to start thinking about security concerns but you have to temper the 'Save the World' solutions with a bit of pragmatism and common sense. To take your suggestion that we should decriminalise sex workers, that is a tricky thing to achieve (in my country) that would probably require a political campaign lasting years with no guarantee of success. If you wish to go down that route then good luck (really). While we are waiting for the world to be saved, perhaps we could think about other ideas that are not as grand but might be of benefit now. For most systems (computer, societal or whatever) when they started there may have been a chance to address the fundamentals of the system. Consider yourself lucky if you get a chance like that for anything important. Normally, we have to live with what we've got and try changing it bit by bit to make it better (patchwork solution) because there is no other way.

"They too can use technology to conduct their business in a beneficial manner."

OK. Do you have any specific ideas about this?

quincunxDecember 14, 2006 6:57 PM

"That's seems like a good way to start thinking about security concerns but you have to temper the 'Save the World' solutions with a bit of pragmatism and common sense."

I am applying common sense. Don't fix what isn't broken. Fix the thing that is.

"To take your suggestion that we should decriminalise sex workers, that is a tricky thing to achieve (in my country) that would probably require a political campaign lasting years with no guarantee of success."

Oh so because it's so damn difficult to do it formally we should just as readily accept a hodge podge solution that affects an even larger portion of the population, while probably doing nothing to solve the genuine problem?

Well guess what, we will get more of the same, only next time it will be even more difficult to remove the legislation.

"Normally, we have to live with what we've got and try changing it bit by bit to make it better (patchwork solution) because there is no other way."

My contention is that it will hardly fix things, and creates new problems in the wake.

Better to strike at the root of branch than directing the leaves upward & outward.

"OK. Do you have any specific ideas about this?"

How the sex trade can use tech?

Well if it was legal, they could become even more mobile. They can actually hire nice pimps. There will not be poor quality black market pimps, since there will be no stigma and no police on your back.

Tracking the ladies (using perhaps these sneakers) by private pimps can be a good way to keep the ladies safe.

Emergency response can also be improved by same method. People in high risk jobs will opt for being tracked to a comfortable degree.

It may attract some stalkers, but a determined stalker does not need fancy tech to do what he does.

CypherpunkDecember 19, 2006 10:08 PM

1) I wonder where Bruce stands with regard to the legality, privacy and security issues of hiring a PI to follow someone and record their every move. It's a pretty clear invasion of privacy, but totally legal. It definitely falls under the umbrella of privacy advocates' cry for the right to control one's own information.

2) Nike sport kit is not the same as RFID. Retailers are not required to tell you if they've put a chip on their products, and you aren't required to use your sneakers to travel or purchase anything. You know you're carrying the sneakers. You don't have to either buy or wear the sneakers.

3) I am suspicious of the motives for doing and reporting on this work. There have been technologies which are meant secretly record people, invading their privacy and potentially compromising their security for a very long time (never mind things like going thru someone's trash or just, following them). Determined criminals and the government are not deterred by mere laws. Nobody's jumping up and down about these because it's not news and everyone's not running around with white earbuds for their X10 audio recorders. Check out the following link for an example: http://spycorner.net/index.php?...

4) Bruce, you are awfully glib about tossing out an accusation as if it were a fact, that people gave "zero thought" to the issues. You sound awfully sure of yourself. Did you even try to contact Apple for comment?

Bruce SchneierDecember 20, 2006 10:55 AM

@ Cypherpunk:

1) It's certainly legal. These issues are very nuanced. I am more concerned with what I call wholesale surveillance -- the automatic tracking of large numbers of people -- than I am with the hiring of a single private invetigator to track one person. But I know the issues are not easy or straightforward.

2) RFID is turning into the catch-all word for "self-powered chip that broadcasts stuff." I've long given up differentiating between the different flavors of the technology, because the privacy/security issues are the same.

3) Agreed that these technologies are not new. What is new is their commonality. Soon everyone will have them. What I want is for there to be a policy discussion of the privacy implications of these technologies, rather than just letting them happen.

4) There were some pretty obvious, and easy, things the developers could have done to protect privacy if they wanted to. No, I didn't call Apple. Apple would tell me that the engineers paid a lot of attention to privacy; what do you think they would say? The proof is in the result, though. They didn't do anything to protect privacy, even obvious and easy things.

CypherpunkDecember 20, 2006 2:59 PM

@Bruce
"The proof is in the result, though. They didn't do anything to protect privacy, even obvious and easy things."

You have no logical basis for making an absolute claim like that because, for example, you don't know what features may have been rejected with respect to privacy/security. One needs first hand information from the people who worked on the product in order for this statement to be valid.

Setting rhetorical nitpicks aside, I'd like you to address the other points I made in comment 2). I think that intended use and type of implementation is a reasonable way to distinguish among products that broadcast a unique ID, particularly with respect to privacy and security concerns. Do you feel that this product in particular actually poses a real risk to people's privacy and security, and if so, why?

Do you propose a law banning products like the Nike sport kit, or strictly regulating how such technology can be implemented in general, and if the latter, what would you suggest?

PeakcrewJanuary 17, 2007 4:39 PM

I hoped someone would answer Reretired's post from 13th Dec:

'"Does one have the right to be somewhere where he can't be found?" Is surreptecious tagging of an individual a violation of law? or civil rights? Does law inforcement need a warrent? Has this ever been challenged?'

No-one did, so I'll have a go. In a free country, one which has liberties, the answer must be, yes, a person only has the duty to explain his/her actions to anyone else if they are suspected of doing something illegal, and measures of due process are invoked by properly appointed members of the law enforcement community. No-one has to explain their whereabouts to anyone else, whether that be a spouse, employer, or whoever, though it is often prudent to do so! However, surreptitious surveillance is not illegal in most western countries - private detectives make a good living out of doing exactly that (though there may be a licencing scheme in place). As far as I know, as a legal academic with research interests in privacy law, there have been no legal challenges to surreptitious surveillance in the common-law countries, though there should have been - now is probably too late, as courts are pragmatic institutions, and don't usually make decisions to upset the status quo!

peakcrewJanuary 17, 2007 4:40 PM

I hoped someone would answer Reretired's post from 13th Dec:

'"Does one have the right to be somewhere where he can't be found?" Is surreptecious tagging of an individual a violation of law? or civil rights? Does law inforcement need a warrent? Has this ever been challenged?'

No-one did, so I'll have a go. In a free country, one which has liberties, the answer must be, yes, a person only has the duty to explain his/her actions to anyone else if they are suspected of doing something illegal, and measures of due process are invoked by properly appointed members of the law enforcement community. No-one has to explain their whereabouts to anyone else, whether that be a spouse, employer, or whoever, though it is often prudent to do so! However, surreptitious surveillance is not illegal in most western countries - private detectives make a good living out of doing exactly that (though there may be a licencing scheme in place). As far as I know, as a legal academic with research interests in privacy law, there have been no legal challenges to surreptitious surveillance in the common-law countries, though there should have been - now is probably too late, as courts are pragmatic institutions, and don't usually make decisions to upset the status quo!

Put it awayFebruary 5, 2007 3:28 PM

Uhhhh, you're worried about something that can "track" you from no further than 60 feet away ? If you're going to be that close to the target with your RFID detecting gadget you might as well leave it at home and follow them by sight.

SethApril 9, 2009 9:06 AM

Ummm... yea like the person above me said. If you can only track a person from 60 feet away, you can see them anyway. There is no reason to be scared of using this device, or "buying shoes." You should be more worried about the gps devices in phones, not a device that you yourself have to place in your shoe and can only be traced from 60 feet away. C'mon people... little paranoid aren't we?

Clive RobinsonApril 9, 2009 9:44 AM

@ Seth, Put it away,

It might only have been 60ft a year or so ago but as with all these things the range can be extended with various methods.

The other thing is that you are assuming that it is a person doing the tracking not a network of intercommunicating "listening posts" at street corners etc.

One of the problems with technology and the times we live in is that if you can do it and you can get a "war on terror" marketing angle on it you probably have better than even chances of making money on it...

And once somebody has bought something they have to justify the expenditure by using it...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..