Entries Tagged "tracking"
Page 14 of 17
RFID Tattoos
Great idea for livestock. Dumb idea for soldiers:
The ink also could be used to track and rescue soldiers, Pydynowski said.
“It could help identify friends or foes, prevent friendly fire, and help save soldiers’ lives,” he said. “It’s a very scary proposition when you’re dealing with humans, but with military personnel, we’re talking about saving soldiers’ lives and it may be something worthwhile.”
Radio Transmitters Found in Canadian Coins
Radio transmitters have been found in Canadian coins:
Canadian coins containing tiny transmitters have mysteriously turned up in the pockets of at least three American contractors who visited Canada, says a branch of the U.S. Defense Department.
Security experts believe the miniature devices could be used to track the movements of defence industry personnel dealing in sensitive military technology.
Sounds implausible, really. There are far easier ways to track someone than to give him something he’s going to give away the next time he buys a cup of coffee. Like, maybe, by his cell phone.
And then we have this:
A report that some Canadian coins have been compromised by secretly embedded spy transmitters is overblown, according to a U.S. official familiar with the case.
“There is no story there,” the official, who asked not to be named, told The Globe and Mail.
He said that while some odd-looking Canadian coins briefly triggered suspicions in the United States, he said that the fears proved groundless: “We have no evidence to indicate anything connected with these coins poses a risk or danger.”
Take your pick. Either the original story was overblown, or those involved are trying to spin the news to cover their tracks. We definitely don’t have very many facts here.
EDITED TO ADD (1/18): The U.S. retracts the story.
Tracking Automobiles Through their Tires
Automobile tires are now being outfitted with RFID transmitters:
Schrader Bridgeport is the market leader in direct Tire Pressure Monitoring Systems. Direct TPMS use pressure sensors inside each tire to transmit data to a dashboard display alerting drivers to tire pressure problems.
I’ll bet anything you can track cars with them, just as you can track some joggers by their sneakers.
As I said before, the people who are designing these systems are putting “zero thought into security and privacy issues. Unless we enact some sort of broad law requiring companies to add security into these sorts of systems, companies will continue to produce devices that erode our privacy through new technologies. Not on purpose, not because they’re evil—just because it’s easier to ignore the externality than to worry about it.”
Tracking People by their Sneakers
Researchers at the University of Washington have demonstrated a surveillance system that automatically tracks people through the Nike+iPod Sport Kit. Basically, the kit contains a transmitter that you stick in your sneakers and a receiver you attach to your iPod. This allows you to track things like time, distance, pace, and calories burned. Pretty clever.
However, it turns out that the transmitter in your sneaker can be read up to 60 feet away. And because it broadcasts a unique ID, you can be tracked by it. In the demonstration, the researchers built a surveillance device (at a cost of about $250) and interfaced their surveillance system with Google Maps. Details are in the paper. Very scary.
This is a great demonstration for anyone who is skeptical that RFID chips can be used to track people. It’s a good example because the chips have no personal identifying information, yet can still be used to track people. As long as the chips have unique IDs, those IDs can be used for surveillance.
To me, the real significance of this work is how easy it was. The people who designed the Nike/iPod system put zero thought into security and privacy issues. Unless we enact some sort of broad law requiring companies to add security into these sorts of systems, companies will continue to produce devices that erode our privacy through new technologies. Not on purpose, not because they’re evil—just because it’s easier to ignore the externality than to worry about it.
DHS Privacy Committee Recommends Against RFID Cards
The Data Privacy and Integrity Advisory Committee of the Department of Homeland Security recommended against putting RFID chips in identity cards. It’s only a draft report, but what it says is so controversial that a vote on the final report is being delayed.
Executive Summary:
Automatic identification technologies like RFID have valuable uses, especially in connection with tracking things for purposes such as inventory management. RFID is particularly useful where it can be embedded within an object, such as a shipping container.
There appear to be specific, narrowly defined situations in which RFID is appropriate for human identification. Miners or firefighters might be appropriately identified using RFID because speed of identification is at a premium in dangerous situations and the need to verify the connection between a card and bearer is low.
But for other applications related to human beings, RFID appears to offer little benefit when compared to the consequences it brings for privacy and data integrity. Instead, it increases risks to personal privacy and security, with no commensurate benefit for performance or national security. Most difficult and troubling is the situation in which RFID is ostensibly used for tracking objects (medicine containers, for example), but can be in fact used for monitoring human behavior. These types of uses are still being explored and remain difficult to predict.
For these reasons, we recommend that RFID be disfavored for identifying and tracking human beings. When DHS does choose to use RFID to identify and track individuals, we recommend the implementation of the specific security and privacy safeguards described herein.
Total Information Awareness Is Back
Remember Total Information Awareness?
In November 2002, the New York Times reported that the Defense Advanced Research Projects Agency (DARPA) was developing a tracking system called “Total Information Awareness” (TIA), which was intended to detect terrorists through analyzing troves of information. The system, developed under the direction of John Poindexter, then-director of DARPA’s Information Awareness Office, was envisioned to give law enforcement access to private data without suspicion of wrongdoing or a warrant.
TIA purported to capture the “information signature” of people so that the government could track potential terrorists and criminals involved in “low-intensity/low-density” forms of warfare and crime. The goal was to track individuals through collecting as much information about them as possible and using computer algorithms and human analysis to detect potential activity.
The project called for the development of “revolutionary technology for ultra-large all-source information repositories,” which would contain information from multiple sources to create a “virtual, centralized, grand database.” This database would be populated by transaction data contained in current databases such as financial records, medical records, communication records, and travel records as well as new sources of information. Also fed into the database would be intelligence data.
The public found it so abhorrent, and objected so forcefully, that Congress killed funding for the program in September 2003.
None of us thought that meant the end of TIA, only that it would turn into a classified program and be renamed. Well, the program is now called Tangram, and it is classified:
The government’s top intelligence agency is building a computerized system to search very large stores of information for patterns of activity that look like terrorist planning. The system, which is run by the Office of the Director of National Intelligence, is in the early research phases and is being tested, in part, with government intelligence that may contain information on U.S. citizens and other people inside the country.
It encompasses existing profiling and detection systems, including those that create “suspicion scores” for suspected terrorists by analyzing very large databases of government intelligence, as well as records of individuals’ private communications, financial transactions, and other everyday activities.
The information about Tangram comes from a government document looking for contractors to help design and build the system.
DefenseTech writes:
The document, which is a description of the Tangram program for potential contractors, describes other, existing profiling and detection systems that haven’t moved beyond so-called “guilt-by-association models,” which link suspected terrorists to potential associates, but apparently don’t tell analysts much about why those links are significant. Tangram wants to improve upon these methods, as well as investigate the effectiveness of other detection links such as “collective inferencing,” which attempt to create suspicion scores of entire networks of people simultaneously.
Data mining for terrorists has always been a dumb idea. And the existence of Tangram illustrates the problem with Congress trying to stop a program by killing its funding; it just comes back under a different name.
Renew Your Passport Now!
If you have a passport, now is the time to renew it—even if it’s not set to expire anytime soon. If you don’t have a passport and think you might need one, now is the time to get it. In many countries, including the United States, passports will soon be equipped with RFID chips. And you don’t want one of these chips in your passport.
RFID stands for “radio-frequency identification.” Passports with RFID chips store an electronic copy of the passport information: your name, a digitized picture, etc. And in the future, the chip might store fingerprints or digital visas from various countries.
By itself, this is no problem. But RFID chips don’t have to be plugged in to a reader to operate. Like the chips used for automatic toll collection on roads or automatic fare collection on subways, these chips operate via proximity. The risk to you is the possibility of surreptitious access: Your passport information might be read without your knowledge or consent by a government trying to track your movements, a criminal trying to steal your identity or someone just curious about your citizenship.
At first the State Department belittled those risks, but in response to criticism from experts it has implemented some security features. Passports will come with a shielded cover, making it much harder to read the chip when the passport is closed. And there are now access-control and encryption mechanisms, making it much harder for an unauthorized reader to collect, understand and alter the data.
Although those measures help, they don’t go far enough. The shielding does no good when the passport is open. Travel abroad and you’ll notice how often you have to show your passport: at hotels, banks, Internet cafes. Anyone intent on harvesting passport data could set up a reader at one of those places. And although the State Department insists that the chip can be read only by a reader that is inches away, the chips have been read from many feet away.
The other security mechanisms are also vulnerable, and several security researchers have already discovered flaws. One found that he could identify individual chips via unique characteristics of the radio transmissions. Another successfully cloned a chip. The State Department called this a “meaningless stunt,” pointing out that the researcher could not read or change the data. But the researcher spent only two weeks trying; the security of your passport has to be strong enough to last 10 years.
This is perhaps the greatest risk. The security mechanisms on your passport chip have to last the lifetime of your passport. It is as ridiculous to think that passport security will remain secure for that long as it would be to think that you won’t see another security update for Microsoft Windows in that time. Improvements in antenna technology will certainly increase the distance at which they can be read and might even allow unauthorized readers to penetrate the shielding.
Whatever happens, if you have a passport with an RFID chip, you’re stuck. Although popping your passport in the microwave will disable the chip, the shielding will cause all kinds of sparking. And although the United States has said that a nonworking chip will not invalidate a passport, it is unclear if one with a deliberately damaged chip will be honored.
The Colorado passport office is already issuing RFID passports, and the State Department expects all U.S. passport offices to be doing so by the end of the year. Many other countries are in the process of changing over. So get a passport before it’s too late. With your new passport you can wait another 10 years for an RFID passport, when the technology will be more mature, when we will have a better understanding of the security risks and when there will be other technologies we can use to cut the risks. You don’t want to be a guinea pig on this one.
This op ed appeared on Saturday in the Washington Post.
I’ve written about RFID passports many times before (that last link is an op-ed from The International Herald-Tribune), although last year I—mistakenly—withdrew my objections based on the security measures the State Department was taking. I’ve since realized that they won’t be enough.
EDITED TO ADD (9/29): This op ed has appeared in about a dozen newspapers. The San Jose Mercury News published a rebuttal. Kind of lame, I think.
EDITED TO ADD (12/30): Here’s how to disable a RFID passport.
Track Someone Using GPS
Just hide this gadget in someone’s car or briefcase—or maybe sew it into his coat—and then track his every move.
You have to recover the device to play it back, but presumably the next generation will be queryable remotely.
Aircraft Locator a "Terrorist's Dream"
The movie plots keep coming and coming. Here’s my nomination for dumb movie plot of this week:
Skies ‘now terrorist’s dream’
Australia’s proposed new aviation tracking system would make it easier for terrorists to locate aircraft, aviation campaigner Dick Smith said today.
Mr Smith said a plan by Airservices Australia to replace radar tracking of planes with the Automatic Dependent Surveillance Broadcast (ADS B) system would allow terrorists to track every aircraft in the sky.
“Government policy using conventional radar makes it almost impossible for a terrorist or a criminal to locate the position and identity of an aircraft,” Mr Smith said.
“With ADS B it’s the opposite because all you need to track every aircraft is a small, non-directional aerial, worth $5.”
Under the present system, a terrorist can locate the position of an aircraft by looking up. And if a terrorist is smart enough to perform this intelligence-gathering exercise near an airport, he can locate the position of aircraft that are low to the ground, and easier to shoot at with missiles. Why are we worrying about telling terrorists where all the high-altitude hard-to-hit planes are?
Now I can invent a movie plot that has the terrorists needing to shoot down a particular plane because this or that famous personage is on it, but that’s a bit much.
Sidebar photo of Bruce Schneier by Joe MacInnis.