On not learning from history

On not learning from history

Summary: [I wrote this piece before the passport ID fiasco came to light. I think its points are still valid.

SHARE:
TOPICS: Processors
5

[I wrote this piece before the passport ID fiasco came to light. I think its points are still valid.] One use of implantable RFID chips is as replacements for biometric (and other) identification. Implant a chip in your hand and -- voila! -- a single flamboyant gesture grants access to your car, home, work, bank account, credit, theater tickets, and so on. At least, that's the vision. Its success hinges on the "uncopy-ability" of an RFID tag--obviously, if someone can remotely make a copy of your tag, then he becomes, for all practical purposes, you...which means that shortly you'll be able to write a book called something like "How I Stopped Worrying and Learned to Love Identity Theft." Imagine, then, the wailing and gnashing of teeth at one implantable biometric RFID chip vendor, one of whose tags has apparently been cloned using little more than a PC and a homebrew antenna...

So what?

RFID chips have attracted a lot of negative attention over the years--some people consider them the latest Mark of the Beast (displacing bar codes for that honor) while others merely find them an example of creeping Big Brother-ism. Less attention has been focused on the possibility that the chips might not work as advertised--indeed, the tendency is to impute a lot more functionality to them ("I tell you, it's inside my brain!") than they could ever have. But a security hole that permits cloning is a big deal: Anyone coming within a few inches of you (perhaps on a crowded subway) could surreptitiously read your tag, record its number, and arrange to reproduce it. (The effective range could be increased with more powerful/sensitive readers--imagine the industrial-level theft possible with ranges in the feet or yards.) This lack of foresight is reminiscent of the early cell phone network--its designers assumed no one would bother trying to compromise it, so they built in minimal security. Lo and behold, equipment appeared that would harvest phone identifiers en masse and produce pirated handsets for sale on the street. For a few years, fraud took a significant chunk out of the telcos' profits. [sad, world-weary head shake] Such a simple lesson.

Topic: Processors

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • Note also ...

    There is also the issue of people ripping out implants out of other people to use the chips. This could lead to crimes becoming more and more gory. Then there are of course privacy issues which many people conveniently dismiss.
    P. Douglas
    • It's a stupid idea ...

      ... to implant these things. Technology changes rapidly and security technology is no exception. All this story demonstrates is that RFID (and many other technologies) have a very, very limited span before they are cracked or superceded.

      To base your country's security on these things as the US and UK are proposing with RFID passports and implants is simply bonkers.
      bportlock
    • Haven't you ever wanted...

      ... to be updated to the latest version of yourself when you have quiet time to reboot?

      I admit I do worry about DoS attacks, expressed as someone who won't stop talking.

      But the risks and sacrifice of privacy are small price for having the security of knowing you're in full compliance, especially with DRM and all other protections of IP.
      Anton Philidor
      • Not to worry!

        [i]But the risks and sacrifice of privacy are small price for having the security of knowing you're in full compliance, especially with DRM and all other protections of IP.[/i]

        Movie executive assistant: "Sir! The peasants ... err ... consumers are protesting the implants you are requiring them to wear, in order to buy our DRM protected content!"

        Movie executive: "Hambug! Just give them ?em all plastic mugs with our logo on it, that should placate them!"
        P. Douglas
  • Careful about the RFID "copy"

    I spoke with Lukas Grunwald in person. I know what the "clone" is. Yes it's cloned, but it's cloned with the exact same name and digital photo. That doesn't get you anywhere because if you change the name or photo, the digital signature will not match. We need to be very careful about overstating the RFID "fiasco".

    As for putting in something in to your body, I think that's a great technology - for my cat. I like strong authentication technology based on PKI, but these implants are simply a serial number in clear text. It offers no strong authentication capability and I even if it did, I DO NOT want to implant something in to my body. No material possession on this earth is worth body and limb and the last thing I want is to get my body chopped up. I'd much rather just say here's my (external) token and take the money. Still, if someone wishes to put something in their body, I?m fine with that so long as it?s optional. It?s my business if I want to carry something or implant something, and I think most sensible people would choose the former.
    georgeou