RFID users say no privacy law needed

Grok Headline matches for RFID users say no privacy law needed

Privacy advocates: RFID technical review
needed

Privacy advocates: RFID technical review
needed 06/22/2004 07:47 AM
WASHINGTON -- Privacy advocates called for the U.S. Federal Trade Commission or other government agencies to initiative a comprehensive assessment of the potential effects of RFID (radio frequency identification) technology, during an FTC workshop on RFID Monday.

RFID users say no to privacy law

RFID users say no to privacy law 07/15/2004 07:05 AM
Computer Weekly Jul 15 2004 11:11AM GMT

Wireless carriers: Privacy bill not
needed

Wireless carriers: Privacy bill not
needed 09/21/2004 06:24 PM
WASHINGTON - Representatives of wireless telephone carriers planning a telephone directory service told a U.S. Senate committee Tuesday that legislation to protect their customers' privacy isn't needed, because their plan already does.

RFID Privacy Gap?

RFID Privacy Gap? 06/10/2004 06:13 PM
InternetNews.com-24 minutes ago ... to take charge of engineering and keep informed of how engineering may affect consumer privacy, according to Nicole Wong, senior compliance counsel for Google. ...

RFID Privacy

RFID Privacy 12/29/2003 11:56 PM

RFID News has an excellent analysis of a recent USA Today column on hypothetical nightmarish privacy violations by companies utilizing RFID tags. The gist of the analysis is that USA Today is sensationalizing the concept. Companies, governments, and individuals already have far easier and more effective ways of gathering information about you than RFID can provide.

One example of the "sky is falling" reporting is their scenario of marketers watching what you are interested in:

A department store’s RFID system recognizes that you’re carrying an item you bought there last week. Now it knows who you are. And if there are readers scattered about, it knows where you’re going. Come home to a phone call, "Mr. Kantor, we noticed you were shopping for a television…"

Retailers are smarter than that. They tend to avoid behavior that consumers are going to find creepy. When I worked for a telecomunications company I found that when someone called our call center, the systems automatically looked up the phone number of the incoming call (this was before caller ID was popular or widespread), looked up the corresponding account, and displayed the account details on the operator’s screen.

They had initially experimented with answering the phone, "Thank you for calling us Mr. Johnson. How can we help you today?" Callers understandably found this a little spooky, so the operators began answering the phone as if they had no idea who was on the other end.

If a retailer were to use RFID or any other method of identification to discover who was browsing for what products, they would likely use this information in a way that was much less overt. Email offers sent would magically include deals on products that the consumer was interested in. Direct mail would be targeted with products that a large number of people in a particular zip code had shown interest in.

It’s also important to note that, at this point at least, most companies don’t have their databases integrated to the point that they can target marketing in this method. Retailers spend billions of dollars on products that don’t sell, merchandising that doesn’t work, and marketing that falls flat. Many of these companies have the data that could have prevented these problems but are unable to properly analyze it to extract valuable information.

At least right now, that’s what’s going to prevent wholesale intrusions into our privacy—the inefficiencies and ineptitude of corporate data operations. Companies are already drowing in data. Turning that data into useful information is a lot harder than it sounds.

RFID Leaders Talk Privacy

RFID Leaders Talk Privacy 05/28/2004 02:10 PM

Needs for Standards, Privacy Top RFID
Concerns

Needs for Standards, Privacy Top RFID
Concerns 09/16/2004 07:01 PM
The technology also must become available at an affordable cost, and RFID doesn't tell officials screening for terrorist activities what's "inside the box."

Privacy advocates ask FTC for RFID
technical review

Privacy advocates ask FTC for RFID
technical review 06/22/2004 05:30 PM
The daylong Federal Trade Commission workshop included panel discussions on current and expected uses of RFID chips and on best practices for using data stored on the chips.

Libraries Trying to Protect Privacy in
RFID Environment

Libraries Trying to Protect Privacy in
RFID Environment 10/30/2003 10:19 AM

Vendors Say RFID Doesn't Compromise Privacy

"In comments to the San Francisco Public Library regarding RFID (radio frequency identification) checkout system, Lee Tien of the Electronic Frontier Foundation (EFF) commented, 'a 'mandatory kill' policy is the only measure that would allow RFIDs to be used by the library internally, while giving the public the necessary time to consider whether and to what extent they want RFIDs to proliferate.' RFID vendors, however, say that's what's happening. Scott Hackstadt, director of technology, Vernon Library Supplies, said that the only information on the RFID chip is the barcode number of the item and sorting information: 'We have an on-off bit on the tag. If it's been turned off, it can go through the gate. When it's gone, there's no mechanism for the tag to be read when it's out of the building.' " [Library Journal]

I don't blindly believe these claims because I don't work with RFID and can't test them for myself and, well, they're vendor claims. However, I think it's safe to say that of all of the various organizations implementing RFID, libraries are being the most careful and thoughtful about privacy concerns. Hopefully SFPL will continue releasing specific information to address this issue. Has anyone seen confirmations from other libraries that have implemented RFID systems?

RFID and privacy: Debate heating up in
Washington

RFID and privacy: Debate heating up in
Washington 05/28/2004 03:33 PM
WASHINGTON - Privacy advocates and some lawmakers are pushing a debate over potential privacy abuses from the growing use of radio frequency identification chips as huge retailers such as Wal-Mart Stores Inc. move toward large-scale use of the technology.

Insurance for Linux users: why is it
needed?

Insurance for Linux users: why is it
needed? 05/26/2004 07:36 AM
When a start-up firm called OSRM (Open Source Risk Management) announced two months ago that it planned to offer standard product liability insurance to Linux users and developers, many in the Linux community wondered why. For some, such coverage appeared to be an unwarranted admission that there was something wrong with Linux. Sure, vendor specific indemnification of users was appearing, but IBM itself, the first target for SCO's absurd legal claims denied the need. As recently as the last LinuxWorld Conference and Expo, IBM's Jim Stallings, general manager for Linux at Big Blue, was quoted as saying, "The claims that have been alleged [by SCO] against IBM [have] no basis, so indemnification is not needed." NewsForge recently interviewed OSRM's founder and CEO, Daniel Egger, to gain his perspective on the issue.

Privacy concerns surface at CeBIT RFID
debate

Privacy concerns surface at CeBIT RFID
debate 04/09/2004 04:09 PM
Computer Weekly Mar 22 2004 12:12PM GMT

RFID policy panel raises privacy
concerns

RFID policy panel raises privacy
concerns 04/06/2005 08:53 PM
Radio frequency identification (RFID) technology has many current and future benefits, but U.S. policymakers need to be aware of potential privacy and security problems of the rapidly evolving technology, a privacy advocate and a security expert said Wednesday.

Survey: RFID Users Fret over Cost,
Integration

Survey: RFID Users Fret over Cost,
Integration 09/22/2004 10:41 AM
Users are gearing up with RFID pilots, but they still worry about integration tools, costs, standards, and "the early and untested market," according to new survey results. Analysts say these issues will work themselves out over time.

Aplus Flash Technology introduces new
high-performance, low-current RFID
EEPROM IP: Secure and cost-efficient,
Aplus’ RFID EEPROM IP offers RFID chip
designers the first easy drop-in EEPROM
memory solution

Aplus Flash Technology introduces new
high-performance, low-current RFID
EEPROM IP: Secure and cost-efficient,
Aplus’ RFID EEPROM IP offers RFID chip
designers the first easy drop-in EEPROM
memory solution 05/31/2004 02:13 PM
Aplus Flash Technology has introduced a new version of its silicon proven 0.35um 2P3M CMOS based EEPROM IP that is targeted for RFID applications. This embedded memory IP can be used in RFID applications such as contactless smart cards, RFID tags, security and surveillance, and other supply chain tracking purposes. Aplus Flash Technology is a fabless IC design company specializing in non-volatile memory IP and products. [PRWEB May 19, 2004]

EFF Privacy Coalition Presses Congress
for Hearings on Air Traveler Privacy

EFF Privacy Coalition Presses Congress
for Hearings on Air Traveler Privacy 02/17/2004 02:34 PM
Electronic Frontier Foundations Feb 17 2004 6:22PM GMT

Creating a Privacy Policy Compliant with
the New Online Privacy Protection Act

Creating a Privacy Policy Compliant with
the New Online Privacy Protection Act 12/12/2003 07:51 PM
IRMI Dec 12 2003 6:22PM ET

RFID development kits come with
compactFlash RFID readers for pocket PC

RFID development kits come with
compactFlash RFID readers for pocket PC 08/12/2004 06:48 PM
RF Design Aug 12 2004 11:20PM GMT

RFID Labels Test 100% Readable by the
RFID Alliance Lab

RFID Labels Test 100% Readable by the
RFID Alliance Lab 12/17/2004 06:31 PM
Worldlabel.com shipped a roll with 105 pieces of 4” x 6” Xtrack™ RFID Smart Labels to the RFID Alliance Lab for testing. The tags embedded were a Rafsec dipole design with EPC UHF Ucode 1.19 chip. Tests were performed at the University of Kansas under the supervision of Dr. Daniel Deavours, Director of Research at the RFID Alliance Lab and Assistant Professor at the University of Kansas. Dr. Deavours issued the following statement on behalf of the RFID Alliance Lab. “On December 14, the Lab tested all 105 labels with a ThingMagic Mercury 4 reader. The Lab observed that all 105 labels were readable”. [PRWEB Dec 16, 2004]

The International RFID Technology Center
Locates in Frisco, TexasThe IRTC Will
Provide Leadership, Guidance and
Services for the RFID Industry

The International RFID Technology Center
Locates in Frisco, TexasThe IRTC Will
Provide Leadership, Guidance and
Services for the RFID Industry 12/19/2004 03:04 PM
The International RFID Technology Center, Inc. (IRTC) announced today that they have reached an agreement with the Frisco Economic Development Corporation (FEDC) to locate the IRTC’s headquarters in the City of Frisco, Texas, one of the fastest growing cities in the thriving Dallas/Fort Worth (DFW) area. This enables the IRTC to take advantage of DFW’s technology talent pool and geographic location as a focal point for activity in the RF (radio frequency) and RFID (radio frequency identification) sectors. [PRWEB Dec 18, 2004]

Spyware, adware plague Windows users
online; Mac OS X users surf freely

Spyware, adware plague Windows users
online; Mac OS X users surf freely 04/20/2004 08:48 AM

"Danah on the cultural divide between
Movable Type/TypePad users and
LiveJournal users"

"Danah on the cultural divide between
Movable Type/TypePad users and
LiveJournal users" 01/06/2005 05:05 PM

Re: Apache Http Server Reveals Script
Source Code to Remote Users And Any
Users Can Access The Forbidden Directory
("/WEB-INF/")

Re: Apache Http Server Reveals Script
Source Code to Remote Users And Any
Users Can Access The Forbidden Directory
("/WEB-INF/") 02/10/2004 06:47 PM
Dave Weis (Feb 09 2004)

Re: Apache Http Server Reveals Script
Source Code to Remote Users And Any
Users Can Access The Forbidden Directory
("/WEB-INF/")

Re: Apache Http Server Reveals Script
Source Code to Remote Users And Any
Users Can Access The Forbidden Directory
("/WEB-INF/") 02/16/2004 04:00 PM
Axel Beckert - ecos gmbh (Feb 13 2004)

Wi-fi users to outnumber 3G users by
2007 - report

Wi-fi users to outnumber 3G users by
2007 - report 04/09/2004 04:00 PM
DMeurope.com Apr 8 2004 6:41PM GMT

Help really needed with Bluetooth

Help really needed with Bluetooth 02/05/2005 09:51 PM
All About Symbian Feb 5 2005 3:54PM GMT

ASP 3 Programmer needed

ASP 3 Programmer needed 06/10/2004 11:16 AM
Client in need of a webmaster for servicing existing ASP web application.

Web Developer Needed!

Web Developer Needed! 08/09/2004 08:30 PM

In June while I was in recovery from my Spinal injury I hired a Web Designer to help us clean up the code on this site to optimize it for MT version 3 and to develop a skin for my personal site. I paid a $280.00 advance on work to be completed. To make a long story short the web developer cleaned this site up and then provided me some images of what he had in mind for a skin for the other site. I approved one of the images and he then promised to get it chopped up into CSS and put up on the website.

Make a long story short he quit before he finished. I think it may have had something to do with the political views on the other site but if my views where not obvious in the beginning he must have been blind. At this point I am awaiting a return of 1/2 of the money I paid him. I am sure I will get it but this guy is struggling Artist in New York and it will probably be a long time before I will see it.

I think the thing that pisses me off the most is this. At the time the developer was out of work I figured hey he needs some work and I have a small project and this could work out for both of us he earns some money while unemployed and I get a skin from someone that appears capable of doing original work. He gets a real job during the design of the skin and quits working on the project and then claims he has no time when he is already 90% finished.

Meanwhile I have a site that still needs a skin and I am very gun shy now on who I will hire. The original designer of this site was wonderful and I wish she where available now but she isn't. So are you a web designer that finishes what you start?

I highly recommend that you avoid AnziDesign as this supposed designer can not be relied upon to complete a project that he has agreed to start.

How Much Security is Needed?

How Much Security is Needed? 01/22/2004 02:42 AM

Simon Willison proposes some ideas for securing authentication systems for Web-based applications and brings up a point that I’ve never thought much about. If you have a system that locks out a user after too many incorrect logins, then it becomes easy for a malicious user to deny access to your users by simply attempting to log in as them.

This doesn’t apply only to malicious users, however. Apparently there’s a host of people who think that they registered on eBay using my user name. Several times each month I get a notice from eBay that indicates I’ve asked to change my password. Someone probably can’t remember their account details and tries several username and password combinations, requesting a password reset for each of them.

If banning is a bad idea, then how do you defend against a brute-force dictionary attack on your site? Simon goes on to suggest a series of alternatives, listing the pros and cons of each. One thing that needs to be mentioned, however, is that your security approach should be appropriate for the value of information that is being secured.

A banking site needs a lot more security than a membership-based newsletter site. So locking out the account of a user might be acceptable for your bank, even though it would be silly for securing your vacation photos.

I’d like to see a system that reacts to a hack attack intelligently combining several of Simon’s approaches with some other ideas.

Simon said:

Ban login requests from the attacker’s IP address. This introduces the usual problems with IP banning, namely the risk of banning a whole bunch of people indiscriminately but leaving the attacker free to skip the ban using open web proxies.

You could use temporary banning to make life difficult for the attacker. After 40 consecutive invalid logins on the same user account over a period of time, ban the source IP addresses of the last few attempts for a few minutes. Instead of taking a few hours to break an account, it would then take several days. And the impact to real users would be minimal.

Lock the user’s account and email them a warning of the attack and a special key needed to unlock the account again.

This special key would also be vulnerable to a dictionary attack. You can mitigate this concern by issuing new keys as the attack continues. Each time an account has a certain number of invalid logins, change the key and resend it. It’s hard to brute-force a constantly changing key.

For systems that don’t need a high level of security, instead of creating a special key, you could actually reset the password to a random string and email it to the user. The attacker now has a moving target to crack.

Send an automated alert to a system administrator so they can analyze the situation in real time and take any necessary action. This relies on administrators being available 24/7 - hardly a safe assumption for most systems.

If you’ve slowed down the attacker as noted above, this becomes a viable option.

Other interesting (and perhaps half-baked) options would be:

• Once you detect an attack, redirect the attacker to a honeypot. Let them bang away at a system that has no correct passwords. Or "authenticate" them into a clone of your system that contains nothing but faked data.
• Throttle the speed of the whole authentication system during an attack. A fifteen second delay will be hardly noticeable to real users but will slow an attacker down enough that you can take action.
• After a few incorrect attempts, change the form submittal URL for that user. A real user will be submitting the form as it’s presented to them and would have no idea that it’s going to a different address. An automated attacker would be repeatedly submitting against the original URL, not knowing that the account was no longer allowed to authenticate through that URL.

CHEAP P.e.r.s.o.n.a.l E.m.a.i.l
A.s.s.i.s.t.a.n.t. Needed

CHEAP P.e.r.s.o.n.a.l E.m.a.i.l
A.s.s.i.s.t.a.n.t. Needed 12/09/2003 05:02 PM
A classic "modest proposal" written up by Christopher Kenton in Business Week about a way to solve the spam problem. Kenton has been pointing out all the same things lots of people have been pointing out about why all of the various spam laws won't work - and he's been getting slammed by angry emailers for it. One assumed that he is against these laws because he has a personal assistant who screens his spam for him - which is when he had his brainstorm: to help solve both the spam problem and the job situation, everyone should hire "personal email assistants" who can manually scan their email for them. He points out that not only does this solve the basic problem, but it has a nice balancing effect. Part of the reason there's so much spam is that the economy hasn't been great, and companies are forced to market more aggressively - such as by spam. However, if we put everyone back to work by making them email scanners, then the need for such aggressive marketing decreases - and the system balances out. Not only that, but now we all know the best way to help find yourself a personal email assistant: just send some spam. After all, under the new US anti-spam law, it's perfectly legal.

The $40 Device You Didn't Know You
Needed

The $40 Device You Didn't Know You
Needed 01/02/2004 10:50 AM
Opinion: Though many PC users still don't have webcams, these inexpensive little wonders can team up with Instant Messaging to revolutionize the way we communicate online.

Better Bluetooth audio needed

Better Bluetooth audio needed 05/20/2004 12:58 PM
infoSync May 20 2004 5:39PM GMT

Grasp of DNA statistics needed

Grasp of DNA statistics needed 02/19/2004 02:37 AM
Washington Times Feb 19 2004 6:41AM GMT

Everything anyone ever needed to know
about Bill Clinton

Everything anyone ever needed to know
about Bill Clinton 04/14/2004 06:22 AM
release his memoirs .. The New York Times

nytimes.com/2004/04/13/books/13CLIN.html?hp
track this site | 5 links

Gigablast: Improvements Needed

Gigablast: Improvements Needed 04/24/2004 12:57 PM

Dave points to the Gigablast search engine. I put in my name and got bad results -- a top link pointing to a long-defunct URL of my blog. The other search engines get this right, as far as I know. However, there are some very nice touches, including a link to the Web Archive from each result. That's a great idea. Keep up the competition, search folks. Don't let Google own everything. One monopoly in technology is more than enough -- and we're suffering badly from its pernicious effects.

More Cool People Needed

More Cool People Needed 06/07/2004 05:40 PM
athenahealth - United States, MA, Waltham (2004-06-07)

Scanner Recommendation Needed

Scanner Recommendation Needed 03/22/2005 07:21 PM
I'm in the market for a color flatbed scanner with good scanning quality and a USB 2.0 interface. I don't care how slowly it scans, I won't be doing it for a living. I do care about getting high quality, high resolution images. Bonus points for one that can do film slides or negatives, but it is not a requirement. Anybody got a scanner they can recommend? The reviews on Amazon are all over the board, and I've yet to...

Cute Mechanic boy needed

Cute Mechanic boy needed 04/09/2004 04:11 PM
I will spare you the past two days not so fun adventures and just simply say....... I've now decided it...

Beta Testers Needed

Beta Testers Needed 09/06/2004 03:25 AM
It's been a while since we seeded anything externally, and I am pretty sure we will want some additional testers for the upcoming updates of Xounds and WindowShade X. If you would like to participate in the beta program (the seeding will begin soon), please drop an email to slavikus@gmail.com ...
Grok Description matches for RFID users say no privacy law needed
GrokA matches for RFID users say no privacy law needed

RFID users say no privacy law needed

The following phrases have been identified by the grok system as matching this entry: