New Washington State RFID Law A Far Cry From What Assemblyman Wanted

Next Tuesday, it’s likely Washington state will have a new RFID law on its books, one that will be the first in the nation to make malicious stealing of data via RFID a crime. But the bill is a far cry from what's the bill's assemblyman sponsor had envisioned—and what he says he will still fight to get.

[...] Assemblyman Jeff Morris' original bill was aimed at retailers and would have required prior consent before stores could collect personal data.

What happened? That part of the bill was stripped out in the state senate after what Morris described as extensive retail lobbying efforts. [...] Morris vows to try and pass the law again during the next legislative session.

Social Networks are also under scrutiny by the European Commission. Both moves show that there is increased awareness that the collection of personal data will become the most sensible topic in an ever more networked society.

See also:
ENISA Position Paper Security Issues and Recommendations for Online Social Networks (pdf) by ENISA
European Commission to launch public inquiry into RFID (2006)
VENDOR-DRIVEN Theory: a vendor's conception or mental scheme of something to be done, or of the method of doing it
Do Not Track Legislation Could Change the Ad Landscape

From Foreign Policy: The Top Ten Stories You Missed in 2006

In October, the U.S. State Department began issuing biometric “ePassports” that contain a radio frequency identification (RFID) tag under the back cover. The tiny chip holds the usual passport data, including a digital photo. The motive behind adding the chips is ostensibly good: to combat counterfeiting and illegal immigration.

But a German hacker quickly found a vulnerability. With a laptop and a chip reader he bought for $200, he was able to steal data from an encrypted RFID tag, potentially allowing him to clone an ePassport. And it’s not just Americans who are at risk. Twenty-seven countries (mostly in Europe) that participate in the U.S. Visa Waiver Program are required by U.S. law to issue the new electronic passports to their citizens. The Dutch and British media have already reported major security flaws in the new IDs.

So, what’s a security conscious citizen to do? Again, the answer may come out of Germany. A group of hackers there recommends that people microwave the new passports to destroy the chips. The State Department may want to go back to relying on a paper trail.

Via Digitalsushi (de)

See also:
Do you still want to RFID?

There is a Sylt mobile project with RFID and NFC. It works like this:

Gäste des Dorint Sofitel Soel´ring Hof Sylt und des Strandhotel Sylt können während der Zeit ihres Aufenthalts sich das Nokia 3220 Handy mit NFC-Shell kostenlos ausleihen. Ebenfalls wird das Nokia 3220 mit NFC Shell bereits in einigen Vodafone Shops vertrieben. Mit herkömmlichen WAP-fähigen Handys kann das Sylt mobil Portal über wap.sylt.regiocms.de ebenfalls aufgerufen werden.

Translation: Guests of the Dorint Sofitel Soel'ring Hof Sylt and of the beach hotel Sylt can rent for free a Nokia 3220 with a NFC-Shell. Everytime you see the above logo you can then get contextual information. With current mobile phones one can access the mobile portal at wap.sylt.regiocms.de.

How much easier could this be one with mobile tags - ok I am biased;). But just think, with NFC you only have one phone today and if you would want to print RFID chips on flyers and in magazines it becomes complicated. With mobile tags it's as easy: create and print. Here is the one that gets you to the main address (URL-encoded QR Code):

Now you can go shopping with your mobile phone

Within 12 to 18 months, claim handset makers, this Near Field Communication (NFC) technology, which allows the handsets to buy and store low value electronic tokens (such as sport and transport tickets), will start being standard on new handsets.

But is it safe?

Wright says "a lot of work" has been done with credit card suppliers such as Visa and MasterCard to ensure the system is securely encrypted. "Unlike a wallet, if your phone is stolen it can be deactivated over the airwaves," Wright says.

"Also, downloading credit onto the phone would be PIN protected, so a thief could not download extra money and go on a spending spree. Although the technology is mobile, nobody can interrogate your handset to steal money from it because only a proper reader can deduct money from a phone, and that reader can only work over a couple of centimetres ."

RFID and the Internet of Things, 14-16 November, Mediamatic, Amsterdam

RFID & The Internet of Things is a workshop for a maximum of 16 designers and artists who want to learn more about RFID and its possible (cultural) effects and uses.

[...] RFID plays a pivotal role in joining the physical world with the digital. An object tagged with an RFID chip has a unique digital identity. Any kind of online data can be linked to these unique ID's. Here is where the real world and the internet become two faces of the same reality. Things go online, in other words, an internet of things evolves.

Check out the Reader for RFID Workshop, a collection of projects, theory and criticism on RFID

See also: Thoughts about Blogjects

Blogjects are "only" sources of information if that is all we want from them. Websites were only sources of information once, too, until they became conversational (in a Weinberger/Searls/Locke sort of way way) and changed the way we engage in social discourse, and even had measurable, substantial effect in 1st life politics and further. We know this for a fact. The social web changed things measurably. Can objects, also participating in the same register of discourse, do likewise, and perhaps have impactful effect?

Yep, they can have such an effect. I still remember Peter's complaint about not knowing about the whereabouts of an object (cell phone/iPod?) delivered to him. Now, let's assume we would have blogjects or shouldn't we call it rather a QRSS:). Well I need another post to go further with this...

The RFID Hacking Underground

"The world of RFID is like the Internet in its early stages," says Ari Juels, research manager at the high tech security firm RSA Labs. "Nobody thought about building security features into the Internet in advance, and now we're paying for it in viruses and other attacks. We're likely to see the same thing with RFIDs."

[...] Most commercial RFID tags don't include security, which is expensive: A typical passive RFID chip costs about a quarter, whereas one with encryption capabilities runs about $5. It's just not cost-effective for your average office building to invest in secure chips.

Via Bruno

Touch, Exploring user centred applications for NFC and RFID.

The project covers three distinct areas

1. Social and communication.
   This is a promising area for significant, emergent, potentially unexpected uses, particularly in areas of personal information management, location-based services and social networking.
2. Public services.
   This area looks at the ways that new touch-based interactions could access public data or services in safe, democratic, appropriate and efficient ways.
3. Retail, services and marketing.
   Exploring changes to the way we interact with retail services, looking at (but not limited to) payment for both products and services, automated check-out, product information, extended services and relationships, recycling, and tracking products through their cradle to cradle life-cycle.

Via Anne Galloway

See also:
Elasticspace

I live in Zurich, I have kids and it's via Nouvo that I hear from Kindercity and their use of RFID technology.

(A bit later) my wife tells me that she knows about it for a long time, that it was in all newspapers...

Via Smoothplanet