[linux-elitists] Two on RFID from Politech: Hack the tech, & Gilmore's dystopia

Karsten M. Self kmself at ix.netcom.com
Mon May 10 01:23:07 PDT 2004

RFID has been in the news and play recently.  I even heard a somewhat
informed discussion on KQED's "California XXX" Saturday.

The first article covers John Gilmore's dystopian view of RFID.  Imagine
being able to create weapons which indipendently target specific IDs.
This sort of activity is hard to hack.  It's also a partial _current_

  - OBL was tracked, according to reports, via his satellite phone,
    until he became aware of this, and stopped using same (possibly even
    sending it on a distracting separate track from himself for a time).

  - More locally, militia movements which had used anonymous phone cards
    to make "untraceable" phone calls instead were tracked on the basis
    of traffic analysis.  While a given card wasn't allocated to an
    individual, it was identifiable by account, and could be flagged for
    monitoring if it called other numbers of known interest.

I'm sure that states such as, say, Israel, would have a significant
interest in munitions having characteristics described by Gilmore.

The second covers a "hacking the system" concept.  I'd considered
something similar myself, though different in approach.  Rather than
finding RFID chips and "redistributing" them, why not create
programmable RFID broadcasters which could spoof other chips, and
distribute these.  The idea being to pollute any RFID detectors with a
vast spew of superfluous data.

There are a couple of implications here which are pretty clear.  Many of
us carry a set of identifyable broadcast appliances already, and this
will increase.  These signatures are difficult to mask.  The more likely
response will be to find these signatures, and to the extent they're
broadcastable, clone them and distribute them more widely (specific
seeding).  This will make the specific signatures less reliable for
either legitimate or illegitimate use.

At the same time, legitimate business uses of RFID monitoring will
probably be highly specific in their focus on data interest.  There's
simply going to be too much data floating around, most of it not
interesting, to be able to work with reasonably.  This would be further
encouraged by seeding of noise data closely resembling legitimate keys.

Predictability of RFID sequences, and known legit or covert use of data
will be key in determining both utility and countermeasure activities
concerning RFID.

    ----- Forwarded message from Declan McCullagh <declan at well.com> -----

    Date: Fri, 30 Apr 2004 00:24:45 -0400
    From: Declan McCullagh <declan at well.com>
    To: politech at politechbot.com
    Subject:  John Gilmore's horrific, 	dystopian view of an RFID world

    [I always learn something from John Gilmore, and this is no
    exception.  Although parts of his dystopia are already true: I
    travel with a cell phone, 802.1x devices, and Bluetooth devices that
    broadcast my identity (to a sufficiently savvy adversary) even more
    efficiently than an RFID tag would... --Declan]

    -------- Original Message --------
    Subject: Re: [Politech] Computerworld falls for RFID "sniper rifle" hoax?
    Date: Wed, 28 Apr 2004 13:21:35 -0700
    From: John Gilmore <gnu at toad.com>
    To: Declan McCullagh <declan at well.com>
    CC: politech at politechbot.com
    References: <408F2D74.8040301 at well.com>

    Nice hoax.  But the opposite is more likely to come true.  Rather
    than shooting RFID chips into people, people with RFID chips already
    in or on them will be shot.  People with RFID chips in their
    clothing, books, bags, or bodies could be targeted by "smart
    projectiles" that will zero in on that particular Smart.

    Today's "smart bombs" already self-guide toward laser-identified or
    RF-identified or heat-identified targets.

    The technical challenges involved in guiding a missile toward an
    RFID chip would probably relate to the speed of the missile compared
    to the range at which the RFID chip can be made to respond and the
    agility with which the missile can change course.

    Such a missile could probably more easily be designed to *arm* or
    *trigger* its explosion when a particular RFID chip is in range.
    That way, if fired at innocents, it would be a dud that would only
    cause minimal damage, but if fired at the right person, it would
    blow up.

    But we need not get so science-fiction about it.  Rather than bring
    the mountain to Mohammed, let's let Mohammed come to the mountain.
    Let's see what this technology would do for an everyday practice of
    today's freedom fighters who are defending their country by opposing
    one of the US Government's current wars of occupation.  In order to
    comply with government labeling mandates resulting from the huge
    Firestone tire recall, Michelin has announced that it plans to put
    RFID chips in every tire it sells to car makers (and eventually in
    every tire they sell).  Similar plans are afoot for many other
    automotive and personal products.

    Imagine being able to bury an explosive in a roadway -- that would
    only go off when a particular car drove over it.  You could bury
    these bombs months in advance, in any or every major or minor
    roadway.  You could change the targeting whenever you liked (e.g.
    via driving a radio-equipped car over it and transmitting new
    instructions to it).  You could give it a whole list of cars that it
    would explode for, or a set of cars and dates.

    If you put such bombs throughout a metropolitan area, a car could
    drive through the area for months without triggering anything --
    taking evasive routes, etc.  But on the appointed day, each the
    bombs surrounding the area would know to go off when that same car
    passed.  Without the responsible parties having to visit the sites
    later than days or weeks beforehand (making them hard to catch or

    Such explosives would be detectable by their radio emissions -- RFID
    pings.  But in a world where RFID pings are being transmitted by
    everything around you, including every cellphone and doorframe and
    cash register and ATM machine and camera and car and computer and
    palmtop and parking meter and cop car ... you won't even notice.
    Places with "congestion pricing" like central London, or any toll
    road anywhere, would even have plenty of active RFID readers buried
    in the roadway already.  And I'm sure the cops anywhere would love
    to have them for tracking where everybody is driving --

    Welcome to automated personal death.  Courtesy of RFID and leading
    shortsighted global corporations, with government encouragement.


    ----- End forwarded message -----

And item #2:  hacking the system.

    ----- Forwarded message from Declan McCullagh <declan at well.com> -----

    Date: Wed, 05 May 2004 00:41:47 -0400
    From: Declan McCullagh <declan at well.com>
    To: politech at politechbot.com
    Subject:  Hack the tech: a possible counter-RFID strategy [priv]

    -------- Original Message --------
    Subject: A possible counter-RFID strategy
    Date: Mon, 3 May 2004 07:57:30 -0400
    From: Rich Kulawiec <rsk at firemountain.net>
    To: Declan McCullagh <declan at well.com>

    (An edit of something I sent to the folks at nocards.org last summer)

    Having followed the recent RFID-related messages on Politech, I
    thought I'd send this along.

    First, a small historical diversion: back in the 1980's, there were
    rumors that the NSA had a complete Usenet feed going into its data
    centers.  In reaction, Usenet article authors began to include what
    were called "NSA fodder" in the headers and bodies of their
    articles; text strings like:

            Moscow nuke Iran Kremlin secret spy CIA transmission

    were put there to (at least in theory) cause the text-analysis
    programs and perhaps the human beings analyzing the incoming data at
    the NSA to work a bit harder.

    Nobody (I hope) took this very seriously, but it does illustrate an
    interesting point about approaches to frustrating unwanted data
    collection, and that is that there are two ways to do that:

            1. Deny the data to the collectors.  2. Give them all the
            data they could possibly hope for...  but fill it with so
            much noise that it's useless.

    In the case of RFID tags, so many people are all over their
    deployment that approach #1 may now be effectively impossible.

    Fine.  Let them knock themselves out putting RFID tags on and in
    everything and tracking them and accumulating all the data, and
    spending lots and lots of money and time setting all that up.

    Meanwhile, let's try approach #2.

    After all, there's no reason why you and I can't have our own RFID
    scanners, and locate the tags that we happen to find in our
    possession, now is there?  And if I felt like, oh, removing the tag
    from my new shirt and sticking it in a city bus seat, or extracting
    the tag from a new lawn sprinkler and putting it in on a shopping
    cart back at the store where I bought it, well, why not?

    Now imagine the consequences if 20 million people did the same.

    We could even have little exchanges where we throw all our tags in a
    pile and randomly take some away to play with -- the point being
    that then not even *we* know what happened to them.

    I find it very satisfying to think that someone trying to figure out
    where my bicycle helmet is at the moment will actually be tracking a
    Walmart (rushing headlong toward adoption of RFID) manager's car
    that happened to parked somewhere nearby when I felt like
    transplanting the RFID tag.

    RFID tags from all kinds of things could be randomly planted
    everywhere: in an airplane seat, in a newspaper at the library, in a
    copy of a rented video, EVERYWHERE.  Some could be transplanted to
    similar items; others to completely different ones.  And so on.

    I'm not suggesting that anyone abandon the fight against the
    intrusive and abusive uses of RFID by any means; I'm just suggesting
    that one possible countermeasure to make whatever deployment goes
    forward far less effective than its backers hope is to cause their
    RFID trackers to record huge amounts of completely useless data. [1]
    This is relatively easy to do, and could actually be turned into a
    rather amusing exercise in competitive ingenuity. [2]

    But more seriously, if a sufficient number of people participate,
    and thus a sufficient number of RFID tags are pressed into service
    generating bogus data, it will discredit them and devalue their
    usefulness, thus discouraging their further adoption and
    undercutting attempts to rely on them for some of their more
    Orwellian possible uses.

    It's a shame that something like this is necessary: but given the
    total lack of respect for privacy and any semblance of
    self-restraint on the part of governments and corporations, it is.


    [1] Most importantly, "useless data" that will be very difficult to
    distinguish from useful data.  Every communications engineer learns
    that separating signal from noise is relatively easy when they have
    very different properties, but much harder when they're the same.
    Hence the need to transplant at least some RFID tags to similar
    items, thus generating bogus but hard-to-spot-as-bogus data.

    [2] "I'd like to thank you for coming to testify before our
    committee today, Mr. Ashton, and as my first question, I'd like you
    to explain why the Senate's RFID scanner indicates that you walked
    in here with a cheese grater, a copy of the latest Harry Potter
    video, a forklift, and the latest issue of 'Motorcycle Babes' on
    your person."

    ----- End forwarded message -----

Karsten M. Self <kmself at ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    Kerry '04               http://www.johnkerry.com/


----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a>
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net

[demime 1.01d removed an attachment of type application/pgp-signature]

More information about the cypherpunks-legacy mailing list