RFID Tags and Privacy Invasion

"The fantastic advances in the field of communication constitute a grave danger to the privacy of the individual"
-Earl Warren

 Technology created to make our everyday lives easier could perhaps be seen as a double edged sword. We create some technology so that we are required to do less to achieve something or get something done. This technology does the work for us, saving us time and energy. But we must never forget that we have now placed that work in the hands of an inanimate object, which does not have moral values, privacy concerns, and responsibility. It simply does as it is designed and/or programmed to do. Which leaves it open to be attacked, misguided, and stolen from.
We, as a people, must always take a step back, look at our technology, and ensure it's effectiveness and security.



One example of consumer technology that offers a large amount of reward and danger is RFID tags, or Radio-Frequency Identification tags. These "tags" can be thought of as a barcode with a radio transmitter embedded into them. They are set to become the replacement for barcode technology. The RFID tags come in many types, with two being the most common, active and passive. Active RFID tags contain a battery within them, and can transmit and receive data autonomously, while passive RFID tags require an external power source to provide them with energy to transmit. The data transmitted from the tags is sent to a reader unit, which is responsible for receiving and transmitting data to and from the tags. The reader unit relays it's data to a database unit for storage and organization. The type of data stored on these tags can vary with what the company would like to know, but it has been reported that most companies store the product ID within the tag.

What are the benefits to using RFID tags? The tags do not require "line of sight" to be accessed, as is required with barcodes, since the barcode must be closely scanned by a machine. The barcode can be damaged easily, thus rendering it unusable, costing the consumer and provider time and energy to track, identify, and possibly replace the product or it's code. RFID tags are usually hidden in some way on the product, so as to not be damaged or be maliciously removed. The tags can have a range from less than a foot, to greater than a football field, depending on the type of tag, if it is active or passive, and it's intended use. Usually, passive tags have much smaller ranges, and the tag's size is also a huge factor. The tags can be used for inventory, allowing for quick and easy monitoring of products as they travel from a supply center to a store, or as they are moved to a shelf for sale. Another hope for RFID tags is the creation of "smart shelves" that will detect what products are currently sitting on the shelf and when the shelf is in need of restocking. This would allow for quick and accurate replacement and restocking of products, and also warn of unusual shelf activity, such as if a consumer removed a dozen cases of expensive products, a possible sign of intended theft.

You may already be using RFID tags. If you have a toll tag, or a little, usually adhesive, label on your car that allows you to drive on tollways without stopping, you are the owner of an RFID tag. Some credit/gas cards contain RFID tags for quick use, and some cell phones also use the technology. So what' the problem with RFID?

 

With the autonomous sending and receiving of data from these tags, privacy is a major concern. The tag sends data indiscriminately, so the data can be intercepted by an attacker and collected for other uses. Certain products, such as medicine, expensive electronics, and other items that their owners wish to keep private may be found and tracked by an attacker. Also, the RFID tag may not deactivate once the product is purchased. The tag may remain active even after you have returned home with the product, and this could even possibly be the goal by the product company. Many security features that can be implemented into the tag to protect the sent and received data increase the cost of production of the tag, and make it unreasonable for use by the company. Thus, less security means cheaper cost. The potential for the theft of information and unwanted tracking of consumers exists, and must be kept in mind when supporting and designing this technology.

How do you feel about buying a product, not knowing what data is bring transmitted from it and where that data is going? How would you feel if that pack of razors or bottle of medicine sitting in your bathroom could broadcast data to the outside world. As it currently exists, the world of RFID tags has the potential to offer great benefit to producers, but also creates a privacy and security threat. Should it be required for products with tags to be labeled with what data is being collected? Should tags be removed from products? Should consumers have the ability to remove or disable tags in their purchased products? These are all questions that should be asked, and should be answered. While technology makes our lives easier, we must always be aware of it, and ensure that it does not take away our privacy.

--------------------------------------------------------------

Information about RFID tags was obtained from an article by Miyako Ohkubo, Koutarou Suzuki and Shingo Kinoshita and was used throughout the entire blog post. It can be read here: [link]

M. Ohkubo, K. Suzuki, and S. Kinoshita. Cryptographic approach to “privacyfriendly” tags. In RFID Privacy Workshop, 2003.

Viruses, Worms, and Bugs Oh My!

“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.”
– Gene Spafford

Surely this is an overstatement. The internet is a place where many users, likely including you, spend time every day, search for products and information, keep in contact with friends, and manage your workplace and email. We use it at home, at work, and even on our phones and mobile devices. Surely it isn't such a bad place to be. With the advancement of computer technology and security, and better understanding by users to identify potential threats, isn't the internet secure?

The answer is, no. Millions of computer users, perhaps including you, know this from experience. Internet users have had problems ranging from the minor, such as unwanted internet pop-up advertisements, to the crippling, such as the theft of their personal identity, including their bank account information and credit card info. But however bad you may think the situation is, it is actually much worse. As technology has progressed, so have the threats. They have become more advanced and harder to detect and delete, and their progression shows no signs of stopping anytime soon.

Let's take a look at a few computer threat examples.

• Spyware - Programs that monitor your computer activity and report the found information to somewhere else, potentially a hacker or company that collects information. One such example are some types of keyloggers, which store everything you type at your computer, including passwords.

• Viruses - Infect a computer, usually through the user downloading a file that they believe to be safe, only to have the virus install itself on the host computer, sometimes with the user ever knowing that they have been infected. Some Viruses can disable or destroy a computer before moving to another one, while others do nothing other than copy themselves and spread the "infection" to other computers.

• Trojans - The name comes from the "Trojan Horse" as read in mythology, in which the invading Greek army, unable to break into the guarded city of Troy, left a large wooden horse for the Trojans to find. The Trojans brought the horse inside, believing it to be a harmless trophy, when it actually held Greek soldiers inside, who later snuck out and opened the city gates for the rest of the army. A Trojan virus works in exactly the same way, appearing to be a harmless program that when downloaded, infects the computer and communicates with the internet to allow other malicious programs to enter and infect the computer.

• Worms - Perhaps one of the most dangerous computer threats, worms are like viruses, only they specialize in duplicating themselves and using the infected computer's stored information, such as an email contact list to send itself to more computers. Worms work autonomously, meaning the infection and spreading code is within the worm itself, making the rate of infection across the internet unbelievably  fast and difficult to stop.

• Bots/Botnets - A "bot" refers to a program that hides on an infected machine, allowing another user remotes control of the infected computer. Once a user has infected and gained control multiple computers, the computers are considered to be a "botnet", and can be told to perform a variety of automated tasks, such as stealing personal information, or sending cyber attacks to a certain website.

• Rootkits - These are used by "hackers", or users with knowledge on how to break into computer systems, to hide actions and allow the hacker access to a system. They modify the computer software itself, usually through either a computer's operating system's discovered vulnerability, or by discovering a user's password. They then hide the hacker's actions and subvert anti-virus protection programs from finding and fixing the created problem. 

 Viruses and other malicious threats spread across the internet quickly, if they are designed to do so. A study done by Christopher May in 2009 included mathematical models designed to represent the infection rate and spread of biological threats with people, used instead to model the spread of computer viruses [1]. The two types of infections, both biological and virtual can be thought of in the same way, only the virtual viruses can spread much more quickly, can be harder to detect, and can be used for a variety of harmful intents. Some viruses can infect hundreds of thousands of computers within weeks. One such example is the ZeuS worm, which you can read about here, along with other great information about malicious programs. Be careful though, it's a very scary read!

If you see this on the internet, don't click either button. Close the window! It is a spyware downloader!

 “Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted, because none of these measures address the weakest link in the security chain.”
– Kevin Mitnick

But what is the "weakest link" Kevin speaks of? The answer is us. Humans. In most cases, the blame for the infection of our computers and the spreading of viruses lies with us. It is up to computer users themselves to guard against possible infections and protect their computers. Here are a few tips to help you stay safe on the internet and prevent the most common ways that computers get infected.

1.  Email/Instant Messaging - By far, the most common way that computers are infected is through email, especially links included in the email. NEVER, and I say again, NEVER click any links in an email. This is the safest behavior you can perform. Only in emails that you requested be sent to you (such as a password reset email) should you trust a posted link. Many attacking hackers will make the email appear to be from a site you trust, such as a bank, Ebay, or Yahoo, etc. These pages will look identical to the real emails, and in some cases, by simply clicking the link, you have opened up your computer to downloaded threats. It is better to simply go to the site directly and access whatever information or perform whatever actions were requested or to identify the validity of the email rather than click a link.
2. Never give out personal information except in a situation where you are completely certain it is a trusted website. If you are ever asked for your bank account number, credit card information, address, social security number, or even a user name or password, make sure you know where it is going. Most websites will almost never ask you for such information unless you are making a purchase, so be careful.
3. Install Anti-virus programs on your computer. This is an easy way to safeguard your computer against threats. You can purchase many different programs that monitor your internet and computer and protect you. Although they are less reliable, although not by much in my own opinion, there are free programs as well that you can, and should use if you do not feel like paying for internet security. Such programs as Spybot: Search and Destroy and AVG. There is no reason to not have anti-virus programs on your computer. Make sure you keep them updated and scan your computer at least once every week or so. A little but of effort here will go a long way.

Should you become infected by a virus, or if you even THINK you have a virus on your computer, unplug you computer from the internet, or turn off the wireless function if you are on a wireless network. This will prevent the virus from transferring data to a hacker or other computers. With your computer unplugged, run any and all of your virus scan programs one by one to try and find and delete any threats. Delete your "cookies" and "cache" on your computer and all your temporary internet files on any browsers you have installed.

In the end, it is up to the users to make good judgment calls about what to open, what to click, and what to download in order to keep their computers and other computers secure. The consequences of not doing so can be disastrous. Read up on how to prevent computer threats and take the necessary steps to prevent it from happening to you!

------------------------------------------------------------------------------ 

[1] http://maths.dur.ac.uk/Ug/projects/library/PR4/000463800r.pdf

This Post Was Downloaded Illegally

Are you familiar with names such as Bittorrent, Limewire, Napster, or Morpheus? These are names of either current or past online file sharing programs. With the amount of users of file sharing programs estimated to be in the millions within the United States alone, file sharing is hugely popular, but has caused a large amount of criticism and legal action. But why? What's wrong with sharing? And where are the facts?

Let's first understand how file sharing works. In a very simplified description, one user will upload a file to other users across the internet. These files can be anything, from an online book, a video game, a movie, or music. Other users will download the file in a single part or in smaller pieces. As information is transferred to their computer, they in turn upload the data they have to other users downloading the same file. Imagine a bunch of people sitting in a classroom. A large amount of text is posted on the board in the front of the room, and everyone starts writing parts of it down. As users get more and more of the text copied, they begin helping other users get the text written faster and faster, while continuing to write down what they don't have. The more people in the group that have parts of or all of the text "downloaded", the faster others can "download" the file. Those who have the entire file downloaded and continue to upload the file are called "seeds", while all others in the group still downloading are called "peers". Hence the name file sharing is also called "peer to peer" sharing, or "p2p".

The issues with p2p sharing arise when looking at the content that is being shared. There are no limitations, from the software point of view, as to what can and cannot be uploaded and shared online, as the software itself will allow the uploading of any type of file. But uploading and sharing music, movies, books, and software under copyright is illegal, although the file sharing software and the act of file sharing in general itself is not illegal. It is important to remember that it is perfectly legal to use p2p programs, and many of the files shared are totally legal, from game demos, to movie trailers, to software updates. It is left completely up to the user to decide what they should and shouldn't download and upload.

How much damage can this cause to companies whose products are being downloaded illegally for free? The answer is unclear, as it is hard to exactly pinpoint to what extent the market for music, movies, and games is affected by file sharing. In many cases, it appears the "numbers" given are not quite the truth. In one study, it was reported that the music industry was losing billions within years from their CD sales. But this case did not take legal downloading into consideration, with programs such as Itunes and Amazon MP3. The company was losing billions in CD sales, but gaining billions in legal purchasing and downloading of online music. Some studies have even come to the conclusion that it does not harm the industry, but may actually spur more interest from people who download a track, favor it, then buy more music online.

But just how large of an impact file sharing has had is impossible to determine, since there are too many factors that need to be considered, both positive and negative, such as how much interest it spurred or how many people downloaded music they would have bought, or how many people downloaded music that they would not have purchased anyway. It is possible that both sides of the argument of file sharing legality are reporting excessive conclusions, but in the end it boils down to you. It is up to you to consider if file sharing is morally sound, what you should download, and how much, keeping in mind that some users have been caught and fined thousands of dollars for every music song they downloaded.

In a small twist of irony, almost every recent, accurate source I attempted to locate facts from was not public information. Each one would have cost me anywhere from $40.00 to $150.00 to read, or in some cases, view for a limited time. I searched (but did not download) for these articles on file sharing websites and was surprised to find them there, available illegally for free. This is the same sort of position some people are in considering buying music.

I choose to not download the papers, but these events seemed very fitting for my file sharing blog post.

On the Road, Off the Phone

SMS, or "short message service" refers to small, text based communication between mobile phones. It is commonly referred to as "texting", and if CTIA's U.S. statistics have anything to say about it, it is quite popular, with around 1.56 Trillion messages sent in 2009 [1].

That's right, 1.56 Trillion in the United States alone. And the numbers are only growing.

But with this many messages being sent, where are they being sent from? We will focus on one specific place where they should never be sent from, a car. According to the National Safety Council, 28% of  yearly automobile accidents are the result of lack of attention by drivers due to mobile phone usage, with about 200,000 accidents directly caused by texting [2]. Responding to a text message, a driver must look down and read the message, then, should they choose, reply to it. During this, the driver diverts attention from the the road to use their hand to access their mobile device, and their eyes to read what it says. In some situations, this small loss of attention can lead to a major accident. A driver many only look away for a few seconds, but many drivers underestimate just how much distance they travel in this time.

Let's think about this in a little more detail. Let's assume you are driving on a major road, but not a highway, traveling at 45 miles per hour. You receive a text message and glance down to read it. It takes you only two seconds to pick up your phone and access the message, then another two seconds to read what it says and who it is from. You have now been looking away from the road for about 4 seconds. This is a very small amount of time, but just what has happened as you read your message? Let's look at the numbers. I am more familiar when considering distances to use feet rather than meters, so I will provide a reference for both types of measurement in this example.

You are traveling 45 miles per hour, or 66 feet per second. In the four seconds you looked away from the road to your phone, you have traveled 264 feet, about three fourths (75%) of the length of a football field. Had you been on a major road, traveling at 65 miles per hour, this 4 second loss of attention would mean you traveled father than the length of a football field without paying attention to world around you. If you have ever been in an accident, had a close call, or experienced a near miss while driving, you know how quickly the situation around you can change, how quickly you must act in order to prevent an accident, and how long it takes for a car to come to a stop from when you press your foot on the brake.
Do you think putting luck in the drivers seat for over 100 yards is a good idea?

And with more and more accidents caused by mobile phone using drivers, studies have been performed to analyze and explain the effects of phone usage and driving. One study was done by Hosking, Young, and Regan at the University Accident Research Center and was aimed at the observation of the effects of texting while driving with young drivers. Subjects were put into a driving simulation and required to read and reply to text messages. The driver's ability to stay in their lane, their following distance, and eye movement were observed. The virtual road would also present obstacles to the driver, such as a car turning, or a pedestrian crossing the road, and their reaction speed and braking time to these obstacles were measured. It was concluded that drivers, while texting, spend 400% more time with their eyes off the road, and while those texting would increase their following distance from the car ahead of them, they would not reduce their driving speed. In particular, sending text messages greatly increased the drivers risk of having a collision [3]. By texting, you become a major hazard to yourself and those around you.

The final question you must ask yourself is this: Is it worth it?

Is it worth it to look at that message right now? The answer is no. Do yourself a favor and silence your phone when you drive, or if you can handle it, simply ignore that little catchy sound your phone makes when a new text arrives until you reach your destination. Because chances are, your friend does not need an immediate answer to "Lol, I just saw your roomate at the grocery store", and would letting them know immediately that you agree it's funny really be worth becoming paralyzed over? Or dying over? Or perhaps killing those in the cars around you when you cause an accident?

Your friend can wait. When you are on the road, please stay off your phone.




[1] U.S. Wireless Quick Facts. (n.d.). CTIA - The Wireless Association. Retrieved September 6, 2010, from http://www.ctia.org/media/industry_info/index.cfm/AID/10323 

[2] III, A. H. (n.d.). 28 percent of accidents involve talking, texting on cellphones - washingtonpost.com. washingtonpost.com - nation, world, technology and Washington area news and headlines. Retrieved September 6, 2010, from http://www.washingtonpost.com/wp-dyn/content/article/2010/01/12/AR2010011202218.html 

[3] Hosking, S., Young, K. & Regan, M. (2007). The effects of text messaging on young novice driver performance. In: I.J. Faulks, M. Regan, M. Stevenson, J. Brown, A. Porter & J.D. Irwin (Eds.). Distracted driving. Sydney, NSW: Australasian College of Road Safety. Pages 155-187.