"How do you hide from something you have found"There is a well known mock-up image of a Google search result, where the query "my fucking keys" gets the answer "On the top of the fridge, right where you left them dipshit". This captures the essence of the Internet of Things beautifully: the virtual and the physical world get connected and collapse into one world, allowing us to search the Internet for our car keys, to see when the kids get home if we are doing overtime at work, or to get a message when the usual traffic jam back home is about to dissolve.
It's catching up, NoMeansNo.
When presented like this, the Internet of Things seems a desirable future. Aren't we sick and tired searching for our car keys all the time? Worrying parents certainly want to be able to know where their kids are. On the other hand, this vision brings about serious privacy concerns. What if your car keys happen to lie under your neighbour's bed? Children may prefer to be invisible and out of parental reach from time to time...
The most basic RFID chip simply contains a unique number that it broadcasts to any reader that asks for it. This type of RFID chip can be found attached to items in a supermarket, or in books you buy over the Internet. They are so small and flat you may not even notice them straight away. They are used in logistics and supply chain management, replacing the barcode.
More complex RFID chips are used in the new biometric passports, in access cards and for public transport ticketing systems. These contain quite a lot of data, but for that reason also have several security features (that in practice have been proven to be totally ineffective in certain cases, however). Not all readers have access to these chips, and a distinction is made between reading data on the chip or modifying those data.
Some mobile phones, so called NFC phones, can act as RFID readers. They can also behave as RFID chips themselves as well. All kind of RFID chips can be 'virtually' embedded on such phones, allowing one to use such a phone as a transport card for the London Underground, as an electronic purse, or even as a credit card. Field trials for such applications are already being conducted.
Many other applications of RFID technology have been thought of, are being developed or are already in use. Modern car keys use RFID. Billboards may contain an RFID chip: if you move your mobile smartphone in front of the billboard, your mobile will automatically display the corresponding website. Similar systems have been tested in museums: the website will show additional information about the exhibited item, in the language of your choice. In an interactive setting, where visitors can experiment and interact with the items on display, the RFID chip in the visitor access card enables the museum to automatically record your scores in a visitor profile that you can view later through the museum website. RFID chips in banknotes could prevent counterfeiting. Japan developed a system for the visually impaired, where RFID chips embedded in the pavement report the exact location. The reader is embedded in the white walking cane. Paper archives are much easier to manage when all paper sheets contain an RFID chip. Sharing tools with the people in your neighbourhood becomes a possibility without the risk of losing track of all your tools. When a neighbour needs a certain piece of equipment a bit longer, or if he forgets to return it straight away.... "Where is my fucking power drill?".. Google is your friend.
In any case, each of the applications discussed carries a certain threat to our civil liberties as well. They collect huge amounts of often personal information about their users, without the user knowing, and without any user control or oversight. Moreover, many of the RFID chips can be read by others over quite a long distance. If you wear a dress or a watch with an RFID chip that contains a unique number, you are always uniquely identifiable. Even if such a chip would only contain a product number and not a unique serial number, a combination of 3 or 4 of such products is usually unique anyway.
This "right to silence" is only a solution for RFID chips that are used for supply chain management, however. In those systems, the RFID tag no longer serves a purpose after the product reaches the consumer. We saw earlier that there are many other types of applications that are using or will be using RFID technology. For those applications (e.g. passports, public transport) killing the RFID tag makes no sense at all. The application would simply stop working. Moreover, even for the goods you buy at the supermarket, the real privacy benefit of the kill switch remains to be seen. Many people will choose to keep their tags alive, if offered a small financial benefit. To offer services, or to verify warrantees, it is convenient for the shop to leave the RFID tag active. In that case, you may not have a choice but to keep the RFID chip alive (unless you want to void her warranty). The problem is that a kill switch is an 'all-or-nothing' solution: if you leave the chip active, everyone can access the chip. And if you kill it, no one can use it ever more.
Demanding a kill switch for RFID chips is like demanding that users of social networks like Facebook only have a choice between accepting no friends at all, and accepting absolutely everyone as a friend. In such a setting, social networks would have struggled to survive, and we would still be experiencing Web 0.1 so to speak....
Still, it is better to choose for such a long term solution than to choose for a short term solution like the kill switch that only applies to a small class of applications anyway. There is a serious risk that trying to take away privacy concerns in this manner, no real investments will be made to implement the proposed long term solutions. If that is the case, we create an Internet of Things with RFID chips that can been killed, but that everyone keeps alive in order not to be left out of the Internet of Things. Such an Internet of Things is not a beautiful dream but a horrible nightmare.
Jaap-Henk Hoepman is senior scientist security and cryptography at TNO ICT and associated professor at the Radboud University Nijmegen. _EXTRO($Revision$,$Date$)