Watching us through the Sorting Door

Ex-spook and SAP launch RFID research project

A former CIA intelligence analyst and researchers from SAP plan to study how RFID tags might be used to profile and track individuals and consumer goods.

"I believe that tags will be readily used for surveillance, given the interests of various parties able to deploy readers," said Ross Stapleton-Gray, former CIA analyst and manager of the study, called the Sorting Door Project.

Sorting Door will be a test-bed for studying the massive databases that will be created by RFID tags and readers, once they become ubiquitous. The project will help legislators, regulators and businesses make policies that balance the interests of industry, national security and civil liberties, said Stapleton-Gray.

In Sorting Door, RFID readers (whether in doorways, walls or floors, or the hands of workers) will collect data from RFID tags and feed them into databases.

Sorting Door participants will then investigate how the RFID tag's unique serial numbers, called EPCs, can be merged with other data to identify dangerous people and gather intelligence in a particular location.

For example, a computer could alert customs officials when sensors show that a container's contents do not match the descriptions provided by its EPCs. Or a doorway RFID reader might detect suspicious individuals, such as someone wearing a heavy coat into a bank on a 90 degree day.

Government investigators could also build profiles about individuals through the EPCs, such as their tastes in clothing, or their reading preferences.

RFID/EPC tags on consumer goods "may give clues to their owners' interests, habits, and activities," according to the Sorting Door proposal. This data could be acted upon by security sentinels, or devices that greet recognized customers.

Sorting Door gets its name from the Sorting Hat in the "Harry Potter" books, which magically determines which school house its wearer will join.

The data mining software in Sorting Door would be provided by SAP, an enterprise software company, which has worked on RFID tests with Wal-Mart, Procter and Gamble and the Metro Group.

RFID, an acronym for radio frequency identification, is widely used in highway toll-pay transponders, contactless payment devices and proximity (or "prox") cards used in offices.

Sorting Door will largely focus on RFID/EPC tags (EPC is short for Electronic Product Code), which will eventually replace the barcode on consumer goods, according to retailers' plans.

Many retailers and their suppliers hope to create databases merging the EPCs on purchased items with shoppers' credit and customer loyalty cards. The companies could then use that information to pitch new products at specific consumers - wherever RFID/EPC reader devices are set up to spot them.

The U.S. Department of Homeland Security may also be interested in having access to these databases, which will help form what some are calling the EPC Network, and others "The Internet of Things."

The U.S. Department of Defense, which has gigantic supply chains, will be a major contributor of databases to the EPC Network.

Homeland Security has been contemplating joining Sorting Door, since Stapleton-Gray talked with the agency about the project several weeks ago.

"RFID tags have some promising potentials, but also some serious questions," said Homeland Security spokeswoman Valerie Smith. "So research like this can be helpful."

Smith said that Homeland Security would not be commenting specifically on whether it is joining Sorting Door at this time.

Privacy advocates worry that the government is already eyeing ways to access the EPC Network. Several airlines have already shown their willingness to turn over their databases to federal authorities, in the name of national security.

"The government is already doing a lot of data mining, with databases from the private sector," said Katherine Albrecht, director of the consumer privacy group, <" target=new>CASPIAN. "It lets them get around that pesky Fourth Amendment to the Constitution (which protects citizens from arbitrary searches). This is data they would be not allowed to get on their own."

Privacy advocates, for their part, expect Sorting Door to show how RFID tags will turn shoes and clothes into tracking beacons for marketers and government snoops.

That is one unique aspect of Sorting Door: It is open to all stakeholders in the RFID debate, including privacy watchdogs, the RFID industry, and the government.

But the RFID industry - those who make radio tags and those who buy them - are afraid of revealing RFID's "spy chip" capabilities, according to civil libertarians.

RFID users such as Procter and Gamble will not be interested in Sorting Door, because the results will be open to public scrutiny, said Electronic Frontier Foundation senior staff attorney Lee Tien.

"The burden is on the proponents of tracking devices to show that they are not going to contribute to a surveillance infrastructure," said Tien. "But (the retailers) are not willing to have an honest conversation with society."

Tien said he supports the mission of the Sorting Door project.

Retailers and suppliers, the RFID/EPC standards body EPC Global, and representatives of industry- backed RFID laboratories either declined to be interviewed for this story, or did not respond to interview requests.

Some of the industry representatives said they were unfamiliar with Sorting Door. Stapleton-Gray said he hopes to brief retailers, consumer packaged goods producers and EPC Global on the project in the near future, however.

SAP's involvement will likely get the attention of others in the industry.

Tao Lin, director of Auto-ID (or EPC) research at SAP Labs in Palo Alto, Calif., is combining an EPC Network data mining project of his own with Sorting Door.

The EPC Network is an inevitability, said Lin, and now is the time to learn about its potential for securing people and goods, or for being abused by the government.

"We need to proactively investigate the issues," said Lin, "before we set up laws and rules to facilitate or prevent certain uses of this infrastructure."®

Related stories

Your fingerprints are everywhere
Germans plan biometric hooligan clampdown
Privacy groups slam US passport technology
World Cup tickets will contain RFID chips
IVF clinics may tag embryos

Other stories you might like

  • SpaceX Starlink sat streaks now present in nearly a fifth of all astronomical images snapped by Caltech telescope

    Annoying, maybe – but totally ruining science, no

    SpaceX’s Starlink satellites appear in about a fifth of all images snapped by the Zwicky Transient Facility (ZTF), a camera attached to the Samuel Oschin Telescope in California, which is used by astronomers to study supernovae, gamma ray bursts, asteroids, and suchlike.

    A study led by Przemek Mróz, a former postdoctoral scholar at the California Institute of Technology (Caltech) and now a researcher at the University of Warsaw in Poland, analysed the current and future effects of Starlink satellites on the ZTF. The telescope and camera are housed at the Palomar Observatory, which is operated by Caltech.

    The team of astronomers found 5,301 streaks leftover from the moving satellites in images taken by the instrument between November 2019 and September 2021, according to their paper on the subject, published in the Astrophysical Journal Letters this week.

    Continue reading
  • AI tool finds hundreds of genes related to human motor neuron disease

    Breakthrough could lead to development of drugs to target illness

    A machine-learning algorithm has helped scientists find 690 human genes associated with a higher risk of developing motor neuron disease, according to research published in Cell this week.

    Neuronal cells in the central nervous system and brain break down and die in people with motor neuron disease, like amyotrophic lateral sclerosis (ALS) more commonly known as Lou Gehrig's disease, named after the baseball player who developed it. They lose control over their bodies, and as the disease progresses patients become completely paralyzed. There is currently no verified cure for ALS.

    Motor neuron disease typically affects people in old age and its causes are unknown. Johnathan Cooper-Knock, a clinical lecturer at the University of Sheffield in England and leader of Project MinE, an ambitious effort to perform whole genome sequencing of ALS, believes that understanding how genes affect cellular function could help scientists develop new drugs to treat the disease.

    Continue reading
  • Need to prioritize security bug patches? Don't forget to scan Twitter as well as use CVSS scores

    Exploit, vulnerability discussion online can offer useful signals

    Organizations looking to minimize exposure to exploitable software should scan Twitter for mentions of security bugs as well as use the Common Vulnerability Scoring System or CVSS, Kenna Security argues.

    Better still is prioritizing the repair of vulnerabilities for which exploit code is available, if that information is known.

    CVSS is a framework for rating the severity of software vulnerabilities (identified using CVE, or Common Vulnerability Enumeration, numbers), on a scale from 1 (least severe) to 10 (most severe). It's overseen by, a US-based, non-profit computer security organization.

    Continue reading

Biting the hand that feeds IT © 1998–2022