SpyChips or Tracking Tool?—The Pandora’s Box of Radio Frequency Identification (RFID) Tags

by Morgan Staggers on September 2, 2016 in Wireless

The primogenitor of Near Field Communication (NFC) – illustrated previously in this series – Radio Frequency Identification (RFID) is a mid-20th century technology deployed across the globe for all and sundry purposes. Its usage is so ubiquitous that many of us don’t recognize its presence. As mentioned earlier, micro-chipping your pets or using a RFID tag on your car’s windshield for speedy passage into the toll road are common applications. Your local library uses RFID technology too; books are places on a scanner and charged to your library account. Should some scofflaw attempt to leave the building without checking out a book, an audible alarm sounds once the offender passes by a scanner. It’s similar to the same technology retailers use to prevent shoplifting.

But… RFID technology can have some nefarious applications beyond inventory tracking and control. “Spychips,” to use the nomenclature of authors Katherine Albrecht and Liz McIntyre of Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN), have been used to track high school students on campus. Multinational Consumer Product companies such as Proctor & Gamble (P&G), Gillette and Purina have tagged their wares with RFIDs and sold them to unwitting customers. Why? To potentially monitor consumers’ use of their products inside their homes. Most people have no idea they’re buying Trojan Horses from retailers that have the potential to breach their privacy.

The ABCs of RFID

RFID tags are simple devices consisting of a transceiver (transmitter/receiver), a transponder (chip/tag) and an internal antenna. They’re cheap to manufacture, can be as tiny as a grain of sand and typically store up to 2 kilobytes of data.

In passive RFID systems, once the transceiver comes within the read zone, the tag is activated from RF emitted by the “interrogator” or read device, usually a  programmable logic controller (PLC). The energy from the interrogator goes from the antenna to the chip, generating a return signal (a process known as “backscatter”) to the interrogator. There are essentially two main types of passive RFID tags:  hard tags and inlays. Hard RFID tags are made from durable materials such as metals, plastic, ceramic or rubber and are usually intended for a specialized function or application. Inlays may be either dry inlays, wet inlays and paper face tags.

In active RFID systems, the tags can emit RF waves to announce their presence without generated power from the reading device (which implies that the tag draws upon an internal power source). They offer a much wider read range than passive tags and cost significantly more. It also allows for greater data storage. Active RFID tags with batteries have a service life of three to five years. There are basically two types of active RFID tags: transponders (which operate similarly to passive tags) and beacons. Beacons emit information every three to five seconds and have found widespread application in oil/gas, mining and cargo industries. While their range may extend for hundreds of meters, in order to conserve battery power it’s common to set them to a lower transmit power, thereby decreasing range. Note that active RFID tags are usually engineered to stand a variety of harsh environments and are much larger than passive tags.

While bar codes and RFIDs both provide a unique identifier for an object, bar codes have to be in a particular position to be scanned. Ever try to scan a bar code wrapped around a jar? It’s one reason why cashiers have to manually enter a code when checking out groceries. RFID tags have no such limitations. Metals and liquids have historically caused trouble for RFID systems; liquids are apt to absorb the energy required to power the tag and metal can reflect electromagnetic waves in unforeseen ways. However, recent advances in integrated chips have improved tag performance.

Range of RFID systems varies by radio frequency. Low frequency systems (30 KHz – 500 KHz extend to a range of >six feet while higher frequency systems 850 – 950 MHz and 2.4 – 2.5 GHz provide transmission ranges < 90 feet. As a rule, the higher the frequency, the greater the range. Notice that the highest frequency RFID systems share bandwidth with Bluetooth and many Wi-Fi devices. Thus the potential exists for crossband interference between wireless devices. See the table below:

58 KHzEAS Electro-magnetic Tags
125 - 135 KHzLF Passive Tags
7.4 KHz - 8.8 MHzEAS Swept-RF Tags
13.56 MHzHF Passive Tags
868 -928 MHzUHF Passive TagsIEEE 802.15 WPAN (ZigBee @ 868 & 915 MHz)
902 MHz / 111.5 KHz / 2.4 GHzEAS Re-radiating Tags
2.4 GHzSome Wi-Fi-based Active TagsIEEE 802.11b/g - WLAN IEEE 802.15 WPAN (Bluetooth & ZigBee
5 GHzIEEE 802.11a WLAN
60 GHzIEEE 802.11ad Wi-Fi

NOTE: “EAS” denotes Electronic Article Surveillance, a low cost technology commonly used in retail outlets to discourage theft

Data Source: corerfid

RFID Privacy Issues

Amid concerns that RFID technology is a harbinger of a “surveillance society,” organized opposition to the widespread deployment of RFIDs has emerged. Questions regarding the security of identification documents (passports, driver’s licenses, etc.) have been raised. In response to such worries, companies like Identity Stronghold market products to protect against “electronic pickpocketing.”

Take a look at this YouTube video from The Deal Guy and RFID blocking sleeve protectors:

Moreover, there are no laws requiring manufacturers to inform consumers that the products they sell are tagged. Therefore the only way most consumers can discover if a product they’ve bought has been tagged is to visually search for the device. However, given the trend to develop smaller RFID tags, many can only be detected by using a RFID reader — an expensive proposition for most people. Deeply embedded tags can be hidden in places where they can’t be readily found unless the product is torn apart, e.g., inside shoe soles. The easiest way to find a RFID tag is to look for the antenna but as manufacturers begin to integrate the antenna as part of an RFID tag’s integrated circuit, this soon may no longer be an option. The integration of the antenna and chip into one unit also makes it more difficult to disable the tag. The easiest way to disable a tag is to separate it from the antenna but if there is no antenna to be seen….

The use of passive RFID tags or “spychips” raise legitimate concerns about the sanctity of consumer privacy. According to Purdue University professor and director of the Center for Education and Research in Information Assurance (CERIAS) Eugene Spafford, “If tags aren’t removed or permanently disabled at the time of sale, they can potentially be read by someone in the store parking lot, from a passing car or from the street in front of a customer’s home.” The technology allows marketers, insurance companies, thieves, government agencies and whoever else might be interested to learn about an individual’s purchasing habits of all sorts of items, including liquor, pharmaceuticals and unhealthy foods.

Take a look at this short YouTube video produced by Adam Robage illustrating the risks to privacy and security from RFID technology:


A multi-billion dollar industry, RFID is indeed a Pandora’s Box technology; its use is now widespread among powerful and moneyed institutions across the globe with no practical way to “put the genie back in the bottle.” And indeed, it has many legitimate and productive applications. But it’s apparent that laws are needed to ensure consumer privacy. In 2008, Washington state passed a law banning the use of RFID technology to harvest consumer data without the owner’s permission. But intense corporate lobbying limited the law to cover only criminal acts like fraud. Consumers should be able to give their consent if marketers want to mine information from the use of RFID tags. Sadly, that laws is nowhere in sight.




{ 0 comments… add one now }

Leave a Comment

Time limit is exhausted. Please reload CAPTCHA.

Previous post:

Next post: