Von: CASPIAN Newsletter
Datum: Sun, 20 Mar 2005 04:35:30 -0500


Consumer privacy and RFID newsletter
Edited by Sunni Maravillosa and Katherine Albrecht


1- New Mexico legislators kill RFID labeling legislation
2- U.S. Senators vow to "protect" spychips
3- Spychips coming to your wallet?
4- Another one! LexisNexis fumbles consumer information
5- ChoicePoint downplayed consumer data-theft damage
6- Miniscule penalties for data disclosures
7- RFID: More push, less enthusiasm
8- Big Brother moments in the parking terminal
9- Hospital tests human spychipping program
10- GPS in phone didn't prevent Japanese girl's murder


1- CASPIAN news
2- CASPIAN members sound off


The New Mexico legislation to require labeling on products containing
RFID tags died in committee this month. Political pressure, plain and
simple, is what did it in:

"The bill's rejection was the result of lobbying by the
Grocery Manufacturers of America," Stewart says, "which
convinced the majority of the Judiciary Committee members
that New Mexico did not want to be the first state to enact
such a bill."

Rep. Mimi Stewart's legislation would have alerted consumers to the
presence of RFID tags and given consumers the right to access
information collected on them through the chips. As she says, she wanted

"... protect consumers from the proliferation of a
technology that is designed in the interest of business,
not the consumer."

Undaunted, Stewart intends to research the issues further and resubmit
the bill in the 2006 session. Unlike many legislative efforts, Stewart's
bill appears to be entirely in keeping with the joint position paper
issued in 2003 by CASPIAN and many other privacy organizations.

New Mexico residents: Please send an email applauding Rep. Stewart's
efforts, and offer your future support to her cause. You can email her

RFID Journal, 3/16/05 New Mexico State Government web site RFID Position Statement Email NM state legislator Rep. Mimi Stewart: ===================================================================== U.S. SENATORS VOW TO "PROTECT" SPYCHIPS ===================================================================== Why does RFID labeling legislation keep going down in flames? It becomes clear when you realize our elected officials are working overtime to protect and promote the industry. The latest pro-RFID government missive comes from the "Senate Republican High Tech Task Force" which unveiled a set of policy programs last week. Among them was a policy plank vowing to "protect" RFID. These senators have announced they will: "... protect exciting new technologies from premature regulation or legislation in search of a problem. RFID holds tremendous promise for our economy, including military logistics and commercial inventory efficiencies, and should not be saddled prematurely with regulation." While CASPIAN doesn't advocate legislative controls over RFID (we want labeling legislation only), we certainly don't think it is appropriate for our elected representatives to gush about the technology, calling it "exciting," either. Are we the only ones to think there's something wrong with an entire task force of elected officials identifying itself as "a conduit for the technology industry?" Whatever happened to elected officials being "conduits" for the people? Source: RFID Journal, 3/10/05 ===================================================================== SPYCHIPS COMING TO YOUR WALLET? ===================================================================== Imagine if Holiday Inn, Barnes & Noble, American Airlines, OfficeMax, AAA, and Blue Cross/Blue Shield could all secretly read a plastic card they've issued to you -- right through your wallet, backpack, or purse. Imagine if they used such RFID-laced loyalty or membership cards to keep track of when you pass through doorways and observe how long you linger in front of the cookbooks and office furniture. Then imagine them sharing that information with other companies, marketers, and government officials -- or losing it to hackers and identity thieves. This horrific vision may come true sooner than you think. Arthur Blank & Co., Inc., one of the world's largest manufacturers of plastic cards, has just announced it is adding RFID capability to its product line. This move has huge implications for consumer privacy, as Arthur Blank makes 1.3 *billion* cards every year for hundreds of companies, including the ones listed above. There is currently no requirement for a store or other company to tell you if the card they've issued you contains a remotely-readable spychip. In addition, once they get you to take the card, there is nothing to prevent them from tracking you with it -- or helping others to do the same. Before long, we'll be reduced to X-raying the contents of our wallets to be sure we're not being spied on by the cards we carry. It's time to DEMAND labelling on spychipped items -- especially plastic cards. Ask your state representative to read our website and contact us to provide sample legislation and expert testimony. You should also let Arthur Blank know how you feel about their spychipped cards: Arthur Blank president Stuart Blank: Phone number: 617-325-9600 fax: 617-327-1235. Sources: Contactless News, 3/3/05 Arthur Blank web site ===================================================================== ANOTHER ONE! LEXISNEXIS FUMBLES CONSUMER INFO ===================================================================== Lexis-Nexis is the latest American company to fall prey to identity thieves, with about 32,000 individuals' names, addresses, driver's licenses, and Social Security numbers going to unauthorized parties. Unlike ChoicePoint, Lexis-Nexis seems to be taking the breach seriously, but for the victims, it's a case of too little, too late. Apparently, identify thieves have caught on to the value of our stored data -- in a big way. "'As the value of what you're trying to steal increases, so does the effort that the bad guys will put into it,' said Paul Beechey, a security expert with UK defense group QinetiQ." The increasing frequency of these breaches is a cold-water-in-the-face wakeup call. Industry needs to get some privacy-respecting choices (i.e., companies promising not to store your data) back into the marketplace. Source: Yahoo News, 3/9/05 ===================================================================== CHOICEPOINT DOWNPLAYED CONSUMER DATA-THEFT DAMAGE ===================================================================== ChoicePoint is still in the hot seat over its mis-handling of over 145,000 individuals' records. In documents recently filed with the Securities and Exchange Commission (SEC), it was revealed that ChoicePoint limited its search for damage to the effective date of the California notification law. How many more people are affected by ChoicePoint's carelessness, that involved selling data to over *50* fraudulent companies? ChoicePoint says any increase above that 145,000 won't be "significant." But who's willing to trust them now? Source: c|net news, 3/10/05 ===================================================================== MINISCULE PENALTIES FOR DATA DISCLOSURES ===================================================================== Another disquieting reminder that we shouldn't believe everything we read in a web site's privacy policy: CartManager International, an internet company that provides "shopping cart" software to process other companies' transactions, sold information on around 1 million people who used their product on thousands of web sites. Many of those sites had assured purchasers their data would be kept private. While it's hard to put a monetary value on privacy, we know when we're being sold out cheaply. CartManager's penalty for the privacy breach was nothing more than a requirement that they pay back the $9,000 they earned from the sale and promise to "clearly disclose" consumer data sales in the future. The data peddling industry must be laughing all the way to the bank on this one. Source: Reuters, 3/10/05 ===================================================================== RFID: MORE PUSH, LESS ENTHUSIASM ===================================================================== Many companies have invested millions to expand the use of spychips -- so much so that they're overstating the case for the technology. Wal-Mart's highly-touted mandates didn't live up to the hype, and reports continue to show that manufacturers are less enthusiastic about RFID than the tech's promoters would like us to believe. Even ardent supporters like Procter & Gamble acknowledge that real hurdles still exist. Keep up the privacy pressure -- it's just one more thing dragging RFID down. Source: Promo Magazine, 3/1/05 ===================================================================== BIG BROTHER MOMENTS IN THE PARKING TERMINAL ===================================================================== The new "smart parking system" at Boston's Logan Airport uses cameras to snap photos of cars' license plates as they enter and leave the parking structure. What's more, staffers make daily rounds using handheld scanners to pinpoint each car's parking spot. Everything gets stored in a database. Massport says it has no plans to notify people of the new information-gathering system. Nor will they say what they might do with the database generated: "Phil Orlandella, a Massport spokesman, said the agency does not plan to notify parkers about its information-gathering activities or develop a privacy policy. He stressed that data are gathered on vehicles entering the garages and not the drivers of those vehicles. "Orlandella said the information is held indefinitely and used for internal parking management, although he said the State Police is given access to the database for stolen vehicle and other investigations." Will they start photographing the insides of our cars next? Where does this snoopiness end? Source: Boston Globe, 3/13/05


Hackensack University Medical Center in New Jersey is launching a
clinical evaluation of the VeriChip human RFID implant system in its
emergency department. However, the "innovative, well respected medical
center" appears to be ignoring the medical risks associated with the
implanted spychips, including FDA warnings that embedded chips could be
dangerous for patients undergoing MRI procedures. We hope Hackensack
emergency patients don't learn this lesson the hard way.

Source: BusinessWire, 3/14/05 ===================================================================== GPS IN PHONE DIDN'T PREVENT JAPANESE GIRL'S MURDER ===================================================================== Global Positioning System (GPS) technology has been touted as a way to protect people, especially children, from harm. Many Japanese have bought the argument hook, line and sinker, and now tag and track their children in a variety of different ways. A blog called "RFID in Japan" (a great resource for monitoring spychip-creep in that country) reports that GPS tracking technology failed to live up to its promise for at least one unfortunate victim. Although the technology allowed some preliminary tracking, it didn't allow anyone to catch up with the girl's captor in time to prevent her murder. Sources: RFID in Japan blog, November and December 2004 Blog home page: ===================================================================== CASPIAN NEWS ===================================================================== Good news for consumers following privacy issues -- our newsletter is now available online! If you missed our last issue, you can find it here: Sunni will be keeping the newsletter page current and adding back issues over the next few weeks. Bookmark the CASPIAN newsletter home page, and tell your friends about this excellent resource for consumer privacy news and trends. ----- San Diego's Fox6 News aired a 5 minute segment on RFID this week, featuring CASPIAN founder (and newsletter co-editor) Katherine Albrecht. After all the pro-industry puff pieces that have come out on RFID recently, it was nice to see a reporter go heavy on the creep factor to remind us just how scary this stuff is. Catch it soon, before they pull it off the website: (Scroll down to "RFID Tagging") (Thanks to our friend James at for alerting us to
this one)


The following is just a small sample of the huge volume of mail we
receive each week. Comments are edited for brevity, spelling, and

"Are these things [RFID chips] in our passports? Why would they need
that information if they didn't want to control the citizens? Our
Founding Fathers would be SPINNING in their graves if they knew what was
happening to the citizens of a country established 'For the people, of
the people and by the people.'" - James, Florida

"I was charged $2.19 for loaves of Klosterman bread without a card, when
they were marked 99 cents and in tiny little print 'with card.' Marking
up an item 221% for simply not having a card is outrageous!" - Gary,

"I had heard stories of how HP and other printer manufactures's software
secretly accesses their web site and transmits statistical and other
unknown data from the user's computer. When I installed this firewall
software, I very quickly learned how many different programs did so.
Almost every application, including Microsoft programs, attempted to
connect without notification to send some unknown data from my computer.
I now realize that everyone should have it [a firewall] even for dialup,
to stop this invasion of privacy." - Rick, Texas

"Every day, we as Americans are idly standing by and watching our
freedoms and privacy slip slowly beneath the cresting wave of one world
agenda. We either take a stand right now or face the certainty of
government controlling every aspect of our daily lives." - Duane, Texas

"We are losing our rights left and right and we don't even realize we
are being preyed upon and information stolen from us. From a very
concerned parent." - Scott Glover, Springfield, MO

"I just read the new newsletter and am a little appalled by the support
for Wal-Mart. They are leading the industry in America for putting RFID
tags on items on their store shelves.... There are so many places that
you can go [instead]. The store I shop at won't even allow you to use a
debit/credit card because it would increase store prices. Let's support
those people. God bless!" - Anonymous

[Editor's response: It's been nearly two years since I set foot in a
Wal-Mart store, and I agree with you 100% about not shopping there. The
last newsletter didn't support Wal-Mart, but merely pointed out that a
lot of people began shopping there when their regular supermarkets
started tracking their purchases with cards. - Katherine Albrecht]


CASPIAN: Consumers Against Supermarket Privacy Invasion and Numbering
Opposing supermarket "loyalty" cards and other retail surveillance
schemes since 1999. You're welcome to duplicate and distribute this message to others who may find it of interest.