Betreff: CASPIAN NEWSLETTER, 3/18/05: RFID BATTLES HEAT UP
Von: CASPIAN Newsletter
Datum: Sun, 20 Mar 2005 04:35:30 -0500 

CASPIAN NEWSLETTER, 3/18/05:  RFID BATTLES HEAT UP
=====================================================================

Consumer privacy and RFID newsletter
Edited by Sunni Maravillosa and Katherine Albrecht

NEWS: 

1-  New Mexico legislators kill RFID labeling legislation
2-  U.S. Senators vow to "protect" spychips
3-  Spychips coming to your wallet?
4-  Another one! LexisNexis fumbles consumer information
5-  ChoicePoint downplayed consumer data-theft damage
6-  Miniscule penalties for data disclosures
7-  RFID: More push, less enthusiasm
8-  Big Brother moments in the parking terminal
9-  Hospital tests human spychipping program
10- GPS in phone didn't prevent Japanese girl's murder

CASPIAN ACTIVISTS UPDATE:

1-  CASPIAN news
2-  CASPIAN members sound off


=====================================================================
NEW MEXICO LEGISLATORS CAVE TO SPYCHIPPERS
=====================================================================

The New Mexico legislation to require labeling on products containing
RFID tags died in committee this month. Political pressure, plain and
simple, is what did it in:

  "The bill's rejection was the result of lobbying by the
  Grocery Manufacturers of America," Stewart says, "which
  convinced the majority of the Judiciary Committee members
  that New Mexico did not want to be the first state to enact
  such a bill."

Rep. Mimi Stewart's legislation would have alerted consumers to the
presence of RFID tags and given consumers the right to access
information collected on them through the chips. As she says, she wanted
to:

  "... protect consumers from the proliferation of a
  technology that is designed in the interest of business,
  not the consumer."

Undaunted, Stewart intends to research the issues further and resubmit
the bill in the 2006 session. Unlike many legislative efforts, Stewart's
bill appears to be entirely in keeping with the joint position paper
issued in 2003 by CASPIAN and many other privacy organizations. 

New Mexico residents: Please send an email applauding Rep. Stewart's
efforts, and offer your future support to her cause. You can email her
at: mstewart@osogrande.com.


Sources:
RFID Journal, 3/16/05
http://www.rfidjournal.com/article/articleview/1449/1/1/

New Mexico State Government web site
http://legis.state.nm.us/lcs/legdetails.asp?Name=229&Submit=Search

RFID Position Statement
http://www.spychips.com/jointrfid_position_paper.html

Email NM state legislator Rep. Mimi Stewart:
mstewart@osogrande.com


=====================================================================
U.S. SENATORS VOW TO "PROTECT" SPYCHIPS
=====================================================================

Why does RFID labeling legislation keep going down in flames? It becomes
clear when you realize our elected officials are working overtime to
protect and promote the industry.

The latest pro-RFID government missive comes from the "Senate Republican
High Tech Task Force" which unveiled a set of policy programs last week.
Among them was a policy plank vowing to "protect" RFID. These senators
have announced they will:

  "... protect exciting new technologies from premature
  regulation or legislation in search of a problem. RFID holds
  tremendous promise for our economy, including military
  logistics and commercial inventory efficiencies, and should
  not be saddled prematurely with regulation."

While CASPIAN doesn't advocate legislative controls over RFID (we want
labeling legislation only), we certainly don't think it is appropriate
for our elected representatives to gush about the technology, calling it
"exciting," either. 

Are we the only ones to think there's something wrong with an entire
task force of elected officials identifying itself as "a conduit for the
technology industry?" Whatever happened to elected officials being
"conduits" for the people? 

Source: RFID Journal, 3/10/05
http://www.rfidjournal.com/article/articleview/1440/1/1/


=====================================================================
SPYCHIPS COMING TO YOUR WALLET?
=====================================================================

Imagine if Holiday Inn, Barnes & Noble, American Airlines, OfficeMax,
AAA, and Blue Cross/Blue Shield could all secretly read a plastic card
they've issued to you -- right through your wallet, backpack, or purse.
Imagine if they used such RFID-laced loyalty or membership cards to keep
track of when you pass through doorways and observe how long you linger
in front of the cookbooks and office furniture. Then imagine them
sharing that information with other companies, marketers, and government
officials -- or losing it to hackers and identity thieves.

This horrific vision may come true sooner than you think. Arthur Blank &
Co., Inc., one of the world's largest manufacturers of plastic cards,
has just announced it is adding RFID capability to its product line.
This move has huge implications for consumer privacy, as Arthur Blank
makes 1.3 *billion* cards every year for hundreds of companies,
including the ones listed above.

There is currently no requirement for a store or other company to tell
you if the card they've issued you contains a remotely-readable spychip.
In addition, once they get you to take the card, there is nothing to
prevent them from tracking you with it -- or helping others to do the
same. 

Before long, we'll be reduced to X-raying the contents of our wallets to
be sure we're not being spied on by the cards we carry. It's time to
DEMAND labelling on spychipped items -- especially plastic cards. Ask
your state representative to read our website and contact us to provide
sample legislation and expert testimony.

You should also let Arthur Blank know how you feel about their
spychipped cards:
Arthur Blank president Stuart Blank: stublank@abco.com
Phone number: 617-325-9600
fax: 617-327-1235.

Sources:
Contactless News, 3/3/05
http://www.contactlessnews.com/news/2005/03/03/arthur-blank-co-set-for-highvolume-rfid-card-production/

Arthur Blank web site
http://www.arthurblank.com/


=====================================================================
ANOTHER ONE! LEXISNEXIS FUMBLES CONSUMER INFO
=====================================================================

Lexis-Nexis is the latest American company to fall prey to identity
thieves, with about 32,000 individuals' names, addresses, driver's
licenses, and Social Security numbers going to unauthorized parties.
Unlike ChoicePoint, Lexis-Nexis seems to be taking the breach seriously,
but for the victims, it's a case of too little, too late.

Apparently, identify thieves have caught on to the value of our stored
data -- in a big way.

  "'As the value of what you're trying to steal increases, so
  does the effort that the bad guys will put into it,' said
  Paul Beechey, a security expert with UK defense group QinetiQ."

The increasing frequency of these breaches is a cold-water-in-the-face
wakeup call. Industry needs to get some privacy-respecting choices
(i.e., companies promising not to store your data) back into the
marketplace.

Source: Yahoo News, 3/9/05
http://story.news.yahoo.com/news?tmpl=story&cid=581&e=6&u=/nm/20050309/tc_nm/media_reed_elsevier_security_dc


=====================================================================
CHOICEPOINT DOWNPLAYED CONSUMER DATA-THEFT DAMAGE
=====================================================================

ChoicePoint is still in the hot seat over its mis-handling of over
145,000 individuals' records. In documents recently filed with the
Securities and Exchange Commission (SEC), it was revealed that
ChoicePoint limited its search for damage to the effective date of the
California notification law.

How many more people are affected by ChoicePoint's carelessness, that
involved selling data to over *50* fraudulent companies? ChoicePoint
says any increase above that 145,000 won't be "significant." But who's
willing to trust them now?

Source: c|net news, 3/10/05
http://news.com.com/ChoicePoint+data+loss+may+be+higher+than+reported/2100-1029_3-5609253.html?tag=nefd.top


=====================================================================
MINISCULE PENALTIES FOR DATA DISCLOSURES
=====================================================================

Another disquieting reminder that we shouldn't believe everything we
read in a web site's privacy policy: CartManager International, an
internet company that provides "shopping cart" software to process other
companies' transactions, sold information on around 1 million people who
used their product on thousands of web sites. Many of those sites had
assured purchasers their data would be kept private.

While it's hard to put a monetary value on privacy, we know when we're
being sold out cheaply. CartManager's penalty for the privacy breach was
nothing more than a requirement that they pay back the $9,000 they
earned from the sale and promise to "clearly disclose" consumer data
sales in the future.

The data peddling industry must be laughing all the way to the bank on
this one.

Source: Reuters, 3/10/05
http://www.reuters.com/newsArticle.jhtml?type=internetNews&storyID=7867566


=====================================================================
RFID: MORE PUSH, LESS ENTHUSIASM
=====================================================================

Many companies have invested millions to expand the use of spychips --
so much so that they're overstating the case for the technology.
Wal-Mart's highly-touted mandates didn't live up to the hype, and
reports continue to show that manufacturers are less enthusiastic about
RFID than the tech's promoters would like us to believe. Even ardent
supporters like Procter & Gamble acknowledge that real hurdles still
exist. Keep up the privacy pressure -- it's just one more thing dragging
RFID down.

Source: Promo Magazine, 3/1/05
http://promomagazine.com/mag/marketing_tag_tag/


=====================================================================
BIG BROTHER MOMENTS IN THE PARKING TERMINAL
=====================================================================

The new "smart parking system" at Boston's Logan Airport uses cameras to
snap photos of cars' license plates as they enter and leave the parking
structure. What's more, staffers make daily rounds using handheld
scanners to pinpoint each car's parking spot. Everything gets stored in
a database.

Massport says it has no plans to notify people of the new
information-gathering system. Nor will they say what they might do with
the database generated:

  "Phil Orlandella, a Massport spokesman, said the agency does
  not plan to notify parkers about its information-gathering
  activities or develop a privacy policy. He stressed that data
  are gathered on vehicles entering the garages and not the
  drivers of those vehicles.

  "Orlandella said the information is held indefinitely and
  used for internal parking management, although he said the
  State Police is given access to the database for stolen vehicle
  and other investigations."

Will they start photographing the insides of our cars next? Where does
this snoopiness end?

Source: Boston Globe, 3/13/05
http://www.boston.com/business/technology/articles/2005/03/13/forget_where_you_parked_your_car/?


=====================================================================
HOSPITAL TESTS HUMAN SPYCHIPPING PROGRAM
=====================================================================

Hackensack University Medical Center in New Jersey is launching a
clinical evaluation of the VeriChip human RFID implant system in its
emergency department. However, the "innovative, well respected medical
center" appears to be ignoring the medical risks associated with the
implanted spychips, including FDA warnings that embedded chips could be
dangerous for patients undergoing MRI procedures. We hope Hackensack
emergency patients don't learn this lesson the hard way.

Source: BusinessWire, 3/14/05
http://home.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20050314005683&newsLang=en


=====================================================================
GPS IN PHONE DIDN'T PREVENT JAPANESE GIRL'S MURDER
=====================================================================

Global Positioning System (GPS) technology has been touted as a way to
protect people, especially children, from harm. Many Japanese have
bought the argument hook, line and sinker, and now tag and track their
children in a variety of different ways.

A blog called "RFID in Japan" (a great resource for monitoring
spychip-creep in that country) reports that GPS tracking technology
failed to live up to its promise for at least one unfortunate victim.
Although the technology allowed some preliminary tracking, it didn't
allow anyone to catch up with the girl's captor in time to prevent her
murder.

Sources:
RFID in Japan blog, November and December 2004
http://ubiks.net/local/blog/jmt/archives3/2004_11.html

Blog home page:
http://ubiks.net/local/blog/jmt/stuff3/


=====================================================================
CASPIAN NEWS
=====================================================================

Good news for consumers following privacy issues -- our newsletter is
now available online! If you missed our last issue, you can find it
here:

http://www.spychips.com/news/index.html

Sunni will be keeping the newsletter page current and adding back issues
over the next few weeks. Bookmark the CASPIAN newsletter home page, and
tell your friends about this excellent resource for consumer privacy
news and trends.

-----

San Diego's Fox6 News aired a 5 minute segment on RFID this week,
featuring CASPIAN founder (and newsletter co-editor) Katherine Albrecht.
After all the pro-industry puff pieces that have come out on RFID
recently, it was nice to see a reporter go heavy on the creep factor to
remind us just how scary this stuff is.

Catch it soon, before they pull it off the website:
http://www.fox6.com/
(Scroll down to "RFID Tagging")

(Thanks to our friend James at www.zombiewire.com for alerting us to
this one)

=====================================================================
CASPIAN MEMBERS SOUND OFF
=====================================================================

The following is just a small sample of the huge volume of mail we
receive each week. Comments are edited for brevity, spelling, and
grammar.

-----
"Are these things [RFID chips] in our passports? Why would they need
that information if they didn't want to control the citizens? Our
Founding Fathers would be SPINNING in their graves if they knew what was
happening to the citizens of a country established 'For the people, of
the people and by the people.'" - James, Florida

-----
"I was charged $2.19 for loaves of Klosterman bread without a card, when
they were marked 99 cents and in tiny little print 'with card.' Marking
up an item 221% for simply not having a card is outrageous!" - Gary,
Kentucky

-----
"I had heard stories of how HP and other printer manufactures's software
secretly accesses their web site and transmits statistical and other
unknown data from the user's computer.  When I installed this firewall
software, I very quickly learned how many different programs did so.
Almost every application, including Microsoft programs, attempted to
connect without notification to send some unknown data from my computer.
I now realize that everyone should have it [a firewall] even for dialup,
to stop this invasion of privacy." - Rick, Texas

-----
"Every day, we as Americans are idly standing by and watching our
freedoms and privacy slip slowly beneath the cresting wave of one world
agenda.  We either take a stand right now or face the certainty of
government controlling every aspect of our daily lives." - Duane, Texas

-----
"We are losing our rights left and right and we don't even realize we
are being preyed upon and information stolen from us. From a very
concerned parent." - Scott Glover, Springfield, MO

-----
"I just read the new newsletter and am a little appalled by the support
for Wal-Mart. They are leading the industry in America for putting RFID
tags on items on their store shelves.... There are so many places that
you can go [instead]. The store I shop at won't even allow you to use a
debit/credit card because it would increase store prices. Let's support
those people. God bless!" - Anonymous

[Editor's response: It's been nearly two years since I set foot in a
Wal-Mart store, and I agree with you 100% about not shopping there. The
last newsletter didn't support Wal-Mart, but merely pointed out that a
lot of people began shopping there when their regular supermarkets
started tracking their purchases with cards. - Katherine Albrecht]


=====================================================================

CASPIAN: Consumers Against Supermarket Privacy Invasion and Numbering 
Opposing supermarket "loyalty" cards and other retail surveillance
schemes since 1999.

http://www.spychips.com/
http://www.nocards.org/

You're welcome to duplicate and distribute this message to others who
may find it of interest.