Editing Radio-frequency identification (section)

==Problems and concerns==

===Data flooding===
Not every successful reading of a tag (an observation) is useful for business purposes. A large amount of data may be generated that is not useful for managing inventory or other applications. For example, a customer moving a product from one shelf to another, or a pallet load of articles that passes several readers while being moved in a warehouse, are events that do not produce data that are meaningful to an inventory control system.<ref>Bill Glover, Himanshu Bhatt, ''RFID Essentials'', O'Reilly Media, Inc., 2006 {{ISBN|0-596-00944-5}} page 43</ref>

Event filtering is required to reduce this data inflow to a meaningful depiction of moving goods passing a threshold. Various concepts{{Example needed|date=June 2010}} have been designed, mainly offered as ''[[middleware]]'' performing the filtering from noisy and redundant raw data to significant processed data.{{Citation needed|reason=See talk page|date=July 2021}}

===Global standardization===
The frequencies used for UHF RFID in the USA are as of 2007 incompatible with those of Europe or Japan. Furthermore, no emerging standard has yet become as universal as the [[barcode]].<ref>{{cite news|date = 7 June 2007|title = Radio Silence|url = http://economist.com/printedition/displaystory.cfm?story_id=9249278|newspaper = The Economist}}</ref> To address international trade concerns, it is necessary to use a tag that is operational within all of the international frequency domains.

===Security concerns===
A primary RFID security concern is the illicit tracking of RFID tags. Tags, which are world-readable, pose a risk to both personal location privacy and corporate/military security. Such concerns have been raised with respect to the [[United States Department of Defense]]'s recent{{When|date=January 2021}} adoption of RFID tags for [[supply chain management]].<ref>{{cite web|work = Radio Frequency Identification (RFID)|title = What's New|date = 4 April 2007|url = http://www.acq.osd.mil/log/rfid/index.htm|archive-url = https://web.archive.org/web/20060228101133/http://www.acq.osd.mil/log/rfid/index.htm|archive-date = 28 February 2006}}</ref> More generally, privacy organizations have expressed concerns in the context of ongoing efforts to embed electronic product code (EPC) RFID tags in general-use products. This is mostly as a result of the fact that RFID tags can be read, and legitimate transactions with readers can be eavesdropped on, from non-trivial distances. RFID used in access control,<ref>{{cite book |date=March 2014| pages=73–81|doi=10.1109/NRSC.2014.6835063|s2cid= 21520509| chapter=Comparative analysis of authentication techniques to Secure Low Level Reader Protocol (LLRP) connection| title=2014 31st National Radio Science Conference (NRSC)| last1=Elshrief| first1=Shreen Abd Elfatah| last2=Sadek| first2=Rowayda. A.| last3=Ghalwash| first3=Atef.| isbn=978-1-4799-3821-6}}</ref> payment and eID (e-passport) systems operate at a shorter range than EPC RFID systems but are also vulnerable to [[RFID skimming|skimming]] and eavesdropping, albeit at shorter distances.<ref name=Hancke>{{cite journal|last=Hancke|first=Gerhard P|title=Practical eavesdropping and skimming attacks on high-frequency RFID tokens|journal=Journal of Computer Security|year=2011|volume=19|issue=2|pages=259–288|doi=10.3233/JCS-2010-0407|url=http://iospress.metapress.com/content/xx855446h2kh84r2/|access-date=10 August 2012|archive-url=https://web.archive.org/web/20160527141257/http://iospress.metapress.com/content/xx855446h2kh84r2/|archive-date=27 May 2016|citeseerx=10.1.1.169.9341}}</ref>

A second method of prevention is by using cryptography. [[Rolling code]]s and [[challenge–response authentication]] (CRA) are commonly used to foil monitor-repetition of the messages between the tag and reader, as any messages that have been recorded would prove to be unsuccessful on repeat transmission.{{Clarify|reason=|date=January 2021}} Rolling codes rely upon the tag's ID being changed after each interrogation, while CRA uses software to ask for a [[cryptographic]]ally coded response from the tag. The protocols used during CRA can be [[symmetric key cryptography|symmetric]], or may use [[public key cryptography]].<ref name=RFIDHbook1>{{cite book|editor-last2=Ilyas |editor-first=Syed |editor-last=Ahson |editor-first2=Mohammad|title=RFID handbook: applications, technology, security, and privacy|year=2008|publisher=CRC Press|location=Boca Raton|isbn=978-1-4200-5499-6|section-url=https://books.google.com/books?id=q4aCyZnq0cwC&q=Rather,+the+reader+issues+a+challenge+to+the+tag,+which+responds+with+a+result+computed+using+a+cryptographic+circuit+keyed+with+some+secret+value&pg=PA478 |access-date=7 August 2012|page=478|section=26.5 Other security concerns}}</ref>

While a variety of secure protocols have been suggested for RFID tags,
in order to support long read range at low cost, many RFID tags have barely enough power available
to support very low-power and therefore simple security protocols such as [[cover-coding]].<ref>
[https://polygait.calpoly.edu/what-rfid/social-implications "RFID: Social Implications"].</ref>

Unauthorized reading of RFID tags presents a risk to privacy and to business secrecy.<ref>{{cite web|url=https://www.vde-verlag.de/proceedings-en/453168007.html|title=Business risks from naive use of RFID in tracking, tracing and logistics - Conference papers - VDE Publishing House|website=www.vde-verlag.de|access-date=2019-12-09}}</ref> Unauthorized readers can potentially use RFID information to identify or track packages, persons, carriers, or the contents of a package.<ref name=RFIDHbook1/> Several prototype systems are being developed to combat unauthorized reading, including RFID signal interruption,<ref>{{cite web|url = http://www.rsasecurity.com/rsalabs/node.asp?id=2115|title = RFID Privacy and Security|publisher = RSA Laboratories|access-date = 2013-09-22|archive-url = https://web.archive.org/web/20061218210709/http://www.rsasecurity.com/rsalabs/node.asp?id=2115|archive-date = 2006-12-18}}</ref> as well as the possibility of legislation, and 700 scientific papers have been published on this matter since 2002.<ref>{{cite web|url = http://avoine.net/rfid/|title = RFID Security and Privacy Lounge|publisher=Avoine.net|access-date=2013-09-22}}</ref> There are also concerns that the database structure of [[Object Naming Service]] may be susceptible to infiltration, similar to [[denial-of-service attack]]s, after the EPCglobal Network ONS root servers were shown to be vulnerable.<ref>{{cite web|first=Adi|last=Tedjasaputra|url=http://www.rfid-asia.info/2007/02/putting-rfid-network-security-in.htm|title=Putting RFID Network Security in Perspective|publisher=RFID Asia|date=2006-12-11|access-date=2007-08-03}}</ref>

===Health===
Microchip–induced tumours have been noted during animal trials.<ref>{{Cite book|pages=337–349|last=Albrecht|first=Katherine|title=2010 IEEE International Symposium on Technology and Society|chapter=Microchip-induced tumors in laboratory rodents and dogs: A review of the literature 1990&ndash;2006|year=2010|publisher=IEEE|doi= 10.1109/ISTAS.2010.5514622|isbn=978-1-4244-7777-7|s2cid=2813360}}</ref><ref>{{cite news|url=https://www.washingtonpost.com/wp-dyn/content/article/2007/09/08/AR2007090800997_pf.html|title=Chip Implants Linked to Animal Tumors|last=Lewan|first=Todd|newspaper=Washington Post|date=8 September 2007}}</ref>

===Shielding===
{{Further|Aluminium foil#Electromagnetic shielding}}
In an effort to prevent the passive "skimming" of RFID-enabled cards or passports, the U.S. [[General Services Administration]] (GSA) issued a set of test procedures for evaluating electromagnetically opaque sleeves.<ref>{{cite web|title = Electromagnetically Opaque Sleeve Test Procedure version 3.0.0|publisher = GSA|url = https://s3.amazonaws.com/sitesusa/wp-content/uploads/sites/1171/2017/01/GSA_EP_Electromagnetic_v13.1.pdf}}</ref> For shielding products to be in compliance with FIPS-201 guidelines, they must meet or exceed this published standard; compliant products are listed on the website of the U.S. CIO's FIPS-201 Evaluation Program.<ref>{{cite web|title = FIPS 201 Evaluation Program Approved Products List (APL)|publisher = U.S. CIO and the Federal CIO Councils|url = http://www.idmanagement.gov/approved-products-list}}</ref> The United States government requires that when new ID cards are issued, they must be delivered with an approved shielding sleeve or holder.<ref>{{cite web|title = FIPS-201, Personal Identity Verification (PIV) of Federal Employees and Contractors|publisher = [[NIST]]|url = http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-chng1.pdf|access-date = 2019-01-10|archive-url = https://web.archive.org/web/20101226075308/http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-chng1.pdf|archive-date = 2010-12-26}}</ref> Although many wallets and passport holders are advertised to protect personal information, there is little evidence that RFID skimming is a serious threat; data encryption and use of [[EMV]] chips rather than RFID makes this sort of theft rare.<ref>{{cite web|url=https://slate.com/human-interest/2015/08/credit-cards-passports-and-rfid-fraud-are-special-blocking-wallets-necessary.html|title=Do You Really Need an RFID-Blocking Wallet?|last=Oremus|first=Will|date=2015-08-25|website=Slate Magazine|language=en|access-date=2019-11-10}}</ref><ref>{{cite news|url=https://www.npr.org/sections/alltechconsidered/2017/07/04/535518514/there-are-plenty-of-rfid-blocking-products-but-do-you-need-them|title=There Are Plenty Of RFID-Blocking Products, But Do You Need Them?|website=NPR.org|language=en|access-date=2019-11-10}}</ref>

There are contradictory opinions as to whether aluminum can prevent reading of RFID chips. Some people claim that aluminum shielding, essentially creating a [[Faraday cage]], does work.<ref>{{cite web|title = Can Aluminum Shield RFID Chips?|publisher = RFID Shield|url = http://www.rfid-shield.com/info_doesitwork.php|access-date = 2007-03-27|archive-url = https://web.archive.org/web/20140330050519/http://www.rfid-shield.com/info_doesitwork.php|archive-date = 2014-03-30}}</ref> Others claim that simply wrapping an RFID card in aluminum foil only makes transmission more difficult and is not completely effective at preventing it.<ref>{{cite web|title = Aluminum Foil Does Not Stop RFID|publisher = Omniscience is Bliss|url = http://www.omniscienceisbliss.org/rfid.html}}</ref>

Shielding effectiveness depends on the frequency being used. [[Low frequency|Low-frequency]] LowFID tags, like those used in implantable devices for humans and pets, are relatively resistant to shielding, although thick metal foil will prevent most reads. [[High frequency]] HighFID tags (13.56&nbsp;MHz—[[smart card]]s and access badges) are sensitive to shielding and are difficult to read when within a few centimetres of a metal surface. [[Ultra high frequency|UHF]] Ultra-HighFID tags (pallets and cartons) are difficult to read when placed within a few millimetres of a metal surface, although their read range is actually increased when they are spaced 2–4&nbsp;cm from a metal surface due to positive reinforcement of the reflected wave and the incident wave at the tag.<ref>{{cite web|url=http://www.falkensecurenetworks.com/PDFs/A_Primer_on_RFID.pdf|title=A Primer on RFID}}</ref>

[[Image:Stoprfid-logo.svg|thumb|Logo of the anti-RFID campaign by German privacy group [[digitalcourage]] (formerly FoeBuD)]]

===Privacy===
The use of RFID has engendered considerable controversy and some [[consumer privacy]] advocates have initiated product [[boycott]]s. Consumer privacy experts [[Katherine Albrecht]] and [[Liz McIntyre (writer)|Liz McIntyre]] are two prominent critics of the "spychip" technology. The two main privacy concerns regarding RFID are as follows:{{Citation needed|reason=See talk page|date=July 2021}}
* As the owner of an item may not necessarily be aware of the presence of an RFID tag and the tag can be read at a distance without the knowledge of the individual, sensitive data may be acquired without consent.
* If a tagged item is paid for by credit card or in conjunction with use of a [[loyalty card]], then it would be possible to indirectly deduce the identity of the purchaser by reading the globally unique ID of that item contained in the RFID tag. This is a possibility if the person watching also had access to the loyalty card and credit card data, and the person with the equipment knows where the purchaser is going to be.

Most concerns revolve around the fact that RFID tags affixed to products remain functional even after the products have been purchased and taken home; thus, they may be used for [[surveillance]] and other purposes unrelated to their supply chain inventory functions.<ref>Markus Hansen, Sebastian Meissner: [https://tepin.aiki.de/blog/uploads/2007-hansen-meissner-tracking-epc-rfid-ifip.pdf Identification and Tracking of Individuals and Social Networks using the Electronic Product Code on RFID Tags], IFIP Summer School, Karlstad, 2007, [https://tepin.aiki.de/blog/uploads/20070807-ifip-hansen-meissner-tracking-rfid-epc.pdf Slides].</ref>

The RFID Network responded to these fears in the first episode of their syndicated cable TV series, saying that they are unfounded, and let RF engineers demonstrate how RFID works.<ref>{{cite web|url=http://0y3v.errandrunner.org/onbqfGf|title=How to read data from rfid reader|website=0y3v.errandrunner.org|access-date=2019-04-22}}</ref> They provided images of RF engineers driving an RFID-enabled van around a building and trying to take an inventory of items inside. They also discussed satellite tracking of a passive RFID tag.

The concerns raised may be addressed in part by use of the [[Clipped Tag]]. The Clipped Tag is an RFID tag designed to increase privacy for the purchaser of an item. The Clipped Tag has been suggested by [[IBM]] researchers [[Paul Moskowitz]] and Guenter Karjoth. After the point of sale, a person may tear off a portion of the tag. This allows the transformation of a long-range tag into a proximity tag that still may be read, but only at short range&nbsp;– less than a few inches or centimeters. The modification of the tag may be confirmed visually. The tag may still be used later for returns, recalls, or recycling.

However, read range is a function of both the reader and the tag itself. Improvements in technology may increase read ranges for tags. Tags may be read at longer ranges than they are designed for by increasing reader power. The limit on read distance then becomes the signal-to-noise ratio of the signal reflected from the tag back to the reader. Researchers at two security conferences have demonstrated that passive Ultra-HighFID tags normally read at ranges of up to 30 feet can be read at ranges of 50 to 69 feet using suitable equipment.<ref>[http://blogs.pcworld.com/staffblog/archives/000798.html] {{webarchive|url=https://web.archive.org/web/20110928040106/http://blogs.pcworld.com/staffblog/archives/000798.html|date=September 28, 2011}}</ref><ref>[http://blog.makezine.com/archive/2005/07/_defcon_rfid_wo.html] {{webarchive|url=https://web.archive.org/web/20090207081350/http://blog.makezine.com/archive/2005/07/_defcon_rfid_wo.html|date=February 7, 2009}}</ref>

In January 2004, privacy advocates from CASPIAN and the German privacy group [[digitalcourage|FoeBuD]] were invited to the METRO Future Store in Germany, where an RFID pilot project was implemented. It was uncovered by accident that METRO "Payback" customer [[loyalty card]]s contained RFID tags with customer IDs, a fact that was disclosed neither to customers receiving the cards, nor to this group of privacy advocates. This happened despite assurances by METRO that no customer identification data was tracked and all RFID usage was clearly disclosed.<ref>{{cite web|title = The METRO "Future Store" Special Report|publisher = Spychips|author1 = Katherine Albrecht|author2 = Liz McIntyre|url = http://www.spychips.com/metro/overview.html|access-date = 2005-05-05|archive-url = https://web.archive.org/web/20050508083244/http://www.spychips.com/metro/overview.html|archive-date = 2005-05-08}}</ref>

During the UN [[World Summit on the Information Society]] (WSIS) in November 2005, [[Richard Stallman]], the founder of the [[free software movement]], protested the use of RFID security cards by covering his card with aluminum foil.<ref>{{cite web|title = The WSIS in Tunis|author = Richard M Stallman|url = http://www.fsf.org/blogs/rms/entry-20060125.html|publisher=Fsf.org|access-date=2013-09-22}}</ref>

In 2004–2005, the [[Federal Trade Commission]] staff conducted a workshop and review of RFID privacy concerns and issued a report recommending best practices.<ref>{{cite web|title=Radio Frequency Identification: Applications and Implications for Consumers|date=March 2005|url= http://www.ftc.gov/os/2005/03/050308rfidrpt.pdf|publisher=Ftc.gov|access-date=2013-09-22}}</ref>

RFID was one of the main topics of the 2006 [[Chaos Communication Congress]] (organized by the [[Chaos Computer Club]] in [[Berlin]]) and triggered a large press debate. Topics included electronic passports, Mifare cryptography and the tickets for the FIFA World Cup 2006. Talks showed how the first real-world mass application of RFID at the 2006 FIFA Football World Cup worked. The group [[monochrom]] staged a "Hack RFID" song.<ref>{{cite web|url = http://www.monochrom.at/rfid/|title = R F I D|author = monochrom|access-date = 2007-01-04|archive-url = https://web.archive.org/web/20100220122421/http://www.monochrom.at/rfid/|archive-date = 2010-02-20}}</ref>

===Government control===
Some individuals have grown to fear the loss of rights due to RFID human implantation.

By early 2007, Chris Paget of San Francisco, California, showed that RFID information could be pulled from a [[United States Passport Card|US passport card]] by using only $250 worth of equipment. This suggests that with the information captured, it would be possible to clone such cards.<ref>{{cite web|author=Iain Thomson in San Francisco|url=http://www.v3.co.uk/vnunet/news/2235666/hackers-clones-passports-drive|title=Hacker clones passports in drive-by RFID heist – V3.co.uk – formerly vnunet.com|publisher=V3.co.uk|access-date=2010-04-24|archive-url=https://web.archive.org/web/20100324060524/http://www.v3.co.uk/vnunet/news/2235666/hackers-clones-passports-drive|archive-date=2010-03-24}}</ref>

According to ZDNet, critics believe that RFID will lead to tracking individuals' every movement and will be an invasion of privacy.<ref>{{cite web|url=http://news.zdnet.com/2100-9584_22-138001.html|title=Human chips more than skin-deep|publisher=[[ZDNet]]|access-date=2010-04-24|archive-url=https://web.archive.org/web/20100324122642/http://news.zdnet.com/2100-9584_22-138001.html|archive-date=2010-03-24}}</ref> In the book ''SpyChips: How Major Corporations and Government Plan to Track Your Every Move'' by Katherine Albrecht and Liz McIntyre, one is encouraged to "imagine a world of no privacy. Where your every purchase is monitored and recorded in a database and your every belonging is numbered. Where someone many states away or perhaps in another country has a record of everything you have ever bought. What's more, they can be tracked and monitored remotely".<ref>{{Cite book|url=https://books.google.com/books?id=YDxDuMYVJdcC&q=RFID+Government&pg=PR9|title=Spychips: how major corporations and government plan to track your every move with RFID|author1=Katherine Albrecht|author2=Liz McIntyre|publisher=Thomas Nelson Inc|year=2005|isbn=978-1-59555-020-0}}</ref>

===Deliberate destruction in clothing and other items===
According to an RSA laboratories FAQ, RFID tags can be destroyed by a standard microwave oven;<ref>{{cite web|url=http://www.emc.com/emc-plus/rsa-labs/research-areas/faq-on-rfid-and-rfid-privacy.htm#13|title=FAQ on RFID and RFID privacy|publisher=rsa.com|access-date=2015-03-23}}</ref> however, some types of RFID tags, particularly those constructed to radiate using large metallic antennas (in particular RF tags and [[Electronic Product Code|EPC]] tags), may catch fire if subjected to this process for too long (as would any metallic item inside a microwave oven). This simple method cannot safely be used to deactivate RFID features in electronic devices, or those implanted in living tissue, because of the risk of damage to the "host". However the time required is extremely short (a second or two of radiation) and the method works in many other non-electronic and inanimate items, long before heat or fire become of concern.<ref>{{cite web|url=https://declara.com/content/kaZAL635|title=Declara - Your Personal Knowledge Engine|website=declara.com|access-date=2019-04-22}}</ref>

Some RFID tags implement a "kill command" mechanism to permanently and irreversibly disable them. This mechanism can be applied if the chip itself is trusted or the mechanism is known by the person that wants to "kill" the tag.

UHF RFID tags that comply with the EPC2 Gen 2 Class 1 standard usually support this mechanism, while protecting the chip from being killed with a password.<ref>{{cite web|url=http://www.gs1.org/sites/default/files/docs/epc/uhfc1g2_2_0_0_standard_20131101.pdf|title=EPC™ Radio-Frequency Identity Protocols Generation-2 UHF RFID, Version 2.0.0|publisher=GS1.org|date=November 2013|access-date=23 March 2015}}</ref> Guessing or cracking this needed 32-bit password for killing a tag would not be difficult for a determined attacker.<ref>{{cite web|url=http://www.smartcardalliance.org/publications-epc-gen2-faq/|title=EPC Gen 2 FAQ|publisher=Smart Card Alliance|date=July 2006|access-date=2015-03-25|archive-url=https://web.archive.org/web/20150320225151/http://www.smartcardalliance.org/publications-epc-gen2-faq/|archive-date=2015-03-20}}</ref>