Quick, get Mr. Bond on the case!
What are you, Amish?
I'm only half-joking. Many years ago, I read a story in Wired Magazineabout the Amish to approach to technology. This later article casts more light.
Author Bruce Sterling made some contacts amongst the Amish, and revisited a few more times; i recommend searching the site for "bruce sterling contacts" (without the quotes). It really is interesting, at least to me.
They're not, as most outsiders assume (and I did), knee-jerk opposed to any new technology; they oppose luxuries, not practical necessities. They oppose telephones in homes, which they feel encourage people to stay inside and weaken a sense of community, but most communities have outdoor telephones. It's much more nuanced than I thought, and I encourage reading the articles.
Coming back to RFID, it certainly has great practical applications and potential for abuse. We already have credit bureaus, computer databases, surveillance technology, wiretaps, e-mail surveillance, GPS tracking, SPECTRE, COYOTE, TEMPEST, and all manner of other technology that can be abused. To me, sweating over RFID is worrying about closing the barn door when the horses are long gone.
I see some great possibilities for RFID. Embed tags in all prison uniforms, and you know where everyone is all the time. I wouldn't be difficult to automatically spot patterns of a suspiciously large number of people closing on the same locations, and thereby alert the COs to a potential riot. Soldiers with RFID could find wounded comrades more quickly.
Put an FRID in the bracelets they put on hospital patients, and you can track where anybody is all the time. Especially useful for elderly patients who tend to wander off.
On a more mundane level, you could go to a grocery store, grab a shopping cart with RFID and a small touch screen, tap in your shopping list, and get exact directions to where you can find the stuff you want. The collected data is tied to the cart, not to you, so no worries if you don't want the world to know you're buying herpes meds.
Or you could go to the airport, borrow a bare-bones PDA at the ticket counter, and get directions to your gate and up-to-the-second updates on your flight status. Hand it back at boarding.
I'm fine with it, with the right ethical and legal guidelines. First of all, no one should have an RFID tag on his person without an explicit notice (I'd make an exception for one planted under a legally-obtained warrant). That notice should include the specific uses for the data collected and have an opt-out option.
I wouldn't support implanting RFID in a human body. I wouldn't support its use in secret, with exceptions for criminal investigations under a warrant, same as with wiretaps, bugs, hidden cameras, and GPS tracking.
I certainly do not disagree that RFID can be useful -- in the right place
The Main Idea that I am looking at in this thread is that i think we should look carefully at the possibilities available to criminal use when we consider deploying a new technology
To gleefully start putting a new technology into service in every way that is available without first considering criminal security risks associated with each use, is, well -- careless, at best
How much data will be stored in the RFID? If a thief steals it with a portable transponder will he acquire enough data to use in some illegal manner?
Again, the main thing I'm saying in this thread is that we need to carefully review the possible criminal use of a technology before we gleefully deploy it all around the country
as I point out in my example, this was not done for remote software update capabilities for computers and this has resulted in and epidemic of insidious computer crime
There is hope though. Congress has passed laws already regarding computer crime with more on the way -- in particular HR.964. The formation of the Authentication and Online Trust Alliance for example, shows a wide-spread industry concern over the issue of computer security, generally
The recently published book GEEKONOMICS by David Rice provides much insight into how we got where were are and where we need to go with respect to computer systems and network security management. Quickly, the software business has taken about 50 years to develop. But the time has come to treat software as engineering instead of as a black art and with this change we will assert some level of expectations and back that up with product liability -- just as we do for most of the products sold and used in the country today.
I agree with the theme of David's book. I like the provisions in HR.964. And I think that as a minimum product liability for software manufacture and maintenance must enable us to enforce the provisions in HR.964
I do think that I'm still responsible for what I do with my computer: if I add up a report wrong and turn it in to my boss that's my woops -- not the software mfr. But when I send my report to my boss if the software also transmits a copy of my report to some gumshoe in Chicago without my knowledge that is a product liability issue for the software mfr.
Think about this: if you have a RAT (remote administrative trojan) in your computer HTTPS is meaningless.
All of us have a right to clean computers where clean means running only the software intentionally installed byt the user