Archive
PRIVACYnotes #1
PRIVACYnotes #2
PRIVACYnotes #3
PRIVACYnotes #4
PRIVACYnotes #5
PRIVACYnotes #6
PRIVACYnotes #7
PRIVACYnotes #8
PRIVACYnotes #9
PRIVACYnotes #10
PRIVACYnotes #11
PRIVACYnotes #12
PRIVACYnotes #13
PRIVACYnotes #14
PRIVACYnotes #15
PRIVACYnotes #16
PRIVACYnotes #17
PRIVACYnotes #18
PRIVACYnotes #19
PRIVACYnotes #20
PRIVACYnotes #21
PRIVACYnotes #22
PRIVACYnotes #23
PRIVACYnotes #24
PRIVACYnotes #25
PRIVACYnotes #26
PRIVACYnotes #27
PRIVACYnotes #28
PRIVACYnotes #29
PRIVACYnotes #30
PRIVACYnotes #31
PRIVACYnotes #32
PRIVACYnotes #33
PRIVACYnotes #34
PRIVACYnotes #35
PRIVACYnotes #36
PRIVACYnotes #37
PRIVACYnotes #38
PRIVACYnotes #39
PRIVACYnotes #40
PRIVACYnotes #41
HIPAA
|
RFID Site Security Gaffe Uncovered by Consumer Group
RFID Site Begins Damage Control
As Auto-ID Center pulls docs, CASPIAN directs citizens to a mirror
site
July 7, 2003 15:51 EST
CASPIAN revealed this morning that anyone could download documents
labeled "confidential" from the home page of the MIT Auto-ID
Center. The Auto-ID Center is the organization entrusted with developing
a global Internet infrastructure for radio frequency identification
(RFID), online at http://www.autoidcenter.org.
"In a damage control effort, the Center appears to be pulling
embarrassing documents," says Katherine Albrecht, CASPIAN Founder
and Director. "Within hours of our press release, a search
for 'confidential' documents returned only 13 unremarkable items.
This number has been fluctuating throughout the day as the Center
scrambles to plug its security holes. Prior to the press release,
68 'confidential' documents were available."
Several members of the Internet community mirrored the documents
found on Center's web site at www.autoidcenter.org before the site
was secured. One such mirror can be found at:
http://www.cryptome.org/rfid-docs.htm.
"It's about time for the Auto-ID Center to secure its web site,"
says
Albrecht. "Hundreds of confidential and embarrassing internal
documents
have been readily available at the web site at least since March
when we first stumbled onto them."
BELOW IS THE ORIGINAL RELEASE
FOR IMMEDIATE RELEASE
July 7, 2003
RFID Site Security Gaffe Uncovered by Consumer Group CASPIAN asks,
"How can we trust these people with our personal data?"
CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering)
says anyone can download revealing documents labeled "confidential"
from the home page of the MIT Auto-ID Center web site in two mouse
clicks.
The Auto-ID Center is the organization entrusted with developing
a global Internet infrastructure for radio frequency identification
(RFID). Their plans are to tag all the objects manufactured on the
planet with RFID chips and track them via the Internet.
Privacy advocates are alarmed about the Center's plans because RFID
technology could enable businesses to collect an unprecedented amount
of information about consumers' possessions and physical movements.
They point out that consumers might not even know they're being
surveilled since tiny RFID chips can be embedded in plastic, sewn
into the seams of garments, or otherwise hidden.
"How can we trust these people with securing sensitive consumer
information if they can't even secure their own web site?"
asks CASPIAN Founder and Director Katherine Albrecht.
"It's ironic that the same people who assure us that our private
data will be safe because 'Internet security is very good, and it
offers a strong layer of protection'
http://www.autoidcenter.com/new_media/media_kit/questions_answers.pdf
would provide such a compelling demonstration to the contrary,"
she added.
Among the "confidential" documents available on the web
site are slide shows discussing the need to "pacify" citizens
who might question the wisdom of the Center's stated goal to tag
and track every item on the planet
http://www.autoidcenter.com/media/communications.pdf
along with findings that 78% of surveyed consumers feel RFID is
negative for privacy and 61% fear its health consequences
http://www.autoidcenter.org/media/pk-fh.pdf
PR firm Fleischman-Hillard's confidential "Managing External
Communications" suggests a variety of strategies to help the
Auto-ID Center "drive adoption" and "neutralize opposition,"
including the possibility of renaming the tracking devices "green
tags." It also lists by name several key lawmakers, privacy
advocates, and others whom it hopes to "bring into the Center's
'inner circle'"
http://www.autoidcenter.com/media/external_comm.pdf
Despite the overwhelming evidence of negative consumer attitudes
toward RFID technology revealed in its internal documents, the Auto-ID
Center hopes that consumers will be "apathetic" and "resign
themselves to the inevitability of it" instead of acting on
their concerns
http://www.autoidcenter.com/publishedresearch/cam-autoid-eb002.pdf
Consumer citizens who are not feeling apathetic will be pleased
to learn that the site provides names and contact information for
the corporate executives who oversee the Center's efforts. Since
the phone list isn't labeled "confidential," we're assuming
that Auto-ID Center Board members are open to calls and mail that
might help them better understand public opinion on this important
subject.
Anyone interested in speaking with Dick Cantwell, the Gillette VP
who heads the Center's Board of Overseers, for example, can find
his direct office number listed on the Auto-ID Center's website
here:
http://www.autoidcenter.com/uploads/226691160-list_board_of_overseers.pdf
mirrored at:
http://cryptome.org/rfid/226691160-list_board_of_overseers.pdf
To experience the Auto-ID Center's security holes firsthand, simply
visit the web site at http://www.autoidcenter.org and type "confidential"
in the site search box. The Center encourages such site exploration:
"Our website has Research Papers and other information that
anyone can download for free. There is also a Sponsors Only area
of the site, which includes information and materials not available
to the public at large. We encourage you to visit our site frequently
to stay up to date with the Center's many activities."
Following are other examples of sensitive documents available at
the site:
February 27, 2003 Board minutes:
http://www.autoidcenter.com/media/feb03_board/joint_minutes_feb03.pdf
ONS server schematics:
http://www.autoidcenter.com/media/feb03_board/oatsystems.pdf
EMS documentation:
http://www.autoidcenter.com/media/software.pdf
Documentation of RFID field tests:
http://www.autoidcenter.com/media/field_test_nov02.pdf
These documents and many more have been mirrored in several places,
including the Cryptome website at: http://www.cryptome.org/rfid-docs.htm
Note: The Cryptome website contains links to all 68 documents that
appeared when the word "Confidential" was typed into the
Auto-ID Center's search engine the morning of July 7, 2003. Consumers
Against Supermarket Privacy Invasion and Numbering (CASPIAN)
is a grass-roots consumer group fighting retail surveillance schemes
since 1999. With members in all 50 U.S. states and 15 nations across
the globe, CASPIAN seeks to educate consumers about marketing strategies
that invade their privacy and to encourage privacy-conscious shopping
habits across the retail spectrum.
For more information about CASPIAN, visit http://www.nocards.org.
Katherine Albrecht, CASPIAN Founder and Director: kma@nocards.org
Mary Starrett, CASPIAN Media Associate: media@nocards.org
###
=========================================================
CASPIAN - Consumers Against Supermarket Privacy Invasion and Numbering
A national consumer organization opposing supermarket "loyalty"
cards and other retail surveillance schemes since 1999 http://www.nocards.org
We encourage you to duplicate and distribute this message to others.
==========================================================
|
|