CASPIAN NEWSLETTER, 2/5/05: RFID & CONSUMER PRIVACY HEADLINES
Consumer privacy and RFID newsletter
Edited by Sunni Maravillosa and Katherine Albrecht
1- CASPIAN uncovers U.S. government RFID promotion scheme
2- Hacking RFID keys and passes for fun and profit
3- Safeway card record implicates innocent man
4- Abercrombie & Fitch plays with RFID fire
5- Procter & Gamble to buy Gillette
6- P&G wants you to microchip your pet
7- Give Piggly Wiggly, other privacy-poachers "the finger"
8- Hey, Gap! Is that a security camera or a sleazy spy cam?
9- Privacy disconnect between customers, retailers
10- No privacy when driving your car
11- Building surveillance into roads with RF motes
12- Scottish bar offers to chip patrons
13- More kids (and parents?) to be chipped
14- Opposition grows over plan to track California school kids
15- Casino chips coded with gambler ID information
16- CRM gems
CASPIAN ACTIVISTS UPDATE
1- CASPIAN in the news
2- CASPIAN members sound off
3- Volunteer Corner
CASPIAN UNCOVERS U.S. GOVERNMENT RFID PROMOTION SCHEME
Have you wondered why the U.S. Government seems so keen on RFID lately?
CASPIAN may have found the answer in the form of a General Services
Administration (GSA) bulletin issued last month that encourages heads of
federal agencies to "advance the industry." The GSA is a federal agency
that manages purchasing administration for other federal agencies.
In Bulletin "B-7 Radio Frequency Identification," the GSA encourages
government agencies "to consider action that can be taken to advance the
[RFID] industry by demonstrating the long-term intent of the agency to
adopt RFID technological solutions." In addition, the document specifies
that "agencies need to determine how to best implement RFID technology
on current or proposed contracts, grants, and cooperative agreements."
Buying needed equipment is one thing. Finding excuses to purchase and
promote controversial technology at taxpayer expense is another. This is
See our press release for further details:
HACKING RFID KEYS AND PASSES FOR FUN AND PROFIT
Researchers have cracked an RFID encryption algorithm that's used in
"high-security" car keys and the Exxon Mobil SpeedPass payment system.
This technology, from Texas Instruments, is at the heart of almost 160
million vehicle keys and SpeedPasses. A full report on the hack has been
posted online. So much for the industry's promises that encryption will
protect the data contained on RFID tags.
Meanwhile, the State Department is proceeding with plans to embed RFID
chips in U.S. passports, and the Department of Homeland Security says it
will begin issuing RFID tags to foreign visitors under the US-VISIT
program. Will these be secure? Not from what we're hearing so far.
Information Week, 1/25/05
SAFEWAY CARD RECORDS IMPLICATE INNOCENT MAN
Sometimes you just have to say, "We told you so." It turns out that
Washington firefighter Phil Lyons, accused of setting fire to his own
home, was innocent all along. A firestarter bearing a Safeway wrapper
was found at his home, where a fire had been set. When authorities
combed his Safeway "Club Card" record, they found a firestarter purchase
and promptly arrested him. He was not exonerated until five months later
when another individual confessed to the crime.
Can you be sure your purchase history won't be used against you?
Source: Computer Bytes Man
ABERCROMBIE & FITCH PLAYS WITH RFID FIRE
Remember the creepy, RFID-tagged clothing labels CASPIAN found a few
months back? Abercrombie & Fitch (A&F) has owned up to "looking into"
using RFID tags on its merchandise. Of course, the company knows it is
playing with fire, considering the overwhelming consumer opposition to
the use of RFID tags on clothing. A&F executive Neco Can advises other
companies as follows:
"If you [do an RFID pilot], you should talk with people...go
and talk to Caspian so you don't become the target."
The strange part is that we've not heard a word from Abercrombie &
Fitch. Does that round A&F logo look like a bullseye to you?
PROCTER & GAMBLE TO BUY GILLETTE
Tired of loathing Procter & Gamble and Gillette separately? Soon you can
loathe them together, since they're about to become the world's largest
consumer product company.
Business analysts say that P&G's purchase of Gillette will give P&G
"more leverage" against other mega-corporations like Wal-Mart. But the
real loser may be consumers. These companies have been working in tandem
to fuel RFID adoption for years. This deal doesn't bode well for us.
On a lighter note, the news of the proposed merger caused one CASPIAN
staffer to quip: P&G + (Gi)llette = Piglette. *laugh* Maybe "the mother
of all hogs" would be more accurate.
Source: Daytona Beach News-Journal, 1/29/05
P&G WANTS YOU TO MICROCHIP YOUR PET
With its tentacles reaching into so many areas of our lives, an enormous
company like Procter & Gamble can push an agenda on several fronts at
once. That's clearly the case with RFID.
Iams and Eukanuba -- pricey, upscale brands of pet food -- are among the
hundreds of brands P&G owns. According to Pet Age and Space Daily, Iams
is donating 30,000 microchip scanners worth a whopping $5 million to
animal shelters and veterinarians across the US to encourage Americans
to chip their pets.
Space Daily says:
"The chipping of pets and other animals...is most popular in Europe,
where upwards of 25 percent of pet owners in some countries are said to
have had veterinarians outfit their beloved beasts with the electronic
tracking device....In the United States, however, only about 5 percent
of pet owners have opted for the wireless technology. 'That's not
acceptable,' [said one pet health care executive]." .... The hope is to
induce the marketplace to create better RFID technology, to encourage
competition in the marketplace and help develop a single scanner that
can read all types of RFID chips."
P&G probably figures that injecting an RFID chip into the family pet
will make people less likely to object when the company tries to slip
RFID tags into their toothpaste.
Of course, that $5 million cash infusion will be a big boost for the
RFID industry, courtesy of Iams customers. (Another reminder to spend
your money wisely, folks.) And on a final odd note, though we combed the
Iams website for a reference to their pro-RFID generosity, we couldn't
find a single mention there.
Sources: Pet Age, 11/04
Space Daily, 1/05
GIVE PIGGLY WIGGLY, OTHER PRIVACY-POACHERS "THE FINGER"
"Customers love to give the finger to Piggly Wiggly," claims an article
fawning over the southern grocery chain's expansion of its Pay By Touch
system. The system links shoppers' fingerprints to their financial
accounts, so they can pay for groceries with a finger scan. Because no
one protested the practice when it first came out, it's expanding to
even more Piggly Wiggly stores.
Meanwhile, Fred Meyer stores -- a division of Kroger -- has announced a
new "rewards" card that offers a rebate on purchases. Since the rebate
is mailed to you, Fred Meyer will not only get your purchase history,
but your valid mailing address, too. Like everything else, rebates have
to be paid for, so you can bet prices will be going up at Fred Meyer to
Macy's Department Store is getting in on the act, too, with a new
"customer loyalty program" called Star Rewards. As the news report put
it, "All active customers in all five Macy's divisions are being
enrolled automatically in the new program." Gee, thanks, guys.
Finally, a company called ViVOtech has come out with a card that
"combines RFID technology with retail customer loyalty and pre-paid/gift
programmes," so customers can "use a single card for both payments and
loyalty scheme memberships." It's just about everything we hate rolled
into one card.
Maybe consumers should take take a cue from Piggly Wiggly and give all
these privacy-invading companies the finger. The old-fashioned way, that
Crypto-Gram Newsletter, 8/15/98
(Log in using http://www.bugmenot.com/ if necessary)
HEY GAP! IS THAT A SECURITY CAMERA OR A SLEAZY SPY CAM?
You've seen a million of 'em -- store cameras peering down on you from
every angle. But did you know those cameras may be gathering more than
just security information? Increasingly, they are being used for "video
mining" -- videotaping individuals and recording their every move as
they walk through stores. It's not about preventing theft; it's it's
about studying your behavior for marketing purposes.
Among the stores that engage in this practice are: Gap Stores, Banana
Republic, Limited stores, Victoria's Secret, Payless Shoes, and American
Eagle Outfitters. The article, originally printed in the Wall Street
Journal, has a nice quote from Katherine, who explains how amazed
consumers are to learn that such "corporate stalking" is not illegal.
The State, 12/23/04
PRIVACY DISCONNECT BETWEEN CUSTOMERS, RETAILERS
All this spying can't be good for retailers' relationships with
consumers. But is it possible they really don't know know how much we
hate it? A recent study on "customer service priorities," announced by
the National Retail Federation, indicates that may be the case.
Researchers asked consumers what they want from a store. Then they asked
retailers what they *think* consumers want. And guess what? The
retailers got it wrong.
Apparently, retailers overestimate the importance of "employee
education" and personal interaction with customers, but underestimate
the value of accurate pricing, adequate staffing, and -- you guessed it
-- keeping customer information private. On that last item, 73% of
consumers rated consumer privacy as "extremely important." However, only
59% of the 241 retailers surveyed said consumers would think it was such
a high priority.
Apparently, we consumers need to a better job of making our priorities
Source: National Retail Federation, 1/18/05
NO PRIVACY WHEN DRIVING YOUR CAR
When police hid a GPS device on Robert Moran's car and used it to track
his whereabouts, he argued they had violated his Fourth Amendment
rights. However, a judge ruled that Moran "had no expectation of privacy
in the whereabouts of his vehicle on a public roadway, thus there was no
search or seizure and no Fourth Amendment implications in the use of the
GPS device." That's right, folks, if you're in the U.S., police can
apparently now tag and track your car without a court order.
The CRM market research crowd must be jumping for joy at this news.
Their argument that "you have no expectation of privacy" in stores and
restaurants is their justification for spying on you there already. How
long before the "ultimate customer intelligence" package, complete with
GPS travel surveillance, enables businesses to know "even more" about
Source: Boston Globe, 1/17/05
BUILDING SURVEILLANCE INTO ROADS WITH RF MOTES
Speaking of car tracking, have you heard of "motes"? They're wireless
sensor devices slated to be integrated into roads, bridges, ships, and
more if the U.S. government has its way. SAIC, a U.S. government
contractor, is working on outfitting the U.S. border with a network of
sensors that it claims will be able to detect "illegal crossings of
people or vehicles."
Of course, sensors that can detect border crossings will be able to
detect cars and people in other places, too, like parking lots, store
entrances, and more. Oppressive governments could use such ubiquitous
sensor technology to punish critics, activists, or political opponents.
And, of course, marketers and data miners would have a field day with
anything that makes it easier to spy on customers.
Source: Information Week, 1/24/05
SCOTTISH BAR OFFERS TO CHIP PATRONS
A Glasgow bar is the latest night spot to offer implanted microchips as
a "cutting edge" alternative to cash and credit cards. The bar owner
says the chip lets him "reward loyal customers" (where have we heard
that before?), though he fails to explain how using a massive hypodermic
needle to inject a glass RFID capsule into a patron's arm constitutes a
Here's hoping the Scottish descendants of such freedom-minded
individuals as William Wallace (the protagonist of the "Braveheart"
movie) will see this Orwellian technology for what it is.
The Guardian, 1/16/05
William Wallace educational site:
MORE KIDS (AND PARENTS?) TO BE CHIPPED
The BBC reports that "Parents who refuse to allow former partners
contact with their children could be electronically tagged under plans
being considered by ministers." That's a pretty severe measure to take
against parents whose only crime is arguing with each other over custody
rulings. We doubt this tagging will actually happen, but the fact that
it's even being discussed is disturbing.
Meanwhile, U.S. taxpayers are paying for a program to use RFID cards to
track kids in Chilton County, Alabama. It's part of a "model school"
trial being run by the Department of Homeland Security.
Think it's awful? Email your opinion to the school superintendent:
Superintendent Mildred Ellison: email@example.com
Clanton AL Advertiser, 1/27/05
OPPOSITION GROWS OVER PLAN TO TAG CALIFORNIA SCHOOL KIDS
If you are in the Sacramento/Sutter area or San Antonio, Texas, we need
your help to combat mandatory child-tagging in schools.
The Brittan school in Sutter, California is running a trial that
requires school children to wear RFID tags around their necks. Linked to
readers in classrooms and throughout the school, the system is designed
to pinpoint students' locations, allowing the school to monitor kids at
As you can imagine, parents are outraged, and some have begun to fight
back. In response to growing criticism, School Superintendent/Principal
Earnie Graham blustered:
"It's not an option," Graham said. "(The badge) is just like a
textbook, you have to have it. I'm charged with running the school
district and I get to make those kinds of rules."
(Doesn't he strike you as exactly the kind of guy who *would* put an
RFID tag on kids?)
Evan Hendricks of Privacy Times has written a report on this outrageous
scheme in his latest newsletter. He's offered it for free to CASPIAN
members (it's normally available to subscribers only) here:
Please contact Evan Hendricks (firstname.lastname@example.org) if you'd like to
Marysville CA Appeal-Democrat, 1/28/05 (Subscription required)
Principal Earnie Graham's email address: EarnieG@brittan.k12.ca.us
CASINO CHIPS CODED WITH GAMBLER ID INFORMATION
We've heard about casinos using RFID-chipped betting chips. But how
about ones that are coded with the gambler's identification
Source: Yahoo News, 1/27/05
The Consumer Relationship Management (CRM) people keep handing us such
outrageous stuff that we just have to share it with you. The latest
issue of CRM eWeekly prods companies to switch from keypad menus ("press
two for sales") to voice menus ("please say 'sales' at the tone").
Personally, we think making people talk to machines would be an
unnecessary and expensive "upgrade." But the ironic part of this story
is that the html newsletter itself contained a web bug! As Katherine
said, "So wow, they're even spying on each other. I guess there's no
honor among thieves. Er, I mean 'CRM professionals.'"
Sunni did some digging around the CRMGuru web site and found that the
latest thing in CRM is something called "CEM" -- Customer Experience
Management. Yes, your "sensate experiences" must be enriched by these
self-appointed gurus, so you can become a "brand advocate." Sunni offers
some pointed advice to manufacturers and retailers by way of response,
in a lengthy blog entry that has several links and some juicy new quotes
from the CRMGuru site.
Web Bug FAQ at EFF
Sunni's blog entry:
CASPIAN STAFF AND MEMBER NEWS
CASPIAN member Steve Sutton sends us notice of a different strategy for
dealing with the companies that are trying to chip and track everything
and everyone. To read about it, see his essay at Village Hampden:
CASPIAN IN THE NEWS
Katherine has been busy with interviews in England, Scotland, Hungary,
Belgium, Jamaica, and the Netherlands, in addition to the usual round of
radio and television appearances. CASPIAN's Tesco boycott has also
gotten a lot of press in the UK, some of which we've posted on the
BoycottTesco web site:
CASPIAN MEMBERS SOUND OFF
Tesco is taking heat for its RFID involvement.
Here are some notes from the front lines:
"I am disgusted by the use of RFID technology in end-user products. ....
An hour ago I thought it was just Gillette we had to worry about for the
moment. I have since discovered that I must now boycott Tesco's as well!
- Anonymous, England
"Best wishes in your campaigns from a loyalty card hater (cheap way for
supermarkets to get data), RFID detester!, Tesco disliker etc" -
"Keep it up. Tesco is becoming a monopoly and is being allowed to get
away with it." - Anonymous
"We have shopped in your stores for years BUT from this date I will
never buy anything from one of your stores until TESCO states that all
this RFID will be stopped." - Anonymous
Ready to roll up your sleeves and pitch in?
Here are some suggestions:
1. SEND A MESSAGE TO ABERCROMBIE & FITCH: No RFID tags in clothes!
2. KEEP UP THE PRESSURE ON GILLETTE (AND NOW, P&G):
3. JOIN THE TESCO PROTEST AND BOYCOTT
4. WRITE LETTERS TO THE SCHOOLS TAGGING CHILDREN:
Sutter, California school:
Principal Earnie Graham -- EarnieG@brittan.k12.ca.us
Chilton, Alabama county schools:
Superintendent Mildred Ellison -- email@example.com
You may also wish to send a letter to your local school board,
superintendent, and principal, letting them know that you will oppose
any plan to tag and track your child.
5. FAMILIARIZE YOURSELF WITH P&G PRODUCTS. THEN STOP BUYING THEM.
CASPIAN: Consumers Against Supermarket Privacy Invasion and Numbering
Opposing supermarket "loyalty" cards and other retail surveillance
schemes since 1999
You're welcome to duplicate and distribute this message to others who
may find it of interest.