Betreff: CASPIAN NEWSLETTER, 2/5/05: RFID & Consumer Privacy Headlines
Von: CASPIAN Newsletter
Datum: Sat, 05 Feb 2005 16:39:31 -0500


Consumer privacy and RFID newsletter
Edited by Sunni Maravillosa and Katherine Albrecht

1- CASPIAN uncovers U.S. government RFID promotion scheme
2- Hacking RFID keys and passes for fun and profit
3- Safeway card record implicates innocent man
4- Abercrombie & Fitch plays with RFID fire
5- Procter & Gamble to buy Gillette
6- P&G wants you to microchip your pet
7- Give Piggly Wiggly, other privacy-poachers "the finger"
8- Hey, Gap! Is that a security camera or a sleazy spy cam?
9- Privacy disconnect between customers, retailers
10- No privacy when driving your car
11- Building surveillance into roads with RF motes
12- Scottish bar offers to chip patrons
13- More kids (and parents?) to be chipped
14- Opposition grows over plan to track California school kids
15- Casino chips coded with gambler ID information
16- CRM gems

1- CASPIAN in the news
2- CASPIAN members sound off
3- Volunteer Corner


Have you wondered why the U.S. Government seems so keen on RFID lately?
CASPIAN may have found the answer in the form of a General Services
Administration (GSA) bulletin issued last month that encourages heads of
federal agencies to "advance the industry." The GSA is a federal agency
that manages purchasing administration for other federal agencies.

In Bulletin "B-7 Radio Frequency Identification," the GSA encourages
government agencies "to consider action that can be taken to advance the
[RFID] industry by demonstrating the long-term intent of the agency to
adopt RFID technological solutions." In addition, the document specifies
that "agencies need to determine how to best implement RFID technology
on current or proposed contracts, grants, and cooperative agreements."

Buying needed equipment is one thing. Finding excuses to purchase and
promote controversial technology at taxpayer expense is another. This is

See our press release for further details: Document here: ===================================================================== HACKING RFID KEYS AND PASSES FOR FUN AND PROFIT ===================================================================== Researchers have cracked an RFID encryption algorithm that's used in "high-security" car keys and the Exxon Mobil SpeedPass payment system. This technology, from Texas Instruments, is at the heart of almost 160 million vehicle keys and SpeedPasses. A full report on the hack has been posted online. So much for the industry's promises that encryption will protect the data contained on RFID tags. Meanwhile, the State Department is proceeding with plans to embed RFID chips in U.S. passports, and the Department of Homeland Security says it will begin issuing RFID tags to foreign visitors under the US-VISIT program. Will these be secure? Not from what we're hearing so far. Sources: SecurityFocus, 1/31/05 RFID Analysis Slashdot, 1/30/05 Information Week, 1/25/05 ===================================================================== SAFEWAY CARD RECORDS IMPLICATE INNOCENT MAN ===================================================================== Sometimes you just have to say, "We told you so." It turns out that Washington firefighter Phil Lyons, accused of setting fire to his own home, was innocent all along. A firestarter bearing a Safeway wrapper was found at his home, where a fire had been set. When authorities combed his Safeway "Club Card" record, they found a firestarter purchase and promptly arrested him. He was not exonerated until five months later when another individual confessed to the crime. Can you be sure your purchase history won't be used against you? Source: Computer Bytes Man ===================================================================== ABERCROMBIE & FITCH PLAYS WITH RFID FIRE ===================================================================== Remember the creepy, RFID-tagged clothing labels CASPIAN found a few months back? Abercrombie & Fitch (A&F) has owned up to "looking into" using RFID tags on its merchandise. Of course, the company knows it is playing with fire, considering the overwhelming consumer opposition to the use of RFID tags on clothing. A&F executive Neco Can advises other companies as follows: "If you [do an RFID pilot], you should talk with people...go and talk to Caspian so you don't become the target." The strange part is that we've not heard a word from Abercrombie & Fitch. Does that round A&F logo look like a bullseye to you?, 1/25/05,3800002220,39127337,00.htm Our photos: Controversy: ===================================================================== PROCTER & GAMBLE TO BUY GILLETTE ===================================================================== Tired of loathing Procter & Gamble and Gillette separately? Soon you can loathe them together, since they're about to become the world's largest consumer product company. Business analysts say that P&G's purchase of Gillette will give P&G "more leverage" against other mega-corporations like Wal-Mart. But the real loser may be consumers. These companies have been working in tandem to fuel RFID adoption for years. This deal doesn't bode well for us. On a lighter note, the news of the proposed merger caused one CASPIAN staffer to quip: P&G + (Gi)llette = Piglette. *laugh* Maybe "the mother of all hogs" would be more accurate. Source: Daytona Beach News-Journal, 1/29/05 ===================================================================== P&G WANTS YOU TO MICROCHIP YOUR PET ===================================================================== With its tentacles reaching into so many areas of our lives, an enormous company like Procter & Gamble can push an agenda on several fronts at once. That's clearly the case with RFID. Iams and Eukanuba -- pricey, upscale brands of pet food -- are among the hundreds of brands P&G owns. According to Pet Age and Space Daily, Iams is donating 30,000 microchip scanners worth a whopping $5 million to animal shelters and veterinarians across the US to encourage Americans to chip their pets. Space Daily says: "The chipping of pets and other most popular in Europe, where upwards of 25 percent of pet owners in some countries are said to have had veterinarians outfit their beloved beasts with the electronic tracking device....In the United States, however, only about 5 percent of pet owners have opted for the wireless technology. 'That's not acceptable,' [said one pet health care executive]." .... The hope is to induce the marketplace to create better RFID technology, to encourage competition in the marketplace and help develop a single scanner that can read all types of RFID chips." P&G probably figures that injecting an RFID chip into the family pet will make people less likely to object when the company tries to slip RFID tags into their toothpaste. Of course, that $5 million cash infusion will be a big boost for the RFID industry, courtesy of Iams customers. (Another reminder to spend your money wisely, folks.) And on a final odd note, though we combed the Iams website for a reference to their pro-RFID generosity, we couldn't find a single mention there. Sources: Pet Age, 11/04 Space Daily, 1/05


"Customers love to give the finger to Piggly Wiggly," claims an article
fawning over the southern grocery chain's expansion of its Pay By Touch
system. The system links shoppers' fingerprints to their financial
accounts, so they can pay for groceries with a finger scan. Because no
one protested the practice when it first came out, it's expanding to
even more Piggly Wiggly stores.

Meanwhile, Fred Meyer stores -- a division of Kroger -- has announced a
new "rewards" card that offers a rebate on purchases. Since the rebate
is mailed to you, Fred Meyer will not only get your purchase history,
but your valid mailing address, too. Like everything else, rebates have
to be paid for, so you can bet prices will be going up at Fred Meyer to

Macy's Department Store is getting in on the act, too, with a new
"customer loyalty program" called Star Rewards. As the news report put
it, "All active customers in all five Macy's divisions are being
enrolled automatically in the new program." Gee, thanks, guys.

Finally, a company called ViVOtech has come out with a card that
"combines RFID technology with retail customer loyalty and pre-paid/gift
programmes," so customers can "use a single card for both payments and
loyalty scheme memberships." It's just about everything we hate rolled
into one card.

Maybe consumers should take take a cue from Piggly Wiggly and give all
these privacy-invading companies the finger. The old-fashioned way, that

Colloquy, 1/17/05 Crypto-Gram Newsletter, 8/15/98 PRNewswire, 1/29/05 DMNews, 1/21/05 UsingRFID, 1/28/05 (Log in using if necessary)


You've seen a million of 'em -- store cameras peering down on you from
every angle. But did you know those cameras may be gathering more than
just security information? Increasingly, they are being used for "video
mining" -- videotaping individuals and recording their every move as
they walk through stores. It's not about preventing theft; it's it's
about studying your behavior for marketing purposes.

Among the stores that engage in this practice are: Gap Stores, Banana
Republic, Limited stores, Victoria's Secret, Payless Shoes, and American
Eagle Outfitters. The article, originally printed in the Wall Street
Journal, has a nice quote from Katherine, who explains how amazed
consumers are to learn that such "corporate stalking" is not illegal.

The State, 12/23/04 ===================================================================== PRIVACY DISCONNECT BETWEEN CUSTOMERS, RETAILERS ===================================================================== All this spying can't be good for retailers' relationships with consumers. But is it possible they really don't know know how much we hate it? A recent study on "customer service priorities," announced by the National Retail Federation, indicates that may be the case. Researchers asked consumers what they want from a store. Then they asked retailers what they *think* consumers want. And guess what? The retailers got it wrong. Apparently, retailers overestimate the importance of "employee education" and personal interaction with customers, but underestimate the value of accurate pricing, adequate staffing, and -- you guessed it -- keeping customer information private. On that last item, 73% of consumers rated consumer privacy as "extremely important." However, only 59% of the 241 retailers surveyed said consumers would think it was such a high priority. Apparently, we consumers need to a better job of making our priorities clear. Source: National Retail Federation, 1/18/05 ===================================================================== NO PRIVACY WHEN DRIVING YOUR CAR ===================================================================== When police hid a GPS device on Robert Moran's car and used it to track his whereabouts, he argued they had violated his Fourth Amendment rights. However, a judge ruled that Moran "had no expectation of privacy in the whereabouts of his vehicle on a public roadway, thus there was no search or seizure and no Fourth Amendment implications in the use of the GPS device." That's right, folks, if you're in the U.S., police can apparently now tag and track your car without a court order. The CRM market research crowd must be jumping for joy at this news. Their argument that "you have no expectation of privacy" in stores and restaurants is their justification for spying on you there already. How long before the "ultimate customer intelligence" package, complete with GPS travel surveillance, enables businesses to know "even more" about their customers? Source: Boston Globe, 1/17/05 ====================================================================== BUILDING SURVEILLANCE INTO ROADS WITH RF MOTES ====================================================================== Speaking of car tracking, have you heard of "motes"? They're wireless sensor devices slated to be integrated into roads, bridges, ships, and more if the U.S. government has its way. SAIC, a U.S. government contractor, is working on outfitting the U.S. border with a network of sensors that it claims will be able to detect "illegal crossings of people or vehicles." Of course, sensors that can detect border crossings will be able to detect cars and people in other places, too, like parking lots, store entrances, and more. Oppressive governments could use such ubiquitous sensor technology to punish critics, activists, or political opponents. And, of course, marketers and data miners would have a field day with anything that makes it easier to spy on customers. Source: Information Week, 1/24/05 ===================================================================== SCOTTISH BAR OFFERS TO CHIP PATRONS ===================================================================== A Glasgow bar is the latest night spot to offer implanted microchips as a "cutting edge" alternative to cash and credit cards. The bar owner says the chip lets him "reward loyal customers" (where have we heard that before?), though he fails to explain how using a massive hypodermic needle to inject a glass RFID capsule into a patron's arm constitutes a "reward." Here's hoping the Scottish descendants of such freedom-minded individuals as William Wallace (the protagonist of the "Braveheart" movie) will see this Orwellian technology for what it is. Sources: The Guardian, 1/16/05,6903,1391545,00.html William Wallace educational site: ===================================================================== MORE KIDS (AND PARENTS?) TO BE CHIPPED ===================================================================== The BBC reports that "Parents who refuse to allow former partners contact with their children could be electronically tagged under plans being considered by ministers." That's a pretty severe measure to take against parents whose only crime is arguing with each other over custody rulings. We doubt this tagging will actually happen, but the fact that it's even being discussed is disturbing. Meanwhile, U.S. taxpayers are paying for a program to use RFID cards to track kids in Chilton County, Alabama. It's part of a "model school" trial being run by the Department of Homeland Security. Think it's awful? Email your opinion to the school superintendent: Superintendent Mildred Ellison: Sources: BBC, 1/18/05 Clanton AL Advertiser, 1/27/05 ===================================================================== OPPOSITION GROWS OVER PLAN TO TAG CALIFORNIA SCHOOL KIDS ===================================================================== If you are in the Sacramento/Sutter area or San Antonio, Texas, we need your help to combat mandatory child-tagging in schools. The Brittan school in Sutter, California is running a trial that requires school children to wear RFID tags around their necks. Linked to readers in classrooms and throughout the school, the system is designed to pinpoint students' locations, allowing the school to monitor kids at all times. As you can imagine, parents are outraged, and some have begun to fight back. In response to growing criticism, School Superintendent/Principal Earnie Graham blustered: "It's not an option," Graham said. "(The badge) is just like a textbook, you have to have it. I'm charged with running the school district and I get to make those kinds of rules." (Doesn't he strike you as exactly the kind of guy who *would* put an RFID tag on kids?) Evan Hendricks of Privacy Times has written a report on this outrageous scheme in his latest newsletter. He's offered it for free to CASPIAN members (it's normally available to subscribers only) here: Please contact Evan Hendricks ( if you'd like to
get involved.


Marysville CA Appeal-Democrat, 1/28/05 (Subscription required) Principal Earnie Graham's email address: ===================================================================== CASINO CHIPS CODED WITH GAMBLER ID INFORMATION ===================================================================== We've heard about casinos using RFID-chipped betting chips. But how about ones that are coded with the gambler's identification information? Source: Yahoo News, 1/27/05 ===================================================================== CRM GEMS ===================================================================== The Consumer Relationship Management (CRM) people keep handing us such outrageous stuff that we just have to share it with you. The latest issue of CRM eWeekly prods companies to switch from keypad menus ("press two for sales") to voice menus ("please say 'sales' at the tone"). Personally, we think making people talk to machines would be an unnecessary and expensive "upgrade." But the ironic part of this story is that the html newsletter itself contained a web bug! As Katherine said, "So wow, they're even spying on each other. I guess there's no honor among thieves. Er, I mean 'CRM professionals.'" Sunni did some digging around the CRMGuru web site and found that the latest thing in CRM is something called "CEM" -- Customer Experience Management. Yes, your "sensate experiences" must be enriched by these self-appointed gurus, so you can become a "brand advocate." Sunni offers some pointed advice to manufacturers and retailers by way of response, in a lengthy blog entry that has several links and some juicy new quotes from the CRMGuru site. Sources: Web Bug FAQ at EFF Sunni's blog entry: ===================================================================== CASPIAN STAFF AND MEMBER NEWS ===================================================================== CASPIAN member Steve Sutton sends us notice of a different strategy for dealing with the companies that are trying to chip and track everything and everyone. To read about it, see his essay at Village Hampden:


Katherine has been busy with interviews in England, Scotland, Hungary,
Belgium, Jamaica, and the Netherlands, in addition to the usual round of
radio and television appearances. CASPIAN's Tesco boycott has also
gotten a lot of press in the UK, some of which we've posted on the
BoycottTesco web site:


Tesco is taking heat for its RFID involvement.
Here are some notes from the front lines:


"I am disgusted by the use of RFID technology in end-user products. ....
An hour ago I thought it was just Gillette we had to worry about for the
moment. I have since discovered that I must now boycott Tesco's as well!
- Anonymous, England


"Best wishes in your campaigns from a loyalty card hater (cheap way for
supermarkets to get data), RFID detester!, Tesco disliker etc" -


"Keep it up. Tesco is becoming a monopoly and is being allowed to get
away with it." - Anonymous


"We have shopped in your stores for years BUT from this date I will
never buy anything from one of your stores until TESCO states that all
this RFID will be stopped." - Anonymous


Ready to roll up your sleeves and pitch in?
Here are some suggestions:

1. SEND A MESSAGE TO ABERCROMBIE & FITCH: No RFID tags in clothes! 2. KEEP UP THE PRESSURE ON GILLETTE (AND NOW, P&G): 3. JOIN THE TESCO PROTEST AND BOYCOTT 4. WRITE LETTERS TO THE SCHOOLS TAGGING CHILDREN: Sutter, California school: Principal Earnie Graham -- Chilton, Alabama county schools: Superintendent Mildred Ellison -- You may also wish to send a letter to your local school board, superintendent, and principal, letting them know that you will oppose any plan to tag and track your child. 5. FAMILIARIZE YOURSELF WITH P&G PRODUCTS. THEN STOP BUYING THEM. ===================================================================== CASPIAN: Consumers Against Supermarket Privacy Invasion and Numbering Opposing supermarket "loyalty" cards and other retail surveillance schemes since 1999 You're welcome to duplicate and distribute this message to others who may find it of interest.