Introducing the iKey – Apple's answer to the humble door key: Via Telegraph(UK).

Apple has already revolutionised the personal stereo and mobile phone, but now the computer firm behind the iPhone has its sights set on the humble front door key.

The computer giant, which manufactures the iPod and iPhone, has plans to replace the traditional door key with a hi-tech alternative.

It is developing technology, already being nicknamed the "iKey", which will mean that rather than carrying around a bunch of keys, people will be able to use a single electronic device to unlock their car, front door and gain access to their office.

Users would simply have to enter a pin code and wave the device over an electronic pad fitted beside a door to open it.

The technology is revealed in a newly published patent application, which has generated speculation that the next model of the iPhone will contain this feature. [ Read more ... ]

CDT Issues Report Recommending Privacy Guidelines for Digital Signage Industry: Via CDT - Center for Democracy & Technology.

Washington -- On Monday, the Center for Democracy & Technology (CDT) released a report that includes a set of privacy recommendations for the rapidly growing digital signage industry.  The report focuses on the industry's adoption of identification and interactivity technologies such as facial recognition, mobile marketing, social networking, RFID tracking and license plate scanners.

The recommendations in CDT's report, "Building The Digital-Out-Of-Home Privacy Infrastructure," are based on the widely accepted Fair Information Practices (FIPs). [ Read more ... ]

F.B.I. Queries Webcam Use by Schools: Via NYT > Privacy.

PHILADELPHIA (AP) — A Pennsylvania school district accused of secretly switching on laptop computer cameras inside students’ homes is under investigation by federal authorities, a law enforcement official with knowledge of the case said.

The F.B.I. will look into whether any federal wiretap or computer-intrusion laws were violated by Lower Merion School District, said the official, who spoke on the condition of anonymity. [ Read more ... ]

VeriChip’s Merger With Credit Monitoring Firm Worries Privacy Activists: Via Threat Level.

Remember VeriChip, the Florida company that once dreamed of injecting its human-implantable RFID microchips in everyone from immigrant guest workers to prison inmates?

We haven’t heard much from the company since a dipping stock price nearly got it delisted from the NASDAQ in March. But it’s still alive, and in November it pulled off a seemingly incongruous acquisition. Now called PositiveID, the new company is a merger between VeriChip and Steel Vault, the people behind NationalCreditReport.com.

With a human-implantable microchip maker now running a credit-scoring and identity-theft-protection website, privacy activists are worried again. “The attraction to investors is the potential for synergies,” says Mark Rotenberg, executive director of the Electronic Privacy Information Center in Washington. “You have to anticipate over time there will be an attempt to integrate the services.”

“Sci-fi wise, you could have a chip read by a scanner that determines your credit-worthiness,” says Evan Hendricks, editor of Privacy Times. “Or you could have a credit card implant.” [ Read more ... ]

The ghost in the field: Via Blog – BERG.

This image is a photographic mapping of the readable volume of a radio field from an RFID reader. The black component in the image is an RFID reader, similar to the component inside the yellow part of the oyster card reader. The camera has been fixed in its position and the reader photographed. Using a tag connected to an LED we paint in the edges of the readable volume with a long exposure and animate them to show the form. [ Read more ... ]

Digital Signage Offline Behavioral Advertising Privacy: Via Business 2.0 Press.

The digital signage industry is rapidly becoming aware of the privacy issues raised by interactivity and audience measurement techniques. There is, however, no industry-wide consensus about how to address those concerns. Some industry figures agree that privacy guidelines need to be adopted if audience measurement and other digital signage applications are to progress. Others, though, have referred to calls for the industry to be sensitive to privacy as “attacks” and have condemned privacy concerns as a lot of hype over nothing. The privacy issue is real, particularly if one considers the big picture of where digital out-of-home (DOOH) media is headed.

Internet marketers use various tools to profile consumers and deliver targeted advertisements to them as they browse the Web. Digital signage has begun integrating tools that can track and profile consumers as well, but the difference is that the targeted advertisements appear in the offline world. [ Read more ... ]

NSW seeks to build 'unhackable' netbook network: Via Security - Technology - News - iTnews.com.au.

The NSW Department of Education is using asset-tracking software, RFID tags, and BIOS-embedded filtering smarts to roll out 240,000 netbook computers into what CIO Stephen Wilson calls "the most hostile environment you can roll computers into" - the local high school.

The rollout of Lenovo netbooks, funded under the Federal Government's Digital Education Revolution initiative, is a massive logistical and IT security challenge, and the solution Wilson and his team has put together to address these issues could well be applicable to any corporate IT department. [ Read more ... ]

Feds at DefCon Alarmed After RFIDs Scanned: Via Threat Level | Wired.com .

LAS VEGAS — It’s one of the most hostile hacker environments in the country –- the DefCon hacker conference held every summer in Las Vegas.

But despite the fact that attendees know they should take precautions to protect their data, federal agents at the conference got a scare on Friday when they were told they might have been caught in the sights of an RFID reader.

The reader, connected to a web camera, sniffed data from RFID-enabled ID cards and other documents carried by attendees in pockets and backpacks as they passed a table where the equipment was stationed in full view.

It was part of a security-awareness project set up by a group of security researchers and consultants to highlight privacy issues around RFID. When the reader caught an RFID chip in its sights — embedded in a company or government agency access card, for example — it grabbed data from the card, and the camera snapped the card holder’s picture. [ Read more ... ]

DIFRWEAR.

RFID Blocking Wallets can ensure that cards with RFID tags within the wallet can NOT be read while the wallet is closed. This gives you the ability to control when, how and by whom your cards are accessed. To allow the RFID tag in the card to be read, simply open the wallet and direct it towards the reader. [ Read more ... ]

Tech.view: Have chip, will travel: Via The Economist.

A MONTH of tramping around Europe has given your correspondent a chance to see how effective the new e-passports are at border crossings. Between them, his family holds American, Japanese and British passports, each recently renewed. Unlike previous ones, the e-passports contain biometric data embedded in a radio-frequency identification (RFID) chip, along with the usual mugshot and optical bar-code.

Although all new passports conform, more or less, to standards laid down by the International Civil Aviation Organisation, each country implements the requirements somewhat differently. The new American passport sets the gold standard. It has additional features built into it that make it especially hard to counterfeit. The Japanese passport runs a close second, while the British version comes a poor third. [ Read more ... ]

More on PASS ID: Strengthening Privacy Protections for REAL Progress: Via CDT - PolicyBeta.

Three weeks ago, the PASS ID Act [S. 1261] was introduced in an effort to move beyond the REAL ID stalemate that has dragged on for over three years. CDT supports PASS ID because it mitigates key privacy flaws in the REAL ID program and is a notable improvement over current law. While the privacy provisions in PASS ID can still be strengthened, the bill incorporates nearly all the privacy requirements that the last Congress’s REAL ID repeal act included [S. 717, 110th] and was even introduced by the same Senator, Daniel Akaka (D-HI).

Putting aside for a moment the question of whether repeal of REAL ID is a political possibility, it is important to realize that repeal is not necessarily better than REAL ID: [ Read more ... ]

RFID-Enabled Phones Could Let Credit Card Companies Track Users: Via Wired: Threat Level.

An Ericsson executive says all new mobile phones sold in 2010 will include an RFID chip that will allow owners to open their car or house door with their phone. A handy feature, no doubt, for some people. But the executive says the chip might also be used by credit card companies to track the location of cardholders to cut down on fraud.

Håkan Djuphammar, vice president of systems architecture for Ericsson, speaking at a conference in Stockholm this week, said credit card companies could make use of mobile user location data and IP mapping to determine if the owner of a card is in the same location where a card transaction is taking place. [ Read more ... ]

RFID tagging tech gets privacy code: Via Technology News at silicon.com .

The European Commission has today issued a set of principles for the use of track and trace RFID technology with the aim of reassuring the public that their privacy and personal data will be safeguarded.

The guidelines state products containing RFID chips should be automatically and immediately deactivated at the point of sale unless the consumer specifically opts-in to keep the chip operational. However the EC says exceptions can be granted to "avoid unnecessary burden on retailers" - provided an assessment of the chip's impact on privacy has been conducted. [ Read more ... ]

Michigan Rep. Calls for RFID Review: Via EFF.org Updates.

Why is Michigan set to issue new Enhanced Drivers' Licenses (EDLs) that include long-range RFID (Radio Frequency ID) technology? That's the question that Michigan Rep. Paul Opsommer wants answered.

Michigan entering into a federal agreement to put unencrypted, long range RFID computer chips into our driver's licenses presents a huge privacy risk with very little benefit. I don't think we need RFID in our licenses period, but even if we did, there is absolutely no reason it couldn't be short range and encrypted.

Rep. Opsommer has good reason for concern. [ Read more ... ]

RFID PASScards Easily Cloned: Via EFF.org Updates

On a recent afternoon, security researcher Chris Paget was able to capture the passport card information of several unsuspecting individuals while driving through San Francisco, using a device he built in his spare time for a total of $250. A video released by Paget shows just how easy it is to clone RFID (Radio Frequency ID) tags with this relatively simple technology.

The tags he captured are part of a new generation of ID cards that come with embedded RFID microchips. These vulnerable IDs include PASScards, new mini-passports the size of a credit card which are designed for non-air travel between the US, Canada, Mexico and the Caribbean. They also include the Enhanced Drivers' Licenses (EDLs) issued by New York, Michigan and Washington states. These cards use the same type of simple RFID tags used in shipping and pallet tracking, which allows them to be read from a distance of tens of feet under normal conditions — and UW researchers demonstrated 50 meters in some situations. [ Read more ... ]

Hackers Clone Passports In Driveby RFID Heist: Via Slashdot

pnorth writes "A hacker has shown how easy it is to clone US passport cards that use RFID by conducting a drive-by test on the streets of San Francisco. Chris Paget, director of research and development at Seattle-based IOActive, used a $250 Motorola RFID reader and an antenna mounted in a car's side window and drove for 20 minutes around San Francisco, with a colleague videoing the demonstration. During the demonstration he picked up the details of two US passport cards. Using the data gleaned it would be relatively simple to make cloned passport cards he said. Paget is best known for having to abandon presenting a paper at the Black Hat security conference in Washington in 2007 after an RFID company threatened him with legal action." --- Apparently this is a little unfair- he sniffed the data, he didn't actually make a fake passport.

Read Original Article ( Via Slashdot. )

Orizin Launches "World's Smallest" Active Asset RFID Tag: Via Tech-On! (Japan)

Orizin Technologies Pvt Ltd of Bangalore has launched what it claims is the world's smallest active RFID tag -- used to track assets over long-range. Active RFID tags have their own internal power source and are more effective in RF challenged environments.

The company has solved the size and pricing issues with the prevailing technology. The new tag has a read-range of 20m, and the dimensions are 26 x 23 x 7.3mm, making it what the company claims is the smallest available active RFID tag in the world. [ Read more ... ]

EPC RFID Tags in Security Applications: Passport Cards, Enhanced Drivers Licenses, and Beyond - Via RSA Security Laboratories:

Citation: Citation: K. Koscher, A. Juels, T. Kohno, and V. Brajkovic. EPC RFID Tags in Security Applications: Passport Cards, Enhanced Drivers Licenses, and Beyond. 2008. Draft manuscript. In submission.

Abstract: EPC (Electronic Product Code) tags are industry-standard RFID devices poised to supplant optical barcodes in many applications. They are prevalent in case and pallet tracking, and also percolating into individual consumer items and border-crossing documents.



In this paper, we explore the systemic risks and challenges created by increasingly common use of EPC for security applications. As a central case study, we examine the recently issued United States Passport Card and Washington State "enhanced" drivers license (WA EDL), both of which incorporate Gen-2 EPC tags. We explore several issues: [ Read more ... ]

Commissioner Cavoukian outlines what will need to be done to protect privacy in the 21st century - Via CNW Group | OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER/ONTARIO:

TORONTO, Sept. 26 /CNW/ - Ontario Information and Privacy Commissioner Ann Cavoukian is unveiling a key white paper outlining what will need to be done to protect privacy in the future, at a special presentation at the University of Waterloo, on Monday, September 29, 2008.

"As a regulator, I have been called many things during my tenure," said the Commissioner, "but rarely have I been called a dreamer. But that is precisely the practice one must engage in if privacy is to not only survive, but thrive, well into the future. But dreaming is not enough. As a pragmatist, I must embed that dream into reality. One way of doing so is seeking to embed privacy into the design and architecture of all technologies, so that it may live well into the future. So you might call me a radical pragmatist, because I dream BIG - in technicolour; there is no black and white anymore." [ Read more ... ]

New York to offer enhanced driver's license - Via Newsday.com :

BUFFALO - New York drivers can begin applying today for an enhanced driver's license that will comply with tighter travel controls adopted after the Sept. 11, 2001, terrorist attacks.

The state becomes the nation's second, after Washington state, to offer licenses that can be shown at the U.S. border instead of a more expensive passport.

The optional license will include a picture and radio frequency identification tag that can be scanned to verify a person's identity. The tag will not contain any personal information - only an assigned number, authorities said.

Drivers, though, should be prepared to offer a stack of identifying paperwork when they apply for an enhanced driver's license, and to spend an extra $30. [ Read more ... ]

Digital Wallpaper - Via CDT - PolicyBeta:

Television screens increasingly blaze in spaces outside of homes. In many settings, particularly at retail establishments, the TVs are perpetually tuned to a channel with nothing but commercials. In other instances, such as schools and government offices, the screens flash announcements and public safety information. This up-and-coming medium goes by different names, including captive audience networks, but the most common is digital signage.

Now, in a development with significant privacy implications, digital signage is slowly integrating identification technologies. The purpose is to boost audience measurement and exposure. The industry’s eventual wish is to target advertising to individual consumers based on demographics and shopping history. [ Read more ... ]

Farmers See 'Mark of the Beast' in RFID Livestock Tags - Via Threat Level:

A group of community farmers, some of them Amish, are challenging rules requiring the tagging of livestock with RFID chips, saying the devices are a "mark of the beast."

Michigan and federal authorities say the radio frequency identification devices (RFID) will help monitor the travels of bovine and other livestock diseases.

"Use of a numbering system for their premises and/or electronic numbering system for their animals constitutes some form of a 'mark of the beast' and/or represents an infringement of their 'dominion over cattle and all living things' in violation of their fundamental religious beliefs," according to the farmers' lawsuit filed Monday in U.S. District Court for the District of Columbia.

As radio frequency identification devices become a daily part of the electronic age, RFID technology is increasingly coming under fire for allegedly being the mark of Satan. The technology is fast becoming a part of passports and payment cards and is widely expected to replace bar-code labels on consumer goods. [ Read more ... ]

Adam Savage Revises Claim of Lawyer-Bullying On RFID Show - Via Slashdot: Your Rights Online:

Nick writes "A few weeks ago a video of a talk given by Adam Savage of the television show MythBusters spread across the internet (including a mention on Slashdot.) On the video, Savage stated that the show was unable to produce an episode about previously known RFID vulnerabilities due to a conference call to Texas Instruments that unexpectedly included several credit card companies' legal counsel. TI (via a spokesperson talking with cnet.com) stated that only one lawyer was on the call and that the majority of the people on the call were product managers from the Smart Card Alliance (SCA) invited by TI to speak. Then Savage (via a Discovery Communications statement) reaffirmed that he was not on the call himself and that the decision was not made by Discovery or their advertising sales department but rather MythBuster's production company, Beyond Productions."

(Read Original Article - Via Slashdot: Your Rights Online.)

Mythbusters Gagged: Credit Card Companies Kill Episode Exposing RFID Security Flaws - Via Consumerist:

Credit card companies successfully nixed a Mythbusters segment exposing RFID's security flaws, according to Arbiter of Truth and Mythbusters co-host, Adam Savage.

Texas Instruments comes on along with chief legal counsel for American Express, Visa, Discover, and everybody else... They were way, way outgunned and they absolutely made it really clear to Discovery that they were not going to air this episode talking about how hackable this stuff was, and Discovery backed way down being a large corporation that depends upon the revenue of the advertisers. Now it's on Discovery's radar and they won't let us go near it.

Editor: Interesting video with the article. Go to original site for that [...]

(Read Original Article - Via Consumerist .)

Road Tolls Hacked - Via MIT's Technology Review:

A researcher claims that toll transponders can be cloned, allowing drivers to pass for free.

Drivers using the automated FasTrak toll system on roads and bridges in California's Bay Area could be vulnerable to fraud, according to a computer security firm in Oakland, CA.

Despite previous reassurances about the security of the system, Nate Lawson of Root Labs claims that the unique identity numbers used to identify the FasTrak wireless transponders carried in cars can be copied or overwritten with relative ease.

This means that fraudsters could clone transponders, says Lawson, by copying the ID of another driver onto their device. As a result, they could travel for free while others unwittingly foot the bill. "It's trivial to clone a device," Lawson says. "In fact, I have several clones with my own ID already."

Lawson says that this also raises the possibility of using the FasTrak system to create false alibis, by overwriting one's own ID onto another driver's device before committing a crime. The toll system's logs would appear to show the perpetrator driving at another location when the crime was being committed, he says. [ Read more ... ]