Paul Hardwick: RFID

Activists Claim Success: No RFID Chips Required in Driver's License Regulations - March 2007

Sun, 04 Mar 2007 04:49:12 GMT

Citizens Against Government Waste (CAGW) declared a victory for taxpayers and drivers yesterday after the Department of Homeland Security (DHS) released proposed regulations for personal identification that do not mandate the use of radio-frequency identification (RFID) technology. The REAL ID Act requires DHS to establish federal standards for state-issued driver's licenses and identification cards.

Homeland Security offers details on Real ID | CNET News.com

Sun, 04 Mar 2007 03:52:36 GMT

Hundreds of millions of Americans will have until 2013 to be outfitted with new digital ID cards, the Bush administration said on Thursday in a long-awaited announcement that reveals details of how the new identification plan will work.

The announcement by the U.S. Department of Homeland Security offers a five-year extension to the deadline for states to issue the ID cards, and proposes creating the equivalent of a national database that would include details on all 240 million licensed drivers.

According to the draft regulations (PDF), which were required by Congress in the 2005 Real ID Act and are unlikely to assuage privacy and cost concerns raised by state legislatures:

âo¢ The Real ID cards must include all drivers' home addresses and other personal information printed on the front and in a two-dimensional barcode on the back. The barcode will not be encrypted because of "operational complexity," which means that businesses like bars and banks that require ID would be capable of scanning and recording customers' home addresses.

âo¢ A radio frequency identification (RFID) tag is under consideration. Homeland Security is asking for input on how the licenses could incorporate "RFID-enabled vicinity chip technology, in addition to" the two-dimensional barcode requirement.

European Retailer Embeds RFID Chips in Shoes.

Sun, 04 Mar 2007 03:28:01 GMT

European Retailer Embeds RFID Chips in Shoes. One of Europe's largest shoe companies plans to embed wireless chips in shoes sold at hundreds of stores across the continent. [PC World: Latest Technology News]

Castrated RFID Talk at Black Hat.

Fri, 02 Mar 2007 02:29:30 GMT

Castrated RFID Talk at Black Hat. Following a lawsuit threat, a security researcher goes ahead with a presentation on vulnerabilities in RFID access cards -- but doesn't demonstrate problems with HID Global's system. By Kim Zetter. [Wired News: Top Stories]

Battle brewing over RFID chip-hacking demo | InfoWorld | 2007-02-26 | By Paul F. Roberts

Wed, 28 Feb 2007 03:04:59 GMT

Secure card maker HID Corp. is objecting to a demonstration of a hacking tool at this week's Black Hat Federal security conference in Washington, D.C. that could make it easy to clone a wide range of so-called "proximity" door access cards.

HID has sent a letter to IOActive, a security consulting firm, accusing Chris Paget, IOActive's director of research and development, of possible patent infringement over a planned presentation, "RFID for beginners," on Wednesday, a move that could lead to legal action should the talk go forward, according to Jeff Moss, founder and director of Black Hat.

[ See also our Video: "Hack in action" ]

Lawsuits, patent claims silence Black Hat talk | InfoWorld | 2007-02-27 | By Paul F. Roberts

Wed, 28 Feb 2007 02:59:50 GMT

A planned talk on RFID security by a security researcher has been pulled from this week's Black Hat Federal security conference after secure card maker HID claimed the talk violated the company's patent rights and threatened to take legal action against Chris Paget, the researcher, and IOActive, Paget's employer, if the talk went forward.

The company decided to cancel the talk after all-night negotiations with HID collapsed, said Josh Pennell, CEO of IOActive. In response, Black Hat organizers were forced to tear materials out of printed show proceedings and will instead present a discussion by a representative of the ACLU on the criticality of RFID security, said Jeff Moss, founder and director of Black Hat.

A spokeswoman for HID did not immediately respond to a request for comment.

The incident recalled a 2005 dispute over a presentation at Black Hat in Las Vegas involving Cisco Systems and Michael Lynn, a security researcher who worked for Internet Security Systems at the time.

New Controversy over Black Hat Presentation.

Wed, 28 Feb 2007 02:55:39 GMT

New Controversy over Black Hat Presentation. uniquebydegrees writes "InfoWorld is reporting about a new controversy swirling around a planned presentation at Black Hat Federal in Washington D.C. this week. Security researcher Chris Paget of IOActive will demo an RFID hacking tool that can crack HID brand door access cards. HID Corp., which makes the cards, is miffed and is accusing IOActive of patent infringement over the presentation, recalling the legal wrangling over Michael Lynn's presentation of a Cisco IOS hole at Black Hat in 2005. Black Hat's Jeff Moss says they're standing by their speaker. A news conference is scheduled for tomorrow AM." Update: 02/27 20:10 GMT by Z :InfoWorldMike wrote with a link to story saying that the presentation has been pulled from the slate for Black Hat, as a result of this pressure. [Slashdot]

Administrivia: Now we have a overheated CPU ( 60 degrees centigrade )

Wed, 28 Feb 2007 00:39:01 GMT

OK, if the DDOS attack wasn't enough. Now our server went down with a temperature overload. We were up to 60 degrees centigrade when we shut down. The CPU and a broken fan have been replaced.

Administrivia: Our data-center was hit by a DDOS attack today.

Tue, 27 Feb 2007 22:19:59 GMT

Sorry for being either very slow or off the net for a while recently. The data-center we are part of was hit by a DDOS (Distributed Denial Of Service) attack recently. At the moment it looks to be under control, but we are keeping an eye on things.

RFID Chips Shrink to Powder Size.

Tue, 27 Feb 2007 00:15:53 GMT

RFID Chips Shrink to Powder Size. Hitachi's new tags measure 0.002 inches square, but store as much information as their much-larger predecessors. The company's still investigating possible uses. By the Associated Press. [Wired News: Security Blanket]

NYC Gothamist: Tracking Firefighters with Chips

Sun, 25 Feb 2007 03:14:16 GMT

Eventually the FDNY hopes to track the movement of every firefighter in a burning building --they already have schematics for nearly all buildings in the city. Using the location devices firefighters on the scene could be warned of conditions from the FDNY Operations Center.

DHS Nixes Use Of RFID In Border Security Program.

Mon, 19 Feb 2007 02:53:07 GMT

DHS Nixes Use Of RFID In Border Security Program. The US Department of Homeland Security's VISIT program will not us RFID technology to track foreigners leaving the country after a test of the system failed to impress officials. [Computerworld Security News]

New Credit Cards May Leak Personal Information.

Fri, 16 Feb 2007 15:35:47 GMT

New Credit Cards May Leak Personal Information. Many 'contactless' credit cards can leak their owner's name and card number for reading at a distance. [PC World: Latest Technology News]

RFID Implementations Require Industry Specific Expertise, Survey Reveals.

Fri, 16 Feb 2007 01:59:30 GMT

RFID Implementations Require Industry Specific Expertise, Survey Reveals. Results should help manufacturers identify how to justify new RFID projects in terms of business objectives, technologies, and more. [GT: Security and Privacy]

Patients, doctors staying away from implantable RFID chips | CNET News.com

Thu, 15 Feb 2007 22:43:38 GMT

VeriChip, which has created a system for putting RFID chips into humans for medical-record tracking, held an initial public offering on Friday, and the company's stock has been struggling ever since. The stock is currently trading at around $6.15. The company released 3.1 million shares in the IPO for $6.50 a share.

Part of the problem is likely the lackluster sales for the company's most famous product.

Only 222 medical patients in total have opted to get RFID chips from VeriChip implanted as of the end of 2006, according to documents filed by the company with the Securities and Exchange Commission as part of its initial public offering. It's a modest number, the company says, and revenue for these systems is far below projections.

"To date, we have only generated approximately $0.1 million in revenue ($100,000) from sales of the microchip inserter kits, significantly less than we had projected at the beginning of 2006. We may never achieve market acceptance or more than nominal or modest sales of this system," the company stated.

The slow sales will likely hearten the many critics of the company. When the company first began touting the technology nearly three years ago, it was criticized by civil libertarians, who saw the chips as a gateway to privacy erosion, and by religious consumers some of whom said that implantable chips were the mark of the beast.

In its SEC filing, the company stated that many patients are probably unwilling to get chipped, the company said, and doctors have likely been reluctant to discuss the procedure with clients. Privacy issues and bad publicity have also been factors.

Virtually all the company's revenues come from two Canadian companies it acquired in 2005. These companies, EXI Wireless and Instantel, specialize in infant tracking and "wander" detection systems in rest homes. In these systems, RFID tags alert nurses and medical professionals if an infant or other patient is passing through the exits or into unauthorized areas. In these systems, however, the RFID chip is contained in a wristband.

VeriChip Implants 222 People With RFID.

Thu, 15 Feb 2007 22:41:22 GMT

VeriChip Implants 222 People With RFID. cnet-declan writes "Anyone remember VeriChip, a company that came up with the idea of implanting chips in humans for tracking them? They've been behind ideas like RFID tagging immigrant and guest workers at the border, and they've persuaded a former Bush Health Secretary to get himself chipped. In this CNET News.com article, we offer an update on how successful the idea has been. It turns out that, according to IPO documents, 222 people have been implanted, with sales revenue of $100,000." [Slashdot: Your Rights Online]

Hitachi's Tiny RFID Chips.

Thu, 15 Feb 2007 22:32:21 GMT

Hitachi's Tiny RFID Chips. paltemalte writes "Hitachi has just come out with a new crop of RFID tags, measuring only 1/20 of a millimeter square. That's 1/8 the size (in linear dimension) of Hitachi's currently shipping mu-chips, which are 0.4 mm square. The new chip's width is slightly smaller than a human hair. These chips could put an end to shoplifting forever, but they could also be used by a governments or other entities to 'dust' crowds or areas, easily tagging anyone present without their knowledge or consent. Will someone come up with a surefire way of neutralizing chips that may be on your body or in your clothing?" --- Hard to pin down a source on this. The article cites another blog, which points to an article in Japanese. [Slashdot: Your Rights Online]

Tracking Audis With RFID.

Mon, 29 Jan 2007 19:52:45 GMT

Tracking Audis With RFID. Audi will use RFID tags through production and delivery of its TT sports car for "quality-assurance." But how are the embedded tags used over a car's lifetime? Plus: BMW fields a remote-control convertible top. In Autopia. [Wired News: Top Stories]

Cattle branding comes to the 21st Century | The Register

Sun, 21 Jan 2007 05:48:50 GMT

Somark Innovations, a small company working out of Saint Louis, has successfully tested an RFID tattoo, on cows, mice and rats: enabling an identifying number embedded under the skin to be read from over a meter away.

[...]

Somark are in the process of raising money to exploit the technology, and point out that what works for animals can, of course, also work for people; identifying Military Personnel as one of their secondary markets, after cattle and other livestock.

RFID Tattoo for Tracking Cattle and Humans.

Sun, 21 Jan 2007 05:44:01 GMT

RFID Tattoo for Tracking Cattle and Humans. ack154 writes "The Register reports that a St Louis based company, Somark Innovations, has successfully tested RFID tattoos to be used for tracking cattle and other animals. Details are limited for the actual tattoo, but it's said to contain no metals and can be read up to about four feet away. Engadget has some more details on the matter. And yes, the article does mention RFID tattoos are possible for people, specifically the military. From the article: 'The system developed by Somark uses an array of needles to quickly inject a pattern of dots into each animal, with the pattern changing for each injection. This pattern can then be read from over a meter away using a proprietary reader operating at high frequency.'" [Slashdot: Your Rights Online]

MINI Introduces RFID-Activated Billboards.

Thu, 11 Jan 2007 22:01:38 GMT

MINI Introduces RFID-Activated Billboards. frinkster writes "MINI USA has placed interactive billboards in 4 US cities (Chicago, Miami, New York and San Francisco) and invited a few hundred MINI owners in those cities to join their targeted 'advertisement' pilot program. The owners sign up on MINI's website and receive an RFID keyfob in the mail. When that MINI owner drives by the billboard, a targeted message appears. Each owner tells MINI what to show when they drive by, such as 'Jim, you are one sexy beast.' If the pilot program is successful, MINI plans to put up more billboards in more cities and allow every owner to participate. MINI swears that no personal information in contained in the keyfobs and that all communication between the MINI and the owner is subject to their privacy policy and thus the program is completely safe. But how well will they keep their billboard logs away from the prying eyes of law enforcement or private detectives? And what are they doing to prevent 'hackers' from changing the personal messages to insults, such as 'Jim, nice to see you finally emerge from your mother's basement'?" MINI calls the interactive billboards "Motherboards." [Slashdot: Your Rights Online]

The Bush Era Draws to a Close.

Thu, 11 Jan 2007 03:51:48 GMT

The Bush Era Draws to a Close. From warrantless surveillance to torture, the ugliest aspects of the "War on Terror" ended 2006 teetering on the brink of reform and renunciation. Commentary by Jennifer Granick. [Wired News: Security Blanket]

Hacker Con Submits to Spychips.

Thu, 11 Jan 2007 03:47:01 GMT

Hacker Con Submits to Spychips. One thousand attendees of the Chaos Communication Congress voluntarily wire themselves up to RFID location-tracking devices. Just because they can. Quinn Norton reports from Berlin. [Wired News: Security Blanket]

PrivSec News Briefing (1/9/07).

Wed, 10 Jan 2007 02:27:42 GMT

PrivSec News Briefing (1/9/07).

RFID Strategy -- RFID Privacy And Security Issues: A look at the evolving state of tag security.
By Paul Faber
(Industryweek.com, 1/9/07)

Technology Companies Are Exposed to Security Breach Litigation.
Some Cyber Policies, By Themselves, Can Leave Gaps in Protection
(PRNewswire, 1/8/07)

Airport scanners allow some to skip security lines -- for a price.
By Stephen Majors
(The Associated Press, Published in the Seattle Post Intelligencer, 1/8/07)

Is privacy important?
Posted by Ed Burnette
(zdnet.com, 1/8/07)

Identity bandits.
By Bob Keefe
(Cape Cod Times online, 1/9/07)

Risks unknown for `registered traveler' participants
By Jeff Jonas
(San Jose Mercury News, 1/7/07)

Adapt, Change Or Die: The Sept. 11 Proposals Are Just a Start.
By Tim Roemer
(Washington Post, 1/9/07)

[Privacy and Security Law Blog]

Proposed PASS Card Lacks Strong Privacy, Security Protections.

Mon, 08 Jan 2007 19:35:05 GMT

Proposed PASS Card Lacks Strong Privacy, Security Protections. A proposed ID card that could be used in place of a passport by Americans who make frequent trips to Canada, Mexico and the Caribbean lacks adequate privacy protections and needs to be rethought. In comments submitted to the State Department on Sunday, CDT highlighted concerns with the proposed PASS (People Access Security Service) Card, which would use non-secure radio frequency identification (RFID) technology to transmit information about citizens crossing borders. In the comments, CDT urges the State and Homeland Security Departments to reconsider whether the PASS Card program is really necessary; and if they do move forward to use a technology that will allow for better privacy and security safeguards. [Center for Democracy and Technology]

Computers, Freedom and Privacy - Montreal, May 1-4 2007

Fri, 29 Dec 2006 00:41:06 GMT

Come to CFP2007 in Montreal, May 1-4 2007. There's a lot at stake.

Computers, Freedom and Privacy 2007 - Call For Proposals

Fri, 29 Dec 2006 00:37:58 GMT

Call For Proposals - The deadline for proposals is January 20, 2006

The Program Committee of the Seventeenth Conference on Computers, Freedom, and Privacy (CFP2007) seeks your proposals for innovative conference sessions and speakers.

Disabling the RFID in the New U.S. Passports?

Thu, 28 Dec 2006 23:43:26 GMT

Disabling the RFID in the New U.S. Passports? slashchuck writes "Along with the usual Jargonwatch and Wired/Tired articles, the January issue of Wired offers a drastic method for taking care of that RFID chip in your passport. They say it's legal ... if a bit blunt. From the article: 'The best approach? Hammer time. Hitting the chip with a blunt, hard object should disable it. A nonworking RFID doesn't invalidate the passport, so you can still use it.' While this seems a bit extreme, all indications seem to be these chips aren't very secure. How far will you go to protect or disable the RFID chip in your passport? Do you think such a step is necessary? Does anyone have an argument in favor of the technology's implementation here? " [Slashdot: Your Rights Online]

BBC NEWS | Programmes | Click | ePassports 'at risk' from cloning

Mon, 18 Dec 2006 21:03:48 GMT

So when Lukas Grunwald and Christian Bottger realised they could clone the new ePassport they were pretty sure it would be identical to the original, and undetectable. So how did they do it?

The chip inside the ePassport is a Radio Frequency Identification (RFID) chip of the type poised to replace the barcode in supermarkets.

A new British biometric European Union passport, which is embedded with a microchip
The 'enhanced' security features of ePassports are being questioned

The good thing about RFID chips is that they emit radio signals that can be read at a short distance by an electronic reader.

But this is also the bad thing about them because, as Lukas demonstrated to me, he can easily download the data from his passport using an RFID reader he got for 200 Euros on eBay.

Lukas is less forthcoming about where he got what is called the Golden Reader Tool, it is the software used by border police and it allows him to read the chip on his ePassport, including the photo.

Now for the clever bit. Thanks to a software he himself has developed, called RFdump, he downloads the passport's data onto his computer and then onto a blank chip.

Using a standard off-the-shelf component you can just buy at a component store you can have a cloned ePassport in less than five minutes.

E-Passport Cloned In Five Minutes.

Mon, 18 Dec 2006 21:00:23 GMT

E-Passport Cloned In Five Minutes. Last month a panel of EU experts warned that the e-Passport's security is "poorly conceived", and in fact a week later a British newspaper demonstrated a crack. Now another researcher has shown how to clone a European e-Passport in under 5 minutes. A UK Home Office spokesman dismissed it all, saying "It is hard to see why anyone would want to access the information on the chip." [Slashdot: Your Rights Online]

FCW.com - GPO makes millionth e-passport

Tue, 12 Dec 2006 03:44:04 GMT

The Government Printing Office reached a landmark this week when it produced its millionth electronic passport.

At the beginning of the year, GPO began producing the passports for the State Department, which then personalizes the blank documents.

"We are very proud to reach this milestone," said Ben Brink, assistant public printer for security and intelligent documents. "In the post-[Sept. 11] era, many documents require new levels of security, from their creation to the distribution."

The passports contain controversial radio frequency identification tags that contain a document holder's personal information and can be scanned remotely.

At the Black Hat conference in early August, a German researcher demonstrated how a remote RFID reader could be used to clone a passport. Members of the Smart Card Alliance industry group said that the multiple security layers in the American e-passport can reduce such risks.

Malaysia to embed car license plates with microchips to combat theft - Asia - Pacific - International Herald Tribune

Tue, 12 Dec 2006 03:29:06 GMT

KUALA LUMPUR, Malaysia: Malaysia's government, hoping to thwart car thieves, will embed license plates with microchips containing information about the vehicle and its owner, a news report said Saturday.

With the chips in use, officials can scan cars at roadblocks and identify stolen vehicles, the New Straits Times reported.

The "e-plate" chip system is the latest strategy to prevent car thieves from getting away with their crimes by merely changing the plates, the report said.

Malaysia to Use RFID Number Plates Next Year.

Tue, 12 Dec 2006 03:22:01 GMT

Malaysia to Use RFID Number Plates Next Year. durianwool wrote in with a story about Malaysia's plans to introduce RFID number plates. It reads: "'The first thing thieves do after a car theft is change the registration plates,' Road Transport Department Director-General Ahmad Mustapha was quoted as saying. The microchips, using radio frequency identification technology, will be fixed into the number plates and can transmit data at a range of up to 100 meters (yards), the report said. They will have a battery life of 10 years, it said. " [Slashdot: Your Rights Online]

Ten Best, Worst, and Craziest Uses of RFID.

Thu, 07 Dec 2006 22:10:13 GMT

Ten Best, Worst, and Craziest Uses of RFID. An anonymous reader writes "This top 10 rounds up what it calls 'the best, worst and craziest' uses of RFID out there [~] including chipped kids at Legoland, smart pub tables that let you order drinks, smartcards for sports fans, and chipped airline passengers. The craziest use of the tech surely has to be RFID chips for Marks & Spencer suits [~] you couldn't pay most people to wear one of them." [Slashdot: Your Rights Online]

RFID Guardian Project ( Faculty of Science : Vrije Universiteit )

Thu, 07 Dec 2006 18:53:03 GMT

Our paper at USENIX Lisa 2006 just won theBest Paper Award!
The RFID Guardian Project is a collaborative project focused upon providing security and privacy in Radio Frequency Identification (RFID) systems. The goals of our project are to:

Investigate the security and privacy threats faced by RFID systems
Design and implement real solutions against these threats
Investigate the associated technological and legal issues

The namesake of our project is the RFID Guardian: a mobile battery-powered device that offers personal RFID security and privacy management. One the focuses of our project is to build an RFID Guardian prototype.

RFID Personal Firewall.

Thu, 07 Dec 2006 18:46:09 GMT

RFID Personal Firewall. JanMark writes "Prof. Andrew Tanenbaum and his student Melanie Rieback (who published the RFID virus paper in March) and 3 coauthors have now published a paper on a personal RFID firewall called the RFID Guardian. This device protects its owner from hostile RFID tags and scans in his or her vicinity, while letting friendly ones through. Their work has won the Best Paper award at the USENIX LISA Conference." [Slashdot: Your Rights Online]

Would You Trust RFID-Enabled ATM Cards?

Wed, 06 Dec 2006 13:22:16 GMT

Would You Trust RFID-Enabled ATM Cards? race_k2 asks: "As a regular Slashdot reader I've followed the development and implementation of RFID devices in many ubiquitous areas such as clothing, passports and even people. Given that our environment is becoming increasingly tagged, often without our knowledge or consent, and can be monitored or hacked by anyone with the proper hardware, skills and motivation, I viewed the recent arrival of two new ATM cards containing RFID chips with skepticism. While this feature may bring the increased convenience of speedy checkouts, it is not something I am completely comfortable using and decided that the safety of my personal data was more important than the ability to buy things quickly. The vulnerable nature of RFID security coupled with recent, though unrelated, reports of a Possible Security Flaw In ATMs make me seriously question whether the marriage of wireless data transfer with personal finance is a wise application of technology." --- So race's question basically boils down to: How safe and secure are the RFID chips that are being embedded in debit and credit cards? To add another issue on to the fire: Would you trust RFID technology on your cards? [Slashdot: Your Rights Online]

British RFID Passports Easily Hacked.

Wed, 22 Nov 2006 04:59:44 GMT

British RFID Passports Easily Hacked.

New passports issued in the UK contain Radio Frequency Identification (RFID) chips, supposedly for purposes of increased security. But a report in the British newspaper The Guardian found the passports surprisingly easy to read and copy. Using a device purchased for £250, a Guardian reporter was able to view and copy information from several of the new passports.

Although the new passports use a strong crypto algorithm to protect their biometric data, the encryption key is easy to steal. As the ICAO's website reveals, the key consists of the passport number, the holder's date of birth, and the expiration date.

Obtain those details -- or even brute force them (the University of Cambridge's Ross Anderson says the RFID's do not lock themselves after even high numbers of repeated attempts) -- and you can read out enough data to create a cloned passport.

Phil Booth, from the organization NO2ID, took part in the newspaper's investigation. "This is simply not supposed to happen," says Booth. "This could provide a bonanza for counterfeiters because drawing the information from the chip, complete with the digital signature it contains, could result in a passport being passed off as the real article. You could make a perfect clone of the passport."

Since a reader can potentially scan a passport from as much as 30cm away, a passport could be read and cloned without the passport ever leaving the victim's pocket.

Click here for more information on EFF's work to prevent RFID tags in ID cards and elsewhere.

EFF: Deep Links]

E-Commerce News: RFID: IBM Trims Privacy Concerns With 'Clipped Tag' RFID

Wed, 15 Nov 2006 06:27:14 GMT

A year after IBM scientist Paul Moskowitz distributed handmade prototypes of his invention at an industry event, IBM has announced it will license his Clipped Tag technology -- which features an RFID tag small and flexible enough to allow consumers to tear off most of its antenna -- to Marnlen RFiD. The firm said it will begin production of Clipped Tag products immediately.

'Extreme Big Brother fears to become a reality' - Public Sector - Breaking Business and Technology News at silicon.com

Wed, 15 Nov 2006 06:07:35 GMT

UK citizens will be tracked by RFID tags embedded in their clothes and have their movements monitored by unmanned "flying eyes in the sky" using facial recognition systems within 10 years, the nation's data protection watchdog has claimed.

In a new report entitled A Surveillance Society, information commissioner Richard Thomas predicts a world in 2016 where technology is extensively and routinely used to track and record people's activities and movements.

He said in the report: "Two years ago I warned that we were in danger of sleepwalking into a surveillance society. Today I fear that we are in fact waking up to a surveillance society that is already all around us."

Marks & Spencer extends RFID tagging nationwide - Retail & Leisure - Breaking Business and Technology News at silicon.com

Wed, 15 Nov 2006 06:05:40 GMT

Marks & Spencer (M&S) is to extend the item-level radio frequency ID (RFID) tagging of clothing items following successful trials in 42 stores.

M&S has been one of the early UK pioneers in using RFID tags in the retail sector and first trialled the tracking technology on a selection of men's clothing in its High Wycombe store in 2003.

The RFID tags are contained in throwaway paper labels attached to, but not embedded in, a variety of men's and women's clothing items in stores. M&S uses mobile scanners to scan garment tags on the shop floor, and portals at distribution centres and the loading bays of stores allow rails of hanging garments to be pushed through and read at speed.

A spokeswoman for M&S told silicon.com that item-level RFID tagging of certain ranges of clothing will now be rolled out to a further 80 stores in the spring of 2007.

"We are tagging a variety of complex sizing items such as men's suits and women's trousers and skirts. Anything where you can have a wide variety of clothing sizes," she said.

M&S is also looking at extending RFID tagging to other clothing departments from the autumn of next year, she added.

RFID Tech Infiltrating a British Institution.

Wed, 15 Nov 2006 06:02:12 GMT

RFID Tech Infiltrating a British Institution. An anonymous reader writes, "According to silicon.com, Marks & Spencer -- a department store as quintessentially British as tea & cake -- is so pleased with its trial of RFID clothes-tagging that it's planning to roll it out nationwide. Considering that the UK's Information Commissioner recently made a lot of noise around the RFID track and trace tech, warning that Britain is 'sleepwalking into a surveillance society', Marks & Sparks seems to be setting itself up as a tweed-clad Public Enemy Number One." [Slashdot: Your Rights Online]

US.gov tunes out scathing RFID privacy report.

Fri, 10 Nov 2006 03:07:22 GMT

US.gov tunes out scathing RFID privacy report.

DHS committee study 'disavowed'

An external security advisory committee reporting to the US Department of Homeland Security has produced a highlight critical report (PDF) advising against the use of RFID technology in government documents.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Code highlights e-passport eavesdropping risk.

Tue, 31 Oct 2006 16:03:50 GMT

Code highlights e-passport eavesdropping risk.

What RFIDIOt chipped my passport?

Researchers have released proof-of-concept code that creates a means to read personal details from next-generation passports outfitted with RFID chips.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

RFID Journal - Germany's BKA Uses RFID to Test Criminal-ID Software - RFID (Radio Frequency Identification) Technology News & Features

Mon, 30 Oct 2006 19:26:42 GMT

Oct. 30, 2006--Germany's Bundeskriminalamt (BKA), or Federal Criminal Investigation Office, is using RFID as part of a test of facial-recognition software. The trial began this month and will last until January.

The country's Federal Ministry of the Interior authorized the test in mid-February, which is being held in the main railway station in Mainz, a city not far from Frankfurt. The project gained new relevance in August when police foiled a plot to blow up regional trains in Germany. Video monitoring of passengers in train stations played a key role in identifying the attempted terrorists.

Feds Leapfrog RFID Privacy Study.

Mon, 30 Oct 2006 19:24:04 GMT

Feds Leapfrog RFID Privacy Study. A Homeland Security advisory panel finds serious privacy and security problems with RFID. But the report is stalled, while the government rolls out new ID cards using the controversial technology. By Ryan Singel. [Wired News: Security Blanket]

FCW.com - NIST highlights RFID risks

Sun, 29 Oct 2006 06:18:17 GMT

A draft publication from the National Institute for Standards and Technology highlights some of the security and privacy risks associated with radio frequency identification technology.

Some of the risks involved can be serious. The threat can extend from the RFID tags to central databases on an agency's network, according to the report. But NIST experts are not trying to scare agencies from using the technology.

"Like any new technology, RFID presents new security and privacy risks that must be carefully mitigated through management, operational, and technical controls in order to realize the numerous benefits the technology has to offer," the report states.

One danger is that an unauthorized user with a RFID reader, which is also called an interrogator, could gather information about the contents of a container, making it easier to decide what to steal. So agencies need to decide how much information to include on the tags and how to protect it.

FCW.com - EU needs RFID privacy regs, study finds

Sun, 29 Oct 2006 06:13:23 GMT

The European Union needs to consider adopting a solid legal framework to ensure that the use of radio frequency identification technology does not infringe on privacy, a top official of the European Commission, the executive branch of the EU, told an RFID conference Oct. 16.

The EU also needs to standardize its RFID frequencies in the 865 to 868 MHz frequency band, according to a commission background paper presented at the conference. The commission said it expects to complete a draft spectrum decision by the end of this year.

It has recently completed a six-month consultation with public and industry stakeholders on the use of RFID tags in the EU. Viviane Reding, European commissioner for information society and media, told the conference that "the overriding message that comes out of the consultation is that citizens have concerns over privacy issues."

EU mulls RFID privacy laws.

Thu, 26 Oct 2006 03:13:56 GMT

EU mulls RFID privacy laws.

Brussels ready to roll on chips

Concern about the privacy implications of using RFID tags need to be overcome if the technology is to gain public acceptance, according to a new EU study.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Irish passports go RFID, and naked.

Wed, 25 Oct 2006 22:03:53 GMT

Irish passports go RFID, and naked.

Mug me, my house is currently worth a fortune

Analysis The Irish government has begun issuing RFID passports with biometric data that can be read at a distance to comply with US regulations for its visa waiver programme.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Slashdot | RFID In Government Issued ID?

Wed, 25 Oct 2006 20:47:19 GMT

RFID! writes, "The Department of Homeland Security's Data Privacy and Integrity Advisory Committee published a draft report that poured cold water on using RFID in government-mandated identity cards and documents (PDF link). But this met with some consternation among the DHS bureaus that plan to use RFID in this way and the businesses eager to sell the technology to the government, and now a vote on the report has been delayed until December."

Researchers See Privacy Pitfalls in No-Swipe Credit Cards - New York Times

Wed, 25 Oct 2006 03:25:48 GMT

MHERST, Mass. -- They call it the "Johnny Carson attack," for his comic pose as a psychic divining the contents of an envelope.

Tom Heydt-Benjamin tapped an envelope against a black plastic box connected to his computer. Within moments, the screen showed a garbled string of characters that included this: fu/kevine, along with some numbers.

Mr. Heydt-Benjamin then ripped open the envelope. Inside was a credit card, fresh from the issuing bank. The card bore the name of Kevin E. Fu, a computer science professor at the University of Massachusetts, Amherst, who was standing nearby. The card number and expiration date matched those numbers on the screen.

The demonstration revealed potential security and privacy holes in a new generation of credit cards -- cards whose data is relayed by radio waves without need of a signature or physical swiping through a machine. Tens of millions of the cards have been issued, and equipment for their use is showing up at a growing number of locations, including CVS pharmacies, McDonald's restaurants and many movie theaters.

Privacy Pitfalls in No-Swipe Credit Cards.

Wed, 25 Oct 2006 03:22:07 GMT

Privacy Pitfalls in No-Swipe Credit Cards.

A NYTimes article notes the various privacy concerns with contactless credit cards whose data is relayed by RFID without need of a signature or physical swiping through a machine. Incredibly, cards are being deployed without any encryption (contrary to what the banks are saying):

The card companies have implied through their marketing that the data is encrypted to make sure that a digital eavesdropper cannot get any intelligible information. American Express has said its cards incorporate "128-bit encryption," and J. P. Morgan Chase has said that its cards, which it calls Blink, use "the highest level of encryption allowed by the U.S. government."

But in tests on 20 cards from Visa, MasterCard and American Express, the researchers here found that the cardholder's name and other data was being transmitted without encryption and in plain text. They could skim and store the information from a card with a device the size of a couple of paperback books, which they cobbled together from readily available computer and radio components for $150.

They say they could probably make another one even smaller and cheaper: about the size of a pack of gum for less than $50.

And because the cards can be read even through a wallet or an item of clothing, the security of the information, the researchers say, is startlingly weak. "Would you be comfortable wearing your name, your credit card number and your card expiration date on your T-shirt?" Mr. Heydt-Benjamin, a graduate student, asked.

Unbelievable.

[michaelzimmer.org]

e-Passport Solution Successfully Delivered in Ireland.

Mon, 16 Oct 2006 21:59:15 GMT

e-Passport Solution Successfully Delivered in Ireland. Biometric, contactless e-passport meets requirements of U.S. visa program [GT: Security and Privacy]

No, young shoppers do not want to pay with chip in skin.

Mon, 16 Oct 2006 21:44:31 GMT

No, young shoppers do not want to pay with chip in skin.

One of my pet peeves is the misuse of statistics in reporting. Here[base ']s an example that happens to intersect with issues of privacy.

The Daily Mail is featuring a story titled [base "]Young shoppers want to pay with chip in skin[per thou], extolling the fact that teenagers are willing to have microchip implants as a means of paying in stores. But three paragraphs into the story you discover that only around 8 percent of 13 to 19-year-olds are open to the idea of microchip implants.

Wow, 8%. That means 92% don[base ']t want to pay with implanted microchips. Of course, a headline like [base "]Eleven-twelfths of teens don[base ']t want anything to do with becoming digitally-enhanced consumer cyborgs[per thou] doesn[base ']t sell papers.

A broader concern here is that when these kind of memes start circulating - that kids think its no big deal to have chips implanted linked to their personal & financial information - general expectations of privacy and informational norms start to change.

[found via Canadian Privacy Law Blog]

[michaelzimmer.org]

Airport to tag passengers | The Register

Mon, 16 Oct 2006 21:42:33 GMT

Airport security chiefs and efficiency geeks will be able to keep close tabs on airport passengers by tagging them with a high powered radio chip developed at the University of Central London.

The technology is to be trialled in Debrecen Airport in Hungary after being in development for two-and-a-half years by University College London as part of an EU-funded consortium called Optag.

Schneier on Security: RFID Tagging People at Airports

Mon, 16 Oct 2006 21:40:42 GMT

How's this for a dumb idea? Tagging passengers at airports. That's all passengers.

EDITED TO ADD (10/13): Ross Anderson said this to me in e-mail: "The real reason for wanting to tag airline passengers is that when people check bags but don't turn up for the flight in time, the bags have to be unloaded, causing expensive delays." Interesting analysis.

BBC NEWS | Technology | Air passengers 'could be tagged'

Mon, 16 Oct 2006 21:38:49 GMT

Electronically tagging passengers at airports could help the fight against terrorism, scientists have said.

The prototype technology is to be tested at an airport in Hungary, and could, if successful, become a reality "in two years".

The work is being carried out at a new research centre, based at University College London, set up to find technological solutions to crime.

Other projects include scanners for explosives and dirty bomb radiation.

Dr Paul Brennan, an electrical engineer, is leading the tagging project, known as Optag.

He said: "The basic idea is that airports could be fitted with a network of combined panoramic cameras and RFID (radio frequency ID) tag readers, which would monitor the movements of people around the various terminal buildings."

The plan, he said, would be for each passenger to be issued with a tag at check-in.

He said: "In our system, the location can be detected to an accuracy of 1m, and video and tag data could be merged to give a powerful surveillance capability."

Californians Lose Out on New RFID Safeguards.

Wed, 11 Oct 2006 07:10:10 GMT

Californians Lose Out on New RFID Safeguards.

Last month, California's state legislature passed a bipartisan, groundbreaking new law that would institute tough privacy safeguards for Radio Frequency Identification RFID chips embedded in state identification cards. Unfortunately, over the weekend Governor Arnold Schwarzenegger vetoed the Identity Information Protection Act and prevented Californians from gaining control over the personal information that will be broadcast by RFID-equipped drivers' licenses, library cards, and other important ID cards.

In his veto statement, Schwarzenegger claimed that the bill was premature, as the federal government has not released new technology standards for state drivers' licenses and other ID cards as part of the REAL ID Act. But this is precisely why California and other states should act now. The REAL ID Act mandates that drivers' licenses have "common machine-readable technology" on every ID. If the Department of Homeland Security decides that this "machine-readable technology" will be RFID, then citizens deserve a thoughtful and rational law to protect them from identity theft, covert tracking, and stalking.

While obviously disappointing, the fight's not over yet -- EFF and our partners will work hard to get this bill reintroduced and passed next year. The bill is sponsored by EFF, the ACLU, and the Privacy Rights Clearinghouse, and support came from groups ranging from the AARP to the California Alliance Against Domestic Violence to the Gun Owners of California.

[EFF: Deep Links]

Arnie terminates RFID bill.

Wed, 11 Oct 2006 06:34:31 GMT

Arnie terminates RFID bill.

It'll be back, vows sponsor

Legislative proposals to regulate government use of RFID technology in California have been vetoed by state governor Arnold Schwarzenegger.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Shops must use RFID with care.

Fri, 29 Sep 2006 04:46:59 GMT

Shops must use RFID with care.

Information Commissioner checks it out

Shops which use RFID tags and CCTV cameras must tell shoppers every time an RFID tag is used and must tell shoppers how to remove them. The order comes in guidelines produced by the Information Commissioner's Office (ICO). RFID (radio frequency identification) tags are used for inventory management in many shops but are increasingly used on shop shelves to identify products. The ICO said that shops must comply with the Data Protection Act when RFID information is collected alongside personal identifying information, such as CCTV footage.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Attention, Shoplifters (businessweek)

Tue, 12 Sep 2006 18:08:04 GMT

Some Macy's (FD ), CVS (CVS ), and Babies 'R' Us stores have installed a system called the Video Investigator, whose advanced surveillance software can compare a shopper's movements between video images and recognize unusual activity. Remove 10 items from a shelf at once, for instance, or open a case that's normally kept closed and locked, and the system alerts guards sitting in a back room -- or pacing the sales floor -- with a chime or flashing screen. The system can predict where a shoplifter is likely to hide (at the ends of aisles, behind floor displays). A search function spots sudden movement that might indicate a large spill, prompting workers to clean up before it leads to a slip-and-fall accident and a costly lawsuit. And if someone opens a back door at 2 a.m., the system will record who sneaked in and link it with snapshots of the previous and next persons to use the door. Alerts, complete with images, can be sent to handheld devices, keeping retailers informed 24/7, says Jumbi Edulbehram, vice-president for strategic marketing at IntelliVid Corp., a Cambridge (Mass.) firm that makes the Video Investigator system.

LiveScience.com - Garbage Cans Pack Spy Chips

Tue, 05 Sep 2006 16:29:59 GMT

Electronic devices (passive RFID tags) about the size of a one-pence piece are screwed into a hole in the lip of the bin. As the bin is hoisted up for emptying, an RFID reader on the refuse truck interrogates the chip, which divulges a serial number identifying the property owner. The weight of the bin is recorded by the truck's sensors and is registered in a database entry along with the serial number.

The database entries for the day are downloaded at the dump (now, that's a data dump!) and stored in a vast central databank of property owner behavior. I can smell a new "garbage tax" on people with overly-heavy cans--how about you?

Your Garbage Can Could Be Spying On You.

Tue, 05 Sep 2006 16:25:40 GMT

Your Garbage Can Could Be Spying On You. macs4all writes "Garbage cans all over England are under surveillance tonight. And not by sleepy, fallible humans. This article in Live Science claims that at least 500,000 'wheelie bins' are now using RFID technology." Though that doesn't sound very dire, the article points out the ease with which your consumer spending habits could be tracked. "Although this is frankly a story that is difficult to take seriously, please note the following. You should remember that many of the articles you buy (and sooner or later throw away) are now also equipped with passive RFID tags that detail the item's brand name and product name. If it's possible to scan the tag on the trash can with an ID, it's possible to use similar equipment to quickly scan your can to uncover your purchasing habits." [Slashdot: Your Rights Online]

Dallas Morning News | Cornyn seeking the facts on RFID

Fri, 01 Sep 2006 00:36:55 GMT

Radio frequency identification technology will eventually be in the products you buy, the credit cards you buy them with, and the driver's license you carry while driving home from the store.

But the proliferation of RFID has raised concerns among privacy advocates who worry that consumers will be at greater risk of fraud and identity theft. State and federal lawmakers are starting to look at regulating the technology.

In July, U.S. Sen. John Cornyn of Texas co-founded the Senate RFID Caucus.

Wednesday, the senator was in Dallas to deliver the keynote speech at the Texas Competitiveness Summit at the University of Texas at Dallas.

He also sat down to discuss his interest in RFID technology, why he started the caucus, and his thoughts on the privacy concerns.

Here are excerpts from the interview.

California Lawmakers Pass Safeguards for Privacy-Leaking RFID Chips.

Thu, 31 Aug 2006 19:48:25 GMT

California Lawmakers Pass Safeguards for Privacy-Leaking RFID Chips.

The California State Senate passed tough new privacy safeguards yesterday for use of "tag and track" devices known as Radio Frequency Identification (RFID) chips embedded in state identification cards. The bill, SB 768, helps ensure that Californians can control the personal information contained on their drivers' licenses, library cards and other important ID documents.

EFF worked with a diverse range of concerned groups to get this bill passed, and now it just needs to clear one last hurdle -- the governor's signature -- before becoming law. If you live in California, follow this link and call the governor's office immediately to voice your support for S.B. 768.

Regardless, forward that link to friends and family who live in California and urge their support.

[EFF: Deep Links]

If a Cloned Legislator Passes a Law, Does Anyone Obey It?

Wed, 30 Aug 2006 00:04:40 GMT

If a Cloned Legislator Passes a Law, Does Anyone Obey It?

California lawmakers beware, some clever hacker might clone the card used to gain entrance to Legislature and write the laws -- and they may not be as nice as professional art troublemaker Jonathon Keats's attempt to get Berkeley to pass the unbreakable Aristotle's Law, decreeing that everything must be itself.

A certain someone forwarded on the video.

Of course, the California Legislature is hardly the only place using such chips...

[27B Stroke 6]

Yes, Virginia, You Do Need A Tinfoil Hat.

Thu, 24 Aug 2006 20:40:01 GMT

Yes, Virginia, You Do Need A Tinfoil Hat.

Though the State Department has only just begun to issue new e-passports with RFID chips in them, one company is already offering a nice accessory for it -- an anti-snooping pouch.

Paraben Forensic Tools, which sells hardware and software for pulling data out of computers and cell phones, is selling the "Passport StrongHold" for $15.

Made from layers of silver, copper and nickel, this portable faraday cage is intended to keep rogue RFID readers from snooping on your passport.

Sadly, this passport equivalent of a tin-foil hat is actually a good idea.

Via Digg

[27B Stroke 6]

e-passport cloning risks exposed.

Thu, 24 Aug 2006 20:35:17 GMT

e-passport cloning risks exposed.

RFID hack attack

A security consultant has shown how to clone electronic passports based on internationally agreed designs due to begin distribution this year.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Radio chips leave visa data unsecured - Nation/Politics - The Washington Times

Tue, 22 Aug 2006 17:35:48 GMT

Foreign visas and information on U.S. aircraft protection are vulnerable to unauthorized access because of shortcomings in the Homeland Security Department's use of technology, according to a report released yesterday by the department's inspector general.

The report says the security issues involve the use of radio frequency identification chips (RFID) and databases at three Homeland Security agencies.

"These security-related concerns, if not addressed, increase the potential for unauthorized access to DHS resources and data," the report said. "We identified vulnerabilities on databases that could be exploited to gain unauthorized or undetected access to sensitive data."

The report was only able to focus on Customs and Border Protection (CBP), Transportation Security Administration (TSA), and the U.S. Visitor and Immigrant Status Indicator Technology program (US-VISIT) because the department lacks "an accurate inventory of systems using RFID technology."

RFID chips use wireless technology to store data that can be retrieved to confirm the identity of a person or location of an object through a tiny radio transmitter.

"The flexibility and portability of RFID technology and devices, as well as the information that resides on the tags, increases the need for security and privacy controls," the report said.

The report found security concerns in password management, user access permission and a lack of auditing in the systems that CBP uses to track foreign visitors upon entry at the two U.S. land borders. The Free and Secure Trade (FAST) program on the Mexican border and the Global Enrollment System on the Canadian border collect information that is fed into the US-VISIT program, which contains personal and biometric information on 17.5 million foreign visitors who have passed through nearly 200 air, land and sea ports.

Homeland officials agreed with the inspector general's findings and say additional security measures will be taken and guidelines developed to secure databases. The chips are still in the testing stage at the TSA to identify airline pilots, track their weapons, cargo and passenger bags.

Passports receiving ID chips / Infineon gets order for high-tech security documents

Tue, 22 Aug 2006 16:49:39 GMT

A German semiconductor company with offices in San Jose said Monday that it has received an order from the U.S. government for millions of identification chips that will be embedded in passports to help prevent fraud at border crossings.

Infineon Technologies provided few details about the order. A spokeswoman for the Government Printing Office, which prints and binds passports in Colorado, confirmed the deal.

A French company, Gemalto, has also received an order for a pilot run of the ID chips, she said, but at this point it isn't known whether those will go into volume production.

The chips carry an encrypted digital photograph of the passport holder. The chip is designed to be read by a special device that will be used by U.S. government workers who check passports when travelers come through border crossings.

The State Department began issuing what are being called e-passports to tourists last week and will gradually increase production. State Department spokeswoman Janelle Hironimus said existing passports will remain valid until they expire but, eventually, all U.S. passports -- about 13 million will be issued in 2006 -- will contain such chips.

The decision to mass produce these chip-powered passports comes after a lengthy process during which privacy activists argued that the new electronic devices might give hackers access to personal information. And while their complaints prompted features to boost privacy, skeptics remain.

"Whether the changes are enough, we'll have to find out,'' said Lillie Coney, associate director of the Electronic Privacy Information Center in Washington.

Slashdot | E-Passport In the Works

Tue, 22 Aug 2006 16:47:01 GMT

ExE122 writes "In an attempt to curb falsification of passports, the United States has placed an order for millions of embedded ID chips. 'The chips carry an encrypted digital photograph of the passport holder. The chip is designed to be read by a special device that will be used by U.S. government workers who check passports when travelers come through border crossings. The State Department began issuing what are being called e-passports to tourists last week and will gradually increase production. State Department spokeswoman Janelle Hironimus said existing passports will remain valid until they expire but, eventually, all U.S. passports -- about 13 million will be issued in 2006 -- will contain such chips.'"

Privacy not a problem, say smart-card vendors

Tue, 22 Aug 2006 16:28:04 GMT

A group of smart-card and smart-chip vendors is launching a campaign to talk up the security and privacy features of their products, even as researchers raise questions about their use in passports.

Smart-card makers Gemalto NV and Oberthur Card Systems, as well as chip makers Infineon Technologies AG, Philips Semiconductors and Texas Instruments Inc., on Wednesday launched the Secure ID Coalition to promote the use of secure smart card standards as a way to protect privacy.

The group, debuting at the National Conference of State Legislators this week, was formed because the message about the security features of contactless smart cards is "not getting through very clearly," said Tres Wiley, director of e-documents for Texas Instruments.

Earlier this month, at the Black Hat conference in Las Vegas, German security researcher Lukas Grunwald demonstrated a way to copy information from his passport's RFID (radio frequency identification) chip to another smart card. And as the U.S. Department of State geared up this month to start issuing passports with smart cards included, Bruce Schneier, chief technology officer of Counterpane Internet Security Inc., predicted that the new passports could eventually be hacked and allow for surreptitious tracking.

Infineon chips to be used in U.S. e-passports.

Mon, 21 Aug 2006 18:32:48 GMT

Infineon chips to be used in U.S. e-passports. German chip maker Infineon Technologies will supply chips for new electronic passports the U.S. government will begin issuing in October. [Computerworld Privacy News]

EFF - CA Alert - Keep Privacy-Leaking Chips out of State ID!

Thu, 17 Aug 2006 23:05:30 GMT

CA Alert - Keep Privacy-Leaking Chips out of State ID!

We're close to a major victory in the battle to keep radio frequency identification (RFID) tags out of California IDs, but we need your help to finish the job.

Without careful safeguards, RFIDs in IDs can broadcast your personal information to anyone nearby with cheap, readily-available equipment. Your government could be exposing you to the risk of covert tracking, stalking and identity theft.

In California, EFF has been working with a diverse range of concerned groups to stop insecure ID cards. The result, S.B. 768, faces a vote next week in the Legislature before reaching the governor. (The bill has already passed the Senate once, though not in its amended form.)

If you live in California, use our Action Center now to call your representatives and tell them to vote yes on SB 768.

[EFF: Deep Links]