RFID wallets
March 9, 2006 1:16 PM   Subscribe

I gotta say, I think the tinfoil wallet would have a lot more impact if the sample image wasn't showing its powerful ID-sensitive protection of some dude's frequent buffet customer pass and Harris Teeter supermarket discount card.
posted by XQUZYPHYR at 1:28 PM on March 9, 2006

I'd get one of these but it would mean having to get my Oyster card out every time I use it. I'm waiting for an RFID wallet that RFID signals can get through.
posted by cillit bang at 1:32 PM on March 9, 2006

Call out the paranoids! Paranoids, post here!
posted by mischief at 1:41 PM on March 9, 2006

Being an American, I can think of one reason I might want to keep my RFID-enabled passport in a tinfoil sleeve. It's the same reason I always think about sewing a maple leaf patch onto my backpack when I leave the country.
posted by gurple at 1:45 PM on March 9, 2006

Call out the paranoids! Paranoids, post here!

They put another, readable RFID chip in the wallet to quickly identify those who obviously have something to hide.
posted by weapons-grade pandemonium at 1:49 PM on March 9, 2006

Wow, I hadn't really thought about that before, but let's say you could make a device that, maybe without being able to pull out the individual-specific information on American passports and IDs, could at least detect that they were present.

In countries other than America, you'd have an American detector. A must for every suicide bomber or kidnapper's toolkit.
posted by gurple at 1:51 PM on March 9, 2006

w-g p: Those with something to hide will be those who do not shine. The only way to stay anonymous is to be broadcasting.
posted by mischief at 1:52 PM on March 9, 2006

is it just me, or is it impossible to take any form of protection seriously that involves the use of tinfoil?
posted by shmegegge at 1:52 PM on March 9, 2006

gurple: 128-bit encryption
posted by mischief at 1:53 PM on March 9, 2006

there's a great comment on schneier's blog:

Er... how's the price of this EMP producing microwave device compare to the $7 hammer I already own ?

fucking awesome.
posted by shmegegge at 1:54 PM on March 9, 2006

gurple: 128-bit encryption

Right, so you can't get the actual data out. But are there any characteristics of different RFID chips that you can get from the chip without decrypting the info? Do chips from different chipmakers have different response characteristics, maybe time or signal dispersal or something?

Either way I won't be tinfoilling my wallet any time soon, but it's something to think about.
posted by gurple at 1:56 PM on March 9, 2006

Does Bruce Schneier like anything? Ever?
posted by skallas at 1:59 PM on March 9, 2006

would a tesla coil suffice
posted by nervousfritz at 2:04 PM on March 9, 2006

There's a market here for irreverent RFID tags.
What's wrong with giving them, you know, a little extra information.
posted by weapons-grade pandemonium at 2:14 PM on March 9, 2006

RFID is currently not *that* much of a privacy threat, because of multiple competing vendors & standards in the marketplace. Until standards are created, there is little chance of a single RFID scanner instantly finding out where you buy your clothes, what books you are reading, what is in your shopping bag, etc.

Worth mentioning, though, that Privacy International's most recent Big Brother Awards for the US included two mentions of RFID technology: U.S. Passports with RFID & Brittan Elementary School RFID tagging of students. Brittan Elementary won the coveted "Orwell" award in the Most Invasive Proposal or Project category.
posted by UbuRoivas at 2:17 PM on March 9, 2006

FYI, I don't use it for this purpose, but I carry all my shit in an Altoids tin.
posted by cellphone at 2:20 PM on March 9, 2006

gurple: I'd suppose that all RFID chips have a UID that is, for practical pruposes, not encrypted. Similar to how network cards have MAC addresses whose ranges belong to certain manufacturers.
posted by odinsdream at 2:22 PM on March 9, 2006

Since passports would use active RFIDs, designing them with a switch that turns off the RFID when the passport is closed should not be a major design hurdle.

Besides, I can think of a technology that is far easier to exploit in identifying someone's nationality: cell phones. I guess you can never call anyone from the anti-RFID contingent.
posted by mischief at 2:26 PM on March 9, 2006

My wallet is already made of tin foil. And duct tape. As is my house. I am very poor.
posted by Astro Zombie at 2:29 PM on March 9, 2006

In countries other than America, you'd have an American detector. A must for every suicide bomber or kidnapper's toolkit

Most of the people I've met from outside of the U.S. say that U.S. Citizens tend to make themselves obvious when traveling.
posted by KirkJobSluder at 2:33 PM on March 9, 2006

I called my bank and asked them to replace the new radio frequency identification enabled debit card they sent me. They wouldn't.
posted by Captaintripps at 2:35 PM on March 9, 2006

Captaintripps, cancel your account with your bank. Unless corporations see a penalty for invading privacy, they'll continue to do it.

If the passport became inactive when closed, I wouldn't be that upset about it, but it's still not perfect. I guess the question then would be is the invasion of privacy we're open to worth the benefit or reducing fradulant passports? Without knowing how many fake passports are out there, I can't answer this.

Oh, and what happens if the chip is disabled (say, I accidently smash my passport with a $7 hammer or soak the rfid chip in water), will the US still let me back in the country? If yes, what's to stop crooks from implanting broken chips into fake passports? If no, how much of an inconvenience will this add to citizens and what is the expected life span on the passport?
posted by Crash at 2:57 PM on March 9, 2006

I'm actually not terribly worried about it. I just wanted to look cool to hot, security-interested women.
posted by Captaintripps at 3:02 PM on March 9, 2006

"Unless corporations see a penalty for invading privacy, they'll continue to do it."

Trading personal information is part of the cost of using a product or service. From the example set by grocery stores, companies know the market of people willing to part with some data is huge.

BTW, don't pick your nose while waiting in line at 7-11; you're on candid camera.
posted by mischief at 3:18 PM on March 9, 2006

But there's no real benefit for the consumer to allow rfid chips in their passports or bank cards. In my car, sure. I happily trade my privacy regarding my location for the benefit of not having to stop to pay tolls. But what's the benefit of letting someone read my credit card without my knowledge? If we're worried about security, how about enabling a pin on credit cards? Wouldn't that be simpler and cheaper to implement?
posted by Crash at 3:31 PM on March 9, 2006

Would an EMP burst (localized, not a big nuke) affect these?
posted by Smedleyman at 3:32 PM on March 9, 2006

Finally a pocketbook to go with my foil hat.
posted by onegreeneye at 3:37 PM on March 9, 2006

From my limited knowledge of RFIDs, yeah, an EMP would fry these things just fine. EMPs work by inducing an electric current in the wires of circuitry. Baring heavy duty RFIDs (consumer RFIDs will likely be made by the lowest bidder) a little current should go a long way.
posted by Richard Daly at 3:46 PM on March 9, 2006

there's no real benefit for the consumer to allow rfid chips in their passports or bank cards

NO real benefit? Maybe not for you.

Passports? How about faster lines at airports?
Bank cards? How about a more dependable transfer of data than a magstripe?

"letting someone read my credit card without my knowledge?"

Who exactly would that be, and how did they get an authorized reader (that is tied to a central verification server) that can decrypt your info?
posted by mischief at 3:47 PM on March 9, 2006

Passports? How about faster lines at airports?

At most, it could potentially speed up one of the lines you have to stand in at international airports when entering the united states. Potentially. Not much of a payoff for having your identity remotely scannable by anyone who cares to.

Bank cards? How about a more dependable transfer of data than a magstripe?

The rfid chip will supplement the magstripe but not replace it, and will therefore not improve the transfer of data. There are few if any benefits to you.

You're very quick to attack people who don't like these things. Why? Does their opposition cost you something?
posted by George_Spiggott at 3:59 PM on March 9, 2006

RFIDs can also be hacked. I have heard of the Johns Hopkins Information Technology department imitating RFIDs to break into cars. (in the name of science of course)
posted by Suparnova at 4:15 PM on March 9, 2006

speed up one of the lines

Yeah, the one consisting of people known to be "safe".

therefore not improve the transfer of data

Ever stand in the cold on a wet wintry day trying to swipe a card through a reader that's iced up?

Does their opposition cost you something?

"People who don't like these things" generally show a high amount of ignorance concerning the technology. To which I say "Taggart's bridge". Plus, I like picking on luddites.

BTW, from the zapper page: "When loaded to about 100 V, the RFID-Zapper was able to destroy the RFID-Tags placed right next to it. ... Since the strength of the electrical field decreases with the square of the distance, the final RFID-Zapper will definitely need a capacitor that can supply more than 100 V."

If "right next to it" is 1/16", then a distance of 8" would require well over 10,000 V.

On preview: "imitating RFIDs",

The RFID tags compromised by Johns Hopkins and RSA—part of TI's DST-40 tag lineup—use a proprietary 40-bit encryption algorithm first written in 1999.

"Why are we using a proprietary algorithm? Because it's faster [that way] to produce inexpensive chips," Sabetti said.

The researchers from Johns Hopkins and RSA reverse-engineered and emulated the 40-bit encryption over two months.

But DST-40 tags are only one part of a larger RFID portfolio that also includes a DST "Plus" edition—featuring "a series of memory features and encryption scalable to 80 bits"—as well as an "RFID credit card" lineup with industry-standard 128-bit Triple DES encryption, he said.

A skilled criminal can disable your home security and slit your throat before you awake. Why put your life on the line with such easily breakable technology? Or, he could just wait until you are gone and go through your papers.
posted by mischief at 4:41 PM on March 9, 2006

"People who don't like these things" generally show a high amount of ignorance concerning the technology.

Bruce Schneier? Compared to, say, you?

Plus, I like picking on luddites.

You mean you like calling people luddites because they oppose a certain application of a certain technology.

From one perspective, an axe is technology. Would you be a luddite if you opposed the application of this technology to your head?
posted by George_Spiggott at 4:54 PM on March 9, 2006

"Bruce Schneier? Compared to, say, you?"

Obviously yes, given how little analysis he put into that blog entry.

"You mean you like calling people luddites because they oppose a certain application of a certain technology."

That's what I said.

;-P
posted by mischief at 5:12 PM on March 9, 2006

No need to invest in gold. Put your money into aluminum foil! I just paid about $3.25 for a small box to cover my stove burners. If I have to now buy it for wallet covers and hats, I'm going to go broke!!!!!!!

What's that? Oooops, I gotta run. There's a message coming in through my fillings..... :>>>
posted by bim at 5:22 PM on March 9, 2006

>>In countries other than America, you'd have an American detector. A must for every suicide bomber or kidnapper's toolkit

Most of the people I've met from outside of the U.S. say that U.S. Citizens tend to make themselves obvious when traveling.

Yes, but you would expect that, being how the ones that don't make themselves obvious would easily be overlooked. If only 10% of U.S. Citizens are obvious and 90% are not obvious, it may be that I notice all of the obvious ones and only a small percentage of the un-obvious ones. This would make it look like most of them are obvious.
posted by Bort at 6:29 PM on March 9, 2006

Hmm, Bort makes a good point. In fact, to carry his train of thought further, the 10% who are obvious are also probably expendable.
posted by mischief at 6:39 PM on March 9, 2006

MasterCard Debit Card with PayPass RFID: Free
Hole punch from local office supply store: $0.99
Privacy after putting the two together: Priceless
posted by firehead at 7:18 PM on March 9, 2006

Most of the people I've met from outside of the U.S. say that U.S. Citizens tend to make themselves obvious when traveling.

Much as I hate to bash my own kind, I have to agree and add that an entire thread could be created regarding just how most folks can spot an American a mile off, and not for flattering reasons.
posted by onegreeneye at 8:42 PM on March 9, 2006

Latest Schneier in Wired: Why Data Mining Won't Stop Terror
posted by homunculus at 10:24 PM on March 9, 2006

Without writing a book, that's a fairly inaccurate, one-dimensional characterization of data-mining. Schneier might have something interesting to say if he dropped the left-leaning pandering.

Talk about getting paid to tell people what they want to hear! He's as good as any conservative bullshit artist.
posted by mischief at 4:21 AM on March 10, 2006

You have got to be joking.

Schneier has been writing about these topics for years on end and I've been reading him for years on end. He knows what he's talking about.

Go ahead and blow him off, though. Your personal data security isn't anyone's responsiblity but your own.
posted by sonofsamiam at 5:00 AM on March 10, 2006

You have to know what you're talking about in order to spin it for your audience. I've written more than enough white papers over the years to recognize someone who uses others' ignorance of a topic to 'prove' a point.
posted by mischief at 5:08 AM on March 10, 2006

Then again, there's no converting the faithful.
posted by mischief at 5:09 AM on March 10, 2006

a hyuk a hyuk a hyuk.
posted by sonofsamiam at 5:18 AM on March 10, 2006

... and if you think RFID is going to provide significantly more information about you than we already know ('we' being the customer relationship organizations with which I am associated), then look at this one resource (of many others).

Have you ever filed for a change of address? heheh
posted by mischief at 5:34 AM on March 10, 2006

you have cowed me. I defer to your leet change of address knowledge.

What is your point here?
posted by sonofsamiam at 5:40 AM on March 10, 2006

My point is commercial organizations already know quite a bit about you even without RFID.

Trying to avoid RFID is going to raise its own flags in commercial databases and will probably rate you special attention.

RFID is about to become so ubiquitous, you won't be able to avoid it completely.

Take Vegas for instance. The new casino resort Wynn is riddled with RFID, most particularly the chips. Also, the Culinary Union itself approved RFID for tagging bar servers at RIO. Those are just the uses that have been made public. I haven't been able to verify it yet, but I suspect the room keys (which double as players' cards) at Wynn are also RFID equipped.

If you don't already have a contactless credit card, then most likely your first RFID card will be your employee identification. Welcome to the 21st century.
posted by mischief at 6:02 AM on March 10, 2006

My point is commercial organizations already know quite a bit about you even without RFID.

No shit? I thought you might have something interesting to say.

You've clearly put the amount of thought into the topic that triggers my "deserves no special attention" flags.

Enjoy your shopping, snark away.
posted by sonofsamiam at 6:14 AM on March 10, 2006

Your biggest concern is shopping as opposed to your employer knowing everytime you step outside for a smoke for 7.3 minutes or whether you just used urinal #U3B as opposed to toilet #T6C (samples of which were forwarded to the biolab)? ;-P
posted by mischief at 6:25 AM on March 10, 2006

I have to agree with sonofsamiam.
Bruce is one of the most knowledgeable folks out there today on issues of security, and has written one of the most seminal books on cryptography. He is not just *any* blogger spouting his uninformed opinion from his parents basement. He has been writing (real books) and bloging for years on such issues and has even been asked to provide testimony and research reports for Congress on issues of Privacy, Cryptography, and the NSA.
For those of you here who believe that he can be discounted as a nut, I challenge you to provide a more well respected and knowledgeable alternative.
posted by TheFeatheredMullet at 12:28 PM on March 10, 2006