Sleeper Tags from RSA RSA Security is proposing that consumers use so-called ‘sleeper tags’ to prevent unwanted reading of RFID Tags they possess. A sleeper tag prevents an ordinary tag from being read when placed next to it. The sleeper tag creates an RF ‘shadow’ that makes the ordinary tag inert. It also presents a different serial number (i.e. ePC number) than the ordinary tag.
RSA says that there are two weaknesses of today’s RFID that make such sleeper tags necessary. The first is that the industry is driving toward cheaper tags that cannot support security and authentication found in many other types of communications infrastructure. The second is that consumers need to be able to protect their privacy by preventing any reader – legitimate or not – from accessing the tags in their possession.
I disagree with both of these arguments.
First, robust security and authentication technologies are available for RFID. RSA acknowledges this. Any enterprise deploying RFID and communicating highly valuable or sensitive information should require robust security and authentication. If the cost of employing these technologies is too high, then RFID simply isn’t cost effective. Such enterprises should wait until costs come down or consider other identification technologies.
Second, I think consumers are more likely to opt out of RFID altogether rather than carry sleeper tags to accompany ordinary tags. I once heard Kevin Ashton say that this isn’t an issue of privacy. It’s an issue of trust. It is impossible for any consumer to maintain complete secrecy for all their purchasing history and behavior. Consumers will give enterprises access to their information as long as those enterprises can prove they are trustworthy and will not misuse the information.
If enterprises can convince consumers that information gained from tagging products purchased by consumers is not being misused, then consumers will not mind buying tagged products. If enterprises fail to convince consumers, they won’t buy the tagged products. It’s that simple.
Right now, tagging individual consumer products isn’t practical because tags cost too much, they work unreliably and the infrastructure build out costs are astronomical. Presumably, the costs and reliability problems will be reduced over time. As tagging consumer products becomes practical, enterprises will need to demonstrate they can be trusted or consumers will opt out.
How will enterprises do this? I don’t know. If you want to see how NOT to do it, just look at the Philips and Benetton announcement from March 2003.
10:42:17 PM 
|
