An End to the Anonymity of Trash?

Britain is quietly introducing RFID (Radio Frequency Identity) tags to rubbish bins (trash cans) in a bid to measure the individual waste of each household and charge them accordingly. Some Britons are up in arms about this, saying that households have not been informed and calling it an abuse of privacy. Is it?

The UK’s Daily Mail reports that some bins, provided by local councils for households to dispose of their trash, contain coin-sized devices that monitor how much non-recyclable waste the owner throws out:

With the bugging technology, the electronic chips are carefully hidden under the moulded front ’lip’ of wheelie bins used by householders for non-recyclable waste. As the bin is raised by the mechanical hoister at the back of the truck, the chip passes across an antenna fitted to the lifting mechanism. That enables the antenna to ’read’ a serial number assigned to each property in the street.

A computer inside the truck weighs the bin as it is raised, subtracts the weight of the bin itself and records the weight of the contents on an electronic data card.

When the truck returns to the depot, all the information collected on the round is transmitted to a hand-held device and downloaded on to the council’s centralised computer. Each household can be billed for the amount of waste collected – even though they have already paid for the services through their council tax.

According to The Mail two German companies manufacture the bins and sensors, Sulo and RFID specialist Deister Electronic.

As with all such things, the story reflects local fears, obsessions and behaviour. First off, drinking: The Mail quotes a local council chairman saying he believed the chips “were simply to ensure bins could be returned to the right addresses if they got mixed up or drunks rolled them off”. Second, avoiding paying: The opposition Conservative party warns that “people will simply start dumping bags in their neighbours’ gardens or at the end of the street to avoid paying”. And then there’s the whole castle thing: a council spokesman in Wiltshire says the chips were “to sort out disputes between householders about whose wheelie bin is whose. If there are any arguments we can just send out an officer to scan the chip and settle the argument.” Oh, and then there’s the whole WWII hang-up: The headline at The Evening Standard’s This is London website is “Germans plant bugs in our wheelie bins”.

Is this something to be worried about? Well, the government, and local councils, haven’t been very smart about installing these tags before explaining their use to the public. But that’s not unusual: A council in Australia did the same thing a few weeks back. What I think is most interesting about this is that coverage of the subject in both countries lacks depth, pandering to the fears of its readers (The Mail may not know better, but The Press Association and The Independent should.) Even basic research would show that this sort of thing is not new, is widely used elsewhere, and has a name: Pay-by-weight.

It seems the same technology is already in use in Ireland and has, according to the company involved, reduced the amount of trash put out for collection by 40%. (There may have been some privacy uproar, but I can’t find any obvious evidence of any.) In Canada the program has been in place since 1994, and as of 1999 more than 1.5 million transponders have been deployed throughout the world, including the U.S., although there have been problems with the technology (this being RFID an’ all.)

That said, just because it’s being used elsewhere doesn’t necessarily make it a good thing. Trash is as much a privacy issue as anything linked to personal property, and the angry response to the news is related to an individual’s desire to keep what they throw out a secret (however illogical this is, given you’re putting it in an unlocked plastic bin in the street for hours, if not days, before it’s picked up.) Further research into what these RFID chips are capable of isn’t particularly reassuring: The SULO device for example (PDF file), can measure exact weight, when the bin is emptied, can report any damage to the bin, and, if linked to other equipment, could also locate where the bin was emptied. Nothing too sinister about this, but it increases the possibility, at least in theory, that an individual’s trash is no longer as anonymous as it was.

Bottom line? I don’t think this is likely, and given the technology has been in active service for more than a decade. But who knows where the technology may go? This is more a story about how RFID — although it’s not really identified in the story as such — scares people when they hear about it because instinctively they recognise its power. No one would disagree with the goal — reducing the amount of non-recyclable waste — but, as with all technologies, Pay by weight has to be handled carefully, its usage and goals explained, and clear and transparent limits to its usage imposed.

Do Passports Plus RFID Tags Make Us Walking Targets?

RFID tags? Sinister chip or harmless piece of plastic and wire?

I’ve been on the side of the former for some time, but in the face of some objection from readers. A listener to a piece I did on the BBC World Service a few weeks back about the danger that RFID tags would give up too much information to anyone interested — shops, sleazeballs, governments, terrorists — wrote in to say:

Your correspondent seemed in danger of propagating the fiction that RFID tags can be read from a distance.

A RFID tag contains no power source. The read head, the device that interrogates the tag, actually transmits power to it to enable it in turn to transmit the information it contains. With most tags the range over which this will work is much less than a metre – in general the smaller the tag the smaller the range.

In other words when I am walking down the street it will not be possible for MI5 to determine where or when I bought the tagged pack of tomatoes I am carrying…

This prompted me to do a bit more digging, and I concluded thus in a reply I prepared at the time:

  • First off, distance is not really the issue. The reader, the machine that reads the RFID tag, could be placed anywhere — at entrances to shops, buildings, carparks, subways — to pick up information on those tags. The reader, therefore would simply pick up the information as a person passes it. In short, it’s not necessarily a question of whether MI5 is remotely trying to figure out the origin of your tomatoes from a rooftop, but that sensors placed around cities, installed for commercial, retail or government use, could easily gather this information without your knowledge.
  • Secondly, while it’s true that until recently RFID tags may only be readable by a normal reader within a few feet, many tags now can be read from further away. Others are already being developed that would be read over longer distances: Japanese manufacturer Toppan, for example, has just created an RFID chip that can be read 5 metres away. That’s across the room or street.
  • Thirdly, while it’s true that most RFID tags are passive (without a battery) some are active (with a battery inside) meaning that they can be read over much longer distances — between 100 and 300 ft (up to 100 metres) at present, I believe.
  • Fourthly, it’s quite possible to incorporate a reader with a high-gain antenna, in which case tags can be read at much greater distances; in some extreme cases, according to the online encyclopedia Wikipedia, up to several kilometres away.

Some of these items may not be commercially available yet, but it’s shortsighted to suggest that RFID technology is not improving so quickly that it will not reach the point where it becomes an important social issue, including MI5’s ability to gain access to your tomatoes.

Still, there’s clearly a lot of debate about this, and I was speaking to some RFID folk in Australia who say the security concerns are too far down the track to worry about, since RFID is still too young a technology to be really deployable. Reading a tag is still too tricky, apparently, for it to work properly in a commercial setting.

With all this in mind, it’s interesting to read Bruce Schneier in today’s IHT warning in no uncertain terms of the dangers inherent in the U.S. demand that countries issue passports with RFID tags in them. He points out the absurdity of arguing that RFID tags can only be read from a few centimetres away:

Proponents of the system claim that the chips can be read only from within a distance of a few centimeters, so there is no potential for abuse. This is a spectacularly naïve claim. All wireless protocols can work at much longer ranges than specified. In tests, RFID chips have been read by receivers 20 meters away. Improvements in technology are inevitable.

Bruce’s point is that this means the passports can be read by anyone who gets even vaguely close, leaving the holder vulnerable to anyone with an interest: “It means that pickpockets, kidnappers and terrorists can easily – and surreptitiously – pick Americans or nationals of other participating countries out of a crowd.”

His conclusion is unusually forthright:

The [Bush] administration wants surreptitious access themselves. It wants to be able to identify people in crowds. It wants to surreptitiously pick out the Americans, and pick out the foreigners. It wants to do the very thing that it insists, despite demonstrations to the contrary, can’t be done.

Normally I am very careful before I ascribe such sinister motives to a government agency. Incompetence is the norm, and malevolence is much rarer. But this seems like a clear case of the Bush administration putting its own interests above the security and privacy of its citizens, and then lying about it.

I have no idea whether that bit about the Bush administration is true or not. It’s scary if it is, because it indicates that RFID is just the kind of technology we should be worried about. But for present purposes it doesn’t matter much: What matters is that we establish whether or not it’s possible to ‘snarf’ data from RFID tags in the same way Bluetooth experts have successfully showed the inherent dangers in Bluetooth-enabled phones. If someone can show that grabbing data from RFID tags at a reasonable distance is not just an academic exercise, maybe voices like Bruce’s will be heard in time to do something about it, whether it’s someone knowing my shoe size or my nationality.