I discovered an article on Bruce Schneier’s blog that refers to an ABC article about how innocent people are being placed on ‘Watch List’ to meet quota.

From ABC News:

“You could be on a secret government database or watch list for simply taking a picture on an airplane. Some federal air marshals say they’re reporting your actions to meet a quota, even though some top officials deny it.

The air marshals, whose identities are being concealed, told 7NEWS that they’re required to submit at least one report a month. If they don’t, there’s no raise, no bonus, no awards and no special assignments.

‘Innocent passengers are being entered into an international intelligence database as suspicious persons, acting in a suspicious manner on an aircraft … and they did nothing wrong,’ said one federal air marshal….

What kind of impact would it have for a flying individual to be named in an SDR?

‘That could have serious impact … They could be placed on a watch list. They could wind up on databases that identify them as potential terrorists or a threat to an aircraft. It could be very serious,’ said Don Strange, a former agent in charge of air marshals in Atlanta. He lost his job attempting to change policies inside the agency.”

Spychips.com has a couple of interesting PDF files online describing IBM’s patent application: “Identification and tracking of persons using RFID-tagged items”:

“A method and system for identifying and tracking persons using RFID-tagged items carried on the persons. Previous purchase records for each person who shops at a retail store are collected by POS terminals and stored in a transaction database. When a person carrying or wearing items having RFID tags enters the store or other designated area, a RFID tag scanner located therein scans the RFID tags on that person and reads the RFID tag information. The RFID tag information collected from the person is correlated with transaction records stored in the transaction database according to known correlation algorithms. Based on the results of the correlation, the exact identity of the person or certain characteristics about the person can be determined. This information is used to monitor the movement of the person through the store or other areas.”

In short, Big Brother keeps track of all the products that you buy in a database. When you walk into a store, the RFID chips in your clothes, ID cards, credit cards (and later in your implanted chip(s)), will be read by the store’s Big Brother scanners and added to the database. Your identity will be determined, and other sensitive personal data will be cunningly extracted with radio waves.

CNN reports that RFID passports are arriving soon:

“‘Basically, you’ve given everybody a little radio-frequency doodad that silently declares ‘Hey, I’m a foreigner,’” says author and futurist Bruce Sterling, who lectures on the future of RFID technology. “If nobody bothers to listen, great. If people figure out they can listen to passport IDs, there will be a lot of strange and inventive ways to exploit that for criminal purposes.”…

Kidnappers, identity thieves and terrorists could all conceivably commit “contactless” crimes against victims who wouldn’t know they’ve been violated until after the fact…

“The basic problem with RFID is surreptitious access to ID,” said Bruce Schneier security technologist, author and chief technology officer of Counterpane Internet Security, a technology security consultancy. “The odds are zero that RFID passport technology won’t be hackable.”…

Schneier says there are a number of ways to improve the security of RFID passports but the best trick is to not create RFID passports at all. “Someone in the government got it in their head to make it RFID. Yes, its cool technology,” said Schneier, “but don’t do it because it’s cool.”‘

To read the full CNN article (highly recommended), click here.

RFIDvirus.org talks about how to cause havoc by infecting RFID chips with malicious software:

"Now we get to the scary part. Some airports are planning to expedite baggage handling by attaching RFID-augmented labels to the suitcases as they are checked in. This makes the labels easier to read at greater distances than the current bar-coded baggage labels. Now consider a malicious traveler who attaches a tiny RFID tag, pre-initialized with a virus, to a random person’s suitcase before he checks it in. When the baggage-handling system’s RFID reader scans the suitcase at a Y-junction in the conveyor-belt system to determine where to route it, the tag responds with the RFID virus, which could infect the airport’s baggage database. Then, all RFID tags produced as new passengers check in later in the day may also be infected. If any of these infected bags transit a hub, they will be rescanned there, thus infecting a different airport. Within a day, hundreds of airport databases all over the world could be infected. Merely infecting other tags is the most benign case. An RFID virus could also carry a payload that did other damage to the database, for example, helping drug smugglers or terrorists hide their baggage from airline and government officials, or intentionally sending baggage destined for Alaska to Argentina to create chaos (e.g., as revenge for a recently fired airline employee)."

Imagine the damage that could be done when implanting RFID chips in humans becomes widespread.

RFIDvirus.org has a lot of interesting information about malicious software for RFID chips, including how to write RFID viruses and worms. There is also a page on how to protect RFID chips, but just remember that “hackers” are always going to be busy cracking technology. Your implanted RFID chip will never be 100% “unhackable”.

As mentioned in the last post, humans are already being implanted with RFID chips.

In addition to the severe privacy issues involved with implanting microchips in humans, these RFID chips are also vunerable to viruses and other malicious software:

"RFID tags may become commonplace in the future, but not a lot of people are looking forward to widespread implementation. There was already concern that these “smart barcodes” would allow consumers’ habits to be more easily tracked, and that the technology could facilitate identity theft. It turns out that RFID tags can transmit computer viruses, as well…

‘In our research, we have discovered that if certain vulnerabilities exist in the RFID software, an RFID tag can be (intentionally) infected with a virus and this virus can infect the backend database used by the RFID software. From there it can be easily spread to other RFID tags.’ The paper goes over three possible scenarios in which this could be exploited in a harmful fashion."

Don’t worry. I’m sure that you will be able to buy antivirus software for your implanted chip.

ABC reports about a plan to implant hospital patients with RFID chips:

"In a new test program, Horizon Blue Cross and Blue Shield of New Jersey plans to implant patients suffering from chronic diseases with a microchip that will give emergency room staff access to their medical information and help avoid costly or serious medical errors, the insurer said on Friday…

…Horizon will test the program for two years to see if it warrants expansion."

Several medical centers have started to "chip" humans:

"Trinitas becomes the sixth hospital that has agreed to adopt the VeriMed System in their emergency department in the last five months and the third hospital in the State of New Jersey to employ the VeriMed System."

VeriChip’ family of companies has be involved in "chipping" 6 million dogs and cats. How long will it be until implanted chips become mandatory? It’s so convenient, and it is for your safety.

To see what it’s going to be like when you get chipped, check out this video of the chip insertion process.

Bruce Schneier writes about how mass surveillance is not an effective way to find terrorists:

"No matter how sophisticated and super-duper are NSA’s methods for identifying terrorists, no matter how big and fast are NSA’s computers, NSA’s accuracy rate will never be 100% and their misidentification rate will never be 0%. That fact, plus the extremely low base-rate for terrorists, means it is logically impossible for mass surveillance to be an effective way to find terrorists…

Suppose that there are 1,000 terrorists there as well, which is probably a high estimate. The base-rate would be 1 terrorist per 300,000 people. In percentages, that is .00033%, which is way less than 1%. Suppose that NSA surveillance has an accuracy rate of .40, which means that 40% of real terrorists in the USA will be identified by NSA’s monitoring of everyone’s email and phone calls. This is probably a high estimate, considering that terrorists are doing their best to avoid detection. There is no evidence thus far that NSA has been so successful at finding terrorists. And suppose NSA’s misidentification rate is .0001, which means that .01% of innocent people will be misidentified as terrorists, at least until they are investigated, detained and interrogated. Note that .01% of the US population is 30,000 people…"

The Washington Post reports on an “Orwellian” plan to track college students:

“‘Is there some reason to reverse three decades of [privacy] policy and go down this Orwellian road?’ asked Christopher B. Nelson, the president of St. John’s College, during a conference call with reporters to call attention to a new survey on the subject.

The controversial concept of a national student ‘unit’ tracking system has been floating around for about two years. It was given a boost last month when Education Secretary Margaret Spellings’s Commission on the Future of Higher Education released a draft report endorsing such a plan. . .

The United States Student Association views the proposal ‘as a massive invasion of student privacy,’ according to the group’s legislative director, Rebecca Thompson.

‘It’s cradle-to-grave tracking,’ said Rolf Wegenke, president of the Wisconsin Association of Independent Colleges and Universities. ‘It can easily be connected to other databases and be connected to basic freedoms.’”

News.com is runing a story about new legislation that would increase FBI snooping:

“The FBI has drafted sweeping legislation that would require Internet service providers to create wiretapping hubs for police surveillance and force makers of networking gear to build in backdoors for eavesdropping, CNET News.com has learned. . .

Require any manufacturer of “routing” and ‘addressing’ hardware to offer upgrades or other ‘modifications’ that are needed to support Internet wiretapping. . .

Authorize the expansion of wiretapping requirements to ‘commercial’ Internet services including instant messaging if the FCC deems it to be in the “public interest.” That would likely sweep in services such as in-game chats offered by Microsoft’s Xbox 360 gaming system as well.”

You can read the full story here.

Computer security experts believe that the voting machines used in the United States are vunerable to hacking:

"It gets scarier. The best minds in the computer-security world contend that the voting terminals can’t be trusted. Listen, for example, to Avi Rubin, a computer-security expert and professor at Johns Hopkins University who was slipped a copy of Diebold’s source code earlier this year. After he and his students examined it, he concluded that the protections against fraud and tampering were strictly amateur hour. “Anyone in my basic security classes would have done better,” he says. The cryptography was weak and poorly implemented, and the smart-card system that supposedly increased security actually created new vulnerabilities. Rubin’s paper concluded that the Diebold system was “far below even the most minimal security standards.”"

If you are concerned about election fraud and want to stay on top of the latest news about insecure voting machines, check out BlackBoxVoting.org. This will again be big news in the next election.

Related articles:

• 100,000 errors in the 2004 presidential election
• Maryland votes against electronic voting machines
• A movement for open-source voting machines