Technical Issues in Library RFID Privacy

David Molnar

UC-Berkeley

Computer Science

What are we worried about?

• RFID new technology– Law of “unintended consequences”

• Read tags through backpacks, briefcases• Can we track books?

– “track” = link sightings of same book

• Can we figure out what you’re reading?• Who “we” is depends

– FBI, marketers, teenagers, college students, pick your favorite

How RFID Works

• Radio Frequency IDentification• Passive tags – no power source• Tag carries small amount of data

– May be read-only or limited read/write

• RFID reader powers tag, extracts data via radio

Power

Stored data

Two Main Questions

• How to read tags?

• What is on the tag?

How to read tags?

• Need an RFID reader– Standardization not privacy issue in long term

• Read range for 13.56Mhz tags low

• Ubiquity of readers bigger problem!– Reader at door of every Starbucks?

• Blocking tag signals, “kill”, not sufficient

• “Security Bit” does not prevent tag read

• Read passwords?

What is on the tag?

• Varies by vendor and library decision• Library bar code

– Unique, static ID can track book– Need library database to learn title/author

• Unless see book later, learn bar code/title map

• Some vendors suggest more info“The Lib~Chip stores data such as type of

material, title, author, bar code and serial number, shelf location, last borrowed date, and last returned date.” – Libramation site

“Encrypting” Tag Data

• Several meanings to “encrypting” data– Proprietary encoding, not different per library

• Buy reader from company or secondary market• Eventually reverse engineered

– Encrypting bar code with per-library key• Does not currently exist• Non-library readers can’t understand data• Still leads to static data can track book

Bottom Line

• Reading static ID is privacy risk– Risk will grow as readers become cheaper,

more available, more common

• Minimize data on tag– No title, no author, etc. on tag– Protect bibliographic database!

• Privacy depends on choices in deployment