I’ve been thinking a lot recently about why it is that implanted tracking devices have never really taken off in humans. Just a few years ago, there were all kinds of people laying out rather teleological versions of technological trajectories that led inevitably to mass human implanantation – and not just the US Christian right, who saw RFID as the fulfilment of biblical prophecy.
I think there are many reasons, including negative public reaction (implants really are a step too far, even for the ‘nothing to hide, nothing to fear’ crowd) and the fact that a lot of the promotion of human RFID implants was actually the PR work of one very loud company (Verichip) and did not actually have a lot of basis in either social reality or market research. But the other major reason is to do with other technological developments, particularly in wearable computing and sensor networks. In most cases, implants solve a problem that doesn’t exist (the idea that people want to remove a tracking device that might be there for very good – although I am not saying, indisputably good – reasons, usually medical ones). And where there are no good reasons, there’s probably no case for tracking at all.
So devices like this – temporary, printed or stick-on and removable – are far more what is likely to become the solution to any actual problem of tracking or monitoring for medical reasons. And the relative ease with which it can be removed by the wearer does at least mean that there is some room for negotiation and consent at more than just one point in the process. Of course, such removable, wearable tracking are still not somehow free of ethical and political considerations – and some may argue that the very appearance of consent actually hints at the generation of a greater conformity and self-surveillance, but the issues are of a slightly different nature to those raised by implanted devices.
I’ve been following a case in San Antonio, Texas, over the last few months in which a couple with literalist biblical Christian beliefs had challenged their daughter’s school over its introduction of RFID-enabled name tags and here are some random thoughts. The latest news is that the pupil, Andrea Hernandez, has lost in the US District Court – it could still be taken higher. The case has attracted plenty of coverage internationally, all largely emphasizing the fact that the student concerned had been threatened with expulsion for her (or her family’s) stance, and the ‘mark of the beast’ rhetoric deployed by the parents and the organisation that enabled them to bring the case, the evangelical Christian civil rights organisation, The Rutherford Institute.
A standard Surveillance Studies analysis might be that this was another case of security at all costs in a risk society, and surveillance as the silver bullet for a non-existant problem or a at least an actual problem that might have been solved by other methods. But actually things are rather more complicated and perhaps more mundane here, and the answers seem to lie, as Francesca Menichelli has suggested in her recent (and as yet unpublished) PhD on the installation of CCTV camera systems in small towns in Italy, in regional political economy and local government competition.
According to the local newspaper, the San Antonio Express-News, when the scheme was introduced, the plan by Northside Independepent School District was essentially not a security or an organisational issue but a matter of gaining access to extra finance. Although the scheme was estimated to cost $525,065 to implement and $136,005 per annum in administration and maintenance, the extra-detailed attendance information resulting from the chip cards could enable them district to access around $1.7 million in state grants.
Essentially, surveillance here is simply something that circulates in competition between entities -whether school districts or cities – for resources. Of course the scheme has not been studied in its actual practice yet so we don’t know what actual difference (or lack of difference) it would make to any pupil in the way that we do for Menichelli’s case-study cities, where CCTV is described as being almost entirely useless because it was never really intended to be used as anything other than a way of winning resources. However it would seem that the ‘surveillance’ is almost entirely secondary or perhaps even irrelevent. However I certainly do not dismiss the possibility that nefarious or even unintentionally damaging things could be done with the location data gathered from the chip cards.
It is also the case that the school district attempted to compromise with the pupil by offering to remove the chip from her ID card, essentially limiting the surveillance that could be conducted of her to conventional visual methods. The rejection of this compromise is the reason the District Court threw out Andrea Hernandez’s case. However if the School District is accepting that there is an opt-out possible on grounds of belief then they are potentially undermining the whole scheme – which relies on the generation of accurate attendance and circulation data. Again, one interpretation could be that they aren’t really interested in the data for itself, which reinforces the argument about the instrumental nature of the surveillance scheme in the state funding context, but the other interpretation could be that the school was banking on her exception being the only one, or one of a tiny number, that would not significantly undermine it. The other question here is: is it really the RFID chip that’s the problem, or the surveillant assemblage of which it is but one tiny part? In rejecting the compromise, Hernandez and the Rutherford Institute seem to be suggesting the latter, and here we are a long way from Christian eschatalogy and the ‘mark of the beast’.
(Thanks to Heather Morgan for initially pointing out to me that it was all about the money!)
ACLU is reporting that nursery schools kids in Richmond, California are being issued with jerseys embedded with RFID chips. GPS-enabled and/or RFID-chipped clothing has been available for a while now, and there have also been (pre-)schools in other countries that have issued tracking devices to kids, notably in Yokohama in Japan, but this appears to be the first time in the USA. RFID is a very simple, insecure technology, and this type of initiative gives a false sense of security and is about at once raising and appeasing social anxiety and parental paranoia about the incredibly rare instances of child kidnapping. ACLU note correctly that this is just likely to make stalking and kidnapping easier as harder, but really all this does is enable the school to know where the jersey is – like left on the back of a bus, swapped with a friend or thrown in a ditch. It’s more pointless security theater, but at a more intimate level than the kind we are used to at airports and public buildings.
Iris scanning has been proposed for horse by a company called Global Animal Management (GAM) Inc. As bloodstock is a huge and lucrative business – feeding everything from the private obsessions of the super-rich through the horseracing industry to the dreams of teenage horse-enthusiasts – it is not surprising to see such investment in biometrics. Racehorses were, after all, the first living creatures to be regularly microchipped. Vets seem sceptical about the idea, but surely members of the medical profession would be more enthusiastic about non-invasive replacements for invasive identification techniques like RFID?
Ironically, support for the scepticism comes form GAM’s own website, where a very interesting short video shows just how comprehensive the surveillance of animals through RFID chips has become. RFID chips do not just identify, they carry whole life-cycle information on origins, movements, health and disease and legal compliances. And because of the chips this information is carried with the animal not simply associated with it via a distant database as the result of an occasional scan. The system creates what GAM calls ‘information-rich animals’, which presumably is what makes GAM – and it hopes, its customers – cash-rich too…
(thanks to Aaron Martin, whose reading now seems to include Horse and Hound magazine…)
It is not just human beings who are subjects of surveillance. Animals are increasingly under surveillance too, indeed there are techniques of surveillance and tracking used on animals that are designed to achieve levels of control that (for the most part) would not be tolerated for human beings. Animals are tagged, filmed, implanted, tracked, and even used and adapted for surveillance (see Amber Marks’s book, Headspace, for example) for all kinds of reasons from the economic to the environmental. However, this great story from a BBC kids’ news program demonstrates that some animals can ‘fight back’ in ways that are inventive and heartening.
Many farms now limit the food consumption of individual pigs through the use of electronic Radio-frequency Identification (RFID) collars and gates: once the pig has gone through the gate, the collar communicates with a computerised food distribution system which will provide the pig with what is deemed ‘enough’ for the pig. When the pig has eaten and left the feed stall, it cannot get back in for more because the system knows which collar has already been through the gate.
However, apparently pigs in several locations have independently learnt how to get round this surveillance system. Some pigs hate the collars so much that they rip them off. These pigs then don’t get to eat of course, but other pigs have learnt that if they pick up the collars they can go through the gate a second time – and they have even taught other pigs how to this…
Never mind ‘Big Brother’ and Nineteen Eighty-Four, it’s another Orwell phrase (from Animal Farm) that comes to mind here: “Four legs good, two legs bad”…!
Brandscaping is a term used in marketing to describe the metaphorical landscape of brands (either for a particular brand, company or sector), however it is also being used by some researchers, including me, to describe the way in which brands are being infiltrated into urban landscapes, with the ultimate aim of being ‘inhabitable’ perhaps even 24/7 (see for example Disney’s move into urban development with Celebration in Florida).
Contemporary brandscaping makes use of new ambient intelligence, pervasive or ubiquitous computing technologies (‘ubicomp’) and ubiquitous wireless communications to create a landscape in which the consumer is targeted with specific messages directing them to certain consumption patterns. Such communication cans of course be two-way and provide corporations with valuable and very personal data on consumption patterns. As I’ve argued in many presentations over the last few years, ubicomp is necessarily also ubiquitous surveillance (what I call ‘ubisurv’ – hence the name of this blog!) because to work it requires locatability and addressability. Japan, and Tokyo in particular, has been the site for a number of cutting edge experiments in this regard, including the ‘Tokyo Ubiquitous Technology Project’ which embedded 1000 RFID tags which can communicate with RFID-enabled keitai (mobile phones) in upscale Ginza as well as several other pilot schemes around Ueno Park and Shinjuku.
TUTP is not all about marketing surveillance however, part of the scheme has involved ‘Universal Design’ (UD) principles, with one experiment to embed chips in the yellow tactile tiles designed to help guide sight- and mobility-impaired people around the city so that useful access information could be passed through specially-enabled walking sticks. I’m very interested in such experiments as they indicate an alternative direction for ubicomp environments which are about genuinely enabling people who are currently disabled by social and architectural norms, and creating a richer sensory landscape. They show that both surveillance and ‘scary’ technology like RFID chips can be humanised.
Unfortunately in our consumer-capitalist world (and Tokyo is the exemplary city of hyper-consumption), marketing and building brandscapes tends to take priority over enabling the excluded and the disadvantaged. But there are different ways of doing this too, which can be more or less intrusive and consensual. The other day I was talking about the growth in functionality of the Suica smart travel card system. Suica-enabled keitai can now, be used buying all sorts of things and since 2006 there have been a growing number of ‘SuiPo’ (short for ‘Suica Poster’) sites, Suica-enabled advertising hoardings that will, on demand send information to your mobile e-mail address with on particular advertising in which you are interested if you pass your Suica card or phone over a scanner placed next to the poster (see photos below)
The difference between SuiPo and the Ginza RFID scheme however is that it with SuiPo is that it is the consumer who makes the choice whether to activate any particular poster’s additional information system. In this sense it is a development of the i-Mode system in which many keitai can read information from special barcodes embdedded in magazine advertisements. It doesn’t automatically call your phone every time you pass an enabled poster, once you have signed up. Not as high-tech but slightly more consensual. However this will, of course, lead to the accumulation of a lot of data on consumption interests. This potentially generates a massive consumer surveillance tool, because it can be linked up travel patterns (your registered Suica card sends information back on where you go – I was wrong about the absolute differences between London’s Oyster and Tokyo’s Suica systems the other day) and information about consumption.
So will this potential become reality? The page on privacy and data protection on the SuiPo website (as usual the link is hidden away at the bottom of the front page!), is pretty standard stuff except for the legitimate purposes for which the data can be used once you sign up. They are, for those who don’t read Japanese, for:
Sending the specific requested information to you;
Improving services;
Data processing and analysis;
JR East’s promotional marketing; and
JR East customer questionnaires.
Purposes 2 and 3 pretty much allow JR to do anything it likes with the data once you have signed up, and there is no statement as to what can or cannot be done with data once it has been ‘mined’ – analysed and transformed into more useful to the company or other organisations (corporate or state) which might want to buy or access such knowledge. ‘Ubisurv’ indeed…
The important thing about RFID chips is not that they are the ´Mark of the Beast´ or any other such nonsense but that they are an appalling security risk
A story that has been circulating around the place over the last 48 hours, but which was originally in The Register on February 2nd, was the latest from Chris Paget´s valiant attempts to show that using RFID chips is just about the worst way to safeguard confidential information. This time he drove around San Francisco with a simple antenna and managed to read the unique number (which can be used to gain access to information on the US Department of Homeland Security database) from passports up to 30 feet (around 13m away), but he claims that with more powerful equipment, chips could be read from more than a mile (1.6km) away. There is also a very informative video on the site.
The important thing about RFID chips is not that they are the ´Mark of the Beast´ or any other such nonsense but that they are an appalling security risk…
One of the items reported on in Privacy International´s assessment of privacy in Brazil was that ¨in November 2006, the Brazilian National Road Traffic Council approved a Resolution adopting a Radio Frequency Identification (RFID) tags in all licensed vehicles across the country.¨ The Conselho Nacional de Trânsito (CONTRAN) is part of the Departemento Nacional de Trânsito (DENATRAN), itself part of the massive new Ministério das Cidades (Ministry of Cities), the product of Lula´s major ministerial reforms designed to shift emphasis and power away from the large rural landowners to the growing numbers of increasingly populous cities.
The new scheme is called the Sistema Nacional de Identificação Automática de Veículos (SINIAV, or National System for the Automatic Identification of Vehicles). Basically it will put an RFID-tag in every vehicle license plate, in a gradual process. Much like the new ID scheme for people, SINIAV is based on a unique number. In Annex II, Paragraph 3, the resolution provides a breakdown of exactly what will be contained in the tiny 1024-bit chip as follows. The unique serial number (64), and a manufacturer´s code (32), will be programmed in at the factory, leaving a total of 928 programmable bits. The programmable area contains two main sections. The first contains all the personal and vehicular information: place of registration (32), registration number of seller (32) application ate (16), license plate number (88), chassis number (128), vehicle tax number (RENAVAM) (36), vehicle make and model code (16) and finally 164 bits for ´governmental applications´. The remaining 384 bits are split into 6 blocks for unamed ´private initiatives.´
SINIAV system diagram (DENATRAN)
Privacy International note that there is no more than a mention of conformity to constitutional rules on privacy (of which more later). However there is much more that is of concern here. The resolution claims that the data will be encrypted between plate and reader, but the technical specifications are not given to any level of detail (*though there is more information from the Interministerial Working Group on SINIAV, which I haven´t examined in any detail yet). We all know already how easy it is to clone RFID chips. This scheme is supposed to be about security for drivers, but it could easily result in the same kind of identity fraud and consequent necessity of disproving the assumption of guilt created by automated detection systems for car-drivers as for credit cardholders. Could you always prove that it wasn´t your car which was the gettaway vehicle in a robbery in Saõ Paulo, or you driving it, when your actual car was in a car park in Curitiba? Widespread cloning of chips would also render the whole system valueless to government.
RFID chip
Then there is the question of function creep. The chip has spare capacity, and assigned space for unamed functions, state and private. Brazil already has a system of state toll roads (pay-for-use highways), and these chips could certainly be used as part of an automated charging system. That might be very convenient. However what other functions could be thought up, and how might safeguards be built in? As I have already noted, Brazil has no body for protecting privacy or data/information rights so it would be very easy for new more intrusive functionality to be added.
Combining the problems of a movement towards automated fines or changes, and criminality, another major issue would be the one recently revealed in Italy, where a automated red-light camera system was found to have been fixed in order to generate income from fines for corrupt police and a multitude of others.
The final question of course is whether this will all happen as planned or at all. The system would supposedly be complete by 2011. I know of a trial scheme in Saõ Paulo, but on a quick (and very unscientific) straw poll of people who I encountered today at the university here in Curitiba, there is to be no-one who has an RFID license plate or knows someone who does, and there is practically zero awareness even amongst educated professionals. Like the National ID-card scheme, people just don´t think it will go to plan or timetable. That may however, just reflect a (middle-class) Brazilian view of the abilities of the state.
Still, as the Frost and Sullivan market assessment states, all of this turns Brazil into a ‘highly attractive market for RFID suppliers’ which was probably the main motivation and will be the only real outcome.
ubisurv 