Got You Under My Skin - Embedded.com

Got You Under My Skin

Pessimists predicted that the Internet would spell the doom of privacy. They figured our lives would be on-line. Banking, driving records, judgments, divorces and the paper trail we leave in our wake will be visible for all to see.

They were optimistic. The net itself is but a small part of the problem, and may indeed enable other, more frightening invasions into our personal lives. We embedded folks are building the next generation of big brother tools.

According to a recent news story, four people have lined up to have RFID devices (radio frequency identification) implanted in their bodies. One, a Brazilian federal minister, feels it will be a deterrent against kidnapping, a crime rampant in his home city of Sao Paulo. The others are members of a family fearful of medical emergencies. If the paramedics come running to their rescue this technology will immediately show their histories, including drug allergies.

Of course, at this time no EMT has an RFID scanner.

The device is called VeriChip, and it's injected subcutaneously via a syringe. A scanner within a few meters can detect the device's signature, uniquely identifying a person.

Today identity theft is a growing problem, made easier by the wide availability of personal information. What happens when implanted RFID tags become widespread? Unscrupulous hackers could sit on a park bench, scanning people as they stroll by, acquiring the unique signatures for later criminal activities. Do it in Beverly Hills and suck in the IDs of the rich and famous, the most attractive targets of all.

No doubt we'll be told that personal RFID tags deter crime. Sure, the government could place scanners at all major intersections, acquiring data about who was at the scene of a crime. But it won't be hard to spoof the scanners. Where were you on the night of April 25? At the mall? Ha! The computer said you were in the liquor store at the time of the holdup! And the Supreme Court ruling of 2017 says computer evidence always overrides personal testimony… .

A BBC article discusses the proliferation of closed circuit TV cameras. Some 2.5 million CCTV cameras are deployed in the UK today. Many are security devices, planted in car parks (that's Brit for parking garages), banks, and other locations. None were installed with the intent of digging into people's private lives; most are for noble purposes, to help deter crime and protect citizens. But now the average person there is caught on camera 300 times per day!

Surely, these devices will get plugged into the growing worldwide network. Just as surely face identification software will evolve, get more accurate, faster, and as ubiquitous as email. And even more surely, crooks, bored teenaged hackers, terrorists and rogue intelligence agencies will monitor our every move.

Just this week Acme Rental Cars was ordered to stop fining customers who speed. The company used satellites to track rental scofflaws, automatically debiting customer accounts $150 per violation. Big brother is watching from the inky depths of space — and we're talking a commercial company, not the oft-maligned CIA.

EDN Magazine recently described technology being added to cars that reports everything but your fast food choices to auto mechanics and perhaps others. Speeding? The machine knows. Missed a Jiffy Lube appointment? There goes your warranty.

What do you think? Are we embedded folks building a world in which technology will take away all of our privacy?

Jack G. Ganssle is a lecturer and consultant on embedded development issues. He conducts seminars on embedded systems and helps companies with their embedded challenges. He founded two companies specializing in embedded systems. Contact him at . His website is .

Reader Feedback

I've heard this quote before:

“You've never had any privacy. Get over it.”

To some extent, the speaker (someone from Sun Microsystems, as I recall) is right. The “paper trail” you mention is already visible for public consumption, and has been for years. Legal proceedings are, by law, public record. As are certain types of financial records like what you paid for your house and how you've financed your car.

This openness is important, makes sense, and is Constutionally guaranteed. Instead of simply trusting that a person hasn't stiffed someone on a previous loan, you can go look up their credit history yourself before lending them more money.

Want to know if someone drives recklessly before you hire them to drive trucks for you? Check their legal history, to see if they've been convicted of a DUI or had their license suspended. Prevent child sex offenders from working in day care centers, and deadbeat dads from becoming prospective spouses. All the information is there, and more. And this is a Good Thing, really.

I don't think mounting video cameras at popular intersections and elsewhere is an invasion of privacy. Where you are at any given moment is clearly a matter of public record, if only recorded by the people you pass on the way there.

Ditto for akami-type databases that can track your browsing habits by monitoring the banner ads you've seen and/or clicked on. Such behavior is clearly annoying, but hardly illegal (IANAL, of course).

What needs to be protected, and what has been pretty well protected to date, is what you can *do* with the new kinds of information that embedded systems, databases collected by online e-commerce sites, and so forth can collect. The law says that if you dispute an entry in a credit report, the onus is on the reporting agency to prove that the entry is valid, and the offending entry must be removed until they do so. Only carefully and verifiably designed camera systems can be used as evidence of traffic violations (for the moment, GPS doesn't seem to cut it). Otherwise, it's a question of allowing the accused to face their accuser and illegal search and seizure, both of which our Constitution has strong language about.

Modern VCRs have a “record” button because the Supreme Court states that making home videos is a legitimate use that does not infringe on anyone's copyrights. So just because a VCR (or PVR) *can* be used to violate copyright, the recording industry can't *assume* that it will be and inflict overly strict controls on its use. They have first prove that a user *is* violating copyright before they can do anything about it— and whatever action taken must affect the violator and not the non-infringing user population as a whole.

These are the battles that we are losing more and more often. Current and future generations of electronic media devices like PVRs, DVDs and gaming consoles have onerous “media rights management” protections built in, all of which circumvent legitimate non-infringing uses in order to prevent the infringing ones. Region codes don't “enhance user experience” by making sure the game will play on the user's hardware, they enhance the producer's ability to play markets off of each other. Time-shifting of television programs, because it requires local storage of the video content, creates the risk that that content *could* be copied. Is it? I don't know, but now the industry doesn't have to prove it— the hardware prevents it altogether.

This is clearly circumvention of a Supreme Court ruling via a technical solution, plain and simple. In any other situation, if a judicially convicted violator were to fail to abide by the spirit (or at least the letter) of a legal ruling, the accuser could have them brought back before the court for a hand-slapping. But I don't see anything of the sort going on here, even though I think we're clearly moving away from the spirit of the Supreme Court's intentions for these kinds of devices. Few users realize they have such rights, far fewer exercise them, so the media industry takes what it isn't entitled to. And we're helping them.

As a group, embedded developers are crawling into the media industry's back pockets, adding— at the request of groups like the RIAA and MPAA— functionality that prevents non-infringing uses in order to eliminate the risk of infringing uses.

Our work products are removing the “face your accuser” and “illegal search and seizure” parts from our Constitution, by eliminating the need for the media giants to prove that someone is breaking the law before they are prosecuted. Consumers have been tried and found guilty before the product even hits the shelves, the sentence being reduced functionality, increased cost, and lack of innovation.

Just because we can, doesn't mean we should.

Bill Gatliff


Human society has always had people who fraud for a living – whether it be a signature forgery or a credit card scam. The only thing that's changed is the way it's done. You cannot expect technology to be used for good only. And these days technology is not as exclusive as it used to be – hence even “hi-tech” stuff is pretty accessible. Therefore, people will suffer scams in the “body chip” era as they have in the “card number please” era and the “your signature here please” era.

Yashovardhana
Software Engineer
Philips Software, Bangalore


What do you think? Are we embedded folks building a world in which technology will take away all of our privacy?

YES!! ABSOLUTETLY!!

The hard part for me, is that I used to work for Motorola in an embedded systems group. Now, I am working for a company developing an RF MEMS switch, which will have the best electrical characteristics in the world. Actually, it already does. At least I am confident that this chip won't be used to track people like rats.

Actually, I don't have much of a problem w/ it as long as it STAYS voluntary. Things like this usually don't, however, and this is my concern.

Thanks,

Russell Warren


As a child of the sixties I learned “Don't trust anyone over thirty”. This definitely holds for the government.

My grandfather immigrated to this country in the early part of the 20th century, and spent a while in what was left of the old west, where they gambled while they kept guns on the table. He was more afraid of what would happen when everyone got a national ID number than when he sat in on a poker game.

The only good thing is that I remember when smartcard technology first came out, they were predicted as the new medium for a national ID. This never came about. The real issue is about disclosure. Any company (or state, local, federal agency) that tracks personal information, whether for its own purposes or for distribution, should make it clear that this data is being collected.

One of the basic rules of law in the United States is that a person is innocent until proven guilty – the trend these days seems to be that one is guilty until proved innocent. This can be difficult to do unless someone plans to do this as a matter of course – i.e. taking a witness wherever they go or videotaping their entire lives.

Privacy is an issue today because it is not something explicitly stated in the Constitution but is inferred from the initial rules and amendments that have been passed over the years. We should all remember that the purpose of the Constitution was to protect the people from the government, and not the other way around. Perhaps it is time that the Congress and the Executive branch begin to look at this, especially in view of the 9/11 attacks on our country. While we should be vigilant in defending the country, we want to be sure that we are defending the rights of individuals as well.

Tom Mazowiesky
Director, Product Development
Global Payment Technologies, Inc.


I agree, Jack, that we, as firmware engineers, are leading the way to destruction of our private lives. However, RFID may not be the way. I wrote firmware for an RFID scanner. In order to get the size of the RFID tag down, you need to increase the frequency. This shortens your read range. Higher frequency scanners have trouble with things like clothing, skin, etc. Also it is very difficult to protect information on those little buggers. Don't be inspecting yourself for RFID tag puncture wounds just yet, but I fear the day may be coming…

Maury Anderson
Firmware Engineer
Intermec Technologies

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.