<nettime> Bug devices track officials at summit

[jo van der spek <jo {AT} xs4all.nl>]

Bug devices track officials at summit
http://washingtontimes.com/national/20031214-011754-1280r.htm

By Audrey Hudson
THE WASHINGTON TIMES


Officials who attended a world Internet and technology summit in 
Switzerland last week were unknowingly bugged, said researchers who 
attended the forum.
Badges assigned to attendees of the World Summit on the Information Society 
were affixed with radio-frequency identification chips (RFIDs), said 
Alberto Escudero-Pascual, Stephane Koch and George Danezis in a report 
issued after the conference ended Friday in Geneva. The badges were handed 
out to more than 50 prime ministers, presidents and other high-level 
officials from 174 countries, including the United States.
The trio's report said they were able to obtain the official badges with 
fraudulent identification only to be stunned when they found RFID chips  a 
contentious issue among privacy advocates in the United States and 
Europe  embedded in the tags.
Researchers questioned summit officials about the use of the chips and how 
long information would be stored but were not given answers.
The three-day WSIS forum focused on Internet governance and access, 
security, intellectual-property rights and privacy. The United States and 
other countries defeated an attempt to place the Internet under supervision 
of the United Nations.
RFID chips track a person's movement in "real time." U.S. groups have 
called for a voluntary moratorium on using the chips in consumer items 
until the technology and its effects on privacy and civil liberties are 
addressed.
Mr. Escudero-Pascual is a researcher in computer security and privacy at 
the Royal Institute of Technology in Stockholm. Miss Koch is the president 
of Internet Society Geneva, and Mr. Danezis studies privacy-enhancing 
technologies and computer security at Cambridge University.
"During the course of our investigation, we were able to register for the 
summit and obtain an official pass by just showing a fake plastic identity 
card and being photographed via a Web cam with no other document or 
registration number required to obtain the pass," the researchers said.
The researchers chose names for the fake identification cards from a list 
printed on the summit's Web site of attendees.
The hidden chips communicate information via radio frequency when close to 
sensors that can be placed anywhere "from vending machines to the entrance 
of a specific meeting room, allowing the remote identification and tracking 
of participants, or groups of participants, attending the event," the 
report said.
The photograph of the person and other personal details are not stored on 
the chip but in a centralized database that monitors the movement. 
Researchers said they are concerned that database will be used for future 
events, including the next summit to be hosted by Tunisian authorities.
"During the registration process, we requested information about the future 
use of the picture and other information that was taken, and the built-in 
functionalities of the seemingly innocent plastic badge. No public 
information or privacy policy was available upon our demands that could 
indicate the purpose, processing or retention periods for the data 
collected. The registration personnel were obviously not properly informed 
and trained," the report said.
The lack of security procedures violates the Swiss Federal Law on Data 
Protection of June 1992, the European Union Data Protection Directive, and 
United Nations' guidelines concerning computerized personal-data files 
adopted by the General Assembly in 1990, the researchers said.
"The big problem is that system also fails to guarantee the promised high 
levels of security while introducing the possibility of constant 
surveillance of the representatives of civil society, many of whom are 
critical of certain governments and regimes," the report said.
"Sharing this data with any third party would be putting civil-society 
participants at risk, but this threat is made concrete in the context of 
WSIS by considering the potential impact of sharing the data collected with 
the Tunisian government in charge of organizing the event in 2005," it said.
The organization Reporters Without Borders was banned from attending the 
summit and launched a pirate radio broadcast to protest the ban and detail 
press-freedom violations by some countries attending the meetings, 
including Tunisia.
"Our organization defends freedom of expression on the Internet on a daily 
basis. Our voice should therefore be heard during this event, despite this 
outrageous ban," said Robert Menard, secretary general of Reporters Without 
Borders.
Tunisia is among several countries Reporters Without Borders has accused of 
censoring the Internet, intercepting e-mails and jailing cyber-dissidents.



#  distributed via <nettime>: no commercial use without permission
#  <nettime> is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo {AT} bbs.thing.net and "info nettime-l" in the msg body
#  archive: http://www.nettime.org contact: nettime {AT} bbs.thing.net