[IP] more on FDA suggests RFID tagging of drugs

To: "Ip" <ip@xxxxxxxxxxxxxx>
Subject: [IP] more on FDA suggests RFID tagging of drugs
From: "Dave Farber" <dave@xxxxxxxxxx>
Date: Thu, 19 Feb 2004 10:54:45 -0400
Importance: Normal
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx

Right on
-----Original Message-----
From: Marcel Waldvogel <marcel@xxxxxxxx>
Date: Thu, 19 Feb 2004 15:42:39 
To:dave@xxxxxxxxxx
Cc:Steve Bellovin <smb@xxxxxxxxxxxxxxxx>
Subject: Re: [IP] FDA suggests RFID tagging of drugs

Dave, Steve,

My interpretation of the appropriate sections in the FDA document seem 
to use the RFID only passively: it will return its unique electronic 
product code (EPC) for each query, and not using a challenge-response 
scheme. My interpretation seems to be further supported by the 
comparison of RFID to 2-D bar codes, which certainly are passive. Such a 
use allows for easy copying of the EPC to counterfeit drugs. When the 
system is to be used offline (which could be a goal; this is not 
stated), it might even be possible to generate unique-looking EPCs.

Without a cryptographic challenge-response scheme, which would break 
compatibility to other RFID systems and probably be too expensive to 
manufacture, it does not provide any protection against counterfeiting. 
It only makes customers carrying drugs easily identifyable, which will 
aid in discrimination, tracking, and profile-building.

In summary, I expect the system to be completely BAD (Broken As 
Designed). But nevertheless, I find it fascination how easily and 
frequently even educated people attribute almost-magical properties to 
technology.

-Marcel
http://marcel.wanda.ch/

Dave Farber wrote:

>Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
>Date: Wed, 18 Feb 2004 22:25:01 -0500
>From: Steve Bellovin <smb@xxxxxxxxxxxxxxxx>
>Subject: FDA suggests RFID tagging of drugs
>To: dave@xxxxxxxxxx
>
>The FDA has released a report calling for the RFID tagging of
>pharmaceuticals to help defend against counterfeiting.  The word
>"privacy" barely occurs in the report -- there's simply a reference to
>HIPAA -- and it is not listed among the important unresolved issues.
>
>The report is at http://www.fda.gov/oc/initiatives/counterfeit/report02_04.html
>
>
>               --Steve Bellovin, http://www.research.att.com/~smb
>
>-------------------------------------
>You are subscribed as marcel@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>To manage your subscription, go to
>  http://v2.listbox.com/member/?listname=ip
>
>Archives at: http://www.interesting-people.org/archives/interesting-people/
>
>  
>

-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] more on Ban planned on imports of Japanese CDs
Next by Date: [IP] more on Interesting device to steal ATM accountsRisks Digest 23.19
Previous by thread: [IP] more on Ban planned on imports of Japanese CDs
Next by thread: [IP] more on Interesting device to steal ATM accountsRisks Digest 23.19
Index(es):
- Date
- Thread