« Library gets a 'Yes!' not 'Shh!' - Ann Arbor News | Main | Library 'Superpatron' Outsmarts Google - School Library Journal »

08 May 2006

Risks of RFID in library systems - Wired 14.05: The RFID Hacking Underground

Libraries have been early adopters of RFID systems.  Here's a recent account of some of the steps that didn't quite get implemented on the way into production:

Wired 14.05: The RFID Hacking Underground:

Frank Mussche, Libramation's president, acknowledges that the library's tags were left unlocked. "That's the recommended implementation of our tags," he says. "It makes it easier for libraries to change the data."

For the Oakland Public Library, vulnerability is just one more problem in a buggy system. "This was mostly a pilot program, and it was implemented poorly," says administrative librarian Jerry Garzon. "We've decided to move ahead without Libramation and RFIDs."

But hundreds of libraries have deployed the tags. According to Mussche, Libramation has sold 5 million RFID tags in a "convenient" unlocked state.

This state of affairs is noted in the UBC SLAIS (library school) "Foundations of Information Technology" project notes by student Todd Gnissos :

One of the primary issues to be concerned with an RFID implementation is the immaturity of the industry. Standards are only just being developed. Tags and readers are being modified and improved at a rapid rate. Competing technologies and non-crosscomplient systems still exist. This ongoing development could make equipment and tags obsolete, rendering investments in older equipment useless, and requiring expensive conversions and upgrades. This is especially concerning for multi-unit libraries that may implement one branch at a time over several years.

A paper by Molnar and Wagner from CCS '04 entitled "Privacy and Security in Library RFID: Issues, Practices, and Architectures" (pdf) looks at first read to have a good computer-science background review of the key special issues in RFID in libraries:

We expose privacy issues related to Radio Frequency
Identification (RFID) in libraries, describe current de-
ployments, and suggest novel architectures for library
RFID. Libraries are a fast growing application of RFID;
the technology promises to relieve repetitive strain in-
jury, speed patron self-checkout, and make possible com-
prehensive inventory. Unlike supply-chain RFID, library
RFID requires item-level tagging, thereby raising imme-
diate patron privacy issues. Current conventional wis-
dom suggests that privacy risks are negligible unless an
adversary has access to library databases. We show this
is not the case

Technorati Tags:

Posted at 12:21 AM in Library 2.0, RFID |

Comments

The UBC webpage isn't course notes, it's a page created by a student (Todd Gnissios) for an assignment as part of the "Foundations of Information Technology" course. (I'm a recent UBC grad myself, and everyone creates a webpage on a research topic as part of this introductory course.)

Posted by: heidi d. | 12 May 2006 at 06:41 PM

Thanks for the update, Heidi, I fixed it in the item text.

Posted by: Edward | 12 May 2006 at 08:21 PM

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

About

Archives

Categories

Subscribe to this blog's feed

Superpatron blogroll

What they're saying about Superpatron

  • So you've got Ed exploring the possibility space, and John working to enlarge that space, and together they've created a virtuous cycle of innovation. Now this is obviously an extreme example. You are not going to find a superpatron of Ed's caliber and a superlibrarian of John's caliber in every town. But I think the dynamic at work there can apply more broadly. And if it does, it will matter that these patrons and librarians are situated in a local context. (Jon Udell, Remixing the Library, GRL2020)
  • Der Supernutzer beschreibt 10 Möglichkeiten, der Bibliothek zu helfen....Den wichtigsten Punkt hat er vergessen, ihn aber selbst erfüllt. Sozusagen als Präambel könnte man also anführen:

    “Übe konstruktive Kritik an der Bibliothek. Ohne Resonanz können die Leute da drin nicht wissen, was Du willst.” Infobib.de

  • How come only some books in the Google Book Search have “find in a library” links next to them? Diglet asks, and gets an answer, sort of a lame one if you ask me. update: Kevin mentioned in the comments that it would be great to see this for all books in Google Books. I went to bed thinking “Oh yeah, I should look into that….” and while I was sleeping, Superpatron, aka Ed Vielmetti solved the crime, er problem, and created a Greasemonkey script (a plug-in that you can run with Firefox) that does this for Ann Arbor and can be modified for any library. (Jessamyn West)
  • Curse you Superpatron! t's way past my bedtime, but the Ann Arbor Superpatron has been planting ideas in my head again… (Dave Pattern)
  • Superpatron is a blog run by a patron. The author posts entries about events and articles relevant to the library community, but does it with a patron point of view. (North Texas Regional Library System)
  • The blogosphere's resident "awesomest patron ever," Edward Vielmetti, appears in an article in School Library Journal about how he wrote a script tweaking (ahem, improving) Google Book Search. Vielmetti's blog, Superpatron, is one I read daily and highly recommend to anyone in libraries looking to get a very smart user's perspective. (Librarian In Black)
  • When I wrote him back, I called him the “AADL Super Patron,” which is very coincidental, since he has been planning to create a blog with almost the same name. Today, Superpatron is live and I’m sure it will quickly be filled with Ed’s terrific ideas about making libraries more responsive to patrons’ needs. So hurry up and subscribe already, ok? (Meredith Farkas)
  • The Superpatron (faster than a speeding reference librarian…) posts a presentation on the use of del.icio.us for research. Steven Cohen, Library Stuff
  • I've talked about Edward Vielmetti here before, but I never had the right name for him. Now I do. He's Superpatron! (Jenny Levine)
  • Last fall, in Ann Arbor, Michigan, I gave a talk entitled Superpatrons and Superlibrarians. Joining me for this week’s podcast are the two guys who inspired that talk. The superpatron is Ed Vielmetti, an old Internet hand who likes to mash up the services proviced by the Ann Arbor District Library. That’s possible because superlibrarian John Blyberg, who works at the AADL, has reconfigured his library’s online catalog system, adding RSS feeds and a full-blown API he calls PatREST. (Jon Udell)
  • Little did I know that when I pointed to Ed Vielmetti’s blog, I was not only coining a phrase, but providing the name for Ed’s brilliant new blog. Ed is that (unfortunately still) rare creature that not only groks the net in fullness, but also has use for his public library. (Eli Neiburger)
  • Die Ann Arbor District Library hat einen Nutzer, der sie liebt. Und nicht nur das, er schreibt darüber. Oliver Obst

mybloglog


Blog powered by TypePad