Can We Protect the Privacy of a RAIN RFID Chip With the ‘Untraceable’ Command On?

By RFID Journal

  • TAGS
Ask The ExpertsCan We Protect the Privacy of a RAIN RFID Chip With the ‘Untraceable’ Command On?
RFID Journal Staff asked 7 years ago

Is it possible for a RAIN RFID chip complying with the Gen2v2 standard, and with the "Untraceable" command on—even with encrypted keys—to render it impossible to read the mask designer ID (MDID) using a standard RFID interrogator? My question is based on the following two points:

1.EPC Tag Data Standard Version 1.9, Ratified, November 2014

Section: 16. Tag Identification (TID) Memory Bank Contents

UHFC1G2 states "TID memory locations above 07h shall be defined according to the registration authority defined by this class identifier value and shall contain, at a minimum, sufficient identifying information for an Interrogator to uniquely identify the custom commands and/or optional features that a Tag supports." For the allocation class identifier of E2h, this information is the MDID and TMN, regardless of whether the extended TID is present or not.

2. European Union laws in relation to privacy and more—for example, health and law concerns that have been part of the above standards.

If either the tag's manufacturer or the user allow the MDID to become untraceable, it is no longer accessible and, consequently, in breach of its E2h status and all EU privacy laws. We understand and support the need to protect a buyer's interests, but if the buyer is in breach by manipulating the "untraceable" command, then we believe the command is not in compliance with the Gen2v2 standards. It is a probable backdoor of illegal activity.

Are we wrong about this? All accessible data, regardless of the use of the "untraceable" command, is elsewhere noted as "shall contain an 8 bit ISO/IEC 15963 allocation class identifier of E2h at memory locations 00h to 07h."




To answer your question, I reached out to Ken Traub, principal at Ken Traub Consulting and an expert on the Electronic Product Code (EPC) standards for passive ultrahigh-frequency (UHF) RFID. Here is Ken's response:

"According to the Gen2V2 standard, the 'Untraceable' command may be used to hide the entire TID memory, including the MDID, which is bits 08h—13h of the TID memory. So, if the tag supports the 'Untraceable' command, it is possible to make the MDID unreadable. As the 'Untraceable' command is optional for tags, not all tags will support it. You would have to check the manufacturer's specifications to see if your tag has that capability.

"The Gen2V2 standard says, as the questioner points out, that the TID memory locations above 07h shall contain the MDID and TMN. The standard does not say that those memory locations must be readable by all readers. Even if the 'Untraceable' command is used to make those locations unreadable, the TID memory still contains the required data, and so the tag is still in compliance with the standard.

"I am not familiar with any EU regulations that specifically require any part of the TID to be readable. I can't imagine how that would be relevant to privacy, as the MDID merely identifies the manufacturer of the RFID chip (Impinj, Alien, NXP, etc.), and so does not relate to personal privacy in any way."

—Mark Roberti, Founder and Editor, RFID Journal

Previous Post