Officials bugged at international summit
The World Summit on the Information Society held in Geneva ended last Friday. Researchers attending the conference have exposed the use of radio-frequency identification chips (RFIDs) found embedded in identification tags used for the summit.
Prime ministers and presidents were among the attendees from 174 countries who were allegedly bugged.
The information was released by three researchers who fraudulently obtained the official badges and were shocked to discover the bugs imbedded the tags.
The main focus of the three day summit was internet governance, access, security, intellectual property rights and privacy.
At the summit, a plan to place the internet under the supervision of the United Nations was defeated.
The researchers who made the discovery of the RFIDs were Mr Escudero-Pascual, a researcher in computer security and privacy at the Royal Institute of Technology in Stockholm, Miss Koch, president of Internet Society Geneva, and Mr Danezis who studies privacy-enhancing technologies and computer security at Cambridge University.
“During the course of our investigation, we were able to register for the summit and obtain an official pass by just showing a fake plastic identity card and being photographed via a Web cam with no other document or registration number required to obtain the pass,” the researchers said.
RFIDs transmit information to sensors that may be placed anywhere “from vending machines to the entrance of a specific meeting room, allowing the remote identification and tracking of participants, or groups of participants, attending the event,” the report said.
The trio approached officials about the RFIDs asking how long the gathered information would be stored but were not given an answer. Their fear is that the information will be used for other events such as the next summit due to be hosted by Tunisia.
“During the registration process, we requested information about the future use of the picture and other information that was taken and the built-in functionalities of the seemingly innocent plastic badge. No public information or privacy policy was available upon our demands that could indicate the purpose, processing or retention periods for the data collected. The registration personnel were obviously not properly informed and trained,” the report said.
The use of the RFIDs was in violation of several laws: the Swiss Federal Law on Data Protection of June 1992, the European Union Data Protection Directive, and United Nations guidelines concerning computerized personal-data files adopted by the General Assembly in 1990.
“The big problem is that system also fails to guarantee the promised high levels of security while introducing the possibility of constant surveillance of the representatives of civil society, many of whom are critical of certain governments and regimes,” the report said.
“Sharing this data with any third party would be putting civil-society participants at risk, but this threat is made concrete in the context of WSIS by considering the potential impact of sharing the data collected with the Tunisian government in charge of organizing the event in 2005,” it said.
Source: The Washington Times
Related posts: