Did corporate lawyers put kibosh on 'Mythbusters' RFID episode?

'MythBusters' co-host Adam Savage, right, told a conference audience recently that Discovery Channel was convinced by legal counsel from Texas Instruments and several large credit card companies not to do an episode on the hackability of RFID.

(Credit: Daniel Terdiman/CNET News)

Update (Wednesday, 10:58 a.m.): This story now has a link to a new post on this with a statement from MythBusters co-host Adam Savage.

One of the great things about the Discovery Channel show, Mythbusters is that it confronts the realities behind some of the most interesting phenomenons and technologies around.

That's why, reported the Consumerist blog, at a recent conference--it's not clear which one--Mythbusters co-host Adam Savage was asked why the show hasn't tackled the technology behind the security limitations of RFID.

His eyes lighting up at the chance to talk about something that clearly was a memorable experience for him, Savage said the show had actually set out to do an episode on the vulnerabilities of RFID but encountered some very powerful resistance.

In the video, Savage says that a conference call was arranged between co-host Tory Belleci and Texas Instruments to talk about the RFID vulnerabilities. But when Bellici and a MythBusters producer got on the call at the appointed time, "Texas Instruments comes on along with chief legal counsel for American Express, Visa, Discover, and everybody else....(Bellici and the MythBusters producer) were way, way out-gunned and (the lawyers) absolutely made it really clear to Discovery that they were not going to air this episode talking about how hackable this stuff was, and Discovery backed way down, being a large corporation that depends upon the revenue of the advertisers. Now it's on Discovery's radar and they won't let us go near it."

Savage also said he got chills just from describing the encounter.

I sent a message to Discovery Channel to see if it would confirm Savage's account, but didn't get an immediate response. I will update this entry when I hear from them.

Note: Discovery Channel provided me with a statement from Savage Wednesday. You can read about it here.

For its part, Texas Instruments said things went a little different than the way Savage remembers it.

In a statement provided to CNET News, TI said lawyers were hardly to blame for MythBusters dropping the RFID episode.

"In June 2007, MythBusters was interested in pursuing some great myth-busting ideas for RFID. While in pursuit, they contacted Texas Instruments' RFID Systems, who is a pioneer of RFID and contactless technology, for technical help and understanding of RFID in the contactless payments space," TI spokesperson Cindy Huff said. "Some of the information that was needed to pursue the program required further support from the contactless payment companies as they construct their own proprietary systems for security to protect their customers. To move the process along, Texas Instruments coordinated a conversation with Smart Card Alliance (SCA) who invited MasterCard and Visa, on contactless payments to help MythBusters get the right information. Of the handful of people on the call, there were mostly product managers and only one contactless payment company's legal counsel member. Technical questions were asked and answered and we were to wait for MythBusters to let us know when they were planning on showing the segment. A few weeks later, Texas Instruments was told by MythBusters that the storyline had changed and they were pursuing a different angle which did not require our help."

Clearly, TI's memory of what happened is at odds with that of Savage.

Still, this is a very strange situation. If Savage is recalling things correctly, it indicates that the credit card companies may be very nervous about people learning how fragile the security is on cards that have RFID. Or maybe it's for other reasons. Either way, if true, it's revealing that those corporate giants would want to shut down such a public and prominent examination of the limitations of the technology.

If it's not true, one would wonder why Savage would have told the story he did.

And such muffling of investigation or research, in this case or others, often has the unintended consequence of stoking more interest in precisely the subject that is presumably taboo.

For example, after Savage finished his explanation, the gentleman in the audience who asked him the question said, to much applause and laughter, "Well, you do have about 3,000 people in the room who aren't under such legal arrangements."

Via TechDirt.

[gggg sssss]

tin foil short swill prevent RFID data leaks. Pass it on

[ozzymrjack]

tin foil won't completely prevent data leaks!

[michaelo1966]

Uhhh ... they could both be telling the truth; are the product managers of this technology also lawyers? In any event the answer is easy; TI and the SCA should just publicly announce they're happy not only to have MythBusters try to hack the cards, but that they'll sponsor the episode. They'll be happy because the technology will be un-hackable, then the myth will be busted in a very public forum and everybody will start to use RF-ID cards. Unless, of course, they're worried about a different outcome.

[Dalkorian]

They're not "worried" about a different outcome, they *KNOW* the technology will fail. They're worried about their image.

[Michichael]

Yeah, TI's response sounds like a standard "Scrubbed by PR for 'correctness' response....

[drhamad]

Spellcheck for the fail?

[Penguinisto]

RFID is as cryptographically as strong as tissue-paper; this has been proven as much repeatedly.

I'm more than willing to wager that the credit card corps got very nervous when what is otherwise common-knowledge among the underground got up and went mainstream. Anyone who uses PayPass and similar credit-card tech would understandably get worried. The CC corps were probably trying to avoid a panic.

Meanwhile, the confident RFID credit-card holders continue to spend with the things, all the while completely oblivious that some kid with a backpack (containing a reader rig) can wipe them out with a simple "excuse me, Sir" as the backpack brushes against the victim's wallet pocket, or purse...

[The_Decider]

How funny. there is more than enough information available that shows how utterly insecure RFID is online. Not all of it is distilled for the masses but enough is. Like MBTA, they only highlight the problem by attempting to hide it.

[FellowConspirator]

People have been hacking RFID for years. You can find the tools to dupe a passport remotely, replacing the picture with one of your choice. With a briefcase you could house a unit that would whip up a forged passport in seconds based on the nearest person. It's been demonstrated.

There's nothing secure about RFID. Everyone, CCCs know it as well as everyone that's worked with it. They'd just rather not have the fact broadcast on a popular TV show where it might get out to the otherwise ignorant masses who might take exception, that's all. The fact that something is not secure isn't so important so long as most people don't question it. It's like airline security -- if it looks secure to most people, it's doing its job (making people *FEEL* safe) even if they aren't secure (making people safe).

[AbeMud]

Just for reference... this presentation took place on July 20, 2008 at The Last HOPE conference in NYC, sponsored by 2600 magazine.

[alex00629]

<a href=http://www.lawyersindemand.com/>Corporate lawyers in New York</a> guarantee the legal aspects of commercial transactions. Accordingly, the must have a knowledge of statutory law and regulations to assist their clients. On the other hand the corporate lawyers also need to go through contract law, tax law, bankruptcy, licensing and many more.

http://www.lawyersindemand.com/