In A Nod To Privacy, each RFID tag contains the seeds of its own destruction: a 24-bit "destroy" code that, if triggered by a reader, will render the tag unreadable. But disabling the tags would preclude many of the useful applications that manufacturers are developing: smart washing machines that read tags in clothing and automatically adjust their cycles or networked medicine cabinets that know when your prescriptions need refilling.

In the rush to make our lives more convenient, though, we shouldn't ignore the possible unintended consequences, argues Albrecht. Without any regulation, for example, law enforcement could use RFIDs to monitor people's behavior. Police now routinely videotape public protests; in the future, they'll be able to walk around with RFID readers and collect the serial numbers from people's clothing and other tagged items they're carrying. Matching those serial numbers with retailers' records would yield a list of protesters' names, addresses, and so on. Or police could just look for the serial numbers themselves, at an airport security checkpoint, say. "That tube of strawberry Chapstick was at the World Bank protest! Pull that passenger aside!" Though that level of surveillance may be way down the road, says Albrecht, its implications are unsettling.

Nor Will RFID Tags Be The Only Way to surreptitiously identify you. Soon there'll be another: through Internet Protocol addresses. Right now, those numbers mainly identify intelligent devices like computers and PDAs, and the device may not use the same Internet address today as the one it used yesterday.

But Internet engineers are now rolling out a newer version of addressing called IPv6. This scheme uses addresses that are 128 bits long, instead of the current 32. Through the miracle of binary arithmetic, that yields 3 x 10³⁸ addresses-enough to assign each sensor, widget, and appliance on the planet its very own permanent IP address, thus creating what IPv6's proponents have termed an "Internet of things." With every streetlight, parking meter, and video camera potentially broadcasting information about itself and everything it interacts with, you'll know much more about everything around you.

Of course, your environment will know a lot more about you as well. Indeed, every time your car or cellphone connects to the Internet, you'll reveal what you're doing and where you are. A Borders bookstore might send you a text message with a discount coupon as you pass by. Less benignly, your boss at work or your spouse at home will be able to watch in real time as you run errands around town, just as Payless tracked Byungsoo Son across the Nevada desert. And it's not too hard to imagine your IPv6 addresses winding up in your ChoicePoint profile, right alongside your phone numbers.

Though ChoicePoint mainly sells its data to other commercial entities, since 9/11 it has found an eager client in the U.S. government. As the recent Defense Department report makes clear, a wide variety of U.S. agencies would like to apply the same customer profiling and data-mining techniques perfected by companies like Wal-Mart and Amazon.com to pursue terrorists and other criminals.

The most notorious program was former Admiral John Poindexter's Total Information Awareness, officially cancelled in 2003. But many other data-mining projects are ongoing, the report noted, and all pose significant privacy risks. Among the projects cited were the Treasury Department's Financial Crimes Enforcement Network, aimed at catching money laundering; the MATRIX (Multistate Anti-Terrorism Information Exchange) system being used by several states and the Department of Homeland Security to link law enforcement records with other government and private-sector databases; and the U.S. Transportation Security Administration's revamped and expanded Computer-Assisted Passenger Prescreening System.

Also known as CAPPS II, the new passenger screening system is to replace an existing one that uses secretive but ineffectual "no-fly" lists: a test at a U.S. airport this past January revealed that a person named "Osama bin Laden" could scamper right onto his flight, no questions asked. CAPPS II is designed to categorize prospective passengers into three groups: those deemed "acceptable to fly," those who present an "unknown" risk, and those who are "unacceptable to fly." [see illustration, "Policing the Friendly Skies"].

These lists will emerge as follows: several days before a flight, the reservation records for every passenger are sent to Acxiom or some other commercial data aggregator. The data, including name, address, birth date, and phone number, are checked against Acxiom's records. Depending on the number of discrepancies, Acxiom assigns each passenger an authentication score. The TSA then checks the reservation data against U.S. government databases, factoring in the authentication score, to determine the passenger's risk status.

Although the TSA had planned to launch CAPPS II later this year, the program is far behind schedule, in part because protests over privacy violations have kept developers from getting realistic databases with which to test their software. In the meantime, the agency will test a voluntary screening system, known as Registered Traveler, this summer, though when this issue went to press, little was known about how it would work. When contacted by IEEE Spectrum, the TSA refused to discuss which databases it would mine, what mechanisms would be used to correct erroneous information, or even the names of the contractors researching and testing the system.

Whether voluntary or not, such systems bother privacy activists. "A system does all this data mining of disparate information and then spits out a name," says Sobel, of the Electronic Privacy and Information Center. "Does this person then bear a secret government-imposed tag, 'Possible Terrorist'? Does he have an opportunity to know about it and challenge it?"

That's not an idle concern. Prior to the much-contested 2000 presidential election, the state of Florida used a list of names purchased from a company called DBT Online (since acquired by ChoicePoint) to "cleanse" convicted felons from its voter registry. The list was so spotty that thousands of legitimate voters were dropped from the rolls; some were guilty only of misdemeanors, like public drunkenness, while others were simply victims of mistaken identity, including one county's own election supervisor.

A recent General Accounting Office report on CAPPS II worried about similar problems and noted that TSA currently doesn't require commercial data providers to fix errors. Passengers may not even be allowed to know who the data providers are. And, of course, classified government databases will be off-limits.