RFID!?

RFID: Feared and Praised

Posted by Sam Churchill on September 12th, 2008

As of this past April, more than 35,000 Washington State motorists have signed up for RFID-embedded driver’s licenses, reports Scientific American, and other border states, including Arizona, Michigan and Vermont, have agreed to participate in the program. New York State will begin making the new licenses available to its residents after Labor Day.

The Washington State Department of Licensing reassures citizens that their personal information is safe because the RFID tag in an enhanced driver’s license “doesn’t have a power source” and “doesn’t contain any personal identifying information”.

Detractors say those facts have no bearing on whether the card can be used for tracking.

Gigi Zenk, a spokesperson at Washington’s licensing agency, recently confirmed that there are 10,000 enhanced licenses “on the street now—that people are actually carrying.”

Homeland Security’s Western Hemisphere Travel Initiative requires all travelers to present a passport or other document that denotes identity and citizenship when entering the U.S. To facilitate the frequent travel of U.S. citizens living in border communities, passport cards contain a vicinity-read RFID chip.

But the possibility that the security of such cards could be compromised is just one reason for concern. Even if tighter data-protection measures could someday prevent unauthorized access to RFID-card data, many privacy advocates worry that remotely readable identity documents could be abused by governments that wish to tightly monitor and control their citizens.

China’s national ID cards, for instance, are encoded with what most people would consider a shocking amount of personal information, including health and reproductive history, employment status, religion, ethnicity and even the name and phone number of each cardholder’s landlord. More ominous still, the cards are part of a larger project to blanket Chinese cities with state-of-the-art surveillance technologies.

Michael Lin, a vice president for China Public Security Technology, a private company providing the RFID cards for the program, unflinchingly described them to the New York Times as “a way for the government to control the population in the future.” And even if other governments do not take advantage of the surveillance potential inherent in the new ID cards, ample evidence suggests that data-hungry corporations will.

If the idea that corporations might want to use RFID tags to spy on individuals sounds far-fetched, it is worth considering an IBM patent filed in 2001 and granted in 2006. The patent describes exactly how the cards can be used for tracking and profiling even if access to official databases is unavailable or strictly limited.

Entitled “Identification and Tracking of Persons Using RFID-Tagged Items in Store Environments,” it chillingly details RFID’s potential for surveillance in a world where networked RFID readers called “person tracking units” would be incorporated virtually everywhere people go—in “shopping malls, airports, train stations, bus stations, elevators, trains, airplanes, restrooms, sports arenas, libraries, theaters, [and] mu­­se­­ums”—to closely monitor people’s movements.

In January, the Department of Homeland Security (DHS) released the “final rule” on REAL ID Act, describing the requirements and procedures for transforming state ID cards into REAL IDs with embedded RFID chips (realnightmare.org).

Many states and their representatives are starting to question whether they want to be a part of this whole Real ID thing after all.

Destron Fearing, a subsidiary of Applied Digital Solutions, initially developed the technology for the VeriChip, the first FDA - approved human-implantable RFID microchip. About twice the length of a grain of rice, the device is typically implanted above the triceps area of an individual’s right arm. Once scanned at the proper frequency, the VeriChip responds with a unique 16 digit number which could be then linked with information about the user held on a database for identity verification, medical records access and other uses.

MythBusters co-host Adam Savage said a planned episode on RFID hackability was killed because lawyers for the credit cards companies had put the hammer down on the show.

But Texas Instruments spokeswoman Cindy Huff told CNET News that things had gone a bit different than Savage had said. Now Savage is backpedaling…”the decision not to continue on with the RFID story was made by our production company, Beyond Productions, and had nothing to do with Discovery, or their ad sales department.”

Contactless smart cards communicate with card readers through RFID induction. These cards require only close proximity to an antenna to complete a transaction. They are often used on mass transit systems, where smart cards can be used without even removing them from a wallet.

As far back as 2003, CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) — along with the Privacy Rights Clearinghouse, the Electronic Privacy Information Center, the Electronic Frontier Foundation, the American Civil Liberties Union, and 40 other leading privacy and civil liberties advocates and organizations have condemned the tracking of human beings with RFID as inappropriate. Industry trades include: RFID News, RFID Journal and RFID.org.

source : dailywireless.org