Another Crack on RFID
By Allan Holmes | Wednesday, July 18, 2007 | 12:50 PM
By Allan Holmes | Wednesday, July 18, 2007 | 12:50 PM
More criticism of Radio Frequency Identification (RFID) technology comes today in an article posted by EETimes, the electronics industry's newspaper. The article takes the Homeland Security Department to task for using RFID technology for its Pass Card, which people crossing the Canadian and Mexican borders will eventually use as outlined under the Western Hemisphere Travel Initiative. Readers will be able to read the card up to 30 feet away.
"DHS plans to offer 'privacy protection' by placing a unique ID number on the card and using the number to retrieve personal information (a photograph and demographic information) from a central database when the card is used at a border crossing," according to the article. "This effectively means that Pass Card holders' identification number can be stolen from a distance with relative ease. A stolen ID number can be programmed on a blank chip or programmed in an RFID reader, with the reader then acting like a chip by spitting out the false ID number."
At least one government agency, the U.S. Army, seems to be having second thoughts about the value RFID, as Government Executive's Bob Brewin reported last week.
Of course, knocks against RFID and the use of the technology in government ID cards are nothing new. But is there something more here? The fear that RFID is not secure has been building for some time, with many security companies and consultants sounding the alarm. One of the most recent, for example, comes from security software maker McAfee Inc., which in its semiannual Sage report on security trends and analysis, says RFID "is vulnerable to
eavesdropping, recording, cloning, and forgery."
The backlash against RFID seems to be building. Are we approaching a tipping point in which agencies and businesses abandon RFID until the technology improves?
The EETimes article also points out that other identity cards under development in the United States use non-compatible technologies, which means federal and local governments will not be able to integrate the cards into one convenient card. (U.S. electronic passports will use contactless smart card technology and Real ID driver's licenses are based on 2D bar code.)
EETimes reports that:
technology companies are making a last-ditch effort to convince Congress to change the implementation decision on the Pass Card. Members of the Secure ID Coalition and Smart Card Alliance including Texas Instruments, Gemalto and Infineon Technologies are in Washington [D.C.] Wednesday (July 18) to brief lawmakers on identification technologies. The briefing includes a real-time demonstration showing the differences between two types of automatic identification technologies for electronic ID documents: RFID and contactless smart card technologies.
Comments
After reading a number of articles about the disappointments in RFID technology I cannot help but feel that the authors are missing the point. Is RFID a perfect technology? … No! Is it better than what we have now? … Yes! Will it improve and evolve? … Yes!
Ripp | Thursday, July 19, 2007 | 08:45 AMYour article is partly correct, in that a tag can be pick up and potentially cloned. But what you don't point out is that the industry has chips with two pages of memory. With the second page the government can write a unique ID that is password protected. That way if a card is suspect then they have a means to look deeper. You also do not discuss the current means of border identification, its faults and the ability to easily create false ID's: licenses, passports...so how safe is the current system? You article, and those criticizing RFID, should then explain to me as a citizen how safe our current system is under manual checks and paper docuements? RFID is a technology layer being added to the system, one could also use camera technology if a read was questions. In the end you basically tell us the solution has issues, but in typical fashion you fail to acknowledge an alternative or the problem at hand that has the government looking for answers. You may wish to write an article that all technology has faults and the potential for wrong doing, so I for one wish to ban all computers since it has been proven they can be breached and hard-drives cloned...
David Eagleson | Thursday, July 19, 2007 | 07:32 AMABOUT THIS BLOG
Allan Holmes on what's happening and what's being discussed in the world of federal information technology.
feed