Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

Should Skimming Be Illegal?

A ban on surreptitious scanning could resolve most of the concerns people have about RFID being used to invade privacy.
By Mark Roberti
Nov 07, 2005The United States has been behind Europe and Asia in the use of RFID in contactless smart cards, but it's catching up in the blink of an eye. Banking service provider Chase announced last week that it would expand the rollout of RFID smart cards, which Chase calls "blink," bringing the total distribution of blink cards to 5 million (see Chase Expands Blink's East Coast Presence). When you add in the millions of people who use toll collection systems, access control cards and automobile immobilizers in their keys, it's clear that upwards of a quarter of the national population will be carrying an RFID transponder in their pocket, pocketbook or car.

This raises an interesting question. Is it time to make "skimming" illegal? Skimming is the practice of reading data off of someone else's transponder without their knowledge. This surreptitious scanning goes to the heart of the concerns people have about RFID being used to invade other people's privacy. People are concerned because the transponders aren't always visible, so you might not know one is in your card or clothes, and you can't tell when someone is reading it since radio waves are invisible.

So far, to my knowledge, no one has been accused of skimming. Still, I raise the question about whether skimming should be illegal because its clear RFID will become ubiquitous in cards and tickets well before it's used to tag clothing. Solving the skimming issue now could reduce concerns about RFID tags in personal items, such as shoes or shirts.

It doesn't make a lot of sense to me to ban something that's not yet a problem. However, I was speaking recently with Elliot Maxwell, a knowledgeable and thoughtful author and consultant, who said we need to think differently about privacy in a world where everything is identifiable and can be linked to an individual. So I throw out these questions to you:

1. Would making skimming illegal resolve the privacy issue?
2. Would such a law be enforceable?
3. If so, how could it be enforced?
4. When would be the right time to introduce such a law?
5. Is there another silver bullet that could end concerns about RFID?

I don't know the answers to these questions, so I would love to hear what you think. E-mail me your thoughts at editor@rfidjournal.com.

Note: In last week's column, I wrote that the authors of Spychips "want a complete and total ban on the use of RFID for all consumer applications" (see Spychips Book Fails to Make Its Case). The authors have never called for legislation banning RFID in consumer applications. What I should have written is that they would like consumers to reject RFID in all consumer-related applications. The article has been amended.

Mark Roberti is the founder and editor of RFID Journal. If you would like to comment on this article, click on the link below.
  • Previous Page
  • 1
  • Next Page


Michael Nieuwesteeg 2005-11-07 01:44:31 AM
Skimming Hi Mark I am Susan Hicks MD of IN-CLUB Limited. IN-CLUB is a non-profit industry association founded to promote contactless solutions worldwide. IN-CLUB’s major objectives are to provide opportunities and channels through which organizations and individuals can meet, interact and form business partnerships with each other. Recently we just held a member meeting discussing security and skimmiming ..let me know if you would like access to our presentations. TNO one of the most respected labs worldwide examined your topic well. We also have an on-line forum where mebers can post their views at www.in-club.fr. Below are a few views if your system allows me to paste........... It has to be acknowledged that the acts of terrorism have given rise to a sharp tracking policy which is definitely a threat to citizens’ privacy. Here lies my point. The integration of RFID in ID documents is precisely dedicated to strengthen citizen security without eroding civil rights. 1/ Security Contactless technology now enables the integration of biometrics data (digital photo and fingerprints) to verify citizens’ identity at border controls. The IC chip integrates the same algorithms and security features as a contact smart card. It offers its proper cryptography protections to make impossible the forgery of official document. Contactless state-of-the-art security prevents from data counterfeiting (authenticity), tampering (integrity) and skimming. 2/ Privacy Several points must be taken. Technologies’ features have to be clarified. There has been a miscommunication from the Industry which has wrongly linked all wireless technology to RFID. For example, there is a huge technical gap between the Radio Frequency and the Ultra High Frequency technologies. Indeed, RF communication is submitted to limited distances. Contactless operating distance may go up to 50cm providing huge antennas (door size) whereas UHF goes up to 5m (highway tolls applications). The RF technology, which has been adopted for electronic passport, is then hardly technically feasible for tracking people! The second point that should be referred to is that there are plenty of other consumer technologies that are far more dangerous in terms of tracking means. What about contact banking cards, mobile phones, GPS? These technologies all provide convenience and security but have already been used to track people. Their respective dedicated networks are definitely a more significant threat to citizen’s privacy than RF. If you consider that you would need door-sized antennas every 50cm to be able to track somebody efficiently with RF technology, don’t you think that its threat to citizens’ privacy is a groundless accusation? To sum up, RF technology has been chosen by the International Civil Aviation Organization as the most secure means for ID documents on purpose. Fighting for Civil right is a noble cause though ways to do it are numerous so let does not fight against wrong players! If Governments want ways to track people, they will definitely not go for RF! IN-CLUB Seminar member service... @www.in-club.fr Following presentations from TNO at our Seminar, IN-CLUB's. "Ask the Expert" gives industry players the opportunity to discuss on-line current contactless challenges & help you look at proven solutions in place worldwide. Contactless Payments What are the solutions to realistic security threats in contactless card systems? Everything you always wanted to know on contactless card security, but were afraid to ask: is it possible to eavesdrop on the communication between a contactless card and a reader over a distance of several meters? Is it possible to pick virtual pockets using relay attacks on contactless smart card systems? TNO ITSEF has elaborated experiments on these two security threats and explain how contacless card systems need to be addressed to prevent financial and brand damages to all parties involved. Chairman: Pascal VAN GIMST, Manager Business Development, TNO ITSEF Moderator: Bruno CHARRAT Chief technology Officer ________________________________________________________________________ RF Improving Passport Security The Impact of contactless technology on Border Management, travel documents, border control, security, and throughput Technical overview of the standards and guidelines agreed by ICAO Berlin 2002, New Orleans 2003 and the recommendation for all 188 ICAO members to convert by 2010 Paul McKEOWN, BCS Customs Ports and Borders, IBM An Aviation card replacement experience - Most customers will already have a commitment to an existing technology but wish to move to a secure contactless solution. Here we present the reasons why they choose Inside, the practical lessons learnt in migrating a major user and how to issue 200,000 cards in a 4 month period, and keep the site operational Dr. Pietro CHIABOTTI DirectorElectronic Silicon Solutions Ltd Redford Lechlade GL7 3ED UK Protecting Privacy & Citizen ID Persuading Government Organisations to adopt and exploit Contactless technologies. Why should Governments back contactless technologies to challenge their existing business processes? Chairman: Lawrence FAULKNER, Business Development Director, Burall InfoSmart Ltd Moderator: Bernard VIAN, Business Development VP, Inside Contactless Join the debate! and ask our presenters your Question........... ............................................................................................................................................................................................................................ IN-CLUB is a non-profit industry association founded to promote contactless solutions worldwide with all industry sectors in Payment, ID, Mass Transit, and the Mobile world, and to ensure interoperability between devices and services. IN-CLUB’s major objectives are to provide opportunities and channels through which organizations and individuals can meet, interact and form business partnerships with each other. IN-Club members partner, explore and create a seamless contactless world for their customers. IN-CLUB's cooperation in creating a contactless world is the key to members’ success linking them to a global community of Bankers, Transit Operators, Government Agencies, Mobile Operators, System Integrators and Handset Manufacturers. The limit now to our contactless world will only be our member’s imagination and sense of fun! < ! enjoy and us>
Jim Harvey 2005-11-11 06:12:22 AM
Skimming As to whether Skimming should be made illegal. Yes As to whether any law making it illegal can be enforced. Not likely. But the law should still address it as a crime. Then, all data on cards should be encrypted and any attempt by a reader/scanner to access the information on a card/tag should require authentication.
Fernando Beltran 2005-11-11 07:42:54 PM
Should Skimming be Illegal? Retailers and their supporting marketing consulting firms are constantly searching for ways to capture information about consumers, where and when they shop, etc. Most of the larger companies recognize that consumer privacy protection is important, and the standard practices for loyalty cards is to allow customers remain anonymous and / or opt out of the program. Some will still seek to use RFID skimming tools for marketing purposes. There may even be some security processes used to identify who is really at the register by matching the name to all cards which can be sensed. Usually American legislators wait for a known event to generate new law, but significant damage could be done to consumers and the RFID industry if some of these practices were left to the imaginations of some entrepeneurs.
Mark Christy 2005-11-17 01:22:08 PM
RFID If u can provide with some Case studies of Companies successfuly using RFID than I would be greatly obliged.

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations