Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

RFID-Enabled IDs: Educate, Don't Legislate

Whenever we're faced with an emerging, unproven technology such as RFID-enabled identification documents, there is a premature urge to create laws restricting or stopping it.
By Nicholas D. Evans
An amendment to the DHS Appropriations Bill requires that "the card architecture meets the ISO 14443 security standards, or justifies a deviation from such standard." While this standard may or may not be the most appropriate solution, it effectively precludes other technologies such as UHF RFID and anything else from consideration. According to the Information Technology Association of America (ITAA), which has been actively engaged on Capitol Hill in representing the broad interests of the U.S. IT community, this amendment unfairly limits competition and excludes a certain segment of the technology sector.

Additionally, 14443 is an interoperability standard, as opposed to a security standard. While the intent may have been to mandate strong security in the procured solution, the wording has the potential to exclude RF technologies other than those operating at 13.56 MHz. A more rational approach might be to prescribe system-wide business requirements and permit the market to compete more openly with a variety of envisioned solutions—both new and old.

Policies and procedures, in addition to the technology, drive the resulting level of privacy and security achieved.

In debates over privacy and security, it is typically the front-end technology that is the object of scrutiny. A recent U.K. House of Commons report from the Science and Technology Committee focused on how scientific advice, risk and evidence were managed in relation to continually developing technologies. The focus of the report was the U.K. Home Office's Identity Card Scheme. A finding of the report was that while much attention had been paid to the biometric technologies to be incorporated into the planned system, there was a lack of transparency around the information and communication technology (ICT) back end.

To maximize the success of these types of large-scale programs, it is important to focus on the entire system, end-to-end, and also on the policies and procedures surrounding its operation and use. This holistic focus can actually improve the privacy and security of the system by helping to ensure that major procedural or technical vulnerabilities are not overlooked.

Consumer and policy-maker education is vital.

Given that legislation and debates often gravitate to controversial areas in the identity discussion and omit critical areas that must not be left out, ongoing consumer and policy-maker education is vital for the best interests of all parties. Finding the good and bad aspects of these systems is equally important, but it is also important to get the facts, scrutinize all claims and assertions, and realize that conflicting information may be accidentally or deliberately omitted.

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations