Ever since the United States announced plans to put radio frequency identification transponders in passports, back in 2005, privacy advocates have been concerned about the use of RFID in identity documents. Recent news that schools are using RFID to monitor children and that more local governments are using it to track recyclables has brought the issue to the surface once again. Privacy supporters claim the technology will be abused, and consumer privacy will be the victim.
Governments have often failed to address the potential for the technology to be abused, or at least privacy advocates’ concerns about potential abuses. In August, the Associated Press reported that California’s Contra Costa County planned to have students wear RFID-tagged jerseys at school. The tags would be used to track children’s movements and monitor whether they have eaten lunch each day. The goal is to reduce costs by eliminating the need for teachers to manually track each child’s attendance and meals.
News reports did not indicate whether the county planned to track students with short-range passive RFID technology or longer-range active RFID, nor did they say whether the tags would be secure. Some bloggers expressed fears that children could be tracked with RFID by pedophiles or estranged spouses.
The Electronic Frontier Foundation, a nonprofit association that addresses issues related to free speech, privacy, innovation and consumer rights, expressed additional concerns: “An RFID chip allows for far more than that minimal [manual] record-keeping. Instead, it provides the potential for nearly constant monitoring of a child’s physical location. If readings are taken often enough, you could create an extraordinarily detailed portrait of a child’s school day—one that’s easy to imagine being misused, particularly as the chips substitute for direct adult monitoring and judgment.
If RFID records show a child moving around a lot, could she be tagged as hyperactive? If he doesn’t move around a lot, could he get a reputation for laziness? How long will this data and the conclusions rightly or wrongly drawn from it be stored in these children’s school records? Can parents opt-out of this invasive tracking? How many other federal grants are underwriting programs like these?”
Also in August, the Cleveland City Council approved spending of $2.5 million on RFID-enabled trash carts for 25,000 households across the city. The city began testing RFID technology to track recyclables with 15,000 households in 2007. It plans to identify and fine ($100) each household that fails to recycle. Former U.S. Congressman Bob Barr said the plan represented “an unholy alliance between business and government in expanding the reach of Big Brother.”In his blog, The Barr Code, he wrote: “It’s a win-win—the company makes money by collecting the recycled trash, and the city reaps at least a short-term windfall by receiving payments from the company for a task it formerly had to carry out. The loser, of course, is the consumer who is paying the taxes and fees for such activities, and surrendering to the company and the city council any privacy in their accumulation or disposal of garbage.”
And privacy concerns were further inflamed when a video of security consultant Chris Paget reading ultrahigh-frequency (UHF) tags similar to those used in Pass Cards and enhanced driver’s licenses from a distance of 200 feet was shown during a hackers’ conference in Las Vegas. Many bloggers took Paget’s feat as evidence that the passive high-frequency (HF) tags in passports could be read at that distance.
The situation forced Michigan Secretary of State Terri Lynn Land to issue a press release titled “Land explains RFID used in EDL, ID card: Misinformation sparks need to set the record straight.” The release said:
• “The RFID chip is not part of the standard driver’s license or ID card. It is only in the enhanced license and ID, which are entirely optional. Customers are not required to purchase an enhanced license or ID if they prefer the standard version.
• Michigan has no plans to put the chip in the standard license or ID, nor is it required under the federal REAL ID Act of 2005.
• The U.S. Department of Homeland Security requires RFID technology in all border-crossing documents. Without it, Michigan residents will not have the option of using the enhanced license or ID card for border-crossing purposes. The RFID technology is required for documents such as enhanced licenses that are in compliance with the federal Western Hemisphere Travel Initiative, or WHTI.• The RFID chip does not have personal information about the license holder. It merely contains a number that links to the person’s record stored in a secure U.S. Department of Homeland Security database.
• Customers receive a protective sleeve in which to carry their enhanced license or ID card. The RFID chip cannot be detected by a remote ‘reader’ until the document is removed from the sleeve.”
Government agencies and public-sector organizations have run into similar problems previously. In 2004, the San Francisco Public Library proposed using RFID to reduce repetitive stress injuries, increase operational efficiencies and improve security. This raised concern among privacy advocates that the government or criminals might be able to read tags in books carried in someone’s backpack and lead to other invasions of privacy. The funds for RFID were soon shifted to other library projects, essentially killing the RFID initiative.
When the U.S. government decided to introduce RFID transponders in passports, it initially dismissed privacy concerns, saying the tags could only be read from a few inches away, but the National Institute of Standards and Technology (NIST) showed the tags could be read from as far as 30 feet away. That prompted the U.S. State Department to add a foil liner to the cover of each passport, preventing the tag from being read unless the document was open.
Part of the problem is that government agencies assume that because the transponder contains only a serial number and no personally identifiable information, privacy is not a factor (the transponders in passports are the only RFID tags in the applications discussed earlier that contain personally identifiable information). But privacy advocates insist that if a random serial number is associated with a person by another means—say, a person’s tag is read and a policeperson asks for the individual’s driver’s license—that serial number can forever be used to identify that person without his or her knowledge.
Government agencies using RFID technology should take these issues seriously and do the following to ensure the technology cannot be abused:Use short-range passive tags that support encryption where possible. ISO 14443 is designed to support a range of just a few inches, to reduce the chance of eavesdropping on communications between tag and reader. While NIST has shown you can eavesdrop from a longer distance with the right equipment, it’s still better to use short-range technology for any government-issued ID documents. The Mifare version of ISO 14443 supports encryption to further protect the data from snooping. EPCglobal has begun work on secure passive UHF tags, but a security standard is likely two years away.
Provide RF-protective sleeves. RFID transponders cannot be read through any sleeve made of Mylar, metal foil or even carbon fibers, which absorb the RF energy. By providing these sleeves with the ID documents, governments can address concerns about tags being used to track people without their knowledge.
Tell the public why RFID technology is being used and what advantages it offers. Governments should explain why RFID is a better option than other technologies, such as bar codes, and how it benefits citizens. The U.S. government never adequately explained it was adding RFID to passports to prevent terrorists and other criminals from simply replacing ID document photos and gaining illegal entry to the country.
Specify what data will be collected, how it will be used and how long it will be kept. Schools, for example, should spell out what student data is collected, and whether it will be used to create profiles of the students and their activities. Wherever readers are used, whether at border crossings or library exits, signs should make clear that the technology is in use. And organizations should set and enforce policies for how long they will store collected data and adhere to procedures for deleting it.
Don’t suggest that short read range and random serial numbers are sufficient to protect the public. Researchers and hackers have demonstrated that, with the proper equipment, RFID tags can be read at longer distances than vendors advertise, and as discussed above, privacy advocates believe even tags with random serial numbers can be used to track people.
Over time, if governments act responsibly by educating constituents about RFID and addressing related privacy concerns, the public will become more comfortable with the technology and more knowledgeable about its potential.