AP Hack Strikes Again

Todd Lewan's recent article about skimming IDs from PASS cards spreads the usual misinformation.
Published: July 15, 2009

You’ve got to hand it to Todd Lewan—he never lets the facts get in the way of a good story.

I met Lewan at RFID Journal LIVE! 2007. At the time, he wanted to interview me for an article about radio frequency identification, and was allowed to attend the event as a member of the press. He introduced himself as an “investigative reporter.” A minute into the interview, however, it was clear he intended to write a negative article about RFID, regardless of the facts, or of anything I said.

Sure enough, he published a very negative article: “Businesses praise chips as privacy groups worry.” I put the fact straight in a blog entry (see Fearmongering Is Alive and Well).

Lewan had previously written another misleading article in September 2007, linking implanted RFID transponders to tumors in lab mice. However, that article was refuted by VeriChip, which issued several scientific papers debunking the claims of Lewan and other reporters, and by a number of experts in the RFID and medical fields (see VeriChip Defends the Safety of Implanted RFID Tags).

Recently, Lewan has been at it again. His latest article, “Chips in official IDs raise privacy fears,” peddles misinformation concerning Chris Paget’s alleged “cloning” of RFID transponders in PASS cards. As I explained in my blog, back in February, Paget obtained absolutely no personally identifiable information or any other information of value during his supposed “skimming,” and he did not clone or hack anything (see Cloning and Reading E-Passports and PASS Cards). Rather, he simply read a serial number, which is akin to reading a car’s license plate. (It could have been an Electronic Product Code on a discarded television box from Wal-Mart, for all Paget knew.)

That didn’t stop Lewan, however. He writes, in his most recent article: “But with advances in tracking technologies coming at an ever-faster rate, critics say, it won’t be long before governments could be able to identify and track anyone in real time, 24-7, from a café in Paris to the shores of California.”

Yeah, right.

There are legitimate reasons to be concerned about the use of RFID in government documents—but to get the public to pay attention, Lewan takes great liberties with the facts. And he repeatedly cites unnamed “critics” and “opponents” of RFID who imagine all kinds of terrible things that could happen. He writes, for instance: “But scientists are working on technologies that might enable a satellite or a cell tower to scan a chip’s contents.”

I’m not aware of this research, though I’ve seen speculation about it on the Web. Even if it were true, though, Lewan never bothers to mention that wrapping your license in tin foil would prevent the RFID tag from being read. (Any threat that can be defeated with tin foil is unlikely to scare consumers sufficiently to make for a good story, so no privacy articles ever mention this.)

Lewan quotes my blog posting in which I set the record straight regarding Paget’s PASS card video. Specifically, I wrote that the potential for abuse grows as the use of RFID in government document grows. This is true, of course. It’s also true that stabbings increased as the use of knives grew. But we didn’t ban knives—we outlawed stabbing. And the whole point I was making in my blog is that misinformation makes it more difficult to get to a good solution that protects privacy. I was decrying the very scare tactics he uses as counterproductive.

Governments really do need to take the skimming issue seriously. It’s perfectly acceptable to warn of potential abuses of new technologies. And it’s absolutely essential to report on actual abuses. But hack articles that use scare tactics, like Lewan’s, do far more harm than good.

Mark Roberti is the founder and editor of RFID Journal. If you would like to comment on this article, click on the link below. To read more of Mark’s opinions, visit the RFID Journal Blog or click here.