The main risk when using active RFID tags is that someone might determine your location, or the location of your goods, by honing in on a tag’s beacon signal. I have asked the U.S. Department of Defense (DOD) about this a number of times, and the answer the agency always gives is that RFID is a short-range technology, and that if an enemy is close enough to read tags, then that enemy already knows our position.
The second aspect to your question deals with the security of tag data. For an answer to that query, I reached out to Savi Technology, a leading provider of 433 MHz active tags, and a leading force behind the Dash7 Alliance, which promotes the ISO 18000-7 standard for active tags. Here is the response I received from Albert Nardelli, the senior director of Savi Innovation Labs:
“Today, the most advanced active RFID hardware has numerous measures to ensure the security and integrity of the information that’s stored, transmitted and received. For example, the tag platform can provide extremely strong security encryption, authentication and supporting security protocol measures to protect information. Data encryption can be both hardware- or software-based, and the tags and infrastructure can detect whether the tag, reader or information being transmitted is originating from, or being received by, an unauthorized entity. Further safeguards can be implemented when there is an information security breach on the tags and readers, as well as the information stored on them, including having devices self-destruct or send automated alerts.”
—Mark Roberti, Editor, RFID Journal
Where Can I Find a Tag That Will Work on Metal? »