Should Skimming Be Illegal?

By Mark Roberti

A ban on surreptitious scanning could resolve most of the concerns people have about RFID being used to invade privacy.

The United States has been behind Europe and Asia in the use of RFID in contactless smart cards, but it's catching up in the blink of an eye. Banking service provider Chase announced last week that it would expand the rollout of RFID smart cards, which Chase calls "blink," bringing the total distribution of blink cards to 5 million (see Chase Expands Blink's East Coast Presence). When you add in the millions of people who use toll collection systems, access control cards and automobile immobilizers in their keys, it's clear that upwards of a quarter of the national population will be carrying an RFID transponder in their pocket, pocketbook or car.

This raises an interesting question. Is it time to make "skimming" illegal? Skimming is the practice of reading data off of someone else's transponder without their knowledge. This surreptitious scanning goes to the heart of the concerns people have about RFID being used to invade other people's privacy. People are concerned because the transponders aren't always visible, so you might not know one is in your card or clothes, and you can't tell when someone is reading it since radio waves are invisible.

So far, to my knowledge, no one has been accused of skimming. Still, I raise the question about whether skimming should be illegal because its clear RFID will become ubiquitous in cards and tickets well before it's used to tag clothing. Solving the skimming issue now could reduce concerns about RFID tags in personal items, such as shoes or shirts.

It doesn't make a lot of sense to me to ban something that's not yet a problem. However, I was speaking recently with Elliot Maxwell, a knowledgeable and thoughtful author and consultant, who said we need to think differently about privacy in a world where everything is identifiable and can be linked to an individual. So I throw out these questions to you:

1. Would making skimming illegal resolve the privacy issue?

2. Would such a law be enforceable?

3. If so, how could it be enforced?

4. When would be the right time to introduce such a law?

5. Is there another silver bullet that could end concerns about RFID?

I don't know the answers to these questions, so I would love to hear what you think. E-mail me your thoughts at

Note: In last week's column, I wrote that the authors of Spychips "want a complete and total ban on the use of RFID for all consumer applications" (see Spychips Book Fails to Make Its Case). The authors have never called for legislation banning RFID in consumer applications. What I should have written is that they would like consumers to reject RFID in all consumer-related applications. The article has been amended.

Mark Roberti is the founder and editor of RFID Journal. If you would like to comment on this article, click on the link below.