Should radio frequency identification tags be used on identification cards? Will RFID on ID cards prevent or promote identity theft? While some are praising the technology as a great way to protect people, others deride it as a security nightmare.
Jeff Schmidt, an independent security consultant based in Columbus, Ohio, said that RFID capable ID cards are a “very, very bad idea for a host of reasons.” For starters, he said that the capability to read the ID cards from a short distance may be only marginally more convenient than traditional hand inspection at places like airports.
“When at the airport or any other inspection point, the cards will need to be brought to within several inches of the readers. This isn’t much different than the hand inspections today. So, from a convenience perspective there is little gain,” he said.
Possibilities for Corruption
Schmidt said that motivated counterfeiters would also find ways to alter or forge RFID capable ID cards. Plus, he said that even though RFID tags are designed to be readable in distances of only inches, ways will be developed to read them from afar. “Radio waves just work that way — given the right antenna, one can do amazing things,” he said.
Schmidt said the RFID ID cards might also promote a false sense of security and reduce actual security by reducing human inspection in favor of electronic transmissions. “Alert humans are still the best form of security,” Schmidt said. “At the end of the day the risks far outweigh the benefits and RFID capable ID cards should not be used.”
The California Senate recently agreed and passed legislation to prohibit the use of RFID in any state-issued document, including driver’s licenses, ID cards, student ID cards, health insurance cards, professional licenses and library cards. The bill does make exceptions in use of RFID IDs for state employees to access “secured areas.”
The Association for Automatic Identification and Mobility (AIM) — a trade association based in Warrendale, Pa., that promotes the use of RFID — responded by pointing out an inconsistency in the bill. “It is interesting to note that RFID-enabled ID cards are deemed secure enough to be used by state employees to access secured areas, but not secure enough to be used for general access control, driver’s licenses or other uses.”
While California has been in the forefront to legislate the use of RFID, other states, including Maryland, Missouri, Nevada, South Dakota, Utah and Virginia, have also considered regulating RFID, according to AIM — which tracks legislation for its 900 members in 43 countries that provide components, networks, systems and services.
Justin Hotard, director of RFID market development at Symbol Technologies — a publicly traded company based in Holtsville, N.Y., that delivers supply chain technology systems — said that RFID tags offer plenty of security. He compared the information on RFID tags to information on license plates, which is useless without having access to the database that links the information on the plates to an individual.
Technology Holds the Key
“As the technology continues to be adopted, we expect the discussion will shift from fears of how the technology may be misused to focus on outlawing specific unethical or illegal uses of the technology,” Hotard said. “For example, the use of the Internet for illegal activities has not prevented others from accessing the Web.”
Robert Atkinson, vice president and director of the Technology and New Economy Project at the Progressive Policy Institute — a think-tank in Washington, D.C., that promotes progressive politics — said that these technologies will become part of everyday life for the simple reason that they make people’s lives easier. He said they also boost productivity and economic growth without posing a threat to civil liberties.
“As more Americans realize that they already are using these technologies and will continue to use more, then the non-productive, extremist debates over the technology will die down,” Atkinson said. He compared the debate over RFID tags to the use of cameras in the early 1900s, bar codes in the 1970s and cell phones in the 1980s.
But Atkinson said that concerns surrounding RFID ID tags are not going away anytime soon because privacy groups are totally committed to stopping the technology. He also blamed the press. “They give way to much credence to the scare stories from the privacy luddites,” Atkinson said, referring to stories in the media about RFID ID tags.
Good and Bad Uses
Jim Harper, director of information policy studies at The Cato Institute — a Washington, D.C.-based research foundation that advocates limited government and free markets — said that technologies are neutral. “It all depends on how you use them. Bad implementations could promote identity theft and good ones could limit it,” Harper said.
Harper said that while he strongly objects to use of RFID tags in passports, he sees merits in the use of RFID technology in things like credit cards, assuming proper security is put in place. He said that most RFID card applications do not put personal information on the card, but rather use an encrypted serial number or other code correlated back to a database. He said this reduces the value of card data for crooks.
“A lot of the anti-RFID hype and scare-mongering will continue, promoted by people who don’t understand the versatility of the technology,” Harper said. “Meanwhile, RFID applications will quietly ingratiate themselves further and further into our commercial life. You’ll find that many people who agree with the consensus that RFID is spooky are using RFID and enjoying its benefits without even realizing it.”