This story from BusinessWeek is disturbing in its implications: when passports and driver's licenses have RFID tags embedded in them (as early as next year), the data can be read from a distance. The problem:
"We do need passports with more data," says computer security expert Bruce Schneier. "But they chose a chip that can be queried remotely and surreptitiously. I can't think of any reason why the government would do that, other than that they want surreptitious access." And if airport and border security guards can read everyone's passports on the sly, so could anyone with a radio-chip reader, from terrorists to identity thieves.
The government's response to privacy advocates: "Trust us."
Widespread privacy concerns aside, there are a number of issues that make the BusinessWeek a little off-base.
1) Pricing: at a unit cost of close to $1 for an RFID tag, RFID would add significant cost to drivers licenses and passports.
2) Standards: we are converging to standards for RFID tags, but we're not there yet. Basic incompatibility of spectrum between the US and EU alone is a problem. I would assume that this would need to be resolved for use in passports.
3) Sampling rate / duty cycle / power: RFID tags are not designed to be always-on devices. Making them so would require additional battery power. Making them last five years (drivers license) or ten years (passport) would be an interesting challenge.
4) Propagation: RF does not do well when going through solid objects. Think cell phones in a basement. Better signal propagation requires power.
In other words, RFID sounds really wonderful for these types of applications, ACLU and others be damned. But the real challenge of deploying RFID across a population will be measured according to the costs and benefits.
For example, suppose a state includes RFID tags in drivers licenses. In the ideal scenario, a police officer could stop a car, knowing exactly who is in the car beforehand. If the car includes a felon, the police officer could call for backup.
Now suppose that the car has tinted windows that - in conjunction with the metal in the car - make it impossible for the RFID tag signal to make it out. I won't go into the electrical field theory behind this, but this scenario could easily happen. Better yet, presume that the RFID tag's battery is dead. How will the police officer know whether the driver is driving without a license (and hence may be dangerous)?
Many experts agree that it will be several years before we see widespread adoption of RFID at the product or individual level. During that time, RFID will have to compete with barcode, magnetic strip and fingerprint identification. That said, widespread RFID adoption is already upon us - consider the transmitters we attach to our cars to automate the collection of highway tolls.
Posted by: Daniel Taylor | November 08, 2004 at 10:32 PM
Daniel is right on with his comments. In addition to my 'day job' I work some weekends timing triathlons and road races with the ChampionChip system (http://championchip.com/).
The current low-cost chips are passive chips and do not have a battery. A chip must be 'charged' by an electromagnetic field to be accurately read. With the ChampionChip passive chips it requires a series of mats and other hardware to get a good read on the chip, and even then we are limited to a relative short distance (nowhere near 50 feet, more like 3-4 feet).
The 'active' chips do contain a battery, but that adds cost and a lifespan for the unit.
Wal-Mart has had issues with the passive chips being used with inventory on pallets. The readers are not able to read the chips in the center of the dense packaging.
RFID does present some concerns, but I am not putting my tin foil hat on yet.
Posted by: Josh Hallett | November 13, 2004 at 02:11 AM
Thanks for sharing your comments with us.
Posted by: Dennis Slattery | November 18, 2009 at 02:03 PM