RFID In Government Issued ID? 89
RFID! writes, "The Department of Homeland Security's Data Privacy and Integrity Advisory Committee published a draft report that poured cold water on using RFID in government-mandated identity cards and documents (PDF link). But this met with some consternation among the DHS bureaus that plan to use RFID in this way and the businesses eager to sell the technology to the government, and now a vote on the report has been delayed until December."
Here's the reason Cato doesn't like RFID (Score:5, Insightful)
He's saying it isn't any better than other card systems, and it doesn't solve the principal security problem - that of identifying the owner. I bet, however, that if one were to somehow solve the confirmation of identity issue - such as by injecting or surgically implanting and RFID chip - he might change his mind.
I think one could argue that Mr. Harper doesn't oppose RFID as much as he finds it impotent.
If you needed another reason to clean house(s).... (Score:4, Insightful)
C.f. Hollerith Cards (Score:5, Insightful)
I've seen some automated warehouse and inventory-management systems that depend on RFID tags, and (if you're into this kind of stuff) they're the slickest thing you've ever seen. If your full supply chain uses tags, then there's no manual inventorying; as stuff gets unloaded from the trucks at a loading dock (by the pallet-full -- scanners can 'talk' to tens or hundreds of tags at once), it gets noted. When it gets put on a shelf, it gets noted. When an order comes in, the system knows whether it's in stock, and where's it's located. The picker (guys who pull individual items from warehouse shelves) can follow a wrist-mounted computer right to the location, and scan it as they pick it up. As orders get loaded on a truck to go out, they get scanned again at the dock doors. At every step in your supply chain, you can do this.
It's not quite a fully-automated warehouse, but it's pretty close. If you've ever worked in industry or retail, you can appreciate the beauty of such a system. All that real-time data; I won't say there's "no limit" to what you can do, because I don't want to start sounding like an ad, but there's a lot.
So really, don't blame the technology here. The gear is really good. The problem is that a lot of contractors, who want to make a few bucks from Uncle Sam, have convinced some govvies that this sort of data flow -- which is great when you're talking about cases of Rice Krispies or DVD players -- would be nice to have on all of us. The problem with "RFID" as people have come to think of it, is totally a social one. If you could somehow 'uninvent' RFID, put the genie back in the bottle, it wouldn't fix the real issue: that our government is currently obsessed with reaching down into the personal lives of individual citizens, either by accident or by design. A government which took more of an interest in privacy concerns, probably wouldn't think that embedding RFID tags in passports and drivers licenses would be a good idea. That they do, is indicative of a problem in government, not in the tags.
An apt analogy would be Hollerith card sorters and other indexing machines, in the early part of last century. They let people do all sorts of rapid data analysis and were indispensable to industry and government for countless projects. Yet they were also used by the Nazis, to greater or lesser effect depending on who you choose to believe. That a particular technology was used reprehensibly isn't necessarily a valid criticism of the technology itself; virtually anything can be perverted for ill uses.
So in short, don't blame RFID in general. It's a great technology, when used correctly, and its potential for abuse isn't any greater than similarly revolutionary systems were in their day.
Next, babies will be microchipped... (Score:3, Insightful)
Re:Here's the reason Cato doesn't like RFID (Score:3, Insightful)
Contactless cards offer significantly faster communication speeds than contact cards and also the option to pick one card from many cards within the range of the reader.
What comes to security, there are two main vulnerabilities in contactless cards: eavesdropping and accessing the card without holder's knowledge is easier than in contact cards. In both points, the vulnerabilities can be overcome with protocol design. The card need not broadcast anything without setting up a secure channel and requiring holder verification (e.g. PIN). This is really not a fault in the technology itself, but rather in how it is applied.