Another Crack on RFID

More criticism of Radio Frequency Identification (RFID) technology comes today in an article posted by EETimes, the electronics industry's newspaper. The article takes the Homeland Security Department to task for using RFID technology for its Pass Card, which people crossing the Canadian and Mexican borders will eventually use as outlined under the Western Hemisphere Travel Initiative. Readers will be able to read the card up to 30 feet away.

"DHS plans to offer 'privacy protection' by placing a unique ID number on the card and using the number to retrieve personal information (a photograph and demographic information) from a central database when the card is used at a border crossing," according to the article. "This effectively means that Pass Card holders' identification number can be stolen from a distance with relative ease. A stolen ID number can be programmed on a blank chip or programmed in an RFID reader, with the reader then acting like a chip by spitting out the false ID number."

At least one government agency, the U.S. Army, seems to be having second thoughts about the value RFID, as Government Executive's Bob Brewin reported last week.

Of course, knocks against RFID and the use of the technology in government ID cards are nothing new. But is there something more here? The fear that RFID is not secure has been building for some time, with many security companies and consultants sounding the alarm. One of the most recent, for example, comes from security software maker McAfee Inc., which in its semiannual Sage report on security trends and analysis, says RFID "is vulnerable to

eavesdropping, recording, cloning, and forgery."

The backlash against RFID seems to be building. Are we approaching a tipping point in which agencies and businesses abandon RFID until the technology improves?

The EETimes article also points out that other identity cards under development in the United States use non-compatible technologies, which means federal and local governments will not be able to integrate the cards into one convenient card. (U.S. electronic passports will use contactless smart card technology and Real ID driver's licenses are based on 2D bar code.)

EETimes reports that:

technology companies are making a last-ditch effort to convince Congress to change the implementation decision on the Pass Card. Members of the Secure ID Coalition and Smart Card Alliance including Texas Instruments, Gemalto and Infineon Technologies are in Washington [D.C.] Wednesday (July 18) to brief lawmakers on identification technologies. The briefing includes a real-time demonstration showing the differences between two types of automatic identification technologies for electronic ID documents: RFID and contactless smart card technologies.