The growth of the now billion-dollar RFID business is prompting industry experts, from consumer advocates to company figures specializing in RFID protection, to question whether the technology can ever be made adequately secure.
Walt Augustinowicz, CEO of the RFID-protection company Identity Stronghold, distills concerns over Radio Frequency Identification to a simple tradeoff. Many retailers, he points out, are willing to exchange the security of your data for the convenience of RFID asset tracking and point-of-sale simplicity.
"RFID chips are basically tiny two-way radios that are so small they can fit inside a credit card, an article of clothing, the inside of a shampoo bottle cap, etc.," he explains. The chip, essentially a transponder, carries identifying data and can be queried and read, or "sniffed," at a distance. RFID technology is now in use in credit cards, ATM cards, "enhanced" driver's licenses, highway toll networks, and inventory tracking systems.
Katherine Albrecht, co-author of the book "Spychips: How Major Corporations and Government plan to Track your every Move," believes speeding up transactions at the point of sale is a powerful inducement for retailers to introduce RFID technology in their stores.
"The reason you're starting to see [RFID tags show up in credit and ATM cards] is that the industry itself did some studies and found that people spend more when they actually don't have to handle their credit card. The act of looking at your credit card, and the act of then having to get out a pen and sign for [the purchase], creates many decision points at which a consumer could decide not to make the purchase."
Albrecht and CASPIAN identify three categories of RFID threats. The first is what she describes as unscrupulous retailers, who use RFID and programs like frequent-shopper cards to amass personal data about you and your purchases in order to more effectively target you for future sales and marketing efforts.
The second category, a threat simply ignored by many commercial and government entities introducing RFID technology, is hackers.
"The big threat that we face right now as citizens is an 'enhanced' driver's license," Katherine Albrecht insists. She points out that the third threat category identified by CASPIAN is government. While no states currently mandate an RFID-equipped driver's license or non-driver ID card, those that do are using the ID as a de facto passport.
"What they didn't tell you is that they do that by adding remotely readable RFID into your driver's license," Albrecht says – and that RFID chip is among the least secure in the industry, readable even "by the underwear shelf at Wal-Mart."
"The industry will tell you that the card has a unique ID number, not your name," Albrecht points out. "But all you have to do is be around that person once to 'sniff' that number and know [who that number represents.]"
What's worse, using RFID in government identification like passports could make it possible to target American citizens for terrorist attack. "We're making it possible," says Albrecht, "for Americans traveling in foreign countries, where America's not very popular, [to be] singled out and identified in crowds." A bomb equipped with an RFID reader could lie in place undetected for years, Albrecht asserts, before detonating in proximity to a specific ID signature.
Walt Augustinowicz, CEO of the RFID-protection company Identity Stronghold, distills concerns over Radio Frequency Identification to a simple tradeoff. Many retailers, he points out, are willing to exchange the security of your data for the convenience of RFID asset tracking and point-of-sale simplicity.
"RFID chips are basically tiny two-way radios that are so small they can fit inside a credit card, an article of clothing, the inside of a shampoo bottle cap, etc.," he explains. The chip, essentially a transponder, carries identifying data and can be queried and read, or "sniffed," at a distance. RFID technology is now in use in credit cards, ATM cards, "enhanced" driver's licenses, highway toll networks, and inventory tracking systems.
Katherine Albrecht, co-author of the book "Spychips: How Major Corporations and Government plan to Track your every Move," believes speeding up transactions at the point of sale is a powerful inducement for retailers to introduce RFID technology in their stores.
"The reason you're starting to see [RFID tags show up in credit and ATM cards] is that the industry itself did some studies and found that people spend more when they actually don't have to handle their credit card. The act of looking at your credit card, and the act of then having to get out a pen and sign for [the purchase], creates many decision points at which a consumer could decide not to make the purchase."
Albrecht and CASPIAN identify three categories of RFID threats. The first is what she describes as unscrupulous retailers, who use RFID and programs like frequent-shopper cards to amass personal data about you and your purchases in order to more effectively target you for future sales and marketing efforts.
The second category, a threat simply ignored by many commercial and government entities introducing RFID technology, is hackers.
"The big threat that we face right now as citizens is an 'enhanced' driver's license," Katherine Albrecht insists. She points out that the third threat category identified by CASPIAN is government. While no states currently mandate an RFID-equipped driver's license or non-driver ID card, those that do are using the ID as a de facto passport.
"What they didn't tell you is that they do that by adding remotely readable RFID into your driver's license," Albrecht says – and that RFID chip is among the least secure in the industry, readable even "by the underwear shelf at Wal-Mart."
"The industry will tell you that the card has a unique ID number, not your name," Albrecht points out. "But all you have to do is be around that person once to 'sniff' that number and know [who that number represents.]"
What's worse, using RFID in government identification like passports could make it possible to target American citizens for terrorist attack. "We're making it possible," says Albrecht, "for Americans traveling in foreign countries, where America's not very popular, [to be] singled out and identified in crowds." A bomb equipped with an RFID reader could lie in place undetected for years, Albrecht asserts, before detonating in proximity to a specific ID signature.
