Radio Frequency Identification (RFID)

The purpose of this paper is to inform businesses and governments planning to incorporate Radio Frequency Identification (RFID) systems into their work about the potential security and privacy vulnerabilities associated with the technology and persuade them to regulate the use of this technology in a manner to better protect privacy and security of the general population. RFID technology can offer many advantages to manufacturers and the government. Manufacturers can use this equipment to better supply consumers by having more detailed information on the products sold. The government could use this technology to aid in anti-counterfeiting technology and assist with accurate reading of biometric data. However, proper precautions need to be taken to ensure the safety and privacy of the public.

To understand the threats that this technology can produce, a general understanding of it is required. Radio Frequency Identification systems are exactly what they say they are. They are systems that use radio frequencies to read identification data. The data is stored on specially made devices called “tags” or “transponders”. These tags are small enough to be placed on store-bought products and can even be as small as a grain of sand. These tags can transmit data to a reader by sending radio waves from a built-in antenna. These antennas, usually flat and maze-looking, can be seen on the back of barcode stickers in retailers’ stores. Besides the tag, the other important, perhaps the most important, part of any RFID system is the tag “reader”. The reader broadcasts a radio wave which the tag receives then sends back different information. Since this technology utilizes radio frequency, a direct light of sight is not needed between the reader and the tag.

The technology of RFID itself is not new. In fact, versions of this idea have been around since World War II. During World War II, the British, Japanese, Germans, and Americans all were using Radar which informed of incoming aircraft. However, this did not distinguish between returning allies’ and approaching enemies’ aircraft. To overcome this limitation in the technology, the German pilots would roll the aircraft, in turn altering the signal sent back to the radar. In essence, this is the same idea of the RFID technology.

If the technology has been around since the 1930’s, then what’s all the fuss about? Though the technology is not new, the proposed uses of RFID is what is gaining the media’s recent attention. Businesses, especially manufacturers, plan to use RFID tags to more or less replace barcodes. While this can be very useful for manufacturers to track products, it also creates privacy concerns. If the tag is still enabled once the product leaves the store, it can be tracked while in the purchaser’s possession and all the way to the landfill.

The fact that RFID tags can be read even without a direct line of sight to the ID tag is itself a privacy threat. The furthest distance a reader can read tag with current technology is about 30 feet. However, like most technology, improvements will be made on the current devices and allow them to read from much further distances.

Another reason RFID poses a threat to personal privacy is that no information stored in RFID tags are encrypted. This means that if RFID tags are used as passports or driving licenses, information such as full name, date of birth, place of birth, and age could all be stored in a tag, unencrypted. When near a reader, the tag would broadcast this personal information through the air in all directions, which is clearly a bad idea.

As future uses of RFID technology is fought, the very same technology is in use today. Knowledge of the current technology is possibly the biggest reason new implementations of RFID systems are being opposed; because it is proven to work.

Along with already mentioned negative effects that RFID technology can cause to society if not properly regulated, the technology itself has limitations. Some examples of these limitations are that reading can be restricted by the surroundings and materials near the equipment.

We do not have to discard the idea of implementing RFID technology all together, but we do have to create certain restrictions and limitations of its use. I would like to propose certain guidelines that would help regulate the use of this technology that could otherwise be detrimental to society. If RFID tags are placed on products sold at stores, not only should the consumer deserve the right to be informed that the product contains the tag, but also the tag should be deactivated or removed at point of sale. This needs to be done to ensure that product tracking will not take place in the consumers’ possession outside of the supply chain.

I also suggest that a tag reader must clearly inform all persons of a tag reading beforehand so that there is no secretive tag reading. For example, all tag readers placed at the entry and exit points of a store must clearly label what they are, what they are doing, and what the information is used for.