[Looking for "Will the Real Gen2 Please Stand Up?"  Follow this link.]

The U.S. Department of Homeland Security (DHS) recently denied that it is planning to use RFID for its employee ID badges.  Instead DHS asserts it intends to use ISO 14443 (Contactless Smart Cards) which it claims is a different kind of RF.

It's not.  It's just a different application of RFID.

The question is why the DHS felt it necessary to claim that Contactless Smart Cards (CSC) are not RFID.  It seems as if they wanted to avoid a PR problem but they seem to have created an even larger one.

Admittedly, the DHS employee ID badge application could have suffered from the same level of confusion that affects the entire spectrum of RFID -- that of equating the capabilities and limitations of one type of transponder technology with those of every other type of transponder technology.  But the DHS's attempts to distance itself from RFID only made things worse.

The DHS's approach not only makes it seem as if they're trying to hide something, it makes it seem as if all the negative publicity is true.

Neither DHS nor the RFID industry needs this kind of publicity -- particularly when a simple explanation of the facts would have sufficed.

What are those facts?

Fundamental Issues

The DHS may feel that it has some "wiggle room" in claiming that CSCs are not "RFID" because even AIM has historically allocated this technology its own niche.  This was done, however, to differentiate RFID transponders without onboard intelligence from CSCs with an onboard microprocessor.

On a fundamental level, however, there is no difference between the RF communication of a CSC and some other types of RFID.

CSCs operate at 13.56 MHz, the same as many of the currently deployed RFID systems from Intermec, Texas Instruments, Philips and others.  They operate in the ISM (industrial, scientific, and medical) radio band.  ISM bands were originally reserved internationally for non-commercial use of RF electromagnetic fields for industrial, scientific and medical purposes.  RFID was permitted to operate in this band because of low power outputs.

The ISM bands are defined by the ITU-R in 5.138 and 5.150 of the Radio Regulations.  The ITU Radiocommunication Sector (ITU-R) is a standards body subcommittee of the International Telecommunication Union relating to radio communication.

The difference in RF communications between CSCs and other 13.56 RFID systems is the air interface and encryption protocols commonly used.  But to claim that CSCs aren't "RFID" is like claiming a diesel truck isn't a motor vehicle because it has a different form factor and uses a different type of fuel than a family car.

PR Issues

With the recent publicity about the purported lack of security in RFID transponders and ongoing privacy concerns, it seems as if the DHS is trying to distance itself from RFID rather than address the issues.

Publicity about the vulnerability of RFID first surfaced with the announcement of the supposed hacker software (RFDump) that could read and rewrite data to an RFID tag.  "RFID Connections" addressed this in the August 2004 issue [http://www.aimglobal.org/members/news/templates/rfidinsights.asp?articleid=188&zoneid=24], pointing out that the 13.56 MHz tags used in the "hacking" demonstration were ISO-compliant read/write tags that were supposed to be read and written to.  In other words, the "hacker" simply replicated commercially available software.  Nonetheless, the RFDump issue continues to circulate as if it's big news.

More recently, the news that cryptographers have cracked the TI 40-bit encryption code used in some automobile immobilizers and the Exxon/Mobile SpeedPass™ continues to grow.  While there's no denying that the cryptographers succeeded, the potential "threat" is wildly overstated.  "RFID Connections" addressed this in the February 2005 issue [http://www.aimglobal.org/members/news/templates/aiminsights.asp?articleid=292&zoneid=26].

There are also worries that someone with a very large antenna and (illegally) powerful reader could, theoretically, covertly read EPC item level tags from a great distance.

However, concerns have also been raised by the fact that the current proposal for U.S. Government electronic passports (containing an RFID transponder) will not use encryption of text and biometric data.

Technical Realities

None of these issues, however, impact CSCs.  CSCs have an effective reading range of only a few inches and, by default, use secure encryption protocols.  In other words, even though CSCs are a type of 13.56MHz RFID, the intended use -- and therefore the chip and antenna design -- is different from what might be considered "logistics" RFID transponders designed to be read and written to at much greater distances.

Theorists could claim that by using a 72' (22m) antenna (one wavelength at 13.56 MHz) and much more than the FCC-allowed 4 Watts of power it is theoretically possible to read a 13.56 MHz tag from as far away as 60' (18m).

That example, while partly true, examines only one half of the question and is entirely misleading.

While it might be possible to activate the transponder at that range, the transponder would not be able to respond with a stronger signal.  Its internal design limits its output to the several inch range of its intended application.  Overpowering it will increase the range somewhat, but at a certain point the excess energy would likely burn up the transponder or antenna.  And, even with an uyltra-sensitive reader, the signal-to-noise ratio will drop to a level where it will be impossible to detect the response.

The analogy is of someone shouting a question through a loudspeaker to someone far across a parking lot and that person responding in a normal speaking voice.  While the amplified question could be heard from a great distance, the unamplified answer could not be.

Could there be an antenna in one location and a receiver in another?  Technically, yes.  But then there's the encryption used.  If, somehow, it was possible to hear that distance answer, it would be incomprehensible.

Conclusion

RFID is not necessarily easy to explain to the average person.  The nuances of the difference in wave propagation, power levels, interface protocols and so forth don't lend themselves to simple descriptions.

On a functional level, however, the basic explanation that CSCs use data communications encryption and are designed to be capable only of short range communications regardless of interrogator strength would have sufficed.  In fact, much of this is included in the DHS statement.

The irony is that the DHS's attempt to avoid controversy by asserting that CSCs aren't RFID is exactly what stirred up the controversy.