RFID: For the Public Good
Wednesday, February 03, 2010 - RFID Connections
 |
Editor
Once again, privacy is in the news with
But there is an issue in these discussions more fundamental than either privacy or security...
...and that's education -- education of policy makers, privacy advocates and systems designers. The writer Terry Pratchett's update of an old adage is appropriate here, "They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance."
Systems Designers
For systems designers, it's tempting to specify UHF Gen2 tags for a wide range of applications simply because "everyone else is" and tags and readers are readily available. And UHF Gen2 has received the most publicity so it may seem like an easier technology to explain. For supply chain, retail and other "commodity" applications, yes, it's a good choice. In fact, it may be a very good choice when it is necessary for tags to be readable by any reader.
However, a "generic" UHF Gen2 tag is not the right solution for applications that require a higher level of security and privacy protection. Applications such as government-issued IDs, access control cards, pharmaceuticals and other high value items require more security -- even to the point of "cloaking" the tag so it doesn't respond to unauthorized readers.
Of course, one problem with some of the less-than-well-conceived implementations for state and federal governments is the long lead times required to wend their ways through the bureaucracy. And some were developed with lots of enthusiasm about the potential of the technology with little thought of potential misuse. And some were just bad ideas to begin with because the technology was not really understood.
Systems designers need to consider all the options available. Admittedly, some are more costly, some are less popular, some are even proprietary (in the case of encryption). But selecting the right capabilities for an application is necessary to provide both security and privacy.
Privacy Advocates
Privacy advocates should recognize that the RFID industry acknowledges that there are legitimate privacy concerns with poorly designed and executed RFID systems. They must also recognize that the RFID industry has taken these seriously and has taken steps to provide solutions.
The greatest opportunity for privacy advocates is to work with the industry to ensure that security, and thus privacy, becomes an integral part of RFID system planning and implementation. That means they should understand the different capabilities of different types of RFID and become familiar with the solutions and countermeasures that are currently available.
Those that intersperse valid concerns with hysterical fears about "arfids in your underpants" and "tracking from space" take focus away from real issues. The same is true with specious arguments about "invasion of privacy" when hospital patients or the elderly are given RFID tracking devices to help ensure proper treatment and safety. Saying, for example, that Alzheimer's patients in a care facility shouldn't be tracked to ensure they don't wander into an unsafe area is the same as saying we shouldn't put up gates or walls to keep them safe.
Finally, as the industry has recognized the validity of a number of privacy concerns, privacy advocates should recognize some of the many benefits properly implemented RFID systems can offer so that reasonable solutions can be reached.
Policy Makers
Policy makers should realize that a bill that has not changed significantly in three years is at least three years out of date. Many of the fears and concerns are based on old technology. Examples of implementations with newer technology that "leak" data from tags (allowing unauthorized reading) should be examined to determine why they're flawed -- and the answer will be a lack of security.
Tremendous advances have been made in both hardware and software that could, if implemented, address virtually all privacy concerns. Capabilities exist to secure the data on the tag and during transmission and even to cloak the tag. Capabilities exist to "turn off" a tag unless it receives a specific password to wake it up -- thereby preserving the potential use of the tag post-sale without causing any real privacy issues. And there are RFID tags for clothing that are designed to "die" when washed.
Policy makers also need to know more about the technology in action, not just in theory or myth. Those who actually believe a Gen2 UHF tag can be routinely read from 150 feet away while in someone's wallet should talk to some warehouse managers who only wish that were the case.
They should also recognize that the industry is willing to work with them to develop sound, economically feasible, and reasonable policies to protect privacy. The industry is not monolithic -- it is made up of individuals who may also have concerns about privacy for themselves and their families.
Conclusion
Whether it's learning "defensive driving", buying auto insurance, or looking both ways before you cross the street, we all need to take reasonable precautions in our daily lives. We do not ban automobiles because of a few bad drivers because we are unwilling to give up the benefits of driving; instead, we learn defensive driving and buy insurance. Similarly, we should not legislate against RFID; we should take reasonable precautions to prevent the misuse or abuse of the technology so that we can continue to benefit from the intelligent application of RFID.
-----
Comments on this column? E-mail me: Bert Moore, Editor
Share this Story
Digg 
del.icio.us 
Yahoo 
Reddit 
Facebook 
Google
Related Articles
:
No Related Content Found
or 