Are Privacy Fears About RFID Tags Just Hype?
Reports that delegates to the World Summit on the Information Society conference in Geneva were unwittingly wearing RFID tags which could have tracked their movements, attendance at meetings or seminars, visits to the john etc etc has raised some debate about RFID (Radio Frequency ID), privacy, security and the rights of the individual to know what the tag around their neck actually tells people about them.
My posting, which didn’t actually make any specific comment about the news, prompted this from Mike Rowehl of Bitsplitter who says, among other things, that “sure, there are plenty of issues to be worked through with RFID, but it’s hardly the boogeyman that everyone makes it out to be. A cell phone can just as easily (and in the future, more easily most likely) be used to determine a users location”.
Actually, Mike, I’m not sure that’s right. Cellphones work in large areas, and can narrow the location of a phone (and its user) down to quite a small area, but RFID works in small, enclosed areas. As one of the delegates, Olivier Piou of Axalto told the conference last Friday:
Wireless technologies also present a similar threat to privacy: while it is relatively easy to turn off a cellular phone (because all of them have an ON/OFF button!), radio-frequency identification systems – also known as RFID or contactless systems – are activated from a distance. It becomes so very easy to install a reading antenna, in the subway or in any place like in this conference room, to detect who is there without awareness and consent.
Numerous books and movies have predicted that our civil society would not be wise enough to protect its basic universal human rights in this digital age. However, the more we have powerful tools available to us, the more we have the duty to use them for the best of humanity. This is why I wanted to raise your awareness today.
This is why also, we at Axalto believe that it is essential that digital identity be designed to ensure trust and confidence in modern digital systems, and that it be combined with conventional physical identity into a secure portable object that citizens can voluntarily present to be identified, to authorities in the physical world and to on-line services in the virtual world.
That this comes from an industry insider — Axalto is the new name of Schlumberger unit SmartCards, of which Olivier Piou has been president since 1998; he has been in the smart card business since 1994. (Smart cards are microprocessor cards used mainly for ID) — should give some weight to concerns raised by the use of RFID at the summit. That the summit itself, supposedly concerning itself with the information society, should not be more aware of a) the privacy aspects of its tags and b) unable to answer questions raised by privacy advocates, does not inspire confidence.
While I don’t agree with the more outlandish claims that RFID is a new kind of big brother, there’s little doubt in my mind that it’s a technology which needs some serious attention before it can be deployed in public.