RFID: A Case Study of the Risks and Benefits of Location-Aware Technologies
Jen King’s (Yahoo’ Berkeleys Marc Davis is King’s professor) session on RFID began with a review of first principles and the two basic RFID components – a tag/chip/smartcard and a reader, communicating through radio signals. Most current applications aren’t consumer, but largely enterprise logistics, supply-chains and inventory control.
The US E-Passport (containing an ISO14443 contactless 64Kb smartcard) is to be issued by all US passport agencies by the end of 2006. By 2008, the US, Canada and Mexico will require E-Passports for travel. King reviews these examples rather than consumer applications, simply because they are live, have direct impact on people’s lives and raise questions about some of the problems with RFID.
RFID was selected for the passport because of the difficulty to counterfeit, remote reading, inclusion of biometric data, ICAO adoption and heavy lobbying by the smartcard industry. Data is encrpyted, but not signed and includes some basic demographics and a JPG passport photo.
Security weakenesses with the E-Passport include skimming, eavesdropping and cloning. Originally the US State Department chose not to require encryption as information was in the printed copy anyway and encryption would require global infrastucture upgrades and slow the reading process. Following several studies and some criticism, State has now requied all E-Passports to include anti-skimming material, though this is problematic also and King recommends an anti-static bag! Also, numbers in the machine readable area are now scanned for use as a PIN to maintain the document’s security.
Incidentally, of the 2’335 comments recieved, during the hearings on development of the passport, 98.5% were negative!
Despite these problems, RFID hacking is not as easy as might be imagined. ISO14443 readers and tags do not assert complete compatibility, read-range experiments (current ceiling is 69ft) are still in process and equipment is not portable. However, demand for this type of equipment is likely to increase and scanners can be located in fixed positions with high footfall, negating issues of portability.
RFDump.org‘s Lukas Grunwald has created an application that reads and writes RFID tags at ‘Metro-Future’ stores in the UK. In this store, Grunwald managed to swap the prices of cream cheese and DVDs!
The US-Visit I-94A forms, for transit through a land port, include an embedded RFID tag. Unfortunately, users have to hold the form in the window as the metallic body of the car blocks the signal, negating the value of a border system with faster throughput.
Both these case studies indicate that users, privacy impact and usability were considered as afterthoughts. IN the case of the E-Passport, throughput is actually slower than areas that utilise printed passports.
The ReadID Act of 2005 now requires that all ID issued by 2008 has to include a machine-readable technology, most likely RFID (though barcodes could be employed). Ironically, stronger ID won’t prevent terrorism and makes ID theft more rewarding.
In conclusion, RFID-enabled products need to be designed with usability in mind and privacy/security concerns cannot be taken lightly. Notably, RFID can be implemented securely with minimal impact on privacy. Most worryingly, it seems RFID adoption and national ID cards in both the US and UK have been driven largely by collusion between the smartcard industry and foreign ministries, with little to no regard for user-centric design…this is borne out in examining public records on the development of ID cards and passports in both countries.