RFID and Privacy
RFID, which stands for Radio Frequency Identification, is an increasingly popular technology for a variety of consumer applications. Though the technology dates back to World War II, when it was used to identify friendly aircraft, modern applications include tracking a variety of consumer products. As with any other identifying technology, concerns have been raised regarding privacy concerns.
What Is RFID?
RFID consists of four components. A silicon chip attached to a tiny antenna, collectively known as a tag, is encoded with a unique identifier and attached to the item to be tracked. A reader is used to scan the tag and access a database containing information about that item.
The chip is a tiny piece of silicon that holds encoded data. Chips may be loaded with an Electronic Product Code, which is the equivalent of a UPC. They may also contain biometric data, such as a fingerprint or photograph, as well as an anti-shoplifting technology known as Electronic Article Surveillance or EAS.
The antenna transmits information from the tag to the reader through the use of radio waves. Generally speaking, larger antennas are capable of transmitting data longer distances.
The reader has its own antenna which is used to communicate with the tag. In theory, anyone with a reader would be able to read the tag data. In practice, however, tag data can be encrypted through a system much like wireless network encryption.
The database processes the information from the reader. This provides an extra level of security, as both the reader and access to the database must be in place for the tag information to be decoded.
Applications for RFID
The technology has been successfully implemented in tollway passes, which allow drivers with active tags to pass through toll booths without stopping to pay. The toll amount is automatically deducted from the customer’s account balance.
Another common application is in animal “chipping.” A tiny tag is implanted into the pet, which can be remotely scanned in the event that the pet is lost.
In stores, items can be identified by manufacturer, size, price and other important data. The items can be tracked throughout the supply chain, providing important information to both retailers and manufacturers.
RFID chips with credit card account identifiers can be used in credit cards or cell phones to allow “contactless” payments – payments made by simply waving the card or phone near a reader which deducts the appropriate amount from the credit card account.
Privacy Concerns
Location tracking. One privacy concern often expressed about RFID is that products incorporating a chip can be tracked, supposedly revealing a consumer’s location. The nature of the technology appears to make this concern unrealistic, however. RFID tags can be tracked only within the range of the antenna, which is often only a few inches. Networks can be used to increase the range to 100 feet, as in the case of toll tags. However, RFID is not affiliated with GPS, in which satellites are used to pinpoint locations.
Compromise of credit card information. A concern expressed about RFID chips with credit card account information is that hackers or thieves could “read” the credit card information without the consumer even being aware, simply by creating a reader and passing it within range of the chip’s antenna (waving it next to someone’s purse, for example). While there have been some dramatic demonstrations of how this might be accomoplished, the demonstrations have had significant flaws, and to date it is unclear that a hacker or thief could actually obtain usable credit card information from an RFID chip.