Difference between revisions of "RFID"

Radio Frequency Identification, or RFID, as defined by the RFID Journal, is “a generic term for technologies that use radio waves to automatically identify people or objects.” The most common use of the technology is “to store a serial number that identifies a person or object, and perhaps other information, on a microchip that is attached to an antenna (the chip and the antenna together are called an RFID transponder or an RFID tag). The antenna enables the chip to transmit the identification information to a reader. The reader converts the radio waves reflected back from the RFID tag into digital information that can then be passed on to computers that can make use of it.”^[1]

Background

RFID tags carry specific data about the objects they are attached to. Unlike barcodes, they can be recognised and read by a reader as long as they are in the same range. The amount of data they can carry depends on the manufacturer and the form of application, but the current versions can carry up to 2KB of data^[2], which is enough to store all the basic information about a product in a simple format.

Purpose

RFID is claimed to bring the advantage of every item being tagged with a unique proof of identification, making tracking of products easy and error-proof. In this way, it is expected to improve production line efficiency for many companies.^[3] The technology also allows companies to gain better access to product sales statistics. The main aim is stated to be “to reduce administrative error, labor costs associated with scanning bar codes, internal theft, errors in shipping goods and overall inventory levels.”^[4]

Drawbacks

The major obstruction to the implementation of the technology is its cost. Although the tags are reusable in a certain system, say, within one company, they have to be very cheap to obtain to go out of the system as they cannot be used in another system unless all the systems work together and create a whole network of tracking.^[5]

Therefore, the disadvantage is created by the absence of a universal system of RFID. The target now is to create a universal system - which raises other, much more serious, problems with respect to the practical limitations of the RFID network.

Technological problems

Easily copyable

The first technical problem with the use of RFID tags on products is that they are easily copied. Political columnist Henry Porter had first-hand experience of this after having been injected a chip under his skin. In an article for The Observer, Porter writes, “It turns out that this futuristic device is rather unimpressive… It took… no time at all to pass a scanner over my arm, extract the information and clone the RFID.”^[6]

This problem of being easily copied also applies to ID cards. Although the idea of embedding RFID tags in various types of ID cards has the aim of making them “nearly impossible to forge or tamper with,” the reality is the opposite.^[7]

An article for WorkPermit.com entitled "New hi-tech RFID passports hacked and cloned" reports an experiment carried out by Lukas Grunwald, a security consultant with DN-Systems in Germany and an RFID expert, in which he hacked into an RFID tag in a new European Union German passport and copied the data on it. The article points out that the method would work on any country's "e-passport", since all of them will use the same system.

Grunwald, says the article, "obtained an RFID reader by ordering it from the maker - Walluf, Germany-based ACG Identification Technologies - but also explained that someone could easily make their own for about $200 just by adding an antenna to a standard RFID reader.”^[8]

In an attempt to get around the problem of RFID tags being copied, the US authorities have decided to include a protective metal shield in passports. Porter writes: “What they probably realise is that the covert reading of passport could represent a considerable threat, especially to those whose nationality terrorists want to target or those who may represent rich pickings for criminals.”^[9]

Viral threats

The RFID technology has been presented to public as being fault-free and posing no technical problems. However, not only are RFID tags vulnerable to being copied, but they can also carry computer viruses that may corrupt a large part, if not all, of the system in which they are implemented, as a paper by a research team at the Vrije Universiteit in Amsterdam, Netherlands explains:

Up until now, everyone working on RFID technology has tacitly assumed that the mere act of scanning an RFID tag cannot modify back-end software, and certainly not in a malicious way. Unfortunately, they are wrong. In our research, we have discovered that if certain vulnerabilities exist in the RFID software, an RFID tag can be (intentionally) infected with a virus and this virus can infect the backend database used by the RFID software. From there it can be easily spread to other RFID tags.^[10][11]

Implementation of such a vulnerable technology prone to viral attacks and hacking can be viewed as an economic threat if the system is attacked and tags are illegally copied, in the case of companies and organisations using it, as well as a security one, in the case of them being used with personal identification cards.^[12]

Many computer experts and science centres accept the fact that “RFID introduces new privacy and security risks -- and a whole new dimension to corporate espionage”^[13]. But a new business opportunity has arisen in developing the technology to prevent it. The website of the research group RSA Laboratories says that it is “researching new techniques to help protect the privacy and security of businesses and consumers in RFID environments.”^[14]

Considering the fact that state-of-the-art Microsoft technology fails to protect our desktop computers from being infected by viruses, it appears either naïve or criminally irresponsible to believe that the RFID tags can be protected from any kind of technical misuse, and to trust them to carry and keep safe information about anything, be it a product, a pet, or a person.

People getting chipped

The formal explanations of the system only includes pets and products. However, there are examples of people who have been “tagged” with RFID microchips.^[15] The practice of inserting RFID devices into people for purposes of club memberships and payment procedures is not a dream – the idea of employing RFID in this way dates back to at least 2004.^[16] Porter reports that one idea that is gaining currency in the US as part of "frantic efforts to make Americans more secure" is “the use of an RFID implant which is shot into the body by means of a large hypodermic needle. The chip can be read when a scanner is passed over the area where it lurks in the fatty tissue below the surface of the skin.” ^[17]

One company, VeriChip Corporation^[18] is not shy about publicizing its goal: “RFID for people”. The motives given include "patient identification", "infant protection", "wander prevention", and "emergency management", among others.^[19]

Although very few people have so far been chipped, plans are in motion to extend the practice.^[20] The US Food and Drug Administration has already approved the RFID tagging technology for medical purposes.^[21] Additionally, in 2004, the students of an elementary and middle school in a small town in California were required to wear RFID badges around their necks to test the technology.^[22] Such practices show how serious the manufacturers and the state are about launching a nationwide program with RFID tagged individuals.

Duplication problem

As mentioned above, RFID chips are easily copyable unless they are protected with metal shields. Chips inserted into human body are more difficult to protect. They can easily be read by any scanner/reader placed at a certain distance, and once the information the tag bears is recognised, the tag can be duplicated. This threatens the security of individuals’ personal data. If today people are able to forge passports and any other different forms of ID cards, tomorrow they will be able to copy others’ RFID tags. The problem is, RFID tags will probably carry all the key information about one individual – library records, insurance status, educational background, criminal record, family records, etc. Porter concludes that far from making us more secure,

there is every reason to suppose that this technology and the huge centralised databases, with their multiple points of access, mean that we will become exposed to the very threats they seek to protect us from. As soon as a piece of security technology is introduced, its existence inspires an equal ingenuity among those who wish to break it. Caught in the middle of this security arms race are you and me, seen as suspects by one side and as fair game by the other.^[23]

State power over individuals

The United States Patent Agency approved the “combination ID/ tag holder” in 2004, stating that the “invention can be used in conjunction with an automated attendance monitoring system to monitor attendance of students or other individuals whose whereabouts need to be tracked.”^[24] It remains to be seen who will decide who the "individuals" in question, whose whereabouts need to be tracked, would be. If the RFID project is launched in a country, it seems extremely likely that the state would soon acquire the ultimate power to manage it, possibly using the justification of securing national safety.

Once the state has so much information about the people living in a country, it takes little imagination to foresee the ways in which it could be used against dissidents or those who are perceived to threaten its interests. Porter explains his concerns about the NIR (National Identity Register) in the UK, which can be perceived as a simplified form of RFID tags:

Every time you get a library card, make a hire-purchase agreement, apply for a fishing or gun licence, buy a piece of property, withdraw a fairly small amount of your money from your bank, take a prescription to your chemist, apply for a resident's parking permit, buy a plane ticket, or pay for your car to be unclamped you will be required to swipe your card and the database will silently record the transaction. There will be almost no part of your life that the state will not be able to inspect. And it will be able to use the database to draw very precise conclusions about the sort of person you are - your spending habits, your ethnicity, your religion, your political leanings, your health and even perhaps your sexual preferences. Little wonder that MI5 desired - and was granted - free access to the database. Little wonder that the police, customs and tax authorities welcome the database as a magnificent aid to investigation.^[25]

Some members of the public also fear the rise of RFID technology. A concerned citizen states his fears about tagging people in one of the RFID blogs:

Today RFID is optional, but twenty years from now it may be mandatory. In fact, it might be required to be implanted at birth. Today a scanner may need to be within three inches, but in twenty years it might be detectable from a satellite, a moving car, or fixed scanners in businesses or on power poles where cameras are currently positioned in residential neighbourhoods.^[26]

Proponents of RFID technology promote the idea of an orderly society in which everyone is tagged with RFID chips, prisoners are kept secure, products can be tracked by owners, and children remain safely in classes. But in the event of a coup, a shift to dictatorship, or a perceived terror or other threat, the question arises of what might happen to people of different colour, race, political view, religion, or gender. Such possibilities demand that we examine carefully and critically the kind of power we would be handing to authorities along with our personal data.

Resources

• ARS Technica website, “RFID chips can carry viruses,” 15 March 2006, accessed 22 November 2008.
• Best, Jo, “Schoolchildren to be RFID-chipped,” Silicon website, 08 July 2004, accessed 19 November 2008.
• CNET website, “FDA approves injecting ID chips in patients,” 13 October 2004, accessed 22 November 2008.
• CNET website, “The man with the RFID arm,” 15 February 2005, accessed 22 November 2008.
• Free Patents Online website, Combination ID/ tag holder, accessed 22 November 2008.
• Morton, Simon, “Barcelona clubbers get chipped,” BBC News website, 29 September 2004, accessed 19 November 2008.
• Porter, Henry, Guardian website, “Beware of card tricks,” 11 July 2006, accessed 19 November 2008.
• Porter, Henry, Henry Porter website, “Surveillance is really getting under my skin,” 19 November 2006, accessed 22 November 2008.
• RFID Journal website, accessed 19 November 2008.
• Rieback, M.R., et al., RFID Virus website, “Is Your Cat Infected with a Computer Virus?” IEEE PerCom 2006, accessed 22 November 2008.
• Rieback, M.R., et al., RFID Virus website, Vrije Universiteit Amsterdam, Department of Computer Science, “RFID Viruses and Worms,” last modified 02 March 2006, accessed 22 November 2008.
• RSA Laboratories website, “RFID Privacy and Security”, accessed 22 November 2008.
• VeriChip Corporation, accessed 22 November 2008.]
• Work Permit website, Global immigration news, “New hi-tech RFID passports hacked and cloned,” 04 August 2006, accessed 22 November 2008.
• Zetter, Kim, Wired website, “School RFID Plan Gets an F,” 02 October 2005, accessed 22 November 2008.

Further Reading

• Ahmad, Muhammad Idrees, The Fanonite website, “Fortress Britain,” 26 June 2008, accessed 23 November 2008.
• Broache, Anne, ZDnet website, “Tech industry attacks state anti-RFID laws,” 20 April 2006, accessed 23 November 2008.
• Juels, Ari, RSA Laboratories website, “RFID Security and Privacy: A Research Survey,” 28 September 2005, accessed 23 November 2008.
• Kharif, Olga, Business Week website, “RFID’s Second Wave,” 09 August 2005, accessed 23 November 2008.
• Kravets, David, Wired website, “Farmers See ‘Mark of the Beast’ in RFID Livestock Tags,” 09 September 2008, accessed 23 November 2008.
• Porter, Henry, Henry Porter website, “We don’t need ID cards,” 06 November 2006, accessed 23 November 2008.
• Slack, James, Daily Mail website, “Royal Mail, shops and private firms to bid for right to fingerprint us for new ID cards,” 06 November 2008, accessed 23 November 2008.
• Williams, Chris, The Register website, “Schoolkid chipping trial ‘a success’,” 22 October 2007, accessed 23 November 2008.

Notes and References