RFID In Government Issued ID?

RFID! writes, "The Department of Homeland Security's Data Privacy and Integrity Advisory Committee published a draft report that poured cold water on using RFID in government-mandated identity cards and documents (PDF link). But this met with some consternation among the DHS bureaus that plan to use RFID in this way and the businesses eager to sell the technology to the government, and now a vote on the report has been delayed until December."

It was only a matter of time

[PixieDust (971386)]

While I can see plenty of good, legitimate, wholesome uses for this, personally I think it opens the foor for too much. Though the same could be said of the current Bar Codes and Magnetic Stripes, they're not actually just sitting there broadcasting.

Personally I don't like the idea of RFID tags in much of anything. Too many things being tracked. When you see just how much information Corporate America has on it's customers, it makes you shudder thinking about how much the Government must have on you. It is odd, however, to note that occasionally the Industrial Espionage works better than the US Government's does.

C.f. Hollerith Cards

[Kadin2048 (468275)]

RFID is a great technology in its place.

I've seen some automated warehouse and inventory-management systems that depend on RFID tags, and (if you're into this kind of stuff) they're the slickest thing you've ever seen. If your full supply chain uses tags, then there's no manual inventorying; as stuff gets unloaded from the trucks at a loading dock (by the pallet-full -- scanners can 'talk' to tens or hundreds of tags at once), it gets noted. When it gets put on a shelf, it gets noted. When an order comes in, the system knows whether it's in stock, and where's it's located. The picker (guys who pull individual items from warehouse shelves) can follow a wrist-mounted computer right to the location, and scan it as they pick it up. As orders get loaded on a truck to go out, they get scanned again at the dock doors. At every step in your supply chain, you can do this.

It's not quite a fully-automated warehouse, but it's pretty close. If you've ever worked in industry or retail, you can appreciate the beauty of such a system. All that real-time data; I won't say there's "no limit" to what you can do, because I don't want to start sounding like an ad, but there's a lot.

So really, don't blame the technology here. The gear is really good. The problem is that a lot of contractors, who want to make a few bucks from Uncle Sam, have convinced some govvies that this sort of data flow -- which is great when you're talking about cases of Rice Krispies or DVD players -- would be nice to have on all of us. The problem with "RFID" as people have come to think of it, is totally a social one. If you could somehow 'uninvent' RFID, put the genie back in the bottle, it wouldn't fix the real issue: that our government is currently obsessed with reaching down into the personal lives of individual citizens, either by accident or by design. A government which took more of an interest in privacy concerns, probably wouldn't think that embedding RFID tags in passports and drivers licenses would be a good idea. That they do, is indicative of a problem in government, not in the tags.

An apt analogy would be Hollerith card sorters and other indexing machines, in the early part of last century. They let people do all sorts of rapid data analysis and were indispensable to industry and government for countless projects. Yet they were also used by the Nazis, to greater or lesser effect depending on who you choose to believe. That a particular technology was used reprehensibly isn't necessarily a valid criticism of the technology itself; virtually anything can be perverted for ill uses.

So in short, don't blame RFID in general. It's a great technology, when used correctly, and its potential for abuse isn't any greater than similarly revolutionary systems were in their day.

stating the obvious

[frovingslosh (582462)]

They did a study to support their decision, they didn't get the result they wanted, so they are delaying the vote (can't have it now right before the election) and then will decide to do exactly what they want to do in spite of the study. Nothing to see here, business as usual, move on, don't protest or risk arrest.

hmm

[User 956 (568564)]

The Department of Homeland Security's Data Privacy and Integrity Advisory Committee published a draft report that poured cold water on RFID

That sounds like it would have shocking results.

Shocking?

[Kadin2048 (468275)]

The Department of Homeland Security's Data Privacy and Integrity Advisory Committee published a draft report that poured cold water on RFID

That sounds like it would have shocking results.

Depends on whether their cold water was taken with a grain of salt...

Pwnership Society

[Doc Ruby (173196)]

So what? All the reports came back "DON'T INVADE IRAQ" and "DON'T MESS WITH TERRY SCHIAVO'S ANIMATED CORPSE" and "THE LEVEES WILL BREAK" and "FOLEY IS A CHILD MOLESTER" and...

Our Republican government is visionary. They're not distracted by polls [msn.com] or mere facts from government agencies... Republicans know government doesn't work, and they'll prove it to you every chance they get.

So welcome our Republican overlords, and their shiny new RFID IDs. Why should identity theft be limited to a few thousand wired Americans each day, when Republicans can bring us a Pwnership society?

!include <sarcasm.h>

[HoosierPeschke (887362)]

Boy, what will win, businesses pushing an underdeveloped technology or the sense of rights and privacy we as human beings have come to know and love.

Re:

[hdparm (575302)]

Wouldn't it be quicker to just replace ! with #?

Here's the reason Cato doesn't like RFID

[maynard (3337)]

From Jim Harper's blog post:

RFID offers no anti-forgery or anti-tampering benefit over other digital technologies that can be used in identification cards - indeed it has greater security weaknesses than alternatives. And RFID has only negligible benefits in terms of speed and convenience because it does not assist with the comparison between the identifiers on a card and the bearer of the card. This is what takes up all the time in the process of identifying someone.

He's saying it isn't any better than other card systems, and it doesn't solve the principal security problem - that of identifying the owner. I bet, however, that if one were to somehow solve the confirmation of identity issue - such as by injecting or surgically implanting and RFID chip - he might change his mind.

I think one could argue that Mr. Harper doesn't oppose RFID as much as he finds it impotent.

Re:

[CortoMaltese (828267)]

All of the biometric passports and electronic identity cards use the same technology, namely smart cards [wikipedia.org], i.e. tamper resistant integrated circuit cards. There are contact and contactless cards, the latter of which are often referred to as RFID cards. Note that RFID smart cards have next to nothing to do with RFID tags. Smart cards have a processor, persistent and volatile memory, often cryptoprocessors and many kinds of shields for tamper resistance. Hacking them is quite difficult.

Contactless cards offe

Re:

[badfish99 (826052)]

So what if the technology could have been made safe and secure? The whole problem is that it wasn't made secure, and now we're stuck with a spec for RFID passports that is reducing border security instead of increasing it.

Re:

[CortoMaltese (828267)]

Yes, it is a shame that we have a spec that allows skimming, eavesdropping and cloning of electronic passports. However, instead of bashing the technology (contactless/RFID smart cards) we should bash the application (ICAO specs).

To be pedantic, the vulnerabilities of the passports are mostly privacy and safety concerns for their individual holders. And I'm not saying that this is a minor issue. It's not. But the passports do increase border security. It is possible to clone the chip (due to protocol vuln

If you needed another reason to clean house(s)....

[guisar (69737)]

Here it is. There's only one way to stop the madness- a clean sweep! So mark Nov 7th on your calendar and make sure to read the manual for the automated voting machine and of course, bring your ID. For your safety and convenience there's no need to stick it a slot or show it to the attendent; just pass it it by this handy reader.... We know who you are.

Ouch

[TubeSteak (669689)]

This report does more than just "pour cold water" on RFIDs

From the Executive Summary:

"There appear to be specific, narrowly defined situations in which RFID is appropriate for human identification. Miners or firefighters might be appropriately identified using RFID because speed of identification is at a premium in dangerous situations and the need to verify the connection between a card and bearer is low.

But for other applications related to human beings, RFID appears to offer little benefit when compared to the consequences it brings for privacy and data integrity. Instead, it increases risks to personal privacy and security, with no commensurate benefit for performance or national security."

"no commensurate benefit for national security"
Translation: This will not protect you from the terrorists.
And really, isn't that
A) the big goal of all these changes?
B) how everyone is justifying their budget?

Re:

[BiggerIsBetter (682164)]

Why does TubeSteak hate America?

Summary of TFA

[Harmonious Botch (921977)]

For those who didn't want to read it, it says that too many senators objected to being RFID'ed. Particularly Mr.Foley, who is trying to turn a new page in his life.

RFID is only a supplemental technology

[unPlugged-2.0 (947200)]

As someone who works with RFID regularly the report does not surprise me.

The biggest problem with RFID is that too many industries (government included) are implementing it because it is a neat technology. In reality it is great for some things but not so good for others.

I do think that RFID will eventually be good for adding more information and for use as human id's but only with a supplementatl verification system like BioMetrics.

But even just RFID alone is in no way less secure than printing a number on your passport that uniquely identifies you. I think that your passport number is a much easier counterfeit target than a chip in your passport.

If you just clone the chip it is very unlikely that customs will only want to check your chip and not the rest of your passport or your picture.

Re:

[mbessey (304651)]

But even just RFID alone is in no way less secure than printing a number on your passport that uniquely identifies you.

That's a really strange thing to say. Here's short list of potential security problems an RFID presents that a printed number doesn't, off the top of my head:

1. Your RFID chip can be read & potentially copied without your peremission, or even your being aware of it.
2. An RFID-enabled ID allows anyone to build an "American Detector" that's 100% reliable, and works from a distance. This i

Re:

[badfish99 (826052)]

So, given that the chips are actually a risk to security, it would be helpful to US border security if we all just fried our passports in the microwave oven. Right?

Re:

[Vengeance (46019)]

It's not just helpful, it's our duty as citizens.

Next, babies will be microchipped...

[AriaStar (964558)]

...before leaving the hospital. I foresee this happening in the next 20 years, if not sooner.

EMP

[splutty (43475)]

This is why you need to EMP your newborn as soon as possible, just to be sure...

Er, oh

[oGMo (379)]

OK so surely I'm not the only one who saw "RFID In Government Issued IDs?" then had my eyes skip to "poured cold water on using RFID in government-mandated identity cards and documents" and figured they discovered covert RFID tags in paper IDs by getting them wet?

if we must... but then no exceptions

[l3v1 (787564)]

I don't like this idea, as I don't like many ideas that popped up and slowly turn into reality during the last few years. But if they will introduce this, then I would demand full and total use, with no exceptions. What I mean is, no government official, no agency member, no police people, no soldiers, etc. without such IDs. And if they record, then record everything. If they want us/you followed and tracked, they also shall be followed and tracked, and more so, since they have much more power to eventually

And RFID Passports in the USA a Reality Now...

[Lord Satri (609291)]

Other RFID stories right here [slashgeo.org]. And let's not forget RFID Passports in the USA a Reality Now [slashgeo.org]:
"Following this previous story [slashgeo.org], we learn from the Washington Post RFID chips in US passports are now confirmed [washingtonpost.com]. From the article: "Passports will come with a shielded cover, making it much harder to read the chip when the passport is closed. And there are now access-control and encryption mechanisms, making it much harder for an unauthorized reader to collect, understand and alter the data. [...] The Colorado passport office is already issuing RFID passports, and the State Department expects all U.S. passport offices to be doing so by the end of the year.""