(this page is part of the Family Guide to Digital Freedom, 2007 edition. Please do read that introduction to know more about the Guide, especially if you mean to comment this page. Thanks)

The risks of RFID

RFID means Radio Frequency IDentification. It is a technology that makes it possible to build and use special integrated circuits (tags) which can be detected and read via radio waves when they pass close enough to an antenna of the right kind. The tags are very small (like a grain of rice) and need no batteries or other power source to work. The radio signal generated by the antenna induces in the tags an electric current which is powerful enough for the tag to send a response.

RFID technology is making possible a huge range of practical applications and useful services. When you lift the last carton of milk from the supermarket shelf, an RFID tag on its bottom can immediately inform the shop manager that it’s time to refill that shelf. Anything, from pets to guitars and whole containers can be tracked in this way for inventory purposes or to prevent theft. Giving up RFID would not make sense but, as any other technology, it should be used and regulated with much more awareness than it is currently happening.

One problem is that the cheapest and most common RFID tags don’t know that they have left the store: until they break, they will merrily answer to all queries in the same way, sending all their data, no questions asked, without alerts. Once everything is sold with an RFID tag, walking by an hidden RFID reader will tell its owner who you are (as explained in the next paragraph), what you are carrying around and, with the right database connections, when and where you bought it. A solution for this could be to use tags that can be turned off when an item is purchased, but there is another category of issues to face.

How many passports of yours exist?

Several countries are issuing RFID-enabled passports, or plan to do so. The reason is obvious: an RFID tag can contain way more data than could ever be written on a few sheets of paper, and an airport employee would be able to read and store them all on his or her computer without even asking you to take the passport out of your pocket. The problem, as a BBC reporter found out in December 2006, is that the current RFID passports tags can be read and perfectly cloned in less than five minutes. All it’s needed is the right software and two hundred Euros worth of equipment that can be easily purchased online.

No RFID? No job (or assistance), thank you

In 2004 a study was conducted to evaluate the possibility of implanting tags in the arms of US hospital patients to better track them. Other companies suggested that millions of Americans be implanted with an RFID tag for medical purposes. In 2006 a Cincinnati video surveillance company required its employees to carry human implantable tags to be identified. All these are only some of the reasons why RFID have been defined “Big Brother in small packages”.

Is technology enough?

Of course not. Choosing the right biometrics or RFID technology and waiting until it’s mature enough is only half of the solution. It is equally essential that all the central organizations which would manage the biometric keys databases and the procedures which regulates access to those data and related analysis. These, however, are political problems to be solved politically, just like in any other case when personal data, encrypted or not, are involved.