Saturday, November 12, 2005

RFID, How Effective for the Long Term and What is the Cost?

Back in the nineties, EAS (Electronic article surveillance ) tags were upgraded to explode with ink to prevent shoplifting. At first, they did have an impact in reducing pilferage, but eventually the criminal element and even teenagers started freezing the tags before breaking them off. This made the technology a lot less effective and didn't take a tremendous amount of skill.

If you are like me, someone has left one of those tags on an article that you've purchased. When you left the store, the alarm didn't go off (they often don't, or are set off by something other than the tag) and when you got home it was a major inconvenience. Likewise, the alarm sounding as you are walking out the door (because of a malfunction, or a clerk forgetting to remove a tag) can be quite embarrassing (annoying), also.

Historically EAS, in all it's forms, seems to have a lot of similarities to RFID (Radio Frequency ID). RFID seems to be the replacement for EAS in retail environments and libraries, but as technology progresses there are differences.

Although, extremely inconvenient and sometimes embarrassing, one can recover from this (EAS problems) rather quickly. With RFID (Radio Frequency ID), the potential inconvenience and embarrassment can be long term, especially if one's identity is stolen, or it is used to spy on their personal life. Additionally, where EAS tags are supposed to be removed, RFID stays with whatever it was implanted in and with wireless technology, it can be read from afar.

Like EAS, RFID was initially pushed by security firms to be sold to the retail industry. There are people making a lot of money off this technology, especially now as governments are becoming customers.

There has been a recurring theme of technology being used for the wrong purpose in the name of security, or marketing. Furthermore, it seems that legislation (which is normally mired down in red tape by special interests) has had a hard time keeping up in the internet age. Examples would be all the Spyware, Adware and Keyloggers, all of which were developed for business purposes (questionable) and now are routinely used by criminals to commit fraud. Another example would be with the information industry, which (for years) has gathered all our personal details and then made them available for sale. The problem being that sometimes our information is being sold to, or easily accessed by criminals, who then victimize us for their personal profit.

To make matters more bizarre, this creates more opportunity for (probably some of the same people) to develop products to counter the products that are being abused. This translates into the poor "Joe" on the street paying for the products to counter the products they profited from (and Joe paid for) in the first place. Few of these counter-products are given away free and someone is making a pretty profit from them. In the not too distant future will be paying for products to counter the abuses of RFID?

A glaring example of this would be our three major credit bureaus and some others (financial institutions), who indexed, sold and bought our personal information for years, (they made billions from this). They are now marketing a new product "identity theft protection/insurance," which is a growing business.

If one were to follow recent data intrusions (where untold amounts of personal and financial information were stolen) to the company concerned, you would find many of them selling this product (identity theft/protection insurance). In many instances, it was alleged that the data theft(s) were accomplished due to a lack of , or substandard security practices. Their solution is to continue selling your information and add value to their bottom lines by making you pay for the security (protection).

Now we are headed down the RFID road. There are many legitimate uses for RFID, but can it be defeated and what are potential abuses, when it is routinely for sale over the internet?

Here is an interesting article from Forbes, A Hacker's Guide To RFID . Although it primarily expresses how easy it might be to defeat RFID in a retail environment, government applications are relatively new.

Stop RFID - RFID privacy issues and news. This site is an excellent resource on the implications, (loss of privacy) that RFID will create.

What concerns me even more is that when I ran some simple searches on Google, such as RFID "Phreak, Hack and Crack," I came up with some pretty astonishing results. The bottom line is there seems to be (even though RFID is a new technology) people developing ways to defeat it and if the "search" results on Google are remotely accurate, we are in trouble.

Even without the hackers working fastidiously, there are other ways defeat RFID besides technology. This is especially in the identification arena, which is one of the most controversial. For years, people have obtained identification with other fake identification/documents. Unless all identification/documents are RFID protected, criminals and even illegal immigrants will be using this method to defeat RFID technology.

We are all paying for RFID, both in the cost of increased prices and in taxes. In addition to this, there are other hidden costs, such as our rights to privacy to consider, as well as, future costs we might be asked to bear. Hopefully, those who are proponents of this technology are being diligent and protecting the interests of their customers and citizenry.

Should they fail to do this, I recommend the citizenry and the customers speak loudly with their vote and their shopping preferences.

Here are some previous posts, I've done on RFID; RFID, Abuse in the Private Sector? and RFID, A Necessary Evil; or an Invasion of Privacy?


prying1 said...

Sorry I missed the first two posts on this subject. I am now enlightened and thank you for the time you have put into this subject. -

stormingamerican said...

Loved the links provided. Enjoyed reading it. Hope I do the RFID issue justice as you have Ted. Keep up the work!