Related to my post from last week, Scientific American has an article about how RFID tags are popping up in unexpected places and be able to be used to track individuals, including, due to poor security in the devices, by individuals unassociated with the tags. The main application that the article is concerned with is the desire to have border states issue drivers licenses equipped with RFID tags to simplify border crossings. Says the article:
Although such “enhanced” driver’s licenses remain voluntary in the states that offer them, privacy and security experts are concerned that those who sign up for the cards are unaware of the risk: anyone with a readily available reader device—unscrupulous marketers, government agents, stalkers, thieves and just plain snoops—can also access the data on the licenses to remotely track people without their knowledge or consent. What is more, once the tag’s ID number is associated with an individual’s identity—for example, when the person carrying the license makes a credit-card transaction—the radio tag becomes a proxy for that individual.
The article goes on beyond this, though, to lay out a nice history of the RFID tag, including the spotty history organizations have had in following through with the security that they claimed to be ensuring for data on the tags. The overall message is, again, that this technology is out there today in people’s hands and we need to wake up and stop trusting the producers of these devices to look out for our best interests. Serious legislation is required to limit both how corporations and how the government is permitted to use RFID tags.