http://www.sciam.com/article.cfm?id=how-rfid-tags-could-be-used&print=true How RFID Tags Could Be Used to Track Unsuspecting People A privacy activist argues that the devices pose new security risks to those who carry them, often unwittingly By Katherine Albrecht If you live in a state bordering Canada or Mexico, you may soon be given an opportunity to carry a very high tech item: a remotely readable driverbs license. Designed to identify U.S. citizens as they approach the nationbs borders, the cards are being promoted by the Department of Homeland Security as a way to save time and simplify border crossings. But if you care about your safety and privacy as much as convenience, you might want to think twice before signing up. The new licenses come equipped with radio-frequency identification (RFID) tags that can be read right through a wallet, pocket or purse from as far away as 30 feet. Each tag incorporates a tiny microchip encoded with a unique identification number. As the bearer approaches a border station, radio energy broadcast by a reader device is picked up by an antenna connected to the chip, causing it to emit the ID number. By the time the license holder reaches the border agent, the number has already been fed into a Homeland Security database, and the travelerbs photograph and other details are displayed on the agentbs screen. Although such b enhancedb driverbs licenses remain voluntary in the states that offer them, privacy and security experts are concerned that those who sign up for the cards are unaware of the risk: anyone with a readily available reader devicebunscrupulous marketers, government agents, stalkers, thieves and just plain snoopsbcan also access the data on the licenses to remotely track people without their knowledge or consent. What is more, once the tagbs ID number is associated with an individualbs identitybfor example, when the person carrying the license makes a credit-card transactionbthe radio tag becomes a proxy for that individual. And the driverbs licenses are just the latest addition to a growing array of b taggedb items that consumers might be wearing or carrying around, such as transit and toll passes, office key cards, school IDs, b contactlessb credit cards, clothing, phones and even groceries. RFID tags have been likened to barcodes that broadcast their information, and the comparison is apt in the sense that the tiny devices have been used mainly for identifying parts and inventory, including cattle, as they make their way through supply chains. Instead of having to scan every individual itembs Universal Product Code (UPC), a warehouse worker can register the contents of an entire pallet of, say, paper towels by scanning the unique serial number encoded in the attached RFID tag. That number is associated in a central database with a detailed list of the palletbs contents. But people are not paper products. During the past decade a shift toward embedding chips in individual consumer goods and, now, official identity documents has created a new set of privacy and security problems precisely because RFID is such a powerful tracking technology. Very little security is built into the tags themselves, and existing laws offer people scant protection from being surreptitiously tracked and profiled while living an increasingly tagged life. Beyond Barcodes The first radio tags identified military aircraft as friend or foe during World War II, but it was not until the late 1980s that similar tags became the basis of electronic toll-collection systems, such as E-ZPass along the East Coast. And in 1999 corporations began considering the tagsb potential for tracking millions of individual objects. In that year Procter & Gamble and Gillette (which have since merged to become the worldbs largest consumer-product manufacturing company) formed a consortium with Massachusetts Institute of Technology engineers, called the Auto-ID Center, to develop RFID tags that would be small, efficient and cheap enough to eventually replace the UPC barcode on everyday consumer products. By 2003 the group had developed a working version of the technology and attracted inB-B-vestB-ment from more than 100 companies and government agencies. The tagsb promoters promised the tiny chips would revolutionize inventory management and counterfeiting prevention [see b RFID: A Key to Automating Everything,b by Roy Want; Scientific American, January 2004]. To kick-start government adoption of the technology, the General Services Administration (GSA), a federal bureau that manages purchasing for other government institutions, issued a memo in 2004 urging the heads of all federal agencies b to consider action that can be taken to advance the [RFID] industry.b Suddenly, virtually every agency, from the Social Security Administration to the Food and Drug Administration, began announcing RFID trials. During the same period, similar initiatives were under way around the world. In 2003 the International Civil Aviation Organization (ICAO), a United Nations agency that sets global passport standards, endorsed the use of RFID tags in passports. ICAO now calls for their use in all scannable b e-passports.b Today dozens of countries, including the U.S., issue e-passports with RFID tags embedded in their covers. Since their debut, the new passports have been controversial on both privacy and security grounds. In a 2006 report one ICAO official promised that encryption measures would provide a b level of protection [that] should reassure the most anxious passport holder that his personal data cannot be read without his knowledge.b Security experts quickly proved otherwise. In 2007 British security consultant Adam Laurie cracked the encryption code on a U.K. passport and b skimmed,b or remotely read, its personal informationbwhile it was still sealed in its mailing envelope. Around the same time, German security consultant Lukas Grunwald copied the data from a German passportbs embedded chip and encoded it into a different RFID tag to create a forged document that could fool an electronic passport reader. Investigators at Charles University in Prague, finding similar vulnerabilities in Czech e-passports, wrote that it was b a bit surprising to meet an implementation that actually encourages rather than eliminates [security] attacks.b Yet these demonstrated security problems have not slowed the adoption of RFID. On the contrary, the technology is being deployed for domestic ID cards around the world. Malaysia has issued some 25 million contactless national identity cards. Qatar is issuing one that stores the cardholderbs fingerprint in addition to personal information. And in what industry observers are calling the single largest RFID project in the world, the Chinese government is spending $6 billion to roll out RFID-based national IDs to nearly one billion citizens and residents. There is an important difference, however, between other nationsb RFID-based ID cards and Homeland Securitybs new driverbs licenses. Most countriesb contactless national IDs and e-passports have adopted an RFID tag that meets an industry standard known as ISO 14443, which was developed specifically for identification and payment cards and has a degree of security and privacy protection built in. In contrast, U.S. border cards use an RFID standard known as EPCglobal Gen 2, a technology that was designed to track products in warehouses, where the goal is not security but maximum ease of readability. Whereas the ISO 14443 standard includes rudimentary encryption and requires tags to be close to a scanner to be read (a distance measured in inches rather than feet), Gen 2 tags typically have no encryption and only minimal data safeguards. To skim the data from an encrypted ISO 14443 chip, you have to crack the encryption code, but no special skills are required to skim a Gen 2 tag; all you need is any Gen 2 reader. Such readers can be purchased readily and are in common use in warehouses worldwide. A hacker or crimB-inal armed with one could skim a border card through a purse, across a room, even through a wall. As of this past April, more than 35,000 Washingtonsecurity of such cards could be compromised is just one reason for concern. Even if tighter data-protection measures could someday prevent unauthorized access to RFID-card data, many privacy advocates worry that remotely readable identity documents could be abused by governments that wish to tightly monitor and control their citizens. Chinabs national ID cards, for instance, are encoded with what most people would consider a shocking amount of personal information, including health and reproductive history, employment status, religion, ethnicity and even the name and phone number of each cardholderbs landlord. More ominous still, the cards are part of a larger project to blanket Chinese cities with state-of-the-art surveillance technologies. Michael Lin, a vice president for China Public Security Technology, a private company providing the RFID cards for the program, unflinchingly described them to the New York Times as b a way for the government to control the population in the future.b And even if other governments do not take advantage of the surveillance potential inherent in the new ID cards, ample evidence suggests that data-hungry corporations will. Living a Tagged Life If the idea that corporations might want to use RFID tags to spy on individuals sounds far-fetched, it is worth considering an IBM patent filed in 2001 and granted in 2006. The patent describes exactly how the cards can be used for tracking and profiling even if access to official databases is unavailable or strictly limited. Entitled b Identification and Tracking of Persons Using RFID-Tagged Items in Store Environments,b it chillingly details RFIDbs potential for surveillance in a world where networked RFID readers called b person tracking unitsb would be incorporated virtually everywhere people gobin b shopping malls, airports, train stations, bus stations, elevators, trains, airplanes, restrooms, sports arenas, libraries, theaters, [and] muB-B-seB-B-umsbbto closely monitor peoplebs movements. According to the patent, here is how it would work in a retail environment: this sector can take off.b Unfortunately, industry self-regulation has little force when it comes to protecting the public from RFID risks. EPCglobal, the industry body that now sets technical standards for RFID tags, also produced a set of guidelines for the use of the chips in retail. The organizationbs recommendations require, among other things, notice to consumers whenever products contain RFID tagsbfor instance, in the form of a recognizable RFID logo. Yet when Checkpoint Systems, a member company of EPCglobal, designed RFID tags to be hidden in the soles of shoesbin clear violation of the organizationbs own provisionsbMike Meranda, then president of EPCglobal, told me that since the guidelines were voluntary, there was nothing he or his organization could do about it. The Washington State Department of Licensing reassures citizens that their personal information is safe because the RFID tag in an enhanced driverbs license b doesnbt have a power sourceb and b doesnbt contain any personal identifying informB-ationbbeven though those facts have no bearing on whether the card can be used for tracking. For some people, a false sense of assurance provided by such official mollifications could be dangerous. The National Network to End Domestic Violence, a group that vocally opposes the use of RFID in identity documents and consumer products, has submitted legislative testimony describing how abusers could use the technology to stalk and monitor their victims. Meanwhile the RFID train is barreling forward. Gigi Zenk, a spokesperson at Washingtonbs licensing agency, recently confirmed that there are 10,000 enhanced licenses b on the street nowbthat people are actually carrying.b Thatbs a lot of potential for abuse, and it will only grow. The state recently mustered a halfhearted response, passing a law that designates the unauthorized reading of a tag b for the purpose of fraud, identity theft, or for any other illegal purposeb as a class C felony, subject to five years in prisone. Nowhere in the law does it say, however, that scanning for other purposes such as marketingbor perhaps b to control the populationbbis prohibited. We ignore these risks at our peril. Note: This article was originally published with the title, "RFID Tag--You're It".