Down to Business: RFID Makes Waves

Although the ACLU tends to present the extreme consequences of technological advancement--somehow each breakthrough portends the overbearing sci-fi state of a Logan's Run--all its objections can't be dismissed as rants. Still, it's important for everyone evaluating RFID to distinguish the facts from the hysteria.

Backlash

Take the recent opposition to a California middle school's use of RFID tags to record student attendance. The ACLU and other groups warned that such tags--which are worn around the students' necks and transmit their names, grades and school ID numbers to a campus computer whenever they pass under a scanner--would abet stalkers and kidnappers, though how that could happen is never quite explained. Even if lowlifes could intercept this basic student information from a distance, how would they use names and grades to commit more serious crimes?

According to Web site RFID Journal, an RFID tag consists of a microchip, which contains a serial number, and an antenna. Readers, in selected locations (like school hallways), also contain an antenna and power passive RFID tags by transmitting electromagnetic waves to them. The chip modulates the waves that the tag sends back to the reader and the reader converts those waves into digital data. In general, low-frequency tags are read from a foot or less, high-frequency tags from about three feet and UHF tags from up to 20 feet. Battery-equipped "active" tags increase the read range to about 300 feet.

The vulnerability of the transmitted information depends not only on the read distance, but also on the level of security used for the wireless connection. Through the use of encryption and mutual authentication, it's virtually impossible for an RFID wearer's identity to be stolen or for the individual to be tracked illegally. Problem is, such advanced security measures aren't always specified by government and private-sector implementors.In the California school case, the real objection was less about safety and security than principle--that tagging and tracking students breaches the children's "right to dignity," as one opponent put it, treating them "like livestock." In the end, the school scrapped the program because of parental opposition, as is its right and responsibility.

But now comes a bill, passed by the California Senate, that feeds off the fear-mongering of the middle school case to ban most state government-issued ID documents that contain a "contactless integrated circuit"--an RFID tag. Rather than let public institutions and their constituents hash out the risks and benefits of each RFID rollout, California--the center of the U.S. technology industry--is ducking scared, ignoring the fact that RFID networks can be reliably secured and discouraging enlightened discussion on the subject.

The ACLU is correct in opposing hidden tags and readers and surreptitious monitoring. Keep the RFID implementation process open. But don't cut it off at the knees.

Rob Preston is editor in chief of Network Computing. Write to him at [email protected].