For decades radio frequency identification chips have been used in everything from shipping orders, retail sales, cell phones, credit cards and even core identification documents like state-issued IDs and passports. We have come to rely on them to make it easy to conduct financial transactions, keep track of inventory and even tag our pets and children so they can be discovered if they are kidnapped or lost. They do, however, have drawbacks.
For years the RFID chip has been the weakest link in the defense of financial information because of their easily hacked encryption. Most “low risk” chips (those would be the ones that you and I carry in cards like our VCU ID’s) use less encryption than a wireless router. If someone so desired, they could easily buy a scanner from an RFID manufacturer’s Web site, or build a scanner to copy information off of your card.
As of 2008 in order to leave the country one must possess a current U.S passport, these passports have a RFID chip in them that has been proven to be easily decrypted on several technical journals and Web sites. Additionally anyone who uses a quick pay card, or a “smart” card, to make purchases at grocery stores or gas stations has a version of an RFID chip that is easily hacked.
So why is this important? Besides the obvious security concerns of having your personal information easily copied without your knowledge and without an electronic trail (unlike computers, RFID chips don’t exchange information—they just broadcast it) there are a number of other security areas that have been overlooked. Firstly there are all of the supposedly secure buildings that rely on RFID scanners, including the one I work in. Cars also depend on RFID remotes with remote locking systems and alarm systems.
The biggest threat to security, however, is the one that has yet to fully realized: a national health records database. With the digitization of health records and a national government health system, it is likely that people who eventually buy government mandated health care will have an identification card. If this identification card has an RFID chip in it, then there is a potential all of your health records could be easily stolen or manipulated.
I am not saying that RFID chips are bad; they have a ton of useful purposes. The real threat here is not the RFID itself, but the protection of those technologies with weak encryption or bad policies that abuse the RFID technology. Before we attempt to register everyone with RFIDs, either in a health care system or a national ID system, we must make sure that there are adequate protections in place to protect people’s information. As Bert Moore, the editor of the online magazine RFID Connections, wrote on the Association for Automatic Identification and Mobility:
“Today, cyber security is constantly in the news with identity theft, breaches in corporate financial records, and threats of cyber terrorism. RFID security should be seen in the same light.”
Of course, this is just the tip of the iceberg to the greater debate of whether it is ethical for everyone’s health and financial information to be available to a greater authority like the state and federal governments. While some believe that having this information available is a part of the greater good, either to solve crimes or provide better services, there is a minority of people that enjoy having autonomy and privacy in their purchasing decisions and health.