[ Silicon Valley | Metroactive Home | Archives ]
Spy Hunter
A South Bay legislator is trying to jam the emerging use of RFID technology for personal tracking
By William Dean Hinton
From the very first, there was something obviously, glaringly lame about the new school identification badge Lauren Tatro wore home last January. Lauren didn't like it because it was big and hideous and hung chest-level for maximum awkwardness. Besides, it slapped kids in the face during phys ed class.
Lauren's mother, Michele, had other concerns, especially when she heard what the badges were supposed to do. A small microchip had been placed inside Lauren's badge so that she could be tracked from classroom to classroom, reporting her attendance to a centralized computer. A special card reader had also been placed over bathroom doors throughout Brittan Elementary School in Sutter, a no-stoplight town located about 50 miles north of Sacramento at the foot of the Sutter Buttes, the smallest mountain range in the world.
When Michele Tatro heard school administrators were curious about her daughter's bathroom breaks, "the hair on the back of my neck stood up. Why would they need to know when she came in and out of the bathroom?"
Tatro, a cooking instructor, joined forces with other families and within a month was able to convince Brittan's school board to abandon the program. But not before international media outlets, the ACLU and privacy advocates were alerted to the issue, prompting state Sen. Joe Simitian to write a billthe first like it in the countryrestricting certain uses of the technology.
Simitian is a freshman senator from Palo Alto who, as an assemblyman, was named high-tech legislator of the year in 2001 by the American Electronics Association, which is now lobbying against Simitian's bill.
"I was skeptical when the issue was first raised with me," says Simitian, a Democrat. "Like a lot of people, I hadn't given the issue much thought. The flash point for me was Sutter County. As I started researching the technology, I saw where very conservative, mainstream groups were worried about what this technology can do."
Simitian boils the issue down to one sentence: "The fundamental question that must be asked and answered is: Should state and local governments compel their citizens to carry government-issued identification cards that have the ability to broadcast their personal information to others. That's a tough question to answer."
Aluminum Foil
Radio Frequency Identification, or RFID as it is commonly known, is an old technology that has gone in a whole lot of new directions in the last 15 years. More recently, it has been in direct competition with the bar code technology found on almost every common household product. Wal-Mart brought RFID to national attention several years ago by announcing it would require its top 100 suppliers to place RFID chips on items sold in Wal-Mart stores.
RFID employs a microchip that sends an electromagnetic burst capable of uniquely identifying somethingor as in the case of Brittan elementary students, someone. "Active" RFID microchips, like those used in Fast Trac tags that drivers place on their windshields, are powered by a small battery. RFID chips tracking products or people, on the other hand, are usually "passive" because they contain no power source.
Simitian's bill is essentially a three-pronged effort to curb RFID chips in government-issued, mass-distributed documents like drivers' licenses, student IDs and bus passes. It it will make unauthorized scanning of documents, known as skimming, a misdemeanor. It will require protection, such as encryption, on chips placed in more localized government documents like bus passes and student IDs. And it will ask for a three-year moratorium on placement of RFID in drivers' licenses as well as library, medical and grade-school cards.
The bill has started a buzz across the country because the high-tech industry fears it will encourage other states to pass similar legislation, closing off what could be billions of dollars in revenue. With security issues at the forefront of many policy debates, caused by the threat of terrorism and the increasing number of identity theft crimes, security experts continue to point out how easy it is for counterfeiters to forge identification documents. Online you can find dozens, if not hundreds, of sites sellingor explaining how to makea fake ID. From the samples published on the web, many look authentic.
"RFID is harder to counterfeit than anything we have in existence," says Robert Siciliano, the CEO of idtheftsecurity.com. "Bar codes can be easily counterfeited. They are just lines on a page. Social security cards, birth certificates, passports, drivers' licensesthey can be obtained with little or no security. Holograms or other foils can be easily counterfeited. It's almost laughable how easy it is to fake an ID."
More than 130 countries have already adopted some kind of RFID chip for mass-distributed personal documents, according to the American Electronic Association. The technology is so pervasivefrom transponders in aircraft to the automatic car door opener attached to many key chainsthat many analysts predict it will soon be used in drivers' licenses and passports.
Most of the debate between the pro and anti-RFID sides has centered on the distance at which the passive (nonbattery) chips are able to be read. The issue is important because a tourist traveling abroad could be identified by a terrorist interested in intercepting the personal data embedded on an RFID chip.
Bradley Gross works for a Florida law firm specializing in technology and privacy issues. He attended a tech convention in California last year in which a model train containing an RFID chip was counted as it passed by the station. Gross says the reader wasn't always accurate, failing to read the train even though the train was several inches from the station. "I have seen RFID work from three to five feet at industry shows but the results weren't good," he says.
And even if the technology advances to the point where it can be intercepted at 10 feet or more, consumers can protect themselves if they hold their documents in what is known as a Ferriday cagea metal holder that blocks the electromagnetic pulse from reaching an RFID scanner. Simply wrapping a RFID�embedded driver's license in aluminum foil would be enough to prevent it from being read by any scanner.
Vacant Stares
Gene Spafford is executive director of the Center for Education and Research in Information Assurance and Security at Purdue University. He says the problem with RFID isn't necessarily the technology itself but the human element behind it. Drivers' licenses, for example, are often unlawfully obtained by paying off DMV staffers. "Counterfeiters can bribe clerks," Spafford says. "Or they case places where people aren't paying attention."
Spafford says he sometimes eludes security points by flashing a credit card instead of a picture ID. "I've gone into buildings with an ID that didn't belong to me," he says. "I've gotten into government labs with an American Express card. If the picture is in the right place, they'll let you through."
The problem with RFID, then, becomes twofold. Not only can counterfeiters falsify the front of the documentthe photo, name, address and so onthey can also encode the RFID chip with bogus info as well. "It's another technology that can be circumvented," Spafford says.
RFID supporters acknowledge that no security system is foolproof. But, they say, at least RFID is a start. "You continue to strive for perfection," Robert Siciliano, the security CEO, says. "You'll never, ever, have a completely secure system. You always have to work toward that goal. It's a constant process."
Siciliano balks at the idea that RFID is a privacy-vs.-security issue anyway. "There is no such thing as privacy," he says. "It went out the window hundreds of years ago. You've been documented since the doctor slapped you on the ass. When you go to school, when you get a job, when you buy property, when you use a credit cardit's al recorded. The government knows where you live. Stores know what kinds of food you eat. What we need to strive for is not to protect privacy but secure identification and information properly."
Michele Tatro, however, says it's a matter of dignity to preserve what little privacy remains. "It's degrading and humiliating to be tracked," she says. Tatro's family has taken abuse from some Sutter residents who liked the school's attendance program because the company that produced it, InCom, agreed to share profits of the system with Brittan Elementary as schools across the country began to buy it. The way some of her Sutter neighbors see it, they sacrificed untold profits because of unfounded paranoia.
"We get a lot of vacant stares," Tatro says. "Suddenly people don't know who you are."
If you're wearing your RFID tag, of course, they will.
[ Silicon Valley | Metroactive Home | Archives ]
Copyright © 2005 Metro Publishing Inc. Metroactive is affiliated with the Boulevards Network.
For more information about the San Jose/Silicon Valley area, visit sanjose.com.
|
|