acm-header
Sign In

Communications of the ACM

Inside risks

Risks of RFID


Like most other technologies, RFID (Radio-Frequency IDentification) systems have pluses and minuses. In their most common applications, passive RFID tags enable rapid contactless determination of the tags' serial numbers, in theory helping to reduce erroneous identifications. However, this technology becomes dangerous whenever the binding between the tag and its context of use is in doubt. This situation is similar to Social Security numbers, which are themselves useful as identifiers but not as authenticators, with a wide range of proven abuses.

RFID benefits may be negated by numerous opportunities for accidental or intentional misuse of the technology and its supporting systems, along with a wide range of issues relating to system and data integrity, personal well-being, and privacy. Tags may be counterfeited, cloned (duplicated), swapped, damaged, intentionally disabled (in some cases even remotely), or otherwise misused. RFID technology can be easily compromised if used with insecure systems. This is especially problematic in sensitive environments if RFID tags use unencrypted or (as in the case of the impending U.S. passports) weak encryption protocols.

Numerous privacy issues exist, some of which can have serious consequences if they are ignored or relegated to second-order considerations. Tags are potentially subject to remote surveillance whenever they are unshielded. Testing indicates that even passive RFID tags may be interrogated over far greater distances than originally anticipated. The implications of these problems are immense for persons bearing RFID-enabled credit cards or passports, not to mention individuals with embedded subcutaneous RFID implants—who would have no ability to control when and where these implants may be interrogated.

Furthermore, various issues related to pervasive security problems can lead to increased privacy violations committed by insiders and outsiders, such as misuses of databases associated with RFID tag information or derived from the context in which the tags are used. System-related examples include intrinsic security vulnerabilities of the ancillary computer systems, inadequate user and operator authentication, and overly broad system and database authorizations. Such situations can create rampant opportunities for misuse of the accompanying database information. For example, many opportunities will exist for targeting specific victims, widespread selective data mining, and sweeping up entire databases. Possible intents for such misuses might include robbery, identity theft, fraud, harassment, and blackmail, for example.

With the range of potential problems associated with RFID systems, the question of voluntary vs. involuntary use becomes paramount; when things go wrong, somebody is likely to be hurt—financially or in other ways. It's possible that involuntary RFID-implant "chipping" of perceived miscreants will happen soon. It's then probably just a matter of time before broader forced deployment will permeate society, justified by organizations and authorities based on security, financial, or other seemingly laudable goals.

At the basic computer-science level, inadequate security in operating systems, database management systems, networking, and other components supporting the use of RFID technology are sorely in need of improvement. Consistent, correct, and up-to-date distributed databases are essential for system availability and survivability. Several R&D directions might be helpful, although these are not limited to RFID technologies in their implications. Particular needs include the ability to develop trustworthy systems, with suitable security, accountability, auditing, binding integrity, privacy-preserving cryptography, and so on.

RFID-related technologies can have some attractive benefits in certain carefully delineated situations. However, in all cases, possible technical and privacy risks must be considered objectively in operational environments. Even more importantly, it's crucial that we engage now in a far-reaching, society-wide dialogue regarding the circumstances and contexts within which RFID systems should or should not be used, and the rights of individuals and organizations to control whether or not they will be subject to various uses of these systems. This is an especially difficult task, because many of the would-be applications are emotionally charged, and RFID capabilities and ostensible benefits are in some cases being hyped far beyond what is realistic. Yet it is such critical deliberations that will likely influence whether RFID will be deployed primarily in useful tools, or rather as identity shackles.

Back to Top

Authors

Peter G. Neumann moderates the ACM Risks Forum.

Lauren Weinstein ([email protected]) is co-founder of People for Internet Responsibility (www.pfir.org). He moderates the Privacy Forum (www.vortex.com/privacy).


©2006 ACM  0001-0782/06/0500  $5.00

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.

The Digital Library is published by the Association for Computing Machinery. Copyright © 2006 ACM, Inc.


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account
Article Contents: