GovernmentExecutive.com

Despite new research pointing to security vulnerabilities in wireless tracking technology known as radio-frequency identification, government and business representatives remain confident in its use.

Last week, a study from Amsterdam's Vrije University warned that computer viruses could move from RFID tags to exploit some software systems. The research -- "Is Your Cat Infected with a Computer Virus?" by Melanie Rieback -- was presented at the Institute of Electrical and Electronics Engineers conference in Pisa, Italy.

RFID software code writers must build appropriate checks "to prevent RFID middleware from suffering all of the well-known vulnerabilities experienced by the Internet," according to the report. The paper claims to present the first self-replicating RFID virus.

Governments and businesses around the world have been adapting applications of RFID for various tasks, such as tracking groceries or cargo and verifying people's identities.

A State Department official said the United States plans to begin deploying new passports with RFID technology on a widespread basis this summer. The number of passports being issued over the past few years has increased from 7.3 million in fiscal 2003 to more than 13 million expected to be issued in 2006.

"The security of the e-passport is of the utmost importance to the State Department. We only went ahead in issuing them after ensuring that the data would be protected," said the official, who noted that the passport includes a different type of RFID than the one questioned in the report.

To address privacy concerns, the State Department has added technology to prevent the inappropriate "skimming" of passport data by other technology in the vicinity. Privacy advocate Bill Scannell labeled the move "considerably better than nothing."

Dan Mullen, president of the identification trade association AIM Global, said in a statement that many of the paper's assumptions "overlook a number of fundamental design features necessary in automatic data-collection systems and good database design." A representative for the RFID company Alien Technology agreed.

But the technology has some privacy advocates concerned. "There is absolutely no need to use an RFID technology," said Scannell, who added that "relying on RFID for security is a bad idea."

RFID "works well for cattle but not for people," Scannell said in reference to the use of the technology in livestock for tracking purposes.

Evan Scott, the president of Evan Scott Group International, said he has confidence in the system and works with RFID companies on a daily basis. "A lot is being done every day to ensure security," he said.

"There are risk and concerns with all technology," said Scott, who noted that the concerns drive research and development. "RFID issues will be resolved and fixed through good technology. We are in the information age now. Everything is on the Internet or through the airwaves."

A lot of venture-capital investments have been going toward RFID in the last couple years, Scott noted. He expects the trend to continue with more commercial and security applications.

COMMENTS

• It shouldn't be mandatory. Maybe the family should be able to choose tracking devices as an option, but the government forcing anyone to get a tracking device is bogus. The situations we see in books like 1984 and Fahrenheit 451 don't just appear out of nowhere. It's small seemingly harmless things that little by little build up to the loss of freedom. The people control the government, not the other way around. It may seem like I'm taking this to an extreme, but we need to be aware of the consequences of our actions. Stephanie Posted April 13, 2008 2:20 PM
• There will be ways of tracking, regardless of what we agree to. I think it should be mandatory for all patients, diagnosed with Alzheimer's or dementia, to have a permanent tracking device. A relative of mine disappeared for two days while the police were trying to find them. These people are a hazard to themselves and it's impossible to allow them to live a halfway normal life and keep them under constant watch. Daniel Davis Posted April 12, 2006 10:44 AM
• Working with automation for the last 36 years combined with my business training makes an explicit case for implementation of such technologies on a massive scale. For business and government, it all looks like gravy; so why am I worried? Because I read. I read things like the newspaper where American soldiers are identified among a group of hostages because of their military passports, killed, and thrown off planes. I read books like "A Brave New World" and "1984," where Big Brother is pervasive and tracks the proletariat everywhere. That habit and my affiliation with the military makes me question the implementation of such security measures as RFID and biometrics. Scenario: I see an American tourist, working for the government, or even a soldier on leave walking down the streets of some European city; unaware that the RFID in his/her passport is broadcasting their identity and location to terrorists. Why does that bother me? Scenario: The government implements the finger print biometrics on their laptops, a number of which have already gone missing. I may happen to work for CSRS (the SC nuclear plant). Why would I be worried? Please remember: “Just because you’re paranoid, doesn’t mean folks aren't out to get you.” I restate my case of examining the results before implementation. Look forward, think things through, and ask, "What could go wrong?" Better now than later. Tip off. Tip Posted March 27, 2006 7:32 AM