Concerns about wireless tracking devices discussed

State Department plans to use such technology in passports starting this summer.

Despite new research pointing to security vulnerabilities in wireless tracking technology known as radio-frequency identification, government and business representatives remain confident in its use.

Last week, a study from Amsterdam's Vrije University warned that computer viruses could move from RFID tags to exploit some software systems. The research -- "Is Your Cat Infected with a Computer Virus?" by Melanie Rieback -- was presented at the Institute of Electrical and Electronics Engineers conference in Pisa, Italy.

RFID software code writers must build appropriate checks "to prevent RFID middleware from suffering all of the well-known vulnerabilities experienced by the Internet," according to the report. The paper claims to present the first self-replicating RFID virus.

Governments and businesses around the world have been adapting applications of RFID for various tasks, such as tracking groceries or cargo and verifying people's identities.

A State Department official said the United States plans to begin deploying new passports with RFID technology on a widespread basis this summer. The number of passports being issued over the past few years has increased from 7.3 million in fiscal 2003 to more than 13 million expected to be issued in 2006.

"The security of the e-passport is of the utmost importance to the State Department. We only went ahead in issuing them after ensuring that the data would be protected," said the official, who noted that the passport includes a different type of RFID than the one questioned in the report.

To address privacy concerns, the State Department has added technology to prevent the inappropriate "skimming" of passport data by other technology in the vicinity. Privacy advocate Bill Scannell labeled the move "considerably better than nothing."

Dan Mullen, president of the identification trade association AIM Global, said in a statement that many of the paper's assumptions "overlook a number of fundamental design features necessary in automatic data-collection systems and good database design." A representative for the RFID company Alien Technology agreed.

But the technology has some privacy advocates concerned. "There is absolutely no need to use an RFID technology," said Scannell, who added that "relying on RFID for security is a bad idea."

RFID "works well for cattle but not for people," Scannell said in reference to the use of the technology in livestock for tracking purposes.

Evan Scott, the president of Evan Scott Group International, said he has confidence in the system and works with RFID companies on a daily basis. "A lot is being done every day to ensure security," he said.

"There are risk and concerns with all technology," said Scott, who noted that the concerns drive research and development. "RFID issues will be resolved and fixed through good technology. We are in the information age now. Everything is on the Internet or through the airwaves."

A lot of venture-capital investments have been going toward RFID in the last couple years, Scott noted. He expects the trend to continue with more commercial and security applications.