Tag Lag

For the past five years, radio frequency identification has been the hot technology. So far, RFID hype has outpaced delivery.

Radio frequency identification was supposed to change everything- military shipments would contain exactly what was expected, arrive on time and at the right location; the Homeland Security Department could pinpoint precisely when a foreign visitor left the country.

Using computer chips outfitted with antennae, agencies could track shipments, assets and even people.

That's why for the past five years, radio frequency identification-or RFID-has been the hot technology. But RFID hasn't lived up to the hype. To understand why, consider this example:

In 2005, Border Patrol personnel gave arrival and departure documents to 166 foreign drivers entering the United States by way of the Blaine-Pacific Highway in Washington state. Drivers were to fill out the forms and return them when they left the country. Border agents routinely issue the forms, known as I-94s, to visiting foreigners. But Homeland Security had attached an RFID chip to the 166, identifying each visitor with a code. DHS planned to use the forms and codes to track via radio frequency when visitors' vehicles exited the country. But when the experiment ended, DHS had identified only 14 percent of the 166 vehicles as having left the United States. The department had hoped to capture data on at least 70 percent. Problems ranged from the technological to the mundane, including the department's failure to properly instruct visitors to position the RFID-tagged forms in their cars so they were visible to the machines that read the chips.

DHS, which has now sworn off RFID in some applications, is not an isolated case. Many other agencies have shunned the technology for various reasons. First, there's the high cost of deploying it. Second, agencies believe that information on the tags or in databases is vulnerable to identity theft. Third, the technology requires those who manage it and those who are required to use it to drastically change their customary behavior or the way they work. It all adds up to disappointing adoption rates for RFID.

"A few years ago, the [federal government] and other organizations looked to RFID tagging as a panacea for a whole host of security solutions," says Jeff Vining, a research vice president at Gartner Inc. in Stamford, Conn., where he studies homeland security and law enforcement. "There was euphoria, followed by huge momentum. But reality has set in. These days, it seems like the government is of two minds: Yes, we want it; yes, we need it; but how do we use it and is it really cost effective?"

The answer for most of government so far is, "Not yet."

The Next Bar Code

RFID uses radio waves to automatically identify objects or, in the case of more recent government initiatives, people. A tag holds data on a microchip, and a radio frequency reader takes in the information stored on the chip and sends it to a database application residing on a server.

Communication with the reader depends on whether the tag is active or passive. An active tag is powered by an internal battery, allowing it to initiate communication, and holds data that can be rewritten or modified and transmitted over a longer distance. A passive tag receives its operating power from the reader. Data on the passive tag typically is read-only, which means the tag cannot be modified.

Technologists in business and government have regarded RFID as the next-generation version of bar codes, although the technology actually has been around for decades. During World War II, the Germans and British used RFID technology to identify ally and enemy aircraft. In the 1970s, Los Alamos National Laboratory developed an RFID system for tracking nuclear materials. At about the same time, researchers were implanting an early form of RFID tags in dairy cows for identification and to monitor their temperatures.

Today, RFID is used predominantly in supply chain management and inventory tracking, with perhaps the largest users being the Defense Department and Wal-Mart. Since 2005, Defense and the giant retailer have required suppliers to apply RFID tags to all shipments. Wal-Mart has had trouble convincing its suppliers to use RFID and deploying it within stores.

IT managers at Defense, however, say their RFID program is on track and has kept pace with expectations. Suppliers have fallen into line. During a typical week, Defense creates 19,000 active tags and reads 134,000. Its RFID network extends to more than 30 countries, with 2,500 stations that can read tags. Almost all Defense shipments have active tags. Even so, says Alan Estevez, assistant deputy undersecretary of Defense for supply chain integration, "I can accept that this may not be meeting people's expectations."

Other companies and agencies have adopted RFID applications. The Food and Drug Administration promotes RFID as a way to monitor the internal temperature of shipping containers to determine when perishables are at risk of spoiling. DHS announced plans to use RFID for the Western Hemisphere Travel Initiative border crossing card, which the department will require for travel between the United States and countries in the Western Hemisphere. The initiative requires that by June 2009, all Americans must provide proof of citizenship and identity when crossing U.S. borders. It involves a passive RFID tag that can be read from up to 20 feet away. DHS also wants to use RFID for a hybrid ID card, which will be issued in border states to comply with the Western Hemisphere initiative as well as the 2005 Real ID Act, which requires states to develop more secure driver's licenses.

But RFID hasn't come close to meeting the high expectations of a few years ago. In addition to relatively low adoption rates, it has suffered high-profile failures. The Blaine experiment, for example, was one of five proof-of-concept tests conducted at ports of entry as part of the U.S. Visitor and Immigrant Status Indicator Technology program. The results of the tests, some of which sought to identify vehicle crossings and others pedestrian crossings, fell far short of expectations, according to a scathing Government Accountability Office report (GAO-07-248). The failures prompted Homeland Security to drop RFID from US VISIT.

Too Expensive

Unlike many IT applications that build on existing infrastructure, RFID solutions typically carry significant upfront costs. As IT budgets have tightened this decade, chief information officers are finding it difficult to come up with the money.

Active tags range from $50 to $150 each. Passive tags cost significantly less-often less than 50 cents apiece-but can't be reused, requiring agencies to keep large inventories. Most readers cost between $500 and $2,000, with antennas and cables often sold separately. On the back end, agencies often must install databases, warehouse management systems and content management systems to filter and interpret RFID data and ensure the hardware is properly integrated into existing networks. In addition, bulking up storage, bandwidth, management and maintenance is expensive.

"It's not just a matter of the front-end edge devices; it's a matter of the back-end implications of tying the signal to applications to make the transaction useful and meaningful," says Scott Hastings, a partner at IT consulting firm Deep Water Point in McLean, Va., and former CIO for the US VISIT program management office. "There's an investment involved that is not trivial. People are divided about whether it's worthwhile. Some feel it's crucial, while others say tighter inspection [procedures] are all that's needed."

Sometimes the value of an asset justifies the expense of RFID. Making sure expensive goods such as pharmaceuticals or Army tanks get where they need to go justifies the cost of active RFID tags. But not every agency ships such products. Those that don't should do cost-benefit analyses before making RFID investments. "The tiresome thing is that the argument focuses on this chip-not on the business case and the environment that the chip attaches to," Hastings says. "Is it worthwhile? That needs to be decided on a case-by-case basis." Cost also inhibits out-of-the-box thinking about how to use RFID. For example, active tags could monitor highly confidential documents as they move among agencies and ensure they reach the intended parties; passive tags attached to laptops along with readers at facility exits could alert administrators when computers are taken offsite. But these types of applications are considered unrealistic because of cost, even though they could help meet security mandates. "Right now, [RFID] is used for very specific applications, but there are so many places the technology could go if expense were not such a big obstacle," says Kevin Carroll, an information technology consultant who recently retired as the Army's program executive officer of enterprise information systems. "These days, there need to be specific benefits that make it worthwhile to spend a lot of money."

Security Fears

Wider use of RFID also must surmount privacy concerns. Anyone with a reader can intercept the data on a tag, for instance, and active tags, which continuously send data, are much more vulnerable to data theft. RFID proponents argue that security features protect the data. Tags carry nothing more than a number, which readers use to access sensitive data housed on a server. The server presumably is outfitted with all required security features, says Bill Hartwell, vice president of government business at Motorola Inc. In addition, the tags can be encrypted and transmitted data can be encrypted as well. "Think of [RFID tags] like license plates," Hartwell says. "They're mobile and can potentially be looked at and scanned, but that doesn't tell you a whole heck of a lot about the person driving or even the vehicle itself."

Because the most valuable information is stored in databases, Defense's Estevez says RFID carries the same risks. In addition, Estevez says, a hacker would have to work hard to read the data coming off the active tags on Defense shipments. "In order to read those active tags, you have to be up close and personal, and there is a lot of security on the tag," he says. "Unless you are qualified, you can't access it and certainly not from a distance."

Still, the fear of RFID security breaches is hard to shake. Even Defense opted to not tag certain supplies traveling through the Middle East for fear that insurgents could use commercial readers to pick up signals and access sensitive information. Shipments to Afghanistan go through Pakistan, where insurgents are known to be based, and "we got nervous," Carroll says. "Will other companies have access to what we're sending? Are there holes that could cause data to end up on Chinese computers? We talked to [our supplier], who said all the information is separated with no chance of [a breach], but last I knew, [the Office of the Secretary of Defense] was not taking any chances."

Too Much Change

Another drawback is that RFID is disruptive. Users-whether those interpreting the data pulled from tags by readers or those manipulating tags to ensure the data can be read-often don't understand how the technology works, or how important it is to an organization's operations. "We started to realize that while the technology works well, we were having trouble with reservists who were called up and didn't know how to use the tags, write to the tags or read the tags," Carroll says.

Poor training also affected the accuracy of data about shipments in transit. For example, an employee would find a container in the field and remove some contents but fail to enter this action on the tag. When the shipment was sent on, employees reading the tags mistakenly assumed the removed contents still were in the container. "Training and processing became an increasing problem," Carroll says.

Defense has since improved training and oversight, but active tagging has become less common in the Army, Carroll says. Active tagging now is reserved for large, valuable and bulky shipments, such as aircraft engines and tanks. Passive tags are used for other shipments, but they require agencies to erect fixed readers that can pull the data at a specific location. "That works fine for Wal-Mart, because they use conveyer belts that track, read and move off [inventory]," Carroll says. "But in Iraq and Afghanistan, and even ports around the United States, we drop a bunch of boxes in a corner and the supply officer may or may not bother to read them. I'm a supporter of passive [tagging], but we have to learn how to use it."

It's also been difficult to reengineer processes so passive tags pass close enough to readers to retrieve data. Inducing new behavior was the major stumbling block in the proof-of-concept tests of passive tags on US VISIT I-94 forms. The tagged forms weren't logged largely because foreign visitors carrying them had to follow unfamiliar processes when leaving the country. Drivers were expected to hold the tagged forms up to their car windows or place them on the dashboard while slowing down at a particular point in the highway near an RF reader. If they didn't make the forms accessible, then the tags couldn't be read. Also, US VISIT didn't make it easy for drivers to know what to do when. DHS had not erected signs along the road alerting drivers to place the forms in position so the tags could be read.

Until it can be used without radically changing normal practices or business processes, RFID isn't likely to make the massive inroads once predicted for it. "Two or three years from now, the technology might be available where travelers wouldn't have to do anything," says Anna Hinken, US VISIT spokeswoman. "In an ideal situation, a foreign traveler would have biometric data read [automatically] upon exiting and subsequently re-entering the country, without a massive amount of changes to the exit infrastructure. Right now, that can't be done. It takes years and years to change the infrastructure."