Is RFID Technology Secure and Private?

Is RFID Technology Secure and Private?

Unfortunately, not very often in the systems to which consumers are likely to be exposed. Anyone with an appropriately equipped scanner and close access to the RFID device can activate it and read its contents. Obviously, some concerns are greater than others. If someone walks by your bag of books from the bookstore with a 13.56 Mhz “sniffer” with an RF field that will activate the RFID devices in the books you bought, that person can get a complete list of what you just bought. That’s certainly an invasion of your privacy, but it could be worse. Another scenario involves a military situation in which the other side scans vehicles going by, looking for tags that are associated with items that only high-ranking officers can have, and targeting accordingly.

Companies are more concerned with the increasing use of RFID devices in company badges. An appropriate RF field will cause the RFID chip in the badge to “spill the beans” to whomever activates it. This information can then be stored and replayed to company scanners, allowing the thief access – and your badge is the one that is “credited” with the access.

The smallest tags that will likely be used for consumer items don’t have enough computing power to do data encryption to protect your privacy. The most they can do is PIN-style or password-based protection.

Technical problems with RFID

Technical problems with RFID

Problems with RFID Standards

RFID has been implemented in different ways by different manufacturers; global standards are still being worked on. It should be noted that some RFID devices are never meant to leave their network (as in the case of RFID tags used for inventory control within a company). This can cause problems for companies.
Consumers may also have problems with RFID standards. For example, ExxonMobil’s SpeedPass system is a proprietary RFID system; if another company wanted to use the convenient SpeedPass (say, at the drive-in window of your favorite fast food restaurant) they would have to pay to access it – an unlikely scenario. On the other hand, if every company had their own “SpeedPass” system, a consumer would need to carry many different devices with them.

RFID systems can be easily disrupted

Since RFID systems make use of the electromagnetic spectrum (like WiFi networks or cellphones), they are relatively easy to jam using energy at the right frequency. Although this would only be an inconvenience for consumers in stores (longer waits at the checkout), it could be disastrous in other environments where RFID is increasingly used, like hospitals or in the military in the field.
Also, active RFID tags (those that use a battery to increase the range of the system) can be repeatedly interrogated to wear the battery down, disrupting the system.

RFID Reader Collision

Reader collision occurs when the signals from two or more readers overlap. The tag is unable to respond to simultaneous queries. Systems must be carefully set up to avoid this problem; many systems use an anti-collision protocol (also called a singulation protocol. Anti-collision protocols enable the tags to take turns in transmitting to a reader. (Learn more about RFID reader collision.)
RFID Tag Collision

Tag collision occurs when many tags are present in a small area; but since the read time is very fast, it is easier for vendors to develop systems that ensure that tags respond one at a time. (Learn more about RFID tag collision.)
Security, privacy and ethics problems with RFID

The following problems with RFID tags and readers have been reported.
The contents of an RFID tag can be read after the item leaves the supply chain

An RFID tag cannot tell the difference between one reader and another. RFID scanners are very portable; RFID tags can be read from a distance, from a few inches to a few yards. This allows anyone to see the contents of your purse or pocket as you walk down the street. Some tags can be turned off when the item has left the supply chain; see zombie RFID tags.
RFID tags are difficult to remove

RFID tags are difficult to for consumers to remove; some are very small (less than a half-millimeter square, and as thin as a sheet of paper) – others may be hidden or embedded inside a product where consumers cannot see them. New technologies allow RFID tags to be “printed” right on a product and may not be removable at all (see Printing RFID Tags With Magic Ink).
RFID tags can be read without your knowledge

Since the tags can be read without being swiped or obviously scanned (as is the case with magnetic strips or barcodes), anyone with an RFID tag reader can read the tags embedded in your clothes and other consumer products without your knowledge. For example, you could be scanned before you enter the store, just to see what you are carrying. You might then be approached by a clerk who knows what you have in your backpack or purse, and can suggest accessories or other items.
RFID tags can be read a greater distances with a high-gain antenna

For various reasons, RFID reader/tag systems are designed so that distance between the tag and the reader is kept to a minimum (see the material on tag collision above). However, a high-gain antenna can be used to read the tags from much further away, leading to privacy problems.
RFID tags with unique serial numbers could be linked to an individual credit card number

At present, the Universal Product Code (UPC) implemented with barcodes allows each product sold in a store to have a unique number that identifies that product. Work is proceeding on a global system of product identification that would allow each individual item to have its own number. When the item is scanned for purchase and is paid for, the RFID tag number for a particular item can be associated with a credit card number.

Advantages of RFID Versus Barcodes

Advantages of RFID Versus Barcodes
RFID tags and barcodes both carry information about products. However, there are important differences between these two technologies:
Barcode readers require a direct line of sight to the printed barcode; RFID readers do not require a direct line of sight to either active RFID tags or passive RFID tags.
RFID tags can be read at much greater distances; an RFID reader can pull information from a tag at distances up to 300 feet. The range to read a barcode is much less, typically no more than fifteen feet.
RFID readers can interrogate, or read, RFID tags much faster; read rates of forty or more tags per second are possible. Reading barcodes is much more time-consuming; due to the fact that a direct line of sight is required, if the items are not properly oriented to the reader it may take seconds to read an individual tag. Barcode readers usually take a half-second or more to successfully complete a read.
Line of sight requirements also limit the ruggedness of barcodes as well as the reusability of barcodes. (Since line of sight is required for barcodes, the printed barcode must be exposed on the outside of the product, where it is subject to greater wear and tear.) RFID tags are typically more rugged, since the electronic components are better protected in a plastic cover. RFID tags can also be implanted within the product itself, guaranteeing greater ruggedness and reusability.
Barcodes have no read/write capability; that is, you cannot add to the information written on a printed barcode. RFID tags, however, can be read/write devices; the RFID reader can communicate with the tag, and alter as much of the information as the tag design will allow.
RFID tags are typically more expensive than barcodes, in some cases, much more so.