US.gov tunes out scathing RFID privacy report

DHS committee study 'disavowed'

chart

An external security advisory committee reporting to the US Department of Homeland Security has produced a highlight critical report (PDF) advising against the use of RFID technology in government documents.

But the scathing analysis remains stuck in limbo, as a draft report, while the government pushes ahead with plans to include RFID tags in everything from passport and diving licences to library cards.

The Data Privacy and Integrity Advisory Committee of the DHS concludes that RFID chips are useful in inventory management but aren't suitable for human identification, where privacy issues remain a concern. Using RFID tags to identify miners or firefighters more quickly may be a sensible use the technology. Where the technology falls down is where it's used to verify identity, where the experts reckon it offers little advantage over previous technology while creating the possibility that data held on RFID chips might be intercepted by undesirables.

"RFID appears to offer little benefit when compared to the consequences it brings for privacy and data integrity. Instead, it increases risks to personal privacy and security, with no commensurate benefit for performance or national security," the report states.

The experts advise that "RFID be disfavored for identifying and tracking human beings. When DHS does choose to use RFID to identify and track individuals, we recommend the implementation of the specific security and privacy safeguards".

The draft report was criticised by the RFID lobby when it came out in summer but a Homeland Security spokesman denied suggestions that anyone is trying to spike the study. "The committee is still soliciting input and the draft report is on its website, so I guess they are proceeding," he said.

Civil liberties group the Center for Democracy and Technology is also critical of the report because of its failure to recognise the reality that RFID technology is already widely deployed. The committee needs to produce suggestions on how the RFID-chips can be more securely deployed instead of advising government to avoid the technology. Jim Dempsey, the policy director for the CDT, told Wired that the report was "off-target".

Jim Harper, a Cato Institute fellow and member of the advisory committee, remains hopeful that the committee will vote to publish the report so that it can influence the PASS card, an RFID-based system designed to act as an alternative to passports for US citizens returning from neighbouring countries such as Mexico and Canada from 2008. "If we don't have a report out before the (PASS card) comment period ends, then we are irrelevant," Harper told Wired. ®

Sponsored: How to determine if cloud backup is right for your servers