Feeds

US.gov tunes out scathing RFID privacy report

DHS committee study 'disavowed'

Next gen security for virtualised datacentres

An external security advisory committee reporting to the US Department of Homeland Security has produced a highlight critical report (PDF) advising against the use of RFID technology in government documents.

But the scathing analysis remains stuck in limbo, as a draft report, while the government pushes ahead with plans to include RFID tags in everything from passport and diving licences to library cards.

The Data Privacy and Integrity Advisory Committee of the DHS concludes that RFID chips are useful in inventory management but aren't suitable for human identification, where privacy issues remain a concern. Using RFID tags to identify miners or firefighters more quickly may be a sensible use the technology. Where the technology falls down is where it's used to verify identity, where the experts reckon it offers little advantage over previous technology while creating the possibility that data held on RFID chips might be intercepted by undesirables.

"RFID appears to offer little benefit when compared to the consequences it brings for privacy and data integrity. Instead, it increases risks to personal privacy and security, with no commensurate benefit for performance or national security," the report states.

The experts advise that "RFID be disfavored for identifying and tracking human beings. When DHS does choose to use RFID to identify and track individuals, we recommend the implementation of the specific security and privacy safeguards".

The draft report was criticised by the RFID lobby when it came out in summer but a Homeland Security spokesman denied suggestions that anyone is trying to spike the study. "The committee is still soliciting input and the draft report is on its website, so I guess they are proceeding," he said.

Civil liberties group the Center for Democracy and Technology is also critical of the report because of its failure to recognise the reality that RFID technology is already widely deployed. The committee needs to produce suggestions on how the RFID-chips can be more securely deployed instead of advising government to avoid the technology. Jim Dempsey, the policy director for the CDT, told Wired that the report was "off-target".

Jim Harper, a Cato Institute fellow and member of the advisory committee, remains hopeful that the committee will vote to publish the report so that it can influence the PASS card, an RFID-based system designed to act as an alternative to passports for US citizens returning from neighbouring countries such as Mexico and Canada from 2008. "If we don't have a report out before the (PASS card) comment period ends, then we are irrelevant," Harper told Wired. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New twist as rogue antivirus enters death throes
That's not the website you're looking for
ISIS terror fanatics invade Diaspora after Twitter blockade
Nothing we can do to stop them, says decentralized network
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.