Interesting People mailing list archives
more on More fuel for the fire for RFID privacy concerns...]
From: Dave Farber <dave () farber net>
Date: Tue, 21 Feb 2006 22:32:24 -0500
-------- Original Message -------- Subject: Re: [IP] More fuel for the fire for RFID privacy concerns... Date: Tue, 21 Feb 2006 16:48:19 -0800 From: Ross Stapleton-Gray <ross () stapleton-gray com> To: dave () farber net, Valdis.Kletnieks () vt edu References: <200602212344.k1LNigS6007006 () turing-police cc vt edu> <0A1CBBA5-806F-410E-AB6A-95235D2DA1CB () farber net> At 04:13 PM 2/21/2006, David Farber wrote:
From: Valdis.Kletnieks () vt edu Subject: More fuel for the fire for RFID privacy concerns... Well, so much for the "they can only be read at very short distance" defense... ... The U.S. Department of Homeland Security (DHS) is looking for beefed up RFID technology that can read government-issued documents from up to 25 feet away, pinpoint pedestrians on street corners, and glean the identity of people whizzing by in cars at 55 miles per hour.
There's an awful lot to discount in this press release from Katherine Albrecht, et al., though, as it's taking a rather old DHS solicitation (of a year ago), and mixing apples and oranges to make an ominous fruit salad of innuendo. The DHS solicitation looks to be asking for something that will function like FasTrak, or EZ Pass, or other road toll payment systems, for use in authentication at borders, e.g., something one could issue to guest workers, truckers, or others frequently traversing U.S. national borders. Those (active) RFID systems can be read at much higher speeds (c. 100 MPH, IIRC), and at greater distances. I don't know if DHS is going to find a passive solution to meet these requirements, but whatever is being proposed for application here, it's not going to be the same thing that's being applied to the box of Cheerios. The problem isn't that some forms of RFID can be read at certain distances, or given speeds, it's how and where they might be used, and especially if and where mandated. I don't see anything in the solicitation, for example, that suggests that DHS wants to put such tags on all vehicle license plates, which I would have some problem with; so far as it reads, the possessor of such a border ID could (as FasTrak suggests, if you're concerned about privacy) mask the device with a mylar bag, so long as they took it out for reading where required (i.e., traversing a U.S. national border). The above isn't to say that there aren't privacy issues associated with RFID (see http://www.stapleton-gray.com/papers/ for some thoughts on various of these); it's certainly not to say that we shouldn't be concerned at government actions to increase surveillance across the board (and the whole warrantless wiretap issue is astonishingly quiet on Capitol Hill). But the DHS solicitation seems to be specifically targeted at an application with little risk of spilling into a broad threat. I've found that the DHS Privacy Office has been quite good at raising those issues, and mandating Privacy Impact Assessments... Here's some discussion of US Visit and its PIA: http://www.immigration.com/newsletter1/privimpassdhs.html Ross ---- Ross Stapleton-Gray, Ph.D. Stapleton-Gray & Associates, Inc. http://www.stapleton-gray.com http://www.sortingdoor.com ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on More fuel for the fire for RFID privacy concerns...] Dave Farber (Feb 21)