Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on More fuel for the fire for RFID privacy concerns...]

From: Dave Farber <dave () farber net>
Date: Tue, 21 Feb 2006 22:32:24 -0500


-------- Original Message --------
Subject: Re: [IP] More fuel for the fire for RFID privacy concerns...
Date: Tue, 21 Feb 2006 16:48:19 -0800
From: Ross Stapleton-Gray <ross () stapleton-gray com>
To: dave () farber net, Valdis.Kletnieks () vt edu
References: <200602212344.k1LNigS6007006 () turing-police cc vt edu>
<0A1CBBA5-806F-410E-AB6A-95235D2DA1CB () farber net>

At 04:13 PM 2/21/2006, David Farber wrote:

From: Valdis.Kletnieks () vt edu
Subject: More fuel for the fire for RFID privacy concerns...

Well, so much for the "they can only be read at very short distance"
defense...
...
The U.S. Department of Homeland Security (DHS) is looking for beefed
up RFID
technology that can read government-issued documents from up to 25 feet
away, pinpoint pedestrians on street corners, and glean the identity of
people whizzing by in cars at 55 miles per hour.


There's an awful lot to discount in this press release from Katherine
Albrecht, et al., though, as it's taking a rather old DHS solicitation (of
a year ago), and mixing apples and oranges to make an ominous fruit salad
of innuendo.

The DHS solicitation looks to be asking for something that will function
like FasTrak, or EZ Pass, or other road toll payment systems, for use in
authentication at borders, e.g., something one could issue to guest
workers, truckers, or others frequently traversing U.S. national
borders.  Those (active) RFID systems can be read at much higher speeds (c.
100 MPH, IIRC), and at greater distances.  I don't know if DHS is going to
find a passive solution to meet these requirements, but whatever is being
proposed for application here, it's not going to be the same thing that's
being applied to the box of Cheerios.

The problem isn't that some forms of RFID can be read at certain distances,
or given speeds, it's how and where they might be used, and especially if
and where mandated.  I don't see anything in the solicitation, for example,
that suggests that DHS wants to put such tags on all vehicle license
plates, which I would have some problem with; so far as it reads, the
possessor of such a border ID could (as FasTrak suggests, if you're
concerned about privacy) mask the device with a mylar bag, so long as they
took it out for reading where required (i.e., traversing a U.S. national
border).

The above isn't to say that there aren't privacy issues associated with
RFID (see http://www.stapleton-gray.com/papers/ for some thoughts on
various of these); it's certainly not to say that we shouldn't be concerned
at government actions to increase surveillance across the board (and the
whole warrantless wiretap issue is astonishingly quiet on Capitol
Hill).  But the DHS solicitation seems to be specifically targeted at an
application with little risk of spilling into a broad threat.

I've found that the DHS Privacy Office has been quite good at raising those
issues, and mandating Privacy Impact Assessments... Here's some discussion
of US Visit and its PIA:
http://www.immigration.com/newsletter1/privimpassdhs.html

Ross



----
Ross Stapleton-Gray, Ph.D.
Stapleton-Gray & Associates, Inc.
http://www.stapleton-gray.com
http://www.sortingdoor.com




-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: