Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • IT Management
    • Mobile

    DHS Subcommittee Questions RFID Security

    By
    Renee Boucher Ferguson
    -
    May 24, 2006
    Share
    Facebook
    Twitter
    Linkedin

      Despite the U.S. Department of Homeland Securitys efforts to steamroll through the use of RFID technology in all U.S. issued passports by the end of 2006, not every governmental entity believes RFID is the answer to speedier passport checks.

      A draft report released May 23 by a subcommittee of the DHS Data Privacy and Integrity Advisory Committee (a group within the DHS Privacy Office) urges that the government “consider carefully” its use of RFID to track people.

      The reason: the technology is rife with security and privacy issues, the report said.

      “RFID increases risks to personal privacy and security, with no commensurate benefit for performance or national security,” reads the report, titled “The Use of RFID for Human Identification.”

      “Most difficult and troubling is the situation in which RFID is ostensibly used for tracking object … but can be in fact used for monitoring human behavior.”

      The point, according to the DHS subcommittee report, is that utilizing RFID to track individuals presents potentially risky outcomes that are currently “difficult to predict.”

      At the same time, RFID technology will not present any of the speed and efficiency gains the DHS said it will achieve in implementing electronic passports.

      Potential risks include the prospect that individuals will “likely be subject to greater surveillance,” and will be less aware of what information is being transferred, or when its transferred, and may have personal data intercepted.

      The report points out two commonly known security breaches possible with RFID data transmission: skimming and eavesdropping.

      Skimming happens when someone creates an unauthorized connection with an RFID tag to gain access to the data contained in it. Eavesdropping, on the other hand, is the interception of the communication between an RFID tag and reader to gain access to data being transmitted.

      While the State Department, which will be the issuer of electronic passports, will incorporate technology that blocks skimming through encryption, its not the entire answer, according to the Privacy Office.

      “Though indecipherable itself, the encrypted information can act as an identifier if it remains the same each time it is skimmed,” according to the report.

      The DHS Privacy Office is not the first governmental agency to release such findings. In May of 2005 the U.S. Government Accounting Office released a report titled, “Information Security: Radio Frequency Identification Technology in the Federal Governments” that identified a number of security issues.

      /zimages/2/28571.gifLogan Airport to demonstrate baggage, passenger RFID tracking. Click here to read more.

      The basic complaint posited by that report is that without effective security controls, data thats transmitted through the air can be intercepted for potentially nefarious means, and data stored in databases can be accessed by unauthorized users.

      However its unclear what, if any, impact either report will have on the DHS plans to move forward with its electronic passport plans.

      “When DHS does choose to use RFID to identify and track individuals, we recommend the implementation of specific security and privacy safeguards,” says a telltale passage in the report.

      Neither a Privacy Office or DHS spokesperson was available at press time.

      Some privacy advocates also see an inconsistency with the subcommittees report.

      “Its a good idea that the Privacy Office is trying to put the brakes on RFID in passports,” said Katherine Albrecht, founder and director of RFID watchdog organization CASPIAN.

      “But theres one other important point: Where [the Privacy Office] was really sounding the alarm on privacy, they were hedging their bets with a compromise conclusion—that there are ways to use RFID if you put the appropriate safeguards in place.”

      Security and privacy advocates would argue the point, according to Albrecht.

      The DHS Data Privacy and Integrity Advisory Committee is set up to advise the secretary of the DHS, along with its chief privacy officer, on technology issues that affect individual privacy as well as on other privacy related issues.

      The report suggests a number of things the DHS can do to ensure more security and privacy for electronic passport carriers, including: employing a deactivation, or kill switch, to shut off RFID data transmission after a certain time; employing blocking technology to deter skimming and eavesdropping; adopting an “opt in/opt out” framework so that people can chose whether or not to have their passports embedded with an RFID chip; and mitigating secondary use by reducing the compatibility of readers and tags.

      In January 2005, DHS announced that it would start testing RFID technology at five U.S. border crossing points. The tests, which have continued through the spring of this year, are part of an earlier initiative by the DHS, US-VISIT, to gather digital fingerprints and photos of all non-U.S. citizens entering the country.

      The DHS is also testing RFID at airports, through its CAPPS program.

      Presumably building on its findings, the DHS said in 2005 that it would enable all U.S. passports with passive RFID chips by the end of 2006, despite an overwhelming majority of objections from citizens that weighed in on the subject during the State Departments call for public comments.

      Of the 2,335 remarks received regarding the introduction of electronic passports, 98.5 percent were negative. Over 2,000 people listed security and privacy as a top concern.

      The Privacy Office subcommittee report will be reviewed before the full committee June 7, after general comments are solicited.

      /zimages/2/28571.gifCheck out eWEEK.coms for the latest news, reviews and analysis on mobile and wireless computing.

      Renee Boucher Ferguson
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×