Homeland Security's RFID Tags Can Be Used to Track Users

Dennis Faas's picture

U.S. residents living in a state bordering Canada or Mexico may reportedly be given a remotely readable driver's license designed by the Department of Homeland Security (DHS) to identify U.S. citizens as they approach the nation's borders as a way to save time and simplify border crossings.

The DHS was created after the attacks of 9/11/01. Residents may want to think twice before signing up for the department's new program.

The licenses come equipped with radio-frequency identification (RFID) tags that are readable through wallets, pockets or purses from as far away as 30 feet. Tiny microchips encoded with a unique identification number are incorporated into the licenses.

When the bearer of the license approaches a border station, radio energy broadcast by a reader device is picked up by an antenna connected to the microchip, which causes it to emit the ID number. Before the license holder reaches the border agent, the number has been fed into a DHS database and the photograph and other details of the traveler are displayed on the agent's screen.

The 'enhanced' driver's licenses are just the latest addition to the growing array of 'tagged' items -- including but not limited to toll passes, office key cards, school ID's, credit cards, clothing and phones -- that will be voluntarily offered through selected states, but privacy and security experts are concerned that people who sign up for the program aren't aware of the risks involved: anyone with a readily available reader device can also access the data on the licenses remotely and track people without their knowledge or consent.

New Privacy and Security Problems

The growing shift towards embedding RFID chips in official identity documents has created a new set of privacy and security problems because RFID is such a powerful tracking technology. Little if any security is built into the tags and existing laws offer scant or non-existent protection from being illegally tracked and profiled.

Dozens of countries, including the U.S., issue e-passports with RFID tags embedded in their covers. Some have tried to persuade people that "a level of protection that should reassure the most anxious passport holder that his personal data cannot be read without his knowledge." Security experts quickly proved otherwise, but that has not slowed the adoption of RFID. Countries around the world, especially those like China that love to track their residents, are rolling out RFID-based ID's for their citizens.

The major difference between other nations' uses of RFID-based ID cards and the driver's licenses proposed by the DHS is the technology. Other nations' RFID technology was developed specifically for identification and payment cards and has a degree of easily-beaten security and privacy protection built in. Technology in the driver's licenses proposed by the DHS is designed to track products in warehouses where the goal is not security, but maximum ease of readability. More information on the differences in the RFID technology can be found in the article from The Scientific American.

Privacy and security concerns aren't the only reason to be concerned. Remotely readable identity documents that are easily abused by governments wishing to tightly monitor and control their citizens is also an issue, especially when the government out-sources work to large, private corporations. Anyone familiar with the illegal spying conducted for the U.S. government since the Bush administration was appointed to the White House in 2000 is familiar with how often and how easily large corporations abuse their customers privacy and rights.

An IBM patent granted in 2006 describes exactly how the RFID cards can be used for tracking and profiling persons using RFID-Tagged Items in Store Environments -- detailing a surveillance world where networked RFID readers called "person tracking units" would be incorporated virtually everywhere people go to closely monitor people's movements.

The link between the unique RFID number assigned to a person's identity only needs to be made once for the card to serve as a proxy for the person thereafter. IBM's tracking unit is still only a patent, but the privacy and security implications it can cause could be incredibly mind-numbing.

In today's world, there isn't any desire to protect consumers when they can be so easily and inappropriately tracked and monitored by their governments. Consequently, when consumer-protected RFID bills are introduced, they are killed or gutted by heavy opposition from lobbyists for the RFID industry on both state and federal levels, the same type of problems that have affected other politics in Washington D.C. Until legislation is passed on state and/or federal levels, there is potential for abuse.

Visit Bill's Links and More for more great tips, just like this one!

Rate this article: 
Average: 5 (1 vote)