A double-edged sword
Radio frequency identification, or RFID, technology paradoxically has the potential to speed the flow of people and goods coming into America while enhancing the effectiveness of U.S. Customs and Border Protection agents to monitor who and what flows into the country through its ports and across its borders. However, its adoption is becoming ensnared in fear, uncertainty and doubt.
Civil libertarians have protested the use of RFID in travel documents, saying it’s ultimately a means to track people. Commercial entities that were bullish on RFID for supply-chain management prior to 9/11 are now waiting for the U.S. government to provide clear direction as to what it would expect of container-tracking systems that now also must be designed to increase border security. At the same time, some have raised the specter of RFID tags carrying computer viruses.
WHY THE CONTROVERSY?
Futurist Thomas J. Fry, executive director of The DaVinci Institute, says the angst is part of the natural course of events with innovative discoveries.
“Whenever someone invents a new technology, the technology gets invented for all the right reasons,” he said. “But you can always figure out how to exploit a new technology for all the wrong reasons. In the privacy world, the RFID chip has the potential to be extremely invasive. There’s a constant three-way attention between privacy, security and convenience. … There’s a constant battle to find a balance.”
Fry points out there are plenty of items taken for granted daily that could be used for nefarious purposes. “There are tons of products in the grocery store that can be abused. The downside of technology is that any one can be abused, but we try to put systems into place to protect us. It’s a constant effort with every first-generation technology.”
Testing what RFID can — and can’t — do for travel documentation already has begun. The US-VISIT program, operated by the Department of Homeland Security (DHS), is running a pilot program using RFID technology at five land ports of entry in the states of Arizona, New York and Washington. More than 280,000 RFID-enabled I-94-A travel forms were issued to border crossers between the start of the program in August 2005 through the end of May 2006. Each form contains a passive RFID tag embedded in the receipt portion of the form that is required to be filled out by non-immigrant visitors who are required to have visas to enter the U.S. The tag is associated with a random serial number linked to a secure database.
“There’s no [personal] data on the form,” said a US-VISIT spokesperson. “[The RFID tag] is just used to pre-position information for the officer.” When read upon departure, the random serial number is used as an index to retrieve basic biographical information for a border officer to review.
The pilot program is designed to test the technology to ensure that it is able to enhance border security while facilitating travel across the borders. Future phases will extend the number of ports that use the RFID-enabled forms and extend the program to vehicles crossing the border, possibility in combination with license plate readers.
The DHS would like to extend RFID use to passport control. Tests are now under way at San Francisco International Airport to read passports embedded with RFID tags. Australia, New Zealand and Singapore have begun to issue RFID-embedded passports, while the U.S. is in the process of working out details for an electronic passport that would store information and a digital photograph on a more elaborate RFID tag.
BIG BROTHER IS WATCHING
For the Electronic Frontier Foundation (EFF), one RFID tag is one too many. “EFF has a general sort of issue against location tracking that includes GPS, RFID, video surveillance cameras, biometrics,” said Lee Tien, an EFF attorney. “Looking at the landscape, you can see quite a number of different programs embedding this technology. Driver’s licenses, machine-readable travel documents, as well as visas and I-94s. It’s a technology that’s become very popular in government circles. We’re concerned no one has taken an overall look at the impact of the technology.”
Tien asserts DHS has not done its homework concerning the use of RFID in the travel forms. “What’s the problem they’re trying to solve?” he asked. “If you focus just on the [document], you can’t track someone. It’s not clear to me that this is a useful device in the first place. … What I think from reading the [briefing] materials, they have a preconceived idea to use this technology rather than figuring out what the right technology is.”
The notion of moving RFID into U.S. passports is more egregious, according to Tien, who predicted that the potential for tracking people’s whereabouts would increase as RFID readers proliferate in daily life. “It can be used as a tracking device, but more importantly, the RFID tag [in the e-passport] broadcasts personal information,” Tien said. “You’re using a technology that exposes information, so there’s a problem of personal information leakage.”
RFID tends to be “promiscuous,” responding to a reader regardless of the context of the query, Tien said. Without appropriate safeguards, a tag will respond to any reader at the right range, making it possible for third parties to activate the tag and utilize the information it contains. Even with a legitimate transaction using a legitimate reader, information can be transmitted in the open and picked up by a third party close enough to listen in, he said.
“We have no objection to [magnetic] strips or contact cards,” said Tien, noting that the State Department is looking at a method to secure its e-passport by first scanning the passport optically to provide a “handshake” for authentication before it will broadcast its contents. “When you implement it properly, it almost turns the [e-passport] tag into a contact card. … If that’s the case, then why don’t you just use a swipe card in the first place?”
For its part, the DHS says it has done its homework on the privacy implications of RFID. “I take it very seriously,” said Maureen Cooney, DHS’s acting chief privacy officer. DHS is the first federal agency required by law to have a privacy office assigned with the mission of minimizing the impact of DHS operations upon the individual’s privacy, particularly when it comes to personal information. “RFID isn’t special in [the way it is handled],” Cooney said. “There’s a technology-neutral approach when designing a program. We can see both the pros and cons of using a particular technology for a particular program.”
DHS has multiple layers of processes to assess the role of technology and its impact upon privacy, starting at the beginning of a program cycle. A privacy impact assessment (PIA) is conducted at the beginning of the funding cycle that examines the risks of any technology to be implemented in a DHS program. The review looks at how information in a program is collected, used and retained; how information can be protected, assessing where privacy risks are in the program; and how those risks can be mitigated in an in-depth, standardized process.
Once the program moves out of a pilot stage and into deployment, privacy assessments take place during a phase called the lifecycle development system review.
“We look at trigger points during a program to make sure we’re on track on privacy and security,” Cooney said. “After a program is deployed, there may be either a dedicated privacy officer or privacy manager” to manage and monitor privacy issues.
The US-VISIT program has a dedicated privacy officer who handles any types of concerns, questions or redress concerning citizens of, or visitors to, the U.S. Finally, DHS conducts regular program audits for privacy compliance. “There are ways to embed auditing in the types of technology that are used to determine whether or not they are following the processes and practices we are requiring,” Cooney said.
GETTING BACK ON THE FAST TRACK
Meanwhile, cargo companies and IT systems integrators are eager to receive a clear statement on the U.S. government’s expectations for tracking the movement of containers from around the globe into the country.
“After 9/11, security became the primary focus,” for RFID tags, said Lani Fritts, chief operating officer of Savi Networks. “The [container monitoring] was going at a certain rate and should have jumped through the roof. But [the uncertainty] really slowed it down a little bit. Some people are sitting on the fence, waiting for DHS or customs.”
Prior to 9/11, companies had focused on using RFID technology for supply-chain management by keeping track of goods and containers to and from factories and warehouses worldwide. It is a business that RFID service provider Savi has cultivated for more than 17 years, starting with a solution for the Department of Defense. But the market hasn’t grown as rapidly in a post-9/11 world as Fritts once expected.
“Companies focused before on efficiency, but now some are waiting on security requirements,” he said. “To their credit, DHS has been trying to sort this all out, but because there’s not enough specificity yet in the requirements, it does cause a lot of people to sit on the sidelines.”
Nevertheless, a number of companies committed to better supply-chain management and internal risk management are moving forward with RFID technology, including giants such as Dow Chemical.
“The good news is commercial companies are committed to [RFID],” Fritts said. “They have business initiatives and business problems they have to solve today.”
RFID is only one of several technologies necessary to ensure that a container hasn’t been tampered with. “RFID [alone] will not allow you to know what’s happened to a container along its trip,” said Eric Gabrielson, IBM’s director of worldwide RFID solutions. “If you tie RFID with a global positioning system, you’ll be able to know if that container went to a port not listed on a manifest.”
Other sensors are necessary to ensure that a container remains sealed from origin to destination and a satellite data link adds significant value, allowing for real-time tracking, monitoring and analysis.
One of the most important unanswered questions concerns who would control the monitoring of containers coming into the U.S.? Would it be DHS or the container’s owner? “What I would tell you from the business side, most people want to own their own data,” Gabrielson said. “They want to be able to … share that with their trading partners. The driver is to get those ships in and out more rapidly so our economy continues to grow. If you know what’s coming in, there are a lot of other benefits that shippers can provide to their customers.”
If RFID container-monitoring standards can be established to the satisfaction of both private industry and the government, advantages abound when it comes to ground border traffic, because intensive screening could be focused on vehicles that cross the borders only periodically or sporadically. Almost 50% of cross-border traffic volume is attributed to regular business shipments. Pre-screened and/or RFID-tagged shipper-certified container shipments would have access to an express lane to expedite clearing customs.
“If you’re a transportation person, you’re going to know how much time [trucks] spend at these checkpoints,” Gabrielson said. “If one gets pulled out randomly, that’s an hour and a half, two hours one of my drivers is down. That’s a cost to my business. … If [shippers] are in a different program, and they can move right through, there’s a big benefit.”
Gabrielson envisions participation in an RFID container program as voluntary, similar to the use of electronic tags for paying tolls. “It’s an opt-in approach. You don’t have to have one,” he said. “You put the decision on the person to participate. You look at it and say ‘Hey, I go across a bridge every day. If they open up three lanes on EZ Pass, I’m going to be able to move more rapidly through those toll booths.’”
MUCH ADO ABOUT NOTHING
One RFID fear — viruses — is overblown, according to Guy Denton, IBM’s ethical hacker. Denton’s job is to find the weaknesses in IT systems and provide ways to secure them, so he’s spent time examining RFID for corporate America.
“RFID is getting to the environment that the Internet was a few years ago,” he said. “Input validation [of data] was not done correctly. There’s no authentication, modification of tags, privacy of data. Encryption technology sometimes has been tested; sometimes it hasn’t.”
Although a more expensive RFID tag has the potential to carry a virus, it’s just another way to carry data, which means security experts should be able to mitigate the potential for virus attacks. “You don’t just trust the data, you have to check the data first. That’s the same with any other application — that’s not unique with RFID,” Denton said. Next-generation RFID systems will likely feature “smarter” tags embedded with anti-virus software that back-end systems will use to scan imported data, just as PCs do today when e-mail and files are downloaded.
A more immediate and real concern is the current cost/benefit trade-offs manufacturers are willing to take to implement RFID tags, according to Denton. A passive 5¢, “very dumb” tag is “wide open” without any encryption features. Higher-end tags that support encryption and more elaborate security features cost $5 to $10.
“It’s a cost issue. … Most go with the cheaper version,” he said.
Futurist Fry had his own view of RFID’s issues. “I see RFID as an interim technology for recognizing and finding items,” Fry said. “[But] when you start analyzing objects and start zooming in, you start seeing all the possibilities of attaching information to all these objects out there. … Is that a good thing or is that something that just gives us data overload?”
Privacy advocates argue that a poorly implemented RFID tag system for travel documents has the following potential problems:
- Information could be intercepted by a third party listening for the RF data being broadcast during a legitimate transaction.
- A tag could be improperly activated by a third-party RFID reader.
- It can be used as a tracking mechanism, as RFID readers proliferate worldwide.