Today’s story on RFID in new Washington state driver licenses and ID cards is only part of a much larger story about the growing use of RFID technology in all kinds of applications. More public discussion about the impact of these technologies seems warranted.
A few readers called or e-mailed me with questions about the story, which I’ll try to answer.
Q: Why wasn’t there a way for the public to find out about this and weigh in before the decision to go with the new driver licenses was made?
A: I’m not sure, but not all the technical details are finalized, so there may be room for change. Here is what we know so far. The U.S. Department of Homeland Security wants the system to be compatible with its Nexus program, so states essentially accept whatever strengths or weaknesses come with that program.
Q: What can the “average citizen” do to fight against these tracking devices? Sure, they have “good intentions,” however, I for one am very concerned about the intrusiveness of the government into our lives. It seems we have less and less rights all in the name of security.”
A: The ability to opt in or out is key. At least for now, the Washington state system is voluntary.
Rene Martinez, a veteran of IBM’s research labs, helped invent the new generation of long-range RFID technology. Controlling technology is difficult because it’s always changing, he said. It should be behavior that any new laws attempt to control.
Martinez proposed the idea of an “electronic anti-stalking law,” which would protect citizens or their property from being tracked by a government, company or person without permission.
Nicky Ozer of the Northern California chapter of the ACLU said that doesn’t go far enough. Since RFID can be used surreptitiously, individuals don’t know they are being tracked. She pointed to the case of seat belts.
“The combination of modifying the technology to make it safer and combining it with regulating behavior” is the right approach, she said.
Here is a list of current RFID-related bills in California. Here is some information on the Washington bill, which the WSA and a number of business groups opposed, saying it would create onerous new legal liabilities.
While most experts agreed that RFID is inherently insecure technology, there are ways to deploy it that capture its effectiveness and still protect privacy. One example is the Seattle Public Library, which uses an RFID system to check books in and out. The system does not store personal identification on the RFID tag, and it erases data in its system about who borrowed what book as soon as the book is checked in.
Update: Here’s a tool that might come in handy someday.