Would you wear a tattoo with a bar code on your wrist if it made it easier to get on the bus or ferry? Would you carry a lighted sign on top of your head that said, "I am an American," so you could go through immigration and customs more quickly at the airport? How about letting a stranger ride in your car - a stranger who took notes whenever you crossed a bridge - if it meant not having to stop to pay a toll?
You could soon be living a high-tech version of all these scenarios without your knowledge. Advances in miniaturization technology have led to radio transmitters the size of a chip. And these tiny radio frequency transmitters are now making their way into items such as bus passes, driver's licenses, passports and more, giving these items the power of remote communication.
Radio Frequency Identification (RFID) tags promise to make it easier to access toll roads, get on the bus or train, or breeze through customs and immigration at the airport. But in their present form, these tags lack safeguards to prevent the unauthorized reading, collection and misuse of their information. Their premature use in transportation and identity documents - anything dealing with people - could expose millions to identity theft, tracking and surveillance, and other invasions of privacy.
At its most basic, an RFID tag is a radio antenna with a memory circuit. It can be programmed to hold information and to transmit that information to a receiver or RFID reader. This ability is very useful in identifying something from a distance.
During World War II, for example, allied planes carried RFID tags to let air defenses know that they were not from the enemy. Shipping companies regularly use RFID to track packages. Security companies add chips to wireless keys to permit entry into buildings after hours. Retailers put them in clothing to prevent thieves from lifting items out of a store.
RFID already is being incorporated in transportation and identity documents. New U.S. passports already have incorporated RFID chips, which allow customs and border protection officers - and anyone else with the proper equipment - to read them from up to 30 feet away. Under the federal REAL ID Act, states must start issuing new driver's licenses that contain machine-readable data, and one of the possibilities for data transmission is RFID.
In Washington, RFID systems are being introduced in road and bridge tolls. The new Tacoma Narrows Bridge "Good to Go!" system will allow drivers with an RFID sticker on their windshields to go directly across the bridge without stopping at a toll booth. An overhead antenna pole will remotely recognize RFID tags that program participants will place on their cars and use that RFID to charge the owners' accounts. Drivers who drive through without RFID tags installed will have their pictures taken, with fines arriving by mail. The time and date of bridge-crossers with RFID stickers will be recorded and kept in databases, enabling the tracking of commuters' driving habits.
In addition to tagging cars, smart cards (cards with embedded microprocessors) are being tested to facilitate public transportation in the Puget Sound region. The regional ORCA Smart Card will consolidate pass cards for the Washington State Ferries, King County Metro, Sound Transit, Community Transit, Everett Transit, Kitsap Transit and Pierce Transit.
Riders with an ORCA card will be able to use it on all of the systems, with fares automatically deducted from their pre-paid accounts. The card itself will use contact-less technology so riders can simply wave the card in front of a card reader when they get on a bus, train or ferry. Yet the microprocessor on the card will enable the collection of unprecedented amounts of information on the riders of public transportation. It remains unclear what specific protections will prevent cardholders from being tracked or identified and keep the details of their riding habits private.
The usefulness of contact-less applications is clear, but it comes with a loss of individual freedom. The same element that makes RFID tags useful in identifying and tracking things makes them very dangerous in identity or transportation documents used by people.
They can be read from a distance, by anyone with equipment readily available online for as little as $200. Most tags lack encryption, making personal information in them vulnerable. And the cheapest RFID tags lack an "off" button or any other way to disable them when they are not needed.
Consider the type of information found on a driver's license: your address, birth date, description, photo, maybe a fingerprint. If this information were programmed into an RFID chip in the license (a possibility with REAL ID), it could be read by someone else at a distance, without your permission or knowledge.
Once he or she broke the standardized security mechanisms used in such a proposed nationwide license, a thief with a reader could sit in a mall and lift all this information. And that stolen information could easily end up on a cloned RFID tag embedded in a fake ID, allowing someone else to use your identity.
Even if a person carries a document with a very simple RFID tag that only transmits a number or some other identifier, that person's privacy is still at risk. In practice, that person is carrying a unique mark that can be tracked.
An RFID tag used in a toll-road system or for a bus pass could allow someone else to track driving and traveling patterns by the ID number. If that tag is in a license or passport, the implications are staggering - marketers could keep track of customers as they move through a mall, noting their shopping patterns without their knowledge; government officials could scan political meetings and rallies and record the identifiers of attendees; terrorists could scan these signals to target Americans abroad.
RFID tags in transportation and identity documents must have strong technological safeguards to protect the information they hold and the people who carry them. Implementing such safeguards will come at a cost and will have limitations. But they are better than implementing RFID that indiscriminately gossips its information to anything - or anyone - that can read it.
We can start by ensuring that RFID uses involving people or personally identifying information meet some very basic guidelines:
- Make sure that RFID-enabled documents only respond to their intended readers and include strong encryption to protect sensitive, personal or financial information.
- Provide people with the ability to "turn off" RFID chips in their possession so they can control when and how their information is accessed and lower the chances of being unknowingly tracked.
- Incorporate secondary forms of authentication into documents using RFID, to prevent cloned documents from being used.
RFID use for public services is innovative. As the technology continues to evolve to protect our privacy and secure our data, we should carefully consider what we gain - and lose - by allowing our bus passes, driver's licenses, cars and passports to incorporate primitive RFID without safeguards.
After all, without protections in place, who knows what your RFID tags will say behind your back and who will be listening?
Christina Drummond is the director of the ACLU-WA's Technology and Liberty Project. Roberto Sanchez is a writer with the ACLU-WA.
