RFID - truth and fiction

Andy McBain, product manager, Motorola Enterprise Mobility business, EMEA, considers the myths and realities of RFID and privacy.

With the price of RFID tags coming down, more and more companies are investigating the benefits this technology can bring. However, with growing interest also comes scepticism and scaremongering. There have been many mistaken assumptions and unsupported assertions around RFID, specifically about its impact on privacy. For example, many consumers confuse the RFID tags designed for commercial use with GPS tags used for tracking people.

As a result they have come to believe that RFID is simply the next stage of a Big Brother environment and that the technology, when embedded in products, can be used to track peoples whereabouts. However, this simply isnt the case. Today, individuals are not monitored from store to store, even if the stores have readers; the features available in the tags allow them to be disabled at checkout.

What is and isnt possible with RFID depends largely on the tags used and ultimately the cost of the system. There are two types of RFID tags; passive and active. An active tag is more expensive and contains a battery and a transmitter to send information to an RFID reader. Active tags are larger than passive tags but can contain more data about the product and are commonly used for high-value asset tracking as they have read rates of up to 100 feet. Passive tags, however, are smaller and dont contain batteries. Instead, they are powered by the radio signal of an RFID reader and therefore the read range of the tags is shorter often less than 20 feet.

Human intervention not required

Active tags are generally used when the tag needs to store information related to products en route, such as during the transportation of medical goods. The active tag can use its battery power to provide reads on a regular basis without being activated by an RFID reader. Thus, the tags can be used without human intervention to monitor temperatures and ensure the medication isnt damaged during transport. Conversely, the RFID tags currently used in retail stores are generally passive tags, which are only read when the radio waves from an RFID reader activate their antenna.

The higher costs of active tags and the desire of retailers to ensure customer privacy have resulted in retailers using passive tags in retail environments. It is unlikely that any retailer or manufacturer is going to triple the cost of an RFID implementation by using much more expensive active tags, when they wont bring any discernable benefits; hence the tags tend only to be tracked in the store environment where RFID readers are present to activate them. 

Privacy assured

Many people also believe that RFID tags could jeopardise privacy and information security because they store valuable personal information, which, if accessed, can potentially lead to identity theft. However, RFID tags used in the retail environment today dont contain any confidential information at all. Instead, these RFID tags store and transmit only a Unique Identifying Number (UIN) to a reader, much like the number associated with a barcode, which is often printed beneath it. In most cases, the tag will reference the item itself and will have no information on it to identify anyone who has bought or handled it. This UIN may then be associated with information about the person/item which is maintained in a database that can be secured inline with industry standards. Because the information is not transmitted between the chip and the reader, access to this information is limited to those who already have clearance for the database.

The plan to put RFID tags in biometric passports has created a great deal of excitement in some media. However, this is often based on a misperception that RFID passports are there to allow faster, contactless checking of credentials in order to enter a country. This isnt the case. In reality, the purpose is to be able to store more information electronically on the passport to enable greater security. In order to gain access to the electronically stored information, the passport will need to be swiped through a special optical character reader before the information can even be transmitted, thus even a person with a mobile RFID reader cannot collect and access this information. 

Harder for hackers

Peoples privacy could actually be enhanced and not compromised as the information stored on the RFID chips will be encrypted, making it even harder for hackers to read the information. In fact, the inclusion of an RFID tag in an identification document like a passport dramatically increases the level of technological sophistication needed to produce a forged document. This limits the number of fraudulent travellers, reducing the number of individuals entering countries illegally.

As well as the unfounded myths surrounding privacy, there are also concerns about the security of the tags and readers. However, the release of the RFID Generation-2 standard has helped maximise security with options available to add passwords on individual tags to prevent them from being copied. This will give users the same protection as any password-encrypted technology such as the use of PINs when paying for goods on a credit or debit card.

Along with the new encryption methods, humidity and temperature sensors will also make it harder for anyone to tamper with a supply chain RFID tag undetected. The applications enabled by RFID are vast and, in some ways, only limited by a lack of creativity. If companies can only recognise and put aside the myths about RFID, they too can share in these benefits.