Broad enterprise adoption of RFID is inevitable — but its potential won’t be reached if the industry doesn’t handle privacy issues.
In a report released on Thursday, IT research firm Burton Group said that RFID has promise for keyless access to buildings, gates and autos; cashless payments; tracking of high-value goods; highway toll collection; and identifying pets.
But clumsy implementations and bad communication have tainted early implementations of radio frequency identification (RFID), the automatic, contactless identification technology, report author Gerry Gebel warned.
Clandestine tests of RFID in stores riled privacy advocates, who asked Congress to legislate consumer protections. In April 2004,the California Senate passed a bill setting standards for the use of the technology in libraries and stores.
RFID tags emit a unique identifying code when they come within distance of a reader; the reader passes the code back to a database that connects to enterprise applications and systems. Burton Group includes contactless smart cards, which add RFID to typical smart card features, in the category.
In one possible scenario, smart badges for employees could enhance the security of corporate data and physical assets: “Employees wear smart badges, enter smart buildings with RFID readers that track their whereabouts, and access systems that recognize smart badges. When employees leave their workstations their computers automatically lock.”
In this hypothetical installation, printers would only print documents when employees physically approached the printer wearing their smart badges; as employees left the building, more RFID readers would make sure the employees only carried out permitted devices and documents.
But Gebel said that there are massive challenges to be solved before such an implementation is possible. The cost of buying and installing tags and readers is only the first barrier. “A massive data integration challenge must be solved before every employee’s moves can be continuously tracked,” he wrote.
For consumer-facing businesses, Gebel advised a comprehensive communications program to inform consumers and address their concerns. “Privacy considerations must be given higher priority,” he wrote.
Tag security is also an issue for business, Gebel warned. Portable reader devices could potentially rewrite information in clear text on tags, while strong magnetic fields could erase data. RFID systems designed to prevent theft could be thwarted by broadcasting false signals on common RF bands or by switching tagged merchandise with clones of valid tags.
Gebel also pointed out that eavesdroppers could intercept the transmission of data between reader and tag, a possibility raised by critics of the U.S. e-passport initiative, including the American Civil Liberties Union.