RFID

David Stevens
MCS 760
April 30, 2007

RFID position paper

The idea of RFID tags have a George Orwell feeling to them. The idea of being implanted, wearing, or carrying an RFID tag makes some people feel that they are exposed to government tracking and other “big brother” concepts. The paranoia surrounding RFID does not make the ideas business applications any less attractive it just means that business must be careful from utilizing RFID to monitor or impose upon their customers’ privacy. Using RFID tags to manage inventory is going to replace the current barcode method. RFID tags will allow business to process their inventory with greater ease. A palette of goods could be pushed through an arch that reads the passive RFID tags on the boxes to count the units and then send the number to be added to the inventory total.

Another way to use RFID tags is to create a keycard with an RFID tag to open a lock. I have had personal use of such a key to get into work. The key made it a lot easier for management to monitor their employees by serving multiple functions. The keycard did not hold any private information that could intrude on the employee’s privacy rather it only held the employee ID number. This small amount of information was able to grant or restrict employee access into the building and function as a employee time clock. This freed up management resources from having to monitor when an employee showed up for work, and the frequency of fixing payroll problems when an employee had forgotten to punch in on the old time clock was decreased. Some problems could still arise from requiring each employee to wave their keycard within a couple of inches from the reader to start their shift. A flaw in the system required that employees enter the building one at a time to allow the system to monitor access to the building and make sure that employee records would indicate when the employee arrived for work and to make sure that someone was not in the building when they were not authorized to be there. This problem would seem like the largest burden placed upon the end-users, but actually it was the need to swipe the keycard on the way out of the building when one was done working that caused the most problems. The door was not locked from the inside, so employees were able to exit without clocking out once their shift was finished. This would force management to go into the time log and manually clock out the employee. It was not a major inconvenience for the management, but requiring them to manually correct a system that was intended to be automated just lowered the managers’ efficiency.

The passive RFID tags placed on keycards, in the US passport, and on boxes for inventory tracking are low cost and relatively safe. There is the possibility that someone will try to clone the tag; however, for it to be cloned the tag needs to be in close proximity of the criminal’s scanner. Criminals are able to gain the information on the tag if they are able to get close enough to scan it. However, the information on the tag itself is not always of value to the criminal. The database should be setup in a way that only a few individuals have access to the building at anytime, so if the criminal obtains the ID number of a typical employee then their access to the building will be restricted from times when they would be hoping to commit criminal activities. In some instances it might almost be safer to provide the top management with ordinary keys for their access into the building during atypical hours. The active RFID tags are the type that evokes the feeling of a police state. An active tag is capable of sending out its signal without relying on the scanner. The passive tag does not have power to send out its signal, the scanner that reads the tag provides the power source. The active tags would be capable of sending out signals in a clandestine manner, but the fear of being spied on through the use of an active tag is not that intimidating when the ability to track people through GPS is widely available.

The major issue that I have with RFID tags is the information that is stored on the tag. The data on the tag should be small and should not contain information that can be used without a corresponding database. It is reckless when the information on the tag is useful to criminals on its own. The new US passports contain a RFID tag that contains personal information about the passport holder. It not only contains the information that identifies the passport holder, but it also contains a digital photo of the individual. This is an example of RFID tag usage that is frightening. To have all of your information capable of being stolen without even losing the passport is not an appealing prospect for people. When personal information is stored on the RFID tag it makes the belief that one needs a Faraday cage / shield to stop unauthorized reading of the tag seem more prudent than paranoid.