I contacted the authors of the ABI Research Article mentioned in the previous post. Both Mr. Collins and Mr. Liard graciously accepted my LinkedIn invitation, and I used the messaging system to send them both a message. Here is a what I wrote:
Your recent paper titled "Developing a Corporate Plan for RFID Adoption: Enterprise RFID Blueprint and Program Management Considerations" fails to address security issues surrounding RFID. Was this intentional. We discussed this at the RFID Security Alliance, and find it a bit alarming that ABI Research, a trusted research firm, is failing to address this. Can you please expain?
Both Mr. Collins and Mr. Liard replied. Mr. Collins told me he would forward my inquiry to Mr. Liard, and Mr. Liard sent me this response:
Thanks for your interest and comments, Mike. The ABI Research RFID & Contactless team appreciates your feedback. The reason that security was not mentioned explicitly in the article is simply because it was a short, focused piece and the focus was not security. As a security specialist we can understand how you would be eager for the topic to be explicitly included as often as possible. Security is of course an important aspect of any RFID deployment and ABI Research often has highlighted issues and strategies with regard to implementing security-conscious RFID applications for many years and in many pieces of research. We are sure you will agree that to dismiss those efforts on the basis of that a single article is a bit unjust given the original intent of the piece: for users to consider value propositions and understand that RFID deployment plans must be structured to appreciate both the business process and technology change. The onus of educating enterprise end users on current and potential security considerations is not the lone responsibility of each item of research published nor of any single group or player in the RFID space, but rather, through combined messaging and commitment from all parties in the value chain. We continue to engage with and monitor companies specializing in RFID data and system security and will consider sharing more of our thoughts on RFID security in the public domain in the future.
Regards,
Michael J. Liard
Research Director
RFID & Contactless
ABI Research
I wish to sincerely thank both Mr. Collins and Mr. Liard for their replies.
Tuesday, May 20, 2008
Wednesday, May 14, 2008
Maybe If We Don't Talk About It The Problem Will Go Away.
When I was growing up there was a neighborhood kid whose parents chose to ignore his fits and general bad behavior, despite the fact that it was causing general discomfort to all those around him (myself included). Needless to say, he grew up to be the neighborhood bully, and eventually ended up going to prison for armed robbery. Ignoring him did not make the problem go away.
Unfortunately, that is the exact tactic many "experts" in the RFID industry are taking when it comes to RFID security. They are simply choosing to discuss nearly everything about RFID implementation EXCEPT security. Lets take, for example, an study recently published by ABI Research (a trusted research firm) titled Developing a Corporate Plan for RFID Adoption: Enterprise RFID Blueprint and Program Management Considerations. The publication is quite well written, and discusses practically all management considerations, with the exception of security.
A note to ABI Research and other experts out there. RFID security issues are not going to go away just because they are not discussed. I attempted to contact the authors of the article for comment, to no avail. EDIT: Both Mr. Collins and Mr. Liard did indeed reply to my request for comment. I wish to thank both of them.
That's okay. The RFID Security Alliance is not planning on going away either.
Unfortunately, that is the exact tactic many "experts" in the RFID industry are taking when it comes to RFID security. They are simply choosing to discuss nearly everything about RFID implementation EXCEPT security. Lets take, for example, an study recently published by ABI Research (a trusted research firm) titled Developing a Corporate Plan for RFID Adoption: Enterprise RFID Blueprint and Program Management Considerations. The publication is quite well written, and discusses practically all management considerations, with the exception of security.
A note to ABI Research and other experts out there. RFID security issues are not going to go away just because they are not discussed. I attempted to contact the authors of the article for comment, to no avail. EDIT: Both Mr. Collins and Mr. Liard did indeed reply to my request for comment. I wish to thank both of them.
That's okay. The RFID Security Alliance is not planning on going away either.
Subscribe to:
Posts (Atom)