Friday, April 3, 2009

Help Present a Balanced View of RFID Security

Bert Moore, Editor of AIM Global’s RFID Connections, discusses RFID security and privacy in his April 1, 2009 column titled RFID: Legislative Action.

"At some recent legislative hearings on whether to limit, regulate or restrict RFID in some way, advocates of RFID finally began to get their views heard. Why? Because many of the advocates weren't companies manufacturing or selling RFID, they were companies and agencies actively using the technology. They were able to point out to state legislators how the technology was actively benefitting citizens of the state. And their real world experiences helped put to rest some of the more outlandish claims of some privacy advocates.

At the same time, there are new concerns that some companies and governmental agencies are implementing RFID technology without giving adequate attention to the need for security and, therefore, privacy. Concerns about covert reading of ID cards and similar items must be addressed because they highlight real or potential system vulnerabilities that expose not only individuals but the entire system to unnecessary risk.

It is up to those in the RFID community -- both vendors and end users -- to be heard in legislative hearings and community forums in order to present a balanced view of the technology and point to ways in which it can be implemented securely so that it can continue to provide benefits while protecting the integrity of the system and personal privacy."

The RFID Security Alliance invites vendors and end users interested in this issue to join our organization.

Burt also goes on to announce the availability of a new technical report from the International Organization of Standards (ISO) which was based on the work of AIM Global. Publication ISO/IEC TR24729-4, Information technology - Radio frequency identification for item management - Implementation guidelines - Part 4: Tag data security is available for purchase from the AIM Global website.

I was pleased to see that this report “offers sufficient guidance to enable users or developers to assess potential risks and determine appropriate techniques to mitigate these risks.” The RFID Security Alliance encourages users and implementers to completing a risk assessment of potential RFID systems.

No comments: