DHS says RFID for human identification offers little benefit
The Department of Homeland Security’s Emerging Applications and Technology Subcommittee says that using RFID in human applications “appears to offer little benefit when compared to the consequences it brings for privacy and data integrity.”
The Smart Card Alliance begs to differ. “We disagree with the report’s conclusion to “disfavor” all RFID technologies for applications involving human identification,” the industry group said in a published response to the subcommittee report. “The report defines RFID too broadly and, therefore, this recommendation will unduly restrict appropriate and secure applications of smart cards with RF technology that can meet the strictest privacy and security requirements.”
Automatic identification technologies like RFID have valuable uses, especially in connection with tracking things for purposes such as inventory management, according to the Homeland Security subcommittee’s presentation.
It even points to narrowly defined situations in which RFID is appropriate for human identification. Miners or firefighters, for example, might be appropriately identified using RFID because speed of identification is at a premium in dangerous situations and the need to verify the connection between a card and bearer is low.
“But for other applications related to human beings, RFID increases risks to personal privacy and security, with no commensurate benefit for performance or national security,” the report says.
The subcommittee concludes that the most difficult and troubling situation occurs when RFID is ostensibly used for tracking objects (medicine containers, for example), but can be in fact used for monitoring human behavior.
According to the Smart Card Alliance, the vast majority of identity applications do not track individuals, but have the goal to accurately and securely verify an individual’s identity.
“The report, as currently written, presents general conclusions and assessments of RFID without taking into account the differences in RF technologies used in identity applications,” the Smart Card Alliance maintains. “DHS must include these differences clearly within the report and conduct separate analyses of contactless smart cards and longer-range RFID technology prior to issuing its final report.”