Rage against RFID

State lawmakers skeptical that benefits outweigh risks

Calif. state senator: Proceed with caution

When it comes to radio frequency identification tags in his state, California state Sen. Joe Simitian (D-Palo Alto) says not so fast.

The senator, whose California State Senate badge has an RFID chip in it, once asked a hacker to test its safety protocols. The hacker was able to copy the signal and use it to gain access to secure parts of the state capital building, Simitian said.

"All of a sudden, he starts waving a little coil of copper wire bound with adhesive tape in front of the 'members only' secure entrance, and in he walks," Simitian said.

The senator has promoted several pieces of legislation, including measures to ban for three years the use of RFID in public school attendance-taking, as well as in driver's licenses.

A more comprehensive measure that includes creating regulations for RFID security and has no ban on the technology is also in the legislative pipeline, Simitian said.
It's logical for him to have such concerns. His three-county 11th Senate District lies just south of San Francisco and boasts a strong community college and K-12 education system. It also is home to Stanford University and the University of California at Santa Cruz. The University of California system uses RFID in its student identification cards, Simitian said.

RFID is "a marvelous little technology that presents unique challenges," he said. Even such basic rules as outlawing skimming, the practice of secretly pulling information off an RFID chip, must be established.

Not all RFID chips are created equal. Some have little or no security features. For example, the Electronic Product Code Generation Two standard chip, commonly used for tracking cargo containers, contains no security and merely dispenses a unique tracking number when activated.

Other standards, including ISO 14443, which will help secure the chip that will be used in all U.S. passports starting this year, have security features, RFID experts said.

Before the public will accept RFID in its identity documents, IT companies need to demonstrate that the technology is secure, Simitian said. ? Ethan Butterfield

The "Hollywood view" of an RFID chip implanted in a person is off-base, says Patrick Sweeney of Odin Technologies.

Rick Steele

The line between fantasy and reality has blurred in the debate over adoption of radio frequency identification technology in the state and local government market.

"People have this Hollywood view of RFID as being a chip implanted in a person, like in the movie 'Mission Impossible III,' and that person can be tracked by a helicopter five miles away," said Patrick Sweeney, CEO of Odin Technologies Inc. of Wilton, Conn. "That tends to scare people, and it gives them the wrong image."

Privacy advocates' warnings of the potential loss of personal autonomy have resonated with state officials, haunted by an image of their constituents as characters in the world of George Orwell's novel, "1984" ? an omnipresent government controlling all information, including individuals' thoughts and memories.

RFID technology consists of a microchip with an antenna and a remote reader. Stimulated by the remote reader, the device sends its data via radio waves. That data can range from a unique number identifier to a vast quantity of personal or confidential data. Levels of security vary among RFID chip standards and implementations.

Privacy advocates are concerned that readers other than those intended could pick up data from the chips.

This year, at least 17 states, up from 12 states in 2005, are considering legislation that would limit RFID use, according to the National Conference of State Legislatures of Denver. Both New Hampshire and Wisconsin over the last year passed legislation limiting RFID.

On the plus side

The federal government and private industry are using RFID to improve efficiencies in asset tracking and supply-chain management, analysts and industry officials said.

The success stories of large retail and pharmaceutical corporations, along with the Defense Department, in using RFID in supply chain and inventory functions have spurred state officials, always looking to stretch budgets, to issue requests for information and even fund a number of small pilot programs.

The projects and information requests range from tracking police cruisers and hazardous materials to school children and school visitors, industry officials said.
States also are considering using RFID for driver's licenses and state employee identification credentials. Some states already use the technology for some employee identity documents.

At least two states have considered including RFID in a redesigned driver's license, said Jeff Vining, vice president of homeland security and law enforcement research at Stamford, Conn., market research firm Gartner Inc.

Guarded optimism

Putting personal data on a credential with RFID capability has sparked objections from privacy advocates concerned about the possibility that such information could be stolen and used.

Standards for RFID have been developed, but it may take a mandate by a state CIO or governor for an enterprisewide shift to a single standard to spur greater activity in the state and local market, Odin's Sweeney said.

Such decisions are perhaps two years down the road, Sweeney said. "Once that happens, then this becomes a $4 billion or $5 billion industry for state and local government," he said.

So far, the industry has come up short in educating legislators, the public and the press on RFID, said Jeremy Grant, senior vice president and emerging technologies analyst with Stanford-Washington Research Group of Washington.
The RFID chip industry "has done a horrible job in being out there in unison and really fighting for it," Grant said. "They have a good story to tell, but they need to get it out on the national stage."

It's up to private industry to demonstrate successful commercial implementations and promote the business case for RFID, said Gerry Wethington, vice president for homeland security, justice and public safety for Unisys Corp.'s North American public sector. RFID can create greater efficiencies and cost savings for state and local governments by allowing greater visibility into asset management, as well as increased automation through re-engineering of business processes, Wethington said.

Unisys declined to name any active RFID projects the company has in state or local government.

As the privacy and standards battles rage around human identification documents, the seeds of other future projects are being sowed. State government officials are considering using RFID to track cargo containers in ports and on highways, as well as to help manage expensive and sensitive state-owned assets, from computers to road construction equipment, industry officials said.

Pilot projects generally cost between $100,000 and $200,000, Sweeney said. Full implementations of such projects could cost up to tens of millions of dollars, said Mark Probasco, RFID solutions architect for EDS Corp., Plano, Texas.

"The trends that we are seeing in supply chain and asset tracking needs, it's just exploding," Probasco said.

Probasco declined to talk in detail about any of the company's RFID projects in the state and local market.

Systems integrators and analysts alike see potential opportunities in first-responder credentialing. One credential that could grant or limit access to an emergency scene could create more efficient and secure emergency operations, Wethington said.

"You'll see [credentials for first-responders] as one of the biggest areas for RFID in the future," he said.

As RFID technology matures further, and as private industry and government coalesce around selected standards, RFID business in the state and local market becomes more viable, Probasco said.

"We still have a ways to go on the security, as well as the standards in that technology," Probasco said. But, speaking as an integrator, he added, "We see a lot more promise now than even seven months ago."

Staff Writer Ethan Butterfield can be reached at ebutterfield@postnewsweektech.com.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close
SEARCH
contracts DB

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Read More

  • Is SBA MIA on contractor fraud? Nick Wakeman

    Editor Nick Wakeman explores the puzzle of why SBA has been so silent on the latest contractor fraud scandal when it has been so quick to act in other cases. Read More

Webcasts

  • How Do You Support the Project Lifecycle?

    How do best-in-class project-based companies create and actively mature successful organizations? They find the right mix of people, processes and tools that enable them to effectively manage the project lifecycle. REGISTER for this webinar to hear how properly managing the cycle of capture, bid, accounting, execution, IPM and analysis will allow you to better manage your programs to stay on scope, schedule and budget. Learn More!

  • Sequestration, LPTA and the Top 100

    Join Washington Technology’s Editor-in-Chief Nick Wakeman as he analyzes the annual Top 100 list and reveals critical insights into how market trends have impacted its composition. You'll learn what movements of individual companies means and how the market overall is being impacted by the current budget environment, how the Top 100 rankings reflect the major trends in the market today and how the biggest companies in the market are adapting to today’s competitive environment. Learn More!