Yet another data-point on just how malleable, still-under-construction a technology RFID is:
Feds Rethinking RFID Passport
Following criticism from computer security professionals and civil libertarians about the privacy risks posed by new RFID passports the government plans to begin issuing, a State Department official said his office is reconsidering a privacy solution it rejected earlier that would help protect passport holders' data.
The solution would require an RFID reader to provide a key or password before it could read data embedded on an RFID passport's chip. It would also encrypt data as it's transmitted from the chip to a reader so that no one could read the data if they intercepted it in transit.
Frank Moss, deputy assistant secretary for passport services, told Wired News on Monday that the government was "taking a very serious look" at the privacy solution in light of the 2,400-plus comments the department received about the e-passport rule and concerns expressed last week in Seattle by participants at the Computers, Freedom and Privacy conference. Moss said recent work on the passports conducted with the National Institute of Standards and Technology had also led him to rethink the issue.
At the Commerce Department conference I attended earlier this month, I heard a couple speakers express concern that while RFID tags were secure enough for supply chain applications, the versions being put into credit cards, and proposed for passports, were way too insecure. It strikes me that if these criticisms aren't either dealt with or disproven, the technology's reputation, and its deployment in other less sensitive contexts, could suffer. Fortunately, in this case, things seem to be moving in the right direction.
Comments