Experts say public is afraid of RFID

Government and industry officials need to do a better job educating the public about the benefits of radio frequency identification (RFID) technology to allay privacy fears, a panel of experts said today at a forum sponsored by a high-tech trade association.

The experts said officials must to a better job of securing data collected with RFID devices. They also must make privacy part of the process when developing emerging technologies or finding new uses.

RFID’s use is growing at a time when the public is fearful of identity theft. RFID technology is being used, for example, for collecting toll and tracking cargo in supply chain management systems. The State Department is developing e-passports that have an embedded RFID chip containing biographical information and digital photos.

The experts cited a California bill under consideration in the state’s Assembly after its Senate passed it. That bill would limit the uses of RFID technology for government-issued ID cards. The experts, however, said such legislation is premature but creates an opportunity to explain RFID's benefits and uses in the public and commercial sectors. They said no technology is 100 percent secure, and RFID’s vulnerabilities should be acknowledged.

The California bill's supporters said the measure is not about the technology itself but is necessary to protect privacy while also considering appropriate government uses of RFID technology.

Robert Atkinson, vice president of the Progressive Policy Institute who moderated the panel sponsored by the American Electronics Association, framed the discussion by saying people fear RFID “because they’re told constantly by irresponsible privacy advocates that this technology will be used to track them.”

Atkinson said the issue has been largely shaped by “anti-technology, Luddite privacy people.”

Dan Caprio, the Commerce Department’s chief privacy officer and deputy assistant secretary for technology policy, said California legislators don’t know the technology as well as industry officials, adding that industry should develop solutions to address privacy and security.

Government and industry officials should educate the public about the benefits and applications of RFID technology, Caprio said, adding, however, that the technology is still evolving.

Kenneth Mortensen, a senior privacy adviser at the Homeland Security Department, said data must be encrypted on RFID devices to ensure data privacy. Secure communications protocols must be used to transmit information, and back-end databases must also be protected to ensure privacy.

More importantly, he said, government agencies should address privacy issues from the beginning of a project to answer security questions.

“If you use privacy, it will be the beacon for you that highlights what you need to protect,” he said.

Mortensen said privacy should be a critical component of any project. He advocated using privacy impact assessments, which would outline where systems store data and for how long and who will store it, have access to it and for how long, among other things.

Later, when asked whether any federal department or agency should be overseeing the use of RFID in government applications, Mortensen said not everything needs to be legislated or regulated. He added that one way problems will get fixed is through the judicial system.