IoT Security Blog

Articles and Posts on IoT Security, Embedded Systems, and the Internet of Things

Talking about Privacy Issues

Contributed by Joanne C. Kelleher

The February issue of RFID Monthly, published by Reik Read of Robert W. Baird & Co., has an article called Privacy Stakes Raised, which first discusses Chris Paget’s recent efforts to collect the serial numbers from passport cards and electronic driver’s licenses in downtown San Francisco. For details on this see Got $250? Cloning Electronic Passport Cards.

The article concludes by saying: We also believe this raises again the privacy issue, and we wanted to make two comments. First, we believe industry members need to do a better job of explaining security features in their products. We think security will be a value added differentiator in many applications, and believe that industry players should do more in discussing and demonstrating security. Technology users need to do a thorough job in their evaluation process with respect to security. Second, we expect the political reaction will be to legislate the use of RFID. In our view, we would like to see the market determine the best security solution. We continue to view the government’s primary role as holding accountable with stiff punishments individual acts of illegally accessing such data.

I agree with both of these points, but it has been frustrating to see that organizations implementing/legislating RFID often don’t understand the need for security or the implications of their decisions, can’t understand how it works or won’t include it due to cost, political or other reasons. 

As I said in Issues With NY’s Radio Frequency Identification Right To Know Act, Perhaps a better approach would be to legislate what can or can’t be done with information that is collected, via bar codes, RFID tags or what ever the next technology is, rather then legislate the technology itself.

The discussion about RFID security and privacy has definitely picked up on the web in the last year, but not all of it is positive. See my analysis in RFID Security & Privacy and Search Engine Results on the RFID Security Alliance blog.

The RFID Security Alliance, of which SecureRF is a founding member, was formed to educate industry players about security and privacy issues related to RFID and provide solutions. For those who are interested in becoming full members and helping to fund this organization, contact Anna for the latest paperwork – http://www.rfidsa.com/register.htm.