Source: Computerworld
The state of Washington and the federal Department of Homeland Security plan to jointly develop a driver’s license, likely embedded with radio frequency identification (RFID) technology, for use in lieu of a passport for travel to some countries

The state and DHS last week announced plans for a pilot program to develop a license for residents in the state that complies with the recently passed Western Hemisphere Travel Initiative (WHTI) legislation. The federal law, enacted by Congress in 2004 and currently being phased in, requires that all travelers to and from Canada, Mexico, Central and South America, the Caribbean and Bermuda countries carry a passport or other DHS-approved document to verify their identity.

Source: IT Pro
Terrorists could potentially use RFID technology in electronic passports to set off a bomb when a particular target comes within reach, warns a leading electrical engineering expert. Nigel Gilbert of the Royal Academy of Engineering suggests a number of ways in which RFID technology could be abused by both criminals and governments in his report entitled ‘Dilemmas of Privacy and Surveillance: Challenges of Technological Change’, published this week.

In particular he is concerned that that unencrypted data stored on an RFID chip in an e-passport, such as those currently being implemented by the UK Government, can be read by anybody passing near the document holder with the right equipment. “Not only could a passport holder be revealing identifying and personal information to passport control, but they could also be unwittingly revealing their personal data to ’spies’ who had equipped themselves with readers,” says Gilbert in the report.

These eavesdroppers, he says, could use the resulting data for fraud of various kinds, for example stealing biometric details and accessing other services that use biometrics like pay-by-touch systems. “With sensitive personal details readable over a distance, it could even become possible, with appropriate antennas and amplification, to construct a bomb that would only detonate in the presence of a particular nationality or even a particular individual,” suggests Gilbert.

Clive Longbottom, an analyst with consultancy Quocirca, believes the terror risk is remote. “The possibility of using RFID in passports to set off a bomb is rather an outside chance, as the chip reader would need to be with a few centimetres of the person involved, as there is no active component to the passport,” he told IT PRO. The terrorists, he says, would also need to have hacked the passport database to gain the details of the passport signature, and then would have had to replicate the passport reader technology to fully recognise that signature: “If they can do that, then they probably don’t need to be so clever in placing a bomb - why not just use standard blunt weapon approaches, or a sniper?” Longbottom believes that RFID does, nevertheless, represent a serious security challenge, open to official or unofficial misuse.

“RFID can be misused, and doubtless will be by the powers that be,” he says. “We can put in place safeguards for technological approaches. We can also use technology to stop wilful abuse - for example, creating the need for dual biometric security credentials to access certain information means that you have to have at least two people involved in the abuse. I don’t think that RFID is the problem, it’s far more down to how it’s used.”

Source: Consumer Affairs
To hear retailers and suppliers tell it, radio frequency identifier (”RFID”) tags — also known as “spy chips” — are the way of the future, a means to effectively control inventory and track merchandise from end-to-end. Despite criticism about the lack of privacy protection and potential for misuse in the technology, many retail chains and finance giants are going full-bore with plans to implement RFID technology in all manner of products. However, some businesses such as Wal-Mart, DHL, and American Express have recently announced plans to move more slowly, leaving the impression that wide-scale adoption of RFID may not be as imminent as originally thought. In the case of American Express, the plans were apparently changed because of the potentially harmful side effects to consumers’ privacy. [more]

Even one of the most ardent boosters of RFID technology may be changing his tune. Tommy Thompson, former secretary of Health and Human Services and now a board member of RFID manufacturer VeriChip, quietly announced his resignation from the board on March 8th. VeriChip’s disclosure claimed Thompson wanted to devote all of his attention to his recently-announced — though little noticed — candidacy for President. Thompson had been an advocate of implanting RFID chips into all military personnel in order to better access their medical histories, and had repeatedly promised to get a chip for himself, but was not known to have done so before he stepped down from the VeriChip board.

Source: Computerworld
North Dakota is set to ban the forced implantation of radio frequency technology (RFID) chips into people. Both chambers of the legislature earlier this month handily passed a bill that would make it a Class A misdemeanor to force someone to have an RFID device implanted into his body. Penalties for violating the law have not yet been established. The bill was signed by North Dakota Speaker of the House Jeff Delzer on Monday and requires only Gov. John Hoeven’s signature to become law. A spokesman for Hoeven said Wednesday that his office had not yet received the bill, but he anticipated it would be signed. If so, North Dakota would follow in the footsteps of Wisconsin, which passed similar legislation last year.

Advocates of curbs on forced chip implantation claim it protects the civil and privacy rights of individuals. On the other hand, some RFID supporters say forced chipping could be useful for a variety of purposes, such as helping prisons to keep track of inmates or parents to monitor the whereabouts of children. It also could be used for medical purposes — for instance, for keeping track of patients who might be suffering from dementia or Alzheimer’s disease. Such patients would not be capable of giving their consent for the implantation.

The legislators of North Dakota aren’t buying those arguments, however. “Technology is a wonderful thing,” said North Dakota state Sen. Dick Dever, one of the co-sponsors of the bill. “It creates all kinds of opportunities. It also brings with it the possibility for abuse. This bill to prevent the implantation of RFID chips in an individual against their will is to protect people from the abuse of that technology. I would hope that the IT industry would support efforts to prevent the misuse of technology.”

Not everyone believes such a law is necessary. Some fear it could even hamper legitimate deployment of RFID in business. “I’m still not sure why this is a perceived threat or why it requires additional laws to prevent,” said Douglas Farry, managing director of the government affairs practice at McKenna Long & Aldridge LLP, a Washington-based law firm. He noted that he watched an episode of the fictional television crime drama CSI in which a criminal had secretly injected an RFID chip into his wife to record her comings and goings. The chipping culprit was arrested even without a special “no RFID implant law,” noted Farry. “I don’t remember which CSI it was, but it was definitely not CSI Wisconsin.”

Comment: You know the country, and perhaps the world, is in very serious trouble when LAWYERS are starting to use FICTIONAL tv series as references!!

Source: Workplace Law
The GMB union has welcomed moves by the European Commission to study the use of radio frequency identification (RFID) tags, because of concerns over the fact that they have been introduced in some workplaces in order to monitor employees. The Commission has agreed to set up an RFID Stakeholders Group and to publish recommendations on how to handle data security and privacy.

However, employers be warned, there are currently a number of pieces of legislation that make it illegal for employers to monitor staff’s email or calls without informing them. Under the Human Rights Act 1998, the Data Protection Act 1998, the Regulation of Investigatory Powers Act 2000, and the Telecommunications Regulations 2000 employers must inform employees why their email is being checked.

Source: Sys-Security.com
While attending EUSecWest I enjoyed a chat with Adam Laurie of the trifinite group. Adam demonstrated some techniques allowing him to clone the new UK biometric passports. The fun part of it was that Adam was given a brand new passport (by a Daily Mail reporter) in its envelope, and he was able to pull the details of that passport without opening the envelope. If wanted, Adam could have also clone the passport. [more]

Source: Republic of Internets
We couldn’t have said it better than this article has done: The potential problem however, is how disciplined or diligent the customer is going to be in ripping the antenna off the tag? How many times have we misplaced, forgotten to shred or just didn’t care about our credit card receipts? On the surface the clipped tag sounds like a good idea but “putting the responsibility” on the consumer to protect themselves (as it should be) remains to be seen. It is still going to take years before all retail items can be tagged and it is probably going to take even longer to resolve the privacy issues. The good news is progress is being made with companies like IBM coming out with solutions that lead in the direction of solving the privacy issue.

Source: PC World
European Commission has formed a RFID stakeholder group, says industry must pay attention to security and privacy issues. The European Commission has formed a group to provide it with advice about RFID (radio frequency identification), which it aims to avoid regulating, according to the commissioner in charge of that area.

When was the last time big corporations and their interests have taken heed of advice provided by any stakeholder groups in an advisory role without the ability to implement consequences towards those corporations? Seems like just another ordinary day where money is spent on groups of advisories that get together with corporations and in the end accomplish very little.

The Princess Benelux has also noticed this and eloquently worded it as; “Today I got thrown into writing a story about the EU’s new RFID policy, which, like most EU policies, consists of setting up a talking shop and thinking about things for 2 years before they get back to us. However even the EU’s Imperial High Priestess of Telecoms, Viviane Reding admits that when it comes to RFID technology there is ‘a strong lack of awareness and considerable concern among citizens‘ which they are going to try and rectify.”

Source: International Herald Tribune
The European Commission said Thursday that it would not curb the growth of the tiny radio transmitter tags that transportation companies, retailers and manufacturers use to track goods and purchases, saying it was confident that the RFID tags could be designed to protect consumer privacy. [more]

Notice how the focus is on tracking goods and purchases and fails to mention the tracking of humans and their activities, spending, whereabouts, etc.

Source: AIM Global
Bert Moore, Editor at AIM Global has written an article that kills a few of the RFID “truths” that supporters, manufacturers, and implementers of the technology have been claiming. The six myths that are described in detail here are;

• Myth 1: RFID has “matured.” Untrue.
• Myth 2: Data on RFID tags/cards is secure. Untrue.
• Myth 3: RFID poses no threat to privacy. Untrue.
• Myth 4: RFID prevents counterfeiting. Untrue.
• Myth 5: RFID is non-line-of-sight readable. Misleading.
• Myth 6: RFID tags cannot be counterfeited. Half truth.