PRIVACY -Is Big Brother Coming To Your Wallet?

Most of the hoopla over radio frequency identification (RFID) has been concentrated in the manufacturing and supply chain arenas. Recently, however, the fledgling wireless technology has been filtering into consumer applications, ratcheting up concerns about privacy and identity theft.

RFID tags are not exactly a new thing for consumers: Mobil’s Speedpass and electronic highway toll readers—such as E-ZPass in the Northeast—use RFID technology, and there’s not been much furor over those devices, mainly because no one is forcing consumers to use them.

But U.S. State Department officials struck a nerve when they proposed replacing the current paper passports with RFID-enabled documents starting this summer. After more than 2,400 people submitted public comments to the plan, many of them raising objections, the government agreed not to roll out the new passports until privacy issues have been ironed out.

The so-called e-Passport would contain the same information as the old passport, with the addition of an RFID tag embedded in the back cover. The chip would store the same data that is displayed on the photo page of the passport, and it would also include a digital photograph, which, if used in conjunction with facial recognition technology at border checkpoints, would prevent forgeries. Officials claim the freshly designed passport will include additional antifraud and security features, though they’re not specific on what those are.

The American Civil Liberties Union is, however, concerned about how all that data would be stored and whether it would be safe. In its public comments, the group raised the prospect that e-Passports would put travelers at risk of identity theft or unauthorized government tracking because RFID-enabled passports could be “read” by anyone with a strong enough reader. (Reader distances vary by the RFID chip’s power, and some chips can be read as far away as 25 feet.)

Erik Michielsen, research director of RFID and ubiquitous networks at ABI Research, says the RFID chips will make passports more secure than current passports, as well as prevent identity theft, but the State Department has yet to present a clear, articulated encryption policy for the e-Passport chips.

Despite privacy worries, the march is on toward putting RFIDs in individuals’ wallets, whether or not they want them. In a survey conducted by Big Research and Artafact, 66 percent of respondents said they feared RFID abuse by the government, compared with 42 percent who feared retailers would misuse their data. Meanwhile, in May, the U.S. Senate followed the House to pass the Real ID Act, requiring states to embed RFID chips in driver’s licenses.

RFIDs are also being embedded into event tickets, ostensibly to help with crowd management and keep out gate-crashers. Accenture put RFID chips in attendees’ badges at a recent conference and used them to gather data about whether attendees went to different sessions from the ones they signed up for, and to ensure only invited guests were let into certain breakout sessions.

Next year, visitors to the World Cup soccer tournament in Germany will have an RFID chip in their tickets designed to allow gate agents to determine whether a ticket is authentic. German tournament officials insist that the chip will not contain any of the personal data from customers’ ticket application forms. But they’re sufficiently worried about a customer backlash to create a 79-item FAQ about the subject on the World Cup website.

Whenever companies decide to deploy RFIDs containing personal data, CIOs will have to figure out what’s going to be done with the data. “Sure they can keep it,” says ABI Research’s Michielsen, “but people are going to want to know what companies are doing with it.”