This debate is centered on several pieces of legislation being considered in Sacramento that would ban the use of RFID, including high-security contactless smart cards, in many state government agencies and programs.
While the intent is to protect the security and privacy of those who have personal information stored on RFID chips, many provisions in the bills are misguided and ultimately unnecessary. If passed in current form, the bills would stifle innovation in California and create laws that focus on hindering a technology instead of punishing bad behavior.
Why would California want to close the door on an innovative, secure and cost-effective technology as a solution to protect information on government documents? We believe this side of the argument stems from several misconceptions that have emerged about the technology and its many applications.
RFID is not the "one size fits all" technology that some privacy advocates deem it. Depending on the sensitivity of what is stored on a chip, implementers of RFID are able to deploy an appropriate level of security, including encryption and authentication, to protect that information from unauthorized access.
Contactless smart card technology (as used in ePassports) brings multiple security features that vastly improve the tamper-resistance of ID documents while enabling a variety of cost-saving, innovative eGovernment services. Surreptitiously reading personal information stored on an ePassport or secure identification card would not be feasible due to the use of secure passwords and encrypted communications employed by the technology chosen.
Tags used to identify a "bag of potato chips" on a retail pallet, or in a supply-chain system, aren't nearly as sophisticated as smart card chips found in government documents such as ePassports and secure identification cards.
In fact, the technologies could not be more different. However, some privacy advocates have used scare tactics to persuade lawmakers, and in many instances, the media into believing that smart cards containing sensitive information are the same as RFID used primarily to track goods in supply chains.
As with many in Silicon Valley, NXP Semiconductors believes that industry self-regulation built out of consultation with government and consumer groups will allow identity programs to improve government services, enhancing security and ensuring that private consumer data is protected. And it is working, too. Millions of high-security smart cards are currently in use by citizens and consumers in the U.S. and globally, such as smart credit cards, secure ID cards and public transportation fare cards.
The privacy-sensitive European Union agrees as well. In March, after many months of study and consultations, the EU announced that it would not create any RFID-focused regulations. It is also encouraging the adoption of industry-led privacy practices and ethical principles, as a balanced approach to addressing theses issues without limiting innovation.
Beyond active industry, government and consumer collaborations on privacy issues, we believe that smart card applications should be designed with privacy and security such as encryption, authentication and read-range limitations built-in. For the industry, privacy and security have always been issues at the forefront of RFID development and deployment, and will continue to be as we utilize the technology in new and exciting ways aimed at benefiting governments, manufacturers and consumers.
Addressing these concerns is a responsibility we take very seriously, and is critical to the overall success of RFID as an innovative and sustainable identification technology.
Yet, we find nothing innovative about the proposed legislation currently in the California Legislature. Indeed, just as we've seen in attempts to regulate e-mail spam, regulated technological mandates are often ineffective or outdated by the time they become law.
Lawmakers in Sacramento should focus on outlawing bad behavior rather than limiting the potential of any technology, especially smart cards. This is truly at the core of the issue and why many in the industry have applauded Gov. Arnold Schwarzenegger's previous efforts to ensure innovation is not hindered.
Simply imagine where we would be if fears of privacy issues and cybercrime led to suggestions to ban the Internet as it first became pervasive in 1996.
Autor(en)/Author(s): Jim Sheire
Quelle/Source: The Mercury News, 10.07.2007
