Interesting question — and perhaps simpler than many people think.
Back in June, the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee (on which I serve) published a draft report on the use of RFID for human tracking. (“RFID” stands for radio frequency identification, a suite of technologies that identify items — and, if put in cards, track people — by radio.) The report poured cold water on using RFID in government-mandated identity cards and documents. This met with some consternation among the DHS bureaus that plan to use RFID this way, and among the businesses eager to sell the technology to the government.
Despite diligent work to put the report in final form, the Committee took a pass on it at its most recent meeting in September — nominally because new members of the Committee had not had time to consider it. The Committee is expected to finish this work and finalize the report in December.
But skeptics of the report continue to come out of the woodwork. Most recently, the Center for Democracy and Technology wrote a letter to the Privacy Committee encouraging more study of the issue, implicitly discouraging the Committee from finding against RFID-embedded government documents. CDT invited “a deeper factual inquiry and analysis [that] would foster more thoughtful and constructive public dialog.”
If the correct answer is “no,” do you have to say “yes” to be constructive? RFID offers no anti-forgery or anti-tampering benefit over other digital technologies that can be used in identification cards — indeed it has greater security weaknesses than alternatives. And RFID has only negligible benefits in terms of speed and convenience because it does not assist with the comparison between the identifiers on a card and the bearer of the card. This is what takes up all the time in the process of identifying someone. (If that’s too much jargon, you need to read my book Identity Crisis: How Identification is Overused and Misunderstood.)
I shared my impression of CDT’s comments in an e‑mail back to Jim Dempsey. Jim and CDT do valuable work, but I think they are late to this discussion and are unwittingly undermining the Privacy Committee’s work to protect Americans’ privacy and civil liberties. My missive helps illustrate the thinking and the urgency of this problem, so after the jump, the contents of that e‑mail: