Radical technology changes, such as RFID tracking, need to be feasible, acceptable, and credible, analyst Carl Zetie says.
It's easy to get seduced by the lure of high-tech solutions to complex problems--so much so that we often overlook fundamental flaws that would undermine the effectiveness of the proposed solution. Two kinds of oversight often sink superficially attractive ideas.
First, technology advocates all too often propose systems that would be great if only the technology worked flawlessly and couldn't be broken, undermined, or bypassed. Second, the backers of technological change often underestimate people's individual objections and overestimate their willingness to accept intrusion or inconvenience. This is especially true for intrusive innovations such as mobile and pervasive technologies, where personal and societal acceptance are critical success factors. Radical technology changes need to be feasible, acceptable, and, not least, credible.
A number of recent suggestions for putting radio-frequency ID tags to work in new ways suffer from exactly these shortcomings, and the consequence is going to be a gathering wave of backlash against the technology. (In one sign of growing unease, the United Kingdom is already considering regulating RFID.) Don't get me wrong, I firmly believe that RFID tags, as well as other emerging pervasive technologies, will have a huge impact in just a few years. But it's also becoming clear that some proponents of the technology are getting ahead of themselves and losing sight of those three critical considerations.
One recent example came in the wake of the President's Commission that was tasked with making recommendations for the U.S. Postal Service in the 21st century. (See the full 200-plus-page report here.) One of the report's suggestions is the introduction of "intelligent mail," which would carry a bar code that would identify the sender and destination; in the future, the data would be encoded in a more readily machine-readable way such as an RFID tag. Such a system would enable customer benefits such as real-time tracking of every item of mail in much the same way you can track a FedEx parcel each time it's touched. When people claim, "The check's in the mail," they'd be able to prove it! Even more ambitiously, the report suggests, the aggregated information that intelligent mail would generate could be used for real-time dynamic routing and similarly sophisticated applications (see chapter 7 of the report). There would be benefits for senders, recipients, and the Postal Service, too.
Where things start to get less credible is in the suggestion that the traceability enabled by intelligent mail could become a significant contribution to national security. Would it be possible, the report asks, to require sender identification, making it impossible for a future Unabomber, for example, to evade detection? Although this suggestion makes up just one small and hypothetical section of one chapter of a broad and sweeping report, it's worth examining for the way it highlights both some of the hype that's sweeping RFID and the uncritical thinking of some of its advocates. The report merely suggests investigating the possibility, but some advocates of RFID technology quickly jumped on the idea of using RFID tags personalized to the buyer to identify the sender, brushing aside those who questioned the feasibility and acceptability.
First, let's consider how feasible this idea is. Putting an RFID tag on every piece of mail poses daunting problems of scale: The Postal Service delivers around 670 million pieces of mail every day, six days a week (holidays excepted), or around 200 billion pieces a year. Even Wal-Mart, whose ambitions stretch the limits of current RFID usage, only wants 1 billion tags a year. To be economically feasible, the chip cost would have to come down to just a few cents, compared with current prices of 30 to 50 cents. Even with these economies of scale, that would be a challenge. The chip fabs necessary to meet that demand would cost billions of dollars to build, in addition to the cost of the chips themselves and the reader infrastructure to program each chip at the point of sale with the sender's identity.
Then there's the acceptability. Consider the inconvenience and delays involved in having to produce an ID every time you buy stamps. The report asserts that "requiring all mail to identify its sender would likely have a negligible impact on most users of the Postal Service who readily identify themselves when they send mail and would consider such a requirement a relatively modest concession to ensure their safety." That sounds highly optimistic. People accept long, slow-moving lines at airports because they understand the security value of proving your identity before boarding a plane. They're probably less persuaded of the dangers of terrorists obtaining Weapons of Mass Mailing. Furthermore, there are practical problems, such as how tourists would buy stamps. Would there be another huge infrastructure to issue every visitor with a trustworthy temporary American ID, or would post offices accept foreign IDs whose validity they have no way of checking? Even if these practical problems could be overcome, there's still the privacy issue of a government body being able to gather a profile of every piece of mail an individual sends.
However, let's be optimistic for a moment and assume that these problems could be resolved and turn to credibility: How much security would this system buy us? The ability to trace stamps to their buyers is only as good as the ID presented at the time of purchase, and fake IDs are depressingly easy to obtain. Even if future advances and encryption bring secure smart-card IDs, a valid ID can still be easily stolen and used just long enough to buy stamps. The security of the stamps themselves is another weak link. They could be easily stolen, for example, from a home or a business' mail room, or even forged. In a world in which cable descramblers can be bought over the Internet, credit cards can be cloned in minutes, and mobile phones can be reprogrammed to be unlocked from a particular carrier in mere seconds, it's a near certainty that equipment to forge the sender's address on intelligent mail will be commonplace.
RFID is certainly going to be a pervasive technology with radical impact (at the very least on the supply-chain side of the economy, with more efficient routing of intelligent mail one possible example), but right now it's caught up in the same kind of uncritical overoptimism that has enveloped many technologies before it and that usually leads to backlash and disappointment. The advocates of any pervasive technology would do well to bear in mind the rules of feasibility, acceptability, and credibility.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.