Is RFID Secure Enough For Government Use?

With RFID use in the military going through the roof, I have to wonder about the security ramifications of a technology that hasn't yet been put through its full paces.

Johanna Ambrosio, Tech Journalist

March 7, 2006

3 Min Read
InformationWeek logo in a gray background | InformationWeek

I truly don't know the answer to this question, but am raising it because I'm concerned. The Department of Defense is already making heavy-duty use of RFID in many different contexts, and even broader use is planned as the technology is integrated with satellites and GPS to be able to track items around the globe in real-time.

Increased reliance on any technology, however, should bring with it an accompanying raft of questions about security, especially in the defense context. Some observers are, for instance, questioning what happens if RFID and other technologies used in our ports and in the battlefield should fall into the wrong hands.

A panel at the RFID World trade show last week explored other security and privacy issues. In one case, a panelist said, wireless technology in a retail store transferred customer data unencrypted from the cash registers to the back-office computer system, so thieves could sit in the nearby coffee shop with a laptop, pick up transmissions and write down credit card numbers.

Could you imagine the potential national-security ramifications of something like this? What would prevent enemy combatants or would-be terrorists from doing something similar from a van parked near the Port of Newark (NJ), say? Once they know what weapons we're shipping and where, they could do their best to disrupt those operations.

Another problem was recently raised by a cryptographer who says that the rush to get RFID tags down to five cents each has led to nonexistent security as manufacturers rush to cut costs. In fact, the researcher used a directional antenna and digital oscilloscope to monitor power use by RFID tags while they were being read. Patterns in power use could be analyzed to determine when the tag received correct and incorrect password bits, he said.

Meanwhile, RFID use in the military continues to rise. The Army's been using RFID for at least a decade. In 2001, approximately 85% of equipment and other supplies from the Defense Logistics Agency going to support our troops in Afghanistan's "Operation Enduring Freedom" were RFID-tagged. (This is according to a recent article in Army Logistician.)

Since March of 2005, according to "Defense Business Transformation," the Marines have been using RFID for all materiel bound for combat units.

Not to be outdone, the Air Force is using RFID to track expensive gyroscopes moving around its repair facility at the Robins Air Force Base.

More broadly, the Department of Defense is planning on using RFID to share information among 23 different countries. Also, some police departments are planning on using RFID-implanted badges, and pending legislation is pushing RFID as a means to curb drug counterfeiting.

This seems like an awful lot to be putting on a technology that, while it has a lot of benefit if used correctly, is still not in widespread use quite yet. (Outside of Wal-Mart, other large chains and their suppliers, of course.) I understand that security is only as good as the effort you put into it, and that's as true for RFID as it is for any other technology. But I wonder if we're jumping into something here before we completely understand its full ramifications.

What do you think? Weigh in below with your comments.

Read more about:

20062006

About the Author

Johanna Ambrosio

Tech Journalist

Johanna Ambrosio is an award-winning freelance writer specializing in business and technology. She has been a reporter and an editor in the computer industry for over 25 years, covering virtually every technology topic, starting with 'office automation' in the 1980s, as well as management issues including ROI and how to attract and retain talent. Her work has appeared online and in print, in publications including Application Development Trends, Government Computer News, Crain's New York Business, Investor's Business Daily, InformationWEEK, and the Metrowest Daily News. She formerly worked at Computerworld, for which she held various positions, including online director. She holds a B.S. in technical writing from Polytechnic University in Brooklyn, N.Y., now the Tandon School of Engineering of New York University. She lives with her husband in a Boston suburb. Johanna's samples of her work are at https://www.clippings.me/jambrosio.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights