Running Head: RFID
Radio Frequency Identification
Morehead State University
Radio Frequency Identification
Radio Frequency Identification, or RFID as it is most often referred to, is
an emerging technology that has almost limitless possibilities. RFID is not a new
technology, it has been around for years but until recently it was cost prohibitive
to implement and industry standards have not been in place to make different
RFID systems interoperable (RFID, 2007). This is beginning to change and this
change is directing RFID application growth. This wireless technology does have
a huge potential and also has some huge social, cultural, security, and personal
privacy concerns that must be addressed.
When discussing RFID, personal privacy is the hot topic. The RFID
industry itself acknowledges that there are privacy concerns associated with the
technology and suggest a marketing campaign to affect consumer opposition to
use of the technology (EPIC, 2007). Considering that security and privacy are
key concerns affecting the future of RFID it becomes important to know what the
specific issues concerning security and privacy are and what measures and
ideas are being considered to deal with those issues.
To accomplish this a Google search of ‘RFID and Privacy’ has been
conducted and 10 articles were selected at random. These articles were
reviewed and a list of specific concerns associated with RFID has been
compiled. The top five concerns have been indicated and will be discussed in
further detail along with proposed measures to deal with the associated privacy
issues. Table 1 shows a cross reference of privacy concern issues to which
selected article the issue was mentioned in. The concerns discussed are ranked
in order from most referenced issue to least referenced issue.
Table 1. – RFID Privacy Concerns and Occurrence
You can see that seven topics are listed instead of five. The last 3 topics
were all mentioned twice so all three will be reviewed.
This discussion will begin with a review of RFID, what it is, what it is used
for, and what possibilities are available with RFID. This will be followed by a
discussion of each of the listed security concerns along with some recommended
actions to deal with each. RFID or Radio Frequency Identification in general
terms is the automatic identification of people or objects using radio waves
(RFID, 2007). This normally occurs by encoding a serial number on a microchip.
The microchip is then attached to an antenna and this antenna is called an RFID
transponder or RFID tag. The antenna then transmits the serial number to an
RFID reader which converts the radio waves into digital information that can then
be processed in any number of ways through a computer system.
Even though RFID technology has recently been gaining more and more
attention this is not a new technology. This technology has been around since
the 1970s (RFID, 2007). However, expense and limited implementation have
made use of the technology impractical. There are also several uses of RFID
with proprietary technology which creates several challenges with system
interoperability. These challenges are slowly being overcome most noticeably
with the reduced cost of microchip manufacturing allowing RFID transponders to
be made inexpensively enough and small enough to be embedded in packaging
or protective plastic placed on packaging allowing leading to greater durability.
Many companies also use RFID technology in closed-loop systems (RFID,
2007). Such systems are used primarily internally to track inventory or
equipment. In this type of scenario the actual RFID tags can be reassigned and
reused greatly reducing the cost associated with operation.
Using an RFID system requires an RFID transponder and an RFID reader.
When the RFID transponder is within sufficient proximity the reader can detect
the radio waves of the transponder. This leads to another challenge facing RFID;
the transponder and reader must by in close proximity. The proximity of the
components is then affected by the type of tag, either active or passive, the
frequency of operation, the power of the read, and local radio frequency noise.
In general low-frequency tags can be read from a foot or less, high frequency
tags can be read from approximately 3 feet, and Ultra-high-frequency tags can
be read from 10 to 20 feet. Active tags can also use batteries to boost the read
range to 300 feet or more (RFID, 2007).
Frequency has a dramatic effect on the read distance of RFID tags. There
are four primary frequency ranges: low-frequency, high-frequency, ultra-high-
frequency, and microwave (RFID, 2007). Microwave frequencies, in the 2.45
GHz range, have very limited use associated with RFID but are occasionally
used. Low-frequency devices operate around 125 KHz with high-frequency
operating around 13.56 MHz and ultra-high-frequency operating in the range 860
MHz to 960 MHz. The frequency must then be selected by the application need
and the local environment.
RFID transponders can also come in either active or passive devices.
Active devices normally have longer read ranges because they have their own
power source which is normally a battery. The power source or battery is used to
both run the microchip’s circuitry and also to broadcast the radio signal. In
contrast, passive transponders do not have a power source. Passive devices
draw their power from the reader. The antenna on a passive device detects the
electromagnetic waves of the radio frequency to induce a current which is then
used to power the circuitry and broadcast stored information. There is also
another type that has had limited use. This is a semi-passive device. This
device has a battery that is used solely to run the microchip’s circuitry and then
uses antenna induction to send radio signals. Passive tags are more common
simply because they are cheaper to manufacture and battery life does not affect
Now understanding the RFID technology leads us to the concerns that
have been expressed about this technology. While the primary purpose to this
point has been for commercial organizations inventory tracking there are great
concerns that the technology has the potential to encounter serious privacy and
security concerns. Movement tracking is our first topic to be discussed as shown
in our list of compiled concerns. People feel that RFID transponders are
becoming so small that they can be placed anywhere on your person without
your knowledge and then can be used to monitor your movements and or
activities. This topic was listed in seven of the 10 articles reviewed. While this is
not really feasible at this time due to proximity concerns the chip does have the
ability to store additional information that can be read a future date.
The second topic also deals with movement tracking but is concerned with
in-store monitoring. This topic appeared in six of the ten reviewed articles.
There is concern that retailers can monitor customer shopping habits through
both single visit stops and also multiple visit trending. Again, the logistical
challenges facing such tracking would prohibit such activity at this time. There is
also great difficulty in determining how such information could currently be used.
Knowing that someone is prone to visit perfumes on their visit does not mean
that certain actions will be taken by the retailer, especially when talking about
real-time activities. However, this is still technically an invasion of personal
privacy by not informing the consumer of such activity.
The third topic deals with the ease of identity theft when using RFID
technology. This topic was discussed in four of the ten articles reviewed. While
this is a great concern you must keep in mind that the information needed for an
identity theft is currently not stored on RFID transponder chips. In addition, such
chips are not widely implemented which makes the attempt quite unprofitable.
This technology is in limited use through “Speed Pass” type systems but the
information on the chip alone is insufficient to steal your identity.
The fourth topic discussed expressed concern that our society would
develop into an omnipresent police state. This topic was mentioned in three of
the 10 articles reviewed. The concern that was mentioned in the previous three
topics would be compounded through a governmental database gathering,
tracking, and monitoring all of the information obtained through movement
tracking, in-store tracking, and theft of identity information. Currently there are
many individuals in both state and federal government who are proposing
legislation to deter this type of future. At this time the technology is not mature
enough to meet this scale of monitoring but the potential is there.
The final three topics each were referenced two times in the ten articles
reviewed. These topics are inventorying of personal possessions, an entry point
for malicious software attacks, and personal profiling. Inventorying of personal
possessions would be difficult due to reader proximity needs while there is not
widespread use of the technology and as such, software attacks would have
limited effect. Personal profiling again would not benefit a user at this time
because of the lack of technology usage.
There is one key element that can be used to reduce the risk of any of
these types of activities from occurring; inform the public about the details of
RFID use and the underlying technologies. When people are informed about
how RFID works they will quickly begin to understand that the technology is not
mature enough or capable of being used for the topics taken from the reviewed
articles at this time. There is growth potential with this technology and in the
future the capabilities may advance to allow full scale identity theft but that
possibility is currently a theory. Many of these types of activities will not be
beneficial until such time as RFID is an homogeneous part of our everyday lives.
Being able to read private information about 1 individual out of a 100,000 or 1 out
of 1,000,000 does not lend itself to a profitable enterprise. Being able to scan
900,000 out of 1,000,000 individuals begins to look like a worthwhile activity from
a financial standpoint.
A second action that can be taken to prevent these concerns from
becoming reality deals with protection of the radio waves. There were numerous
discussions concerning implementation of an encryption mechanism into the
RFID tags. However, the limited storage space available on most current tags
makes this difficult to do while still make the tags useful. The encryption process
also requires additional power again making the RFID device larger and less
A final consideration mentioned dealt with use of RFID transponders
within employee badges, credit cards, and other personal devices. It has been
suggested that such devices be designed to allow the user or owner to modify
the information stored within the device and to have some type of visual display
to show when the device is being accessed, when the information has been
changed by external sources, and a type of device status. This is again a good
possibility but the current hardware makes this process prohibitive.
RFID is a technology that is currently providing many organizations a
great savings of cost and improvement in operational efficiency. The future looks
promising for the technology but there are several security and privacy concerns
that must be addressed before public adoption of the technology will occur. The
recent public outcry has brought these concerns into the public spotlight and will
hopefully lead to answers that are acceptable both users and operators of the
RFID - 10 -
Cline, Jay (2003). RFID privacy scare is overblown. Computerworld. Retrieved
on October 18, 2007 from
EPIC (2007). Radio Frequency Identification (RFID) Systems. Electronic
Privacy Information Center. Retrieved on October 16, 2007 from
Garfinkel, Simson L. (2004). The Trouble with RFID. The Nation. Retrieved on
October 18, 2007 from http://www.thenation.com/doc/20040216/garfinkel.
Gross, Grant (2004). RFID and privacy: Debate heating up in Washington.
InfoWorld. Retrieved on October 18, 2007 from http://www.infoworld.com/
Hamblin, Matt (2007). Privacy Concerns Dog IT Efforts to Implement RFID.
Computerworld. Retrieved on October 18, 2007 from
Malone, Robert (2006). Can RFID Invade Your Privacy? Forbes. Retrieved on
October 18, 2007 from
RFID - 11 -
Passport (2006). RFID and the Public’s e-Passport Security Concerns.
TechNews. Retrieved on October 18, 2007 from
RFID (2007). RFID Journal: The World’s RFID Authority. Retrieved on October
16, 2007 from http://www.rfidjournal.com.
RSA (2007). RFID Privacy and Security. RSA Laboratories. Retrieved on
October 18, 2007 from http://www.rsa/com/rsalabs/node.asp?id=2115.
Scannell, Tim (2006). RFID security issues are cause for corporate concern.
ComputerWeekly.com. Retrieved on October 18, 2007 from
Singel, Ryan (2006). Feds Leapfrog RFID Privacy Study. Wired. Retreived on
October 18, 2007 from
Weinberg, Neal (2006). Security concerns could slow RFID. NetworkWorld.
Retrieved on October 16, 2007 from