Dubai: Radio frequency identification (RFID) technology, which is being adopted on an increasingly wider scale in the UAE and globally, has privacy advocates wary of its integration into daily life. However, the benefits and functionality of the technology could overshadow privacy concerns, an information security expert told Gulf News.
RFID refers to the wireless non-contact use of radio-frequency electromagnetic fields to transfer data, in order to automatically identify and track tags attached to objects. These tags contain electronically stored information. They can be battery-powered or not powered and depending on the type of tag, may be read at a range varying from 10 centimetres to 200 metres.
Industry applications
RFID is finding applications across several industries including transportation, logistics, fashion, automobiles, and pharmaceuticals.
RFID also finds use in supply chain management, retail check-out, inventory control, and access cards, to name a few.
A few local examples of the adoption of RFID technology can be found in Nol cards used by the Dubai Metro as well as in Salik tags.
“There has been resurgent interest in this technology and the very closely related near field communication (NFC) technology,” said Nicolai Solling, director of technology services at Help AG, an IT security services provider. “We are now seeing its use in ePassports, national identity cards and smart payment cards — the Emirates ID card and the Nol card in the UAE are examples of this.”
The tags are also finding their way into travel; RSA Insurance recently announced that it would be distributing RFID luggage tags to all existing travel insurance customers to help them prevent missing luggage woes when going on holiday. About 29.44 million bags are mishandled each year, according to RSA, and universally traceable luggage tags could be a viable solution to the problem.
Privacy and security concerns
Unlike a conventional bar code, an RFID tag does not need to be within line of sight of the reader, and it may be embedded in the tracked object. It is this feature of RFID which has led to the eruption of privacy concerns. Furthermore, forgery and other illegitimate or unauthorised uses of the technology could also pose a hindrance to its adoption.
“There have been widespread concerns about how individuals and organisations access data,” Solling said. “With high-security applications such as passports and payment cards the risks are rather obvious. Someone with a cloned tag — which is effectively a forged copy even though it may not physically look anything like the original tag — may be able to make purchases or travel under your identity.”
As tags can be attached to clothing and possessions, privacy concerns also abound over whether these tags can be used for unauthorised tracking of people.
According to a Harvard report, RFID tags can be embedded into a wide variety of consumer goods such as clothes, shoes, books, and key cards, without the consumer being aware of their presence. These tags can also be tracked by anyone — an issue compounded by the fact that RFID readers will eventually be cheap to acquire and easily concealable.
Solling, however, noted that privacy concerns weren’t as pressing for the use of RFID in retail and inventory management as the tags were used more for production purposes. “It’s not certain that it’s a big concern from a privacy perspective,” he said.
While government ID cards using RFID can lead to heated debates over privacy issues, other uses of RFID like automobile agencies tracking vehicles do not garner as much public interest, Solling said. This could provide an opportunity for potential misuse, he added.
Despite concerns regarding privacy, the benefits provided by RFID are more important to consumers, Solling said. As with most new technology, functionality drives adoption in the early stages after which privacy concerns may arise.
“Irrespective of the security concerns, due to this ease of deployment, general simplicity and convenience of the technology, we are definitely going to see RFID being used for the foreseeable future,” Solling said. “Unfortunately, organisations are not always aware of the inherent security risks associated with technology…This is where the industry really has to step in — both to raise awareness and to help formulate standards upon which such technologies can be securely developed.”