Search Engine’s Jesse Brown interviews the Canadian Privacy Commissioner in his usual fearless and thoughtful style in this first of a two part series. My only complaint is that there is a bit of fear mongering here. Jesse cops to that but beyond his witty hyperbole, repeatedly pants centric, there are a couple of telling omissions. There are indeed secure RFID implementations out there despite the poor choices many governments are making, most likely in pursuit of the lowest bid. RFID is by and large a passive technology, it doesn’t radiate anything in and of itself. That being said, he is not wrong about the accessibility of off the shelf readers and the attractiveness of the target. It actually makes the governments’ various roll outs more tragic as what is really going on here is that they could be pressing for much more secure implementations–strong encryption, randomized serial numbers, authenticating readers–but they are not.
I will give Couvakian credit for advancing a beautifully simple idea that should be cost effective enough for the cheapest bureaucrat to approve–an off switch. I don’t know why I haven’t heard anyone else espouse this idea. Or that it hadn’t occurred to me in my own criticisms of poor implementations of the technology. If you introduced a simple gap into the RFID’s copper loop antenna and add the kind of contact switch she describes in the piece, voila–the RFID is inert until the carrier takes some action. I think this is a beautiful compromise given the point that Jesse and Ann make that RFIDs are just going to get more ubiquitous.
That should now be our rallying cry in the face of any kind of RFID rollout that threatens our individual privacy–give us an off switch!
That and make sure the corresponding databases are secure. While I am glad that Jesse pressed this point, I wished Couvakian had given her response more thought. Perhaps she is right in the case of the enhanced driver’s license that data will be centralized and access controlled. But that is one case in an emerging trend. Jesse’s question should be the very next one on the lips of citizens after asking how secure the RFID implementation itself is–how secure is my associated data?