If Melanie Rieback has her way, we could soon have a way to control who reads the numerous RFID tags in our lives - without having to resort to wearing an aluminum foil suit. That's because Ms Rieback's current work as a graduate student at the Vrije Universiteit in Amsterdam focuses on developing a handheld device that will act as a wireless firewall that can provide selective access or full blocking of devices attempting to read RFID tags that are on your person or immediate surroundings. Since RFID manufacturers as well as the numerous businesses and government agencies that use these devices don't seem to take our personal privacy and security seriously, it's great to see that we may have a means of taking care of the matter ourselves.
Dubbed the RFID Guardian, the device was inspired by Ms Rieback's research which showed that most current commercial RFID devices (including those with 40-bit encryption) can easily be subjected to unauthorized activities such as undetected surveillance, identity theft, and even the insertion of an RFID-borne virus. In some ways the Guardian is remarkably similar to a device I speculated about a couple of years ago in my editorial Surveillance Nation, which described some of the potential social and political hazards posed by the unconstrained proliferation of RFID that could be easily read by an unscrupulous individual or agency armed with relatively low-tech equipment. But instead of the wholesale jamming I proposed, the Guardian can actually intercept, identify and filter interrogation requests, and selectively allow a response if the wearer desires.
While you won't be able to order one from your local electronics dealer just yet, Guardian is alive as an operational prototype which has been nicely-documented in an article by Nate Anderson at Ars Technica. Details on the rest of the RFID Guardian are available on the project's web site.
I'm not totally opposed to RFID; the technology has proven itself to be extremely useful and has already enhanced the accuracy and efficiency of nearly any business or institution it has touched. I just worry that there have been few, if any, measures put in place to prevent its abuse. The problem is that RFID is being deployed so indiscriminately that we're beginning to suffer a new kind of digital identity pollution that makes it easy for damned near anyone who wants to snoop on our movements, purchases, or other activities without our knowledge or permission.
If the RFID Guardian and its offspring are not outlawed, I think that this could be a significant advance for personal rights in an age where economic efficiency and airtight security seem to trump the basic values that free nations are founded on. Since there has been no serious effort on the part of either government or industry to protect us against RFID's unintended consequences, it's time we started taking matters into our own hands. And this device looks like a good place to start.
Comments? Questions? Wholesale sources for aluminum foil? Write me at: lhg at en-genius.net
Note:
The RFID Guardian web site has a very detailed paper available for download (PDF) which provides an intimate look at the Guardian's construction, operation, as well as the fine points of RFID protocols and how to selectively neuter them.
