Contributed by Joanne C. Kelleher
As we are approaching the end of the year, predictions for 2011 are being released. This year I spotted two specific to RFID security.
VDC Research Group, in their Top 5 Trends for the RFID Solutions Market in 2011 predicts that authentication and anti-counterfeiting will emerge as leading applications.
“Product authentication and anti-counterfeiting applications are anticipated to grow quickly and expand into a broad range of verticals over the next 3-5 years as companies look to create a more secure supply chain. These applications are expected to extend the functionality of existing systems beyond track and trace to protect brands, further improving ROI.
ABI Research approaches predictions from the other side with their annual What’s NOT Going to Happen in 2011 list. They say that RFID tagging of retail items, e-ID, and contactless smart card programs will NOT be challenged by mounting privacy and security concerns.
While the privacy and security discussion is real, most of the claims are not.
Since ABI Research initiated its RFID market coverage, we can comfortably say the industry has made tremendous progress on a number of fronts, including improved performance, lower costs, total solution development, increased user adoption, and much more. There is an ample evidence to support these claims. However, there is one area where little advancement has taken place: combating continued misinformation about RFID and NFC technology’s capabilities, uses, and limitations. We believe that the industry must more forcefully address the potential damage of this misinformation.
The issue of misinformation about RFID and related contactless technologies is exacerbated as the use of the Internet grows, especially via social media programs.
Hackers looking to shine a spotlight on RFID and privacy and security challenges related to contactless payment or e-passports/e-ID often tout their unsubstantiated and unverified claims on the Internet via a blog or YouTube posting, capturing immediate attention. This is often followed by mass media coverage of the hacking episode.
Unfortunately, little coverage is given to the physics/ physical limitations of RF-based technologies and the database correlation hurdles that nefarious characters need to overcome. It is generally conceded that most consumers do not have a problem with the use of RFID, especially in the retail space, if they understand that the tag can be removed or disabled. And, e-ID, contactless smart card and NFC programs and rollouts continue without much public protest. We believe, however, that continued education of the public, end users such as retailers, and key political decision makers is needed on the security and privacy aspects of RFID, smart card and NFC technology in 2011.
The need for education on the security and privacy aspects of these technologies is really not new. This is one of the goals of the RFID Security Alliance, which was formed 3 years ago. In looking at my prior blog postings on RFID hacks, there was a big upswing in Spring 2008 and the number of hack topics declined starting the middle of 2009.
I agree that privacy and security concerns are not going to slow down 2011 RFID implementations for applications where security is not an issue, like apparel tagging, while product authentication and anti-counterfeiting applications will grow for high value assets. As the development of RFID, smart card, NFC, Smart Grid, embedded systems and other low resource devices continues to evolve in 2011 and beyond, I would like to see security and privacy issues addressed during the design phase, prior to implementation, rather than after the fact.