ISSN : 1796-2021
Volume : 2    Issue : 7    Date : December 2007

Security and Privacy Risks of Embedded RFID in Everyday Things: the e-Passport and Beyond
Marci Meingast, Jennifer King, and Deirdre K. Mulligan
Page(s): 36-48
Full Text:
PDF (362 KB)

New applications for Radio Frequency Identification (RFID) technology include embedding
transponders in everyday things used by individuals, such as library books, payment cards, and
personal identification cards and documents. While RFID technology has existed for decades,
these new applications carry with them substantial new privacy and security risks for individuals.
These risks arise due to a combination of aspects involved in these applications: 1) The
transponders are permanently embedded in objects individuals commonly carry with them 2) Static
data linkable to an individual is stored on these transponders 3) The objects these transponders
are embedded in are used in public places where individuals have limited control over who can
access data on the transponder. In 2002, the U.S. Department of State proposed the adoption of an
“electronic passport,” which embedded RFID transponders into U.S. passports for identification and
document security purposes. In this paper, we use the U.S. Government’s adoption process for the
electronic passport as a case study for identifying the privacy and security risks that arise by
embedding RFID technology in everyday things. We discuss the reasons why the Department of
State did not adequately identify and address these privacy and security risks, even after the
government’s process mandated a privacy impact assessment. We present recommendations to
assist government as well as industry in early identification and resolution of relevant risks posed
by RFID technology embedded in everyday things. We show how these risks exists with many new
and upcoming applications of embedded RFID in everyday things and how these applications can
benefit from the recommendations for a more secure and privacy preserving design.

Index Terms
RFID, e-Passport