On not learning from history

[I wrote this piece before the passport ID fiasco came to light. I think its points are still valid.] One use of implantable RFID chips is as replacements for biometric (and other) identification. Implant a chip in your hand and -- voila! -- a single flamboyant gesture grants access to your car, home, work, bank account, credit, theater tickets, and so on. At least, that's the vision. Its success hinges on the "uncopy-ability" of an RFID tag--obviously, if someone can remotely make a copy of your tag, then he becomes, for all practical purposes, you...which means that shortly you'll be able to write a book called something like "How I Stopped Worrying and Learned to Love Identity Theft." Imagine, then, the wailing and gnashing of teeth at one implantable biometric RFID chip vendor, one of whose tags has apparently been cloned using little more than a PC and a homebrew antenna...

So what?

RFID chips have attracted a lot of negative attention over the years--some people consider them the latest Mark of the Beast (displacing bar codes for that honor) while others merely find them an example of creeping Big Brother-ism. Less attention has been focused on the possibility that the chips might not work as advertised--indeed, the tendency is to impute a lot more functionality to them ("I tell you, it's inside my brain!") than they could ever have. But a security hole that permits cloning is a big deal: Anyone coming within a few inches of you (perhaps on a crowded subway) could surreptitiously read your tag, record its number, and arrange to reproduce it. (The effective range could be increased with more powerful/sensitive readers--imagine the industrial-level theft possible with ranges in the feet or yards.) This lack of foresight is reminiscent of the early cell phone network--its designers assumed no one would bother trying to compromise it, so they built in minimal security. Lo and behold, equipment appeared that would harvest phone identifiers en masse and produce pirated handsets for sale on the street. For a few years, fraud took a significant chunk out of the telcos' profits. [sad, world-weary head shake] Such a simple lesson.