I'm Bob Artner for TechRepublic. Given today's events, Ithink everyone can agree that we need to find ways to make governmentidentification forms such as driver's license, social security and other IDmore secure, but how do we do that? Well, there's a struggle right now betweentwo competing different technologies and we're going to talk about them, RFID -Radio Frequency Identification or Smart Cards. What are the differences betweenthese two different technologies and what are the concerns that civillibertarians have about each of them?
Let's start with RFID. RFID functions more or less as aminiature radio transceiver. It basically has a chip that's embedded into adocument or card, a piece of clothing, it's a merchanized tag, which enablesyou to broadcast information over distance, anywhere usually from 10 to 300feet. Now, a smart card on the other hand doesn't really have a distancecomponent. You need to be right there. You need to be present. You need toactually take that smart card and plug it into the device. So that's one differencebetween the two technologies.
What's another difference? Well, this has authentication,but its authentication, I would say, light. In other words, where the RFIDchips are good at saying, "here's what I am or here's who I am" andallowing an RFID reader anywhere from 10 to 300 feet away to say, "oh,that is who this person says they are or what this thing says it is." Butthere really isn't good encryption that enables the RFID reader to have a realsense of security that that is in fact who they say they are. On the otherhand, a smart card has much more elaborate encryption built into it. So it'smuch easier for a smart card and a smart card reader to have a high sense ofsecurity that the person who is using this card is in fact who they say theyare.
RFID, another difference between them, it has a datacomponent, but again I'd say it's data light. Most RFID chips and there are ofcourse different standards, but most of them have no more than 2 KB of datathat can be stored in them or broadcast. Now, on the other hand, smart cardsare data rich. There are different formats, but all of them enable the creditcard, the smart cart or the credit card that has a smart card to store muchmore information than you can have on the typical RFID chip.
So, you can see there are big differences between these twoformats, but what are the civil libertarian concerns? The big one is aroundthis question of distance in broadcasting. There is concern about tracking. Canan unscrupulous person or an unscrupulous organization track individuals basedon the RFID chips embedded in their government identification forms? That couldbe a real problem. For security purposes that might be good in a high-riskinstallation, say, a military base or a hospital, but do we really want thegovernment or anyone else to be able to track us wherever we go? That's thetheoretical danger with RFID chips embedded in our government ID.
There's another concern, this authentication light. If thereis a strong enough encryption in here, could people counterfeit RFID chips andbasically say, "I am Bob Artner," when in fact, I'm not Bob Artnerand this person could be going other places and doing other things and thegovernment thinks for whatever reason it's me when it's someone who has justgot a copy of something that says they're me. So those are the two realconcerns that civil libertarians have about particularly RFID.
So, if I was a betting person, I'd say that the future forgovernment ID looks more like smart cards, looks more like what the Departmentof Defense with their Common Access Card, which they're implementing this yearand which is going to require all Department of Defense employees to actuallyplug a smart card into a computer before they are able to access Department ofDefense information.
