My Life Goes By My Style

Abstract—New applications for Radio Frequency Identification(RFID) technology include embedding transponders ineveryday things used by individuals, such as books, paymentcards, and personal identification. While RFID technology hasexisted for decades, these new applications carry with themsubstantial new privacy and security risks for individuals. Theserisks arise due to a combination of aspects involved in theseapplications: 1) The transponders are permanently embeddedin objects individuals commonly carry with them 2) Static datalinkable to an individual is stored on these transponders 3) Theobjects these transponders are embedded in are used in publicplaces where individuals have limited control over who canaccess data on the transponder. In 2002, the U.S. Departmentof State proposed the adoption of an “electronic passport,”which embedded RFID transponders into U.S. passports foridentification and document security purposes. In this paper, weuse the U.S. Government’s adoption process for the electronicpassport as a case study for identifying the privacy and securityrisks that arise by embedding RFID technology in “everydaythings.” We discuss the reasons why the Department of Statedid not adequately identify and address these privacy andsecurity risks, even after the government’s process mandated aprivacy impact assessment. We conclude with recommendationsto assist government as well as industry in early identificationand resolution of relevant risks



DownLoad