Letter: RFID technology unsecured, waste of money
Regarding “Buzz of the Week: HSPD-12 fears
,” it's not just background checks that are of concern. Even after background checks are conducted, people will carry on their badges something called radio frequency identification (RFID). There is no good reason to have this technology on the badges. It is only good for two things: allowing the wearer to slip through quickly (unseen), as with transit passes, and to track the movements of things (the technology originated from spying applications). Furthermore, an RFID badge is not secure from reading by a remote, unauthorized (or, these days, warrantless authorized) entity. A National Institute of Standards and Technology specification requires this technology on the badges, with no reason given as to why. It does not support providing secure identification of a person for federal building access. All it achieves is the possibility for privacy violation by tracking people’s movement, makes the badge owner vulnerable to loss of personal information to unknown observers, and allows insecure access to buildings if it's going to also be used as a transit pass.
If anyone says RFID has too short a range to spy on people, then consider that NASA's goal is to put readers on every single computer, which would make a network. To further engender mistrust, security personnel who came to brief employees at one NASA center brought along a bunch of silent observers and one man who would only vaguely answer questions about RFID, saying that it would be "turned off." If it's not going to be used, then why waste all that taxpayer money on these horribly expensive badges?
This is one NASA employee who is furious at this waste of money. Why don't they throw that money at reining in Blackwater? Since when does a terrorist give a damn about NASA or the National Institutes of Health? Put the money where the actual security risk is, for goodness' sake.
What do you think? Paste a comment in the box below (registration required), or send your comment to firstname.lastname@example.org (subject line: Blog comment) and we'll post it.