Another bad use for RFID


According to an article from Wired, the state of Virginia (of which I am currently a resident) is considering using a combination of biometrics and RFID technology to make driver's licenses more difficult to counterfeit and steal.

Whereas the biometric aspect makes a certain amount of sense when attempting to verify identity and can be done without significant infringement on people's right to privacy (especially if the biometric information is stored only on the access card, or in this case, driver's license), the use of RFID is certainly a step backwards.

Apparently the idea is that they want to use a contact-less technology for the exchange of the biometric data. While that may be of limited usefulness, it certainly brings to mind the problem of any organization or individual (because you know that it won't only be the police who can read these things) being able to scan a group of people simultaneously and without their knowledge. Imagine a radical anti-abortion group setting up a reader outside of a Planned Parenthood clinic with a storage device connected to it. At the end of the week, they come pick it up and know everyone who has entered and left the premises and when they did so. Not good.

Biometrics and smart-card IDs aren't a bad idea. We could certainly use a technology with data that uses a hand-scan (such as the popular hand-geometry scans used for door access control at many hosting centers) or retinal scan data as an encryption key to verify the person holding the ID is actually the person whose data is on the ID. And, I don't see a problem with encoding the ID data on a contact-oriented smart-chip (such as the contact buttons that have been used for data storage for shippers in the past). But, the idea of having my ID read without my knowledge and consent is not something I'm keen on.