THE high profile Black Hat tech conference in Washington last week has attracted the attention of civil libertarians in the US as legal action forced a speaker to delete parts of a speech on RFID security problems.
The American Civil Liberties Union’s (ACLU) was on hand to watch IOActive research and development director Chris Paget drastically modify his speech – removing a section that outlines specific security problems with RFID technology.
Mr Paget had been threatened with legal action by radio-frequency ID (RFID) card maker HID, which claimed the speech would breach HID intellectual property rights by making public HID code.
The action has caused a storm of controversy in global security circles. Mr Paget ultimately gave the speech outlining security concerns, but broadened it to say the security problems were not restricted to a single RFID vendor.
But the ACLU’s interest in the presentation was less about the use of IP rights to attack free speech – and more about the security concerns raised by Mr Paget, which it says has enormous implications for the US Department of Human Services Real ID proposal.
For the past three years, the ACLU has been looking closely at the privacy and security-related issues for RFID-enable passports, student IDs and driver’s licences.
It says there are real problems, because RFID cards can be hacked – and the IOActive presentation at Black Hat showed how.
RFID has become a hot-button issue for the ACLU since the Homeland Security Real ID proposal was attached to a bill through congress last year.
With the Australian Federal Government well advanced in planning for its smartcard-based Access Card, the security issue will almost certainly be taken up local privacy advocates and civil libertarians.
The Real ID initiative mandates that state’s overhaul their driver’s licence procedures and systems to include machine readable technology and a database holding citizen’s information. The database would then be connected to other state’s databases as well as a federal database – effectively federalising driver’s licenses as a national ID.
The ACLU says RFID-enabled ePassports in the UK and the Netherlands have already suffered security problems and wants to highlight the issue before Real ID gathers momentum.
For more RFID News click here.