RFID to identify people
Now, the NIST (national Institute of Standards and Technology) is advocating the PASS card, based on Gen 2 RFID will not be a threat to privacy as the only thing it will transmit is a reference number. According to the specification, the reference number that will be read 20 feet (6 meters) away or more, will only be used as a pointer to a file in a Homeland Security database that will contain the personal identifying information of the person. The NIST says the reference number in itself is not personal information, so the application architecture does not have to comply with international standards about personal information protection.
Such statements can easily be challenged…. If the card contains no information, why does the administration choose a smart card? Is the technology really appropriate?
If the so-called reference number is a means to access a database containing personal data, then privacy protection standards should be applied to the database itself. And isn't there a risk such a nice tool would be used for different purposes?
The NIST says they have addressed technology issues, such as unauthorized reading and tracking of cardholders. Department of Homeland Security (DHS) officials have asserted that the long-distance RFID tags will enable them to quickly process traffic at the borders. But no one is able to validate this assumption for the time being.
So, it seems that the PASS cards have a high probability to be based on Gen 2 RFID, the exact same technology used to track biscuit boxes in supermarkets, where no security is at stake. The impact may be the soar of the Faraday-cage based wallets to protect these cards from any unauthorized reading.