RFID Law Blog

The Senate RFID Caucus met again yesterday for the third event since last year's kickoff, a panel discussion entitled "RFID and Port Security". Experts like Robert Cresanti from the US Department of Commerce, Christ Milowic from Homeland Security, David Stephens from Savi, and Chuck Schneider from Navis discussed how RFID is fundamental in protecting our ports. The event was very well attended, with about 100 people ranging from congressional staffers to industry representatives to others concerned with port security.

The experts agreed that the amount of international trade through US ports has increased at a rapid rate over the past 30 or so years (from 11% to 28% of the GDP) and cargo volume is expected to double over the next twenty years.

Robert Cresanti noted that up to 20 different companies may have contact with a container from point-to-point. Thus, the transparency of the supply chain is compounded and the global security threat is increased. He suggested that all RFID companies look into applying for SAFETY Act certification, which is a law that was passed to provide important legal liability protections in order to encourage the development and deployment of anti-terror products or services. Since RFID technology is being used to thwart some of these threats, RFID companies can benefit from SAFETY Act certification.

Additionally, companies have a fiduciary responsibility to their shareholders to make sure that they are taking advantage of programs like the SAFETY Act that can limit their liability in the event of an unforeseen event like a terrorist attack.

The next meeting of the RFID Caucus is scheduled for mid-September, and will cover the theme of Manufacturing and RFID.

| Posted By RFIDblogger In Homeland Security | Permalink | 0 Comments

Continue Reading | Posted By RFIDblogger In Homeland Security | Permalink | 0 Comments

Shortly after a Washington state bill restricting the use of RFID technology died earlier this month, the state of Washington and the Department of Homeland Security have teamed up to develop an RFID-embedded driver's license that can be used at border crossings in place of a passport and in accordance with the Western Hemisphere Travel Initiative.

DHS aims to reduce the number of documents, currently estimated at over 8,000, that travelers can use to identify themselves at border crossings.  However, Washington's RFID-enhanced driver's license will allow for an alternative identification document for people who do not have passports.

Participation in this program by Washington residents is completely voluntary. Luckily, HB 1031 won't be around to place haphazard restrictions on the way the technology will be used in the ID card. Rather, Washington residents themselves will speak their opinion of the technology, via their participation in the program or lack thereof, and the RFID industry will be able to adequately and appropriately respond -- let the market respond. | Posted By RFIDblogger In Homeland Security , State Legislation | Permalink | 0 Comments

The debate in Congress over how best to implement the Western Hemisphere Travel Initiative will begin anew as soon as the 110th Congress is sworn in. Members from both parties have various ideas about how to manage our borders and we can expect a great deal of action on the file in early 2007. Coleman, Leahy and Clinton are among the most vocal Senators on WHTI. On the House side, Slaughter, McHugh and Manzullo are very engaged. We expect regulatory filings, GAO reports, and Congressional oversight hearings in 2007. A number of groups are actively engaged including the US Chamber, Americans for Better Borders, Canadian American Business Council, Council of State Governments and President's Export Council, to name a few of the non-technology groups. The travel industry is also very engaged in this issue - and related ones like US VISIT and RealID. One of the most immediate concerns is that DHS has said it does not intend to utilize the implementation extension that Congress passed last year. Rather - DHS wants to implement WHTI as early as possible at the busiest land crossings. Their goal is Jan 1, 2008. Very few people think DHS will be able to meet that deadline without choking off legitimate commerce and travel in North America.

About the Author

Scotty Greenwood is a Managing Director at McKenna Long & Aldridge LLP and Executive Director of the Canadian American Business Council.  She can be reached at sgreenwood@mckennalong.com.

| Posted By RFIDblogger In Homeland Security | Permalink | 0 Comments

"Radio Frequency in Document Identification: "Roundtable Discussion on Passports, Real IDs, and Other Digital Devices"
RFID Roundtable: A project of the Advisory Committee to the Congressional Internet Caucus Dec. 14, 2006 U.S. Capitol Building

Roger Cochetti of CompTIA opened the meeting saying that Congress will be "consumed by RFID issues" for the next several years. The meeting was then divided into three issues, 1) the ePassport, 2) the Western Hemisphere Travel Initiative, and 3) Real ID.

The State Department's Deputy Assistant Secretary for Passport Services Frank Moss spoke about the newest ePassport, noting that most likely by next March, all passports issued by the US Government will contain an RFID chip. However, three new security measures have been implemented. First, in order to combat skimming, new ePassports have a metal film built into the passport cover, wrapping around both sides and blocking the RFID chip from any stimulation from and unwelcome contact from outside radio frequency readers. Additionally, the information on the RFID chip, which is the same information printed on your current passport including a detailed digital photograph, is essentially locked by a key code called Basic Access Control. Therefore, though the information on the chip is not encrypted, it cannot be communicated until it is. The third security measure taken by the State Department is the usage of a Random Unique ID Number, in which the computational power of the chip runs an algorithm that generates a new number each time it is read, so that one passport cannot be tracked from one location to the next. As the reason for choosing radio frequency technology for use in the new passports Moss cited the need for a "globally interoperable system". RFID was seen as the technology that would be most easily adopted by other countries and standardized for global usage. Moss, however, stopped before pushing to include biometric information on the embedded RFID passport chip. He claimed that it would be "hard to keep fingerprints secure on a passport". I wonder why personal information is easier to keep secure on a passport than biometric information?

Continue Reading | Posted By RFIDblogger In Government Usage of RFID , Homeland Security | Permalink | 1 Comments

RFID Journal has the news here.

| Posted By RFIDblogger In Homeland Security , Privacy | Permalink | 0 Comments

Next week, the Congressional Internet Caucus Advisory Committee is having another event in their RFID Roundtable series.  See details below:

Radio Frequency in Document Identification Roundtable Discussion On Passports, Real ID, and Other Digital IDs

Thursday, December 14, 2006 9:30 - 11:00 am -- coffee and refreshments served.

U.S. Capitol Building, Room HC-5

Hosted by the Congressional Internet Caucus Advisory Committee

Human identification documents are going digital -- and many are going wireless using radio frequency technologies. From border crossing documents to federal government ID cards, the U.S. government is bringing human identification into the digital age. This RFID Roundtable discussion will detail the various digital document identification projects underway and will explore the policy balancing inherent in issuing these radio frequency-enabled credentials. Topics will include:

* What is the federal government's role in issuing Real ID? Are passports a good case study in issuing RFID documents?

* What basic security and privacy mechanisms are needed and do they differ by type of credential?

* What are the benefits of enhancing credentials/IDs with radio frequency capability?

* Is there a legal framework in place to penalize abuse -- both by government and by hackers?

* What and how much information should be embedded? Accessible from central databases?

* Who can swipe RFID data from the documents? Law enforcement? Public venues? Government services? Retail marketers?

* What are the differences between the ePassport and US-Visit and Western Hemisphere Travel Initiative PASS card?

Panelists include: Dan Caprio, Progress & Freedom Foundation, Kathleen Carroll, HID Corporation, Jim Harper, Cato Institute, Jennifer Kerber, Information Technology Association of America, and Dan Bailey , RSA Security

This is part of the Congressional Internet Caucus Advisory Committee's RFID Roundtable project. More information is available at

Thanks to VeriSign and CompTIA for supporting the RFID Roundtable Project.

http://www.netcaucus.org/events/2006/rfid/ . | Posted By RFIDblogger In Homeland Security | Permalink | 0 Comments

A story on the continuing saga of RFID use at the borders.

| Posted By RFIDblogger In Homeland Security | Permalink | 0 Comments

The Department of Homeland Security's Privacy Advisory Board is meeting again in Washington, DC next week. If you remember, we posted earlier that the Advisory Board had issued a draft report raising concerns about RFID in certain applications -- specifically questioning whether the technology's benefits outweighed the potential risks to personal privacy and data security.

My sources say that it is possible that a revised and updated version of the report will be released as early as the meeting next week. I'm also told that the Board took industry input to heart -- that the new draft would make clear that in some specific circumstances, and with certain security measures taken, that RFID can be an effective tool for Homeland Security Applications. It's not by any stretch a course-reversal, but it does reflect that industry participation in such discussions is important; it can provide a more complete and informed set of information to those making difficult policy decisions.

| Posted By RFIDblogger In Homeland Security | Permalink | 0 Comments

While not specifically mentioning RFID, this section of the Committee bill refers to a transportation security card, issued by the Secretary of Homeland Security, that would allow for machine readable information from the card. A good market opportunity for RFID companies...

Continue Reading | Posted By RFIDblogger In Homeland Security | Permalink | 0 Comments

From http://www.rfidjournal.com/article/articleview/2360/1/1/:

Some government observers, however, say the report's potential effect may be limited. "The impact of the report is more public relations value against the use of RFID in applications related to tracking individuals, like e-passports or I-94 forms," says Douglas Farry, a managing director of McKenna, Long & Aldridge, a nationwide law firm focused on the intersection of public policy and technology. "There is no statutory or mandatory authority associated with these reports--it's just ammunition for those who might want Congress or the DHS itself to limit or prevent RFID from being used for [tracking individuals]."

"Whether it is RFID or any other kind of automatic identification system, the same privacy and security issues are at stake," he says, noting that they should all be addressed equally. The report's value, he adds, is that it "speaks to the need to have this kind of evaluation before large public announcements are made by government agencies that they are rolling out certain programs."

I agree with Jim Harper that the RFID business community should use this opportunity to engage with the privacy community and resolve the issues of how to use RFID securely -- to avoid damaging the reputation of the industry. Although, I will acknowledge, that some privacy advocates are easier to work with than others -- you can't just capitulate to anyone or any organization that calls themselves pro-privacy. I know Jim Harper, and he is just as interested in seeing businesses succeed as he is in seeing privacy protected.

| Posted By RFIDblogger In Homeland Security , Privacy | Permalink | 0 Comments