Statement of Barry Steinhardt, Director of the ACLU Technology and Liberty Program, on RFID Tags Before the Commerce, Trade and Consumer Protection Subcommittee of the House Committee on Energy and Commerce

July 14, 2004
My name is Barry Steinhardt and I am the director of the Technology and Liberty Program at the American Civil Liberties Union (ACLU). The ACLU is a nationwide, non-partisan organization with nearly 400,000 members dedicated to protecting the individual liberties and freedoms guaranteed in the Constitution and laws of the United States. I appreciate the opportunity to testify about Radio Frequency Identification (RFID) tags on behalf of the ACLU before the Commerce, Trade and Consumer Protection Subcommittee of the House of Representatives Committee on Energy and Commerce.  Today, I will explore with you the risks to privacy of governmental uses of RFID tags in identification documents, and the risks to consumer privacy of use of RFID tags by the private sector.  I will close by suggesting that Congress play an active role in deciding whether to authorize governmental use of RFID tags in U.S. passports.

RFID tags are tiny computer chips connected to miniature antennae that can be placed on or in physical objects.  The chips contain enough memory to hold unique identification codes for all manufactured items produced worldwide. When an RFID reader emits a radio signal, nearby tags respond by transmitting their stored data to the reader. With passive RFID tags, which do not contain batteries, read-range can vary from less than an inch to 20-30 feet, while active (self-powered) tags can have a much longer read range.

Make a Difference

Your support helps the ACLU defend privacy rights and a broad range of civil liberties.

Give Now

Drift toward a surveillance society

The privacy issues raised by RFID tags are vitally important because they are representative of a larger trend in the United States: the seemingly inexorable drift toward a surveillance society.  As Congress considers the privacy issues posed by RFID chips, I urge you to view them in the larger context - a world that is increasingly becoming a sea of data and databases, where the government and private corporations alike are gathering more and more details about our everyday existence.

The explosion of computers, cameras, sensors, wireless communication, GPS, biometrics, and other technologies in just the last 10 years is feeding what can be described as a surveillance monster that is growing silently in our midst. Scarcely a month goes by in which we don't read about some new high-tech method for invading  privacy, from face recognition to implantable microchips, data-mining to DNA chips, and now RFID identity tags. The fact is, there are no longer any technical barriers to the creation of the surveillance society.

While the technological bars are falling away, we should be strengthening the laws and institutions that protect against abuse.  Unfortunately, in all too many cases, even as this surveillance monster grows in power, we are weakening the legal chains that keep it from trampling our privacy. We should be responding to intrusive new technologies by building stronger restraints to protect our privacy; instead, all too often we are doing the opposite.  (The ACLU has written a report on this subject, entitled Bigger Monster, Weaker Chains: The Growth of an American Surveillance Society, which is available on our Web site at www.aclu.org/privacy.)

We hope that this will not happen with RFID chips, which promise great new efficiencies and conveniences, but also hold the potential to enable the most Orwellian kinds of surveillance.  RFID tags enable remote, even surreptitious identification; their use generally requires the creation of databases containing identity information; and RFID use is easily integrated into database systems and other technologies.

Congress must act to lay to rest the privacy fears surrounding this technology so that it will be smooth sailing for us all to enjoy its benefits.  

There are two primary areas where RFIDs raise privacy issues: their use in retail and elsewhere in the commercial sector, and their direct adoption by government. 

The most frightening use of RFID chips: government tracking

Government use of RFID is burgeoning. The Pentagon plans to use RFID to track physical objects - a use that raises relatively modest privacy concerns.  Other proposed uses raise more serious concerns.  The San Francisco Library, for example, is proposing to put RFID chips in its books, which raises the specter of third parties being able to track our reading habits without our knowledge.  

Most troubling of all are proposals to incorporate RFID tags into government identity documents.

RFIDs would allow for convenient, at-a-distance verification of ID.  RFID-tagged IDs could be secretly read right through a wallet, pocket, backpack, or purse by anyone with the appropriate reader device, including marketers, identity thieves, pickpockets, oppressive governments, and others.  Retailers might add RFID readers to find out exactly who is browsing their aisles, gawking at their window displays from the sidewalk - or passing by without looking.  Pocket ID readers could be used by government agents to sweep up the identities of everyone at a political meeting, protest march, or Islamic prayer service.  A network of automated RFID listening posts on the sidewalks and roads could even reveal the location of all people in the U.S. at all times.

This may sound far-fetched, and I hope that it stays that way. But if we at the ACLU have learned anything over the past decade, it is that seemingly distant privacy invasions that sound right out of science fiction often become real far faster than anyone has anticipated.  I give you this scenario as something that I think most Americans would agree is something that should be avoided, and yet is now entirely possible as far as the technology that is available to us.  That means that our future is now going to be decided by policy.

RFID-powered documents: all-too real

We need not end up in the frightening situation that I have just described to suffer privacy invasions from RFID technology.  In fact, worries about RFID-enabled identity documents are far from an abstract concern.  Already, deliberations are underway to encourage governments to include RFID chips in the passport carried by citizens of every nation including the United States.

Largely unnoticed by the press and many public policy makers, an obscure UN-affiliated group called the International Civil Aviation Organization (ICAO) has been developing global standards for passports and other travel documents.  This effort grows out of the Enhanced Border Security and Visa Entry Reform Act (EBSA), which mandated that the passport of every visa waiver country ""issue to its nationals machine-readable passports that are tamper-resistant and incorporate biometric and document authentication identifiers;"" any nation that fails to comply with this requirement will lose its status as a ""visa-waiver"" country.[1]  The Act mandates that the standards for these passports be created by ICAO.  

Under ICAO's current proposal, passports around the world would not only incorporate biometrics like fingerprints or face recognition, but - as we only recently learned - also remotely readable ""contact-less integrated circuits,"" or RFID tags.  Nothing in EBSA requires the inclusion of an RFID chip on passports.  

While we'll be making this testimony available to other committees that would have a strong interest in whether RFID tags go on passports, we believe that a wholistic approach to the use of RFID tags by Congress may be called for.  

ICAO has been developing these passport standards over a period of months in meetings held around the world.  Because of the serious implications of creating an RFID-enabled identity document, the ACLU and the London-based group Privacy International tried to arrange attendance of a representative at a March 2004 meeting held in Cairo.  This effort was unsuccessful.   An open letter to the ICAO on privacy concerns over the biometric standards likewise met with no response.[2]  The ACLU again wrote to ICAO asking to attend a May 2004 meeting in Montreal, and once again received no response.

In short, despite the importance of technical and interoperability standards - which can mean the difference between a use of biometrics that poses enormous problems for privacy, or one that poses little - ICAO has ignored attempts by privacy and civil liberties groups to join in their process.  To a degree that would not be possible with a domestic government decision-making body, it has rebuffed NGO attempts to provide input on the privacy implications of the particular standards being considered, or even simply to observe the meetings.

Like the results of most processes with limited input, the standards developed by the ICAO are deeply flawed.  The RFID chips under consideration can be read from up to a meter away and have enough memory to hold full biometric information such as fingerprints or photographs.  The potential uses and abuses of such a chip could be revolutionary.  A retail store or restaurant, for example, might gain the ability to capture the identities of those who walk through a portal; a government official could instantly sweep the room to discover who is attending a political meeting.  Imagine the uses to which a dictator like Fidel Castro could put such technology.  Every person in Cuba - including Cuban-Americans carrying U.S. passports while visiting family members in Cuba - could be put under surveillance and no one would be safe.""  

If the United States mandates the creation of an international standard for passports, it will face enormous pressure to conform its own passports to that standard.  For instance, when the US instituted the US Visit Program one nation, Brazil, reacted swiftly by putting similar measures into effect for just their American visitors.[3]  In fact, far from being concerned that such systems would lead to the retaliatory creation of systems for tracking Americans elsewhere in the world, Bush Administration officials have embraced such reciprocation.  ""We welcome other countries moving to this kind of system,"" Department of Homeland Security undersecretary Asa Hutchinson declared.  ""We fully expect that other countries will adopt similar procedures.""[4]

By instituting RFID chips in passports, the US government could skip right over the politically untenable proposals for a National ID card, and set a course toward the creation of a global identity document  - or, at least, toward a set of global standards for identity that can be incorporated into a wide variety of national identity documents.  There are two possible paths by which RFID-powered passports could become tools for tracking the everyday lives of Americans: 

  • These passports come to be seen as the gold standard of identity verification around the world.  More and more, they are demanded as proof of identity not only abroad but within the United States as well, displacing driver's licenses as the primary form of identification in everyday life.    
  • They become the template for standardized versions of the driver's license, turning them into a de facto National ID card.  

Features such as the inclusion of a remotely readable RFID chip would greatly enhance the private sector's tendency to piggyback on the perceived ""trust value"" of these documents.  Although theoretically optional, like driver's licenses and credit cards before them, they may quickly become what are for all practical purposes requirements for navigating through the modern world.  The result would be a situation where the government gains a tremendous new power to track and control the movement of citizens.  

Or innocent citizens, at any rate.  We must always keep in mind that as the perceived ""trust value"" of such documents rises, and as their adoption becomes more widespread, the payoff for counterfeiting them also rises - perhaps even more steeply - with the result that counterfeit or fraudulently acquired real documents will continue to remain available to determined and well-financed wrongdoers.[5]  

While we understand the desire of the ICAO to increase confidence in travel documents, reduce fraud, combat terrorism, and protect aviation security, the inclusion of RFID tags will have disproportionate and unnecessary effects on privacy and civil liberties.  Developed without outside input, the ICAO passport has morphed from a simple identity document to become a de facto monitoring device.  Worse, this monitoring device threatens to be foisted on the American public with little or no debate.  Because of the power and potential of RFID chips, the actions of the ICAO threaten the rights of Americans and people around the world. 

Consumer issues

The second major area where privacy concerns are raised by RFID tags in addition to government uses is the commercial side.  Major retailers are engaged in a major push to advance adoption of RFID technology, and many envision RFIDs eventually replacing UPC bar codes on products.  

Such a pervasive adoption of RFID technology raises profound privacy questions.  The most detailed and often intimate picture of Americans' lives can be constructed through their consumer purchases.  The issues were well explained in a position statement issued by a coalition of 30 consumer and privacy organizations.[6] They include:

  • Hidden placement of tags. RFID tags can be embedded into/onto objects and documents without the knowledge of the individual who obtains those items. As radio waves travel easily and silently through fabric, plastic, and other materials, it is possible to read RFID tags sewn into clothing or affixed to objects contained in purses, shopping bags, suitcases, and more.  
  • Unique identifiers for all objects worldwide. The Electronic Product Code potentially enables every object on earth to have its own unique ID. The use of unique ID numbers could lead to the creation of a global item registration system in which every physical object is identified and linked to its purchaser or owner at the point of sale or transfer.  
  • Massive data aggregation. RFID deployment requires the creation of massive databases containing unique tag data. These records could be linked with personal identifying data, especially as computer memory and processing capacities expand.  
  • Hidden readers. Tags can be read from a distance, not restricted to line of sight, by readers that can be incorporated invisibly into nearly any environment where human beings or items congregate. RFID readers have already been experimentally embedded into floor tiles, woven into carpeting and floor mats, hidden in doorways, and seamlessly incorporated into retail shelving and counters, making it virtually impossible for a consumer to know when or if he or she was being "scanned."  
  • Individual tracking and profiling. If personal identity were linked with unique RFID tag numbers, individuals could be profiled and tracked without their knowledge or consent. For example, a tag embedded in a shoe could serve as a de facto identifier for the person wearing it. Even if item-level information remains generic, identifying items people wear or carry could associate them with, for example, particular events like political rallies.

Given the potential for widespread commercial use of RFID chips, we believe that Congress ought to step in and require privacy protections surrounding the use of this technology - in particular, the incorporation into law of the fair information principles that are recognized around the world.  

Government privacy and consumer privacy: not so separate

Although I have distinguished the privacy issues raised by the government's adoption of RFID tags and the private sector's, the difference between the two is quickly eroding from the perspective of individual privacy.  Government security agencies are increasingly making an effort to make use of private sector information in anti-terrorism efforts that are oriented around vast sweeps through Americans' data in the hunt for terrorists.  And the government's power to access private data is rapidly expanding through the Patriot Act and other measures.

In general, privacy concerns are more serious when they involve the government.  But increasingly, the information that is collected about people by a retailer or other private-sector corporation can and is ending up in the hands of the government.  

Conclusion

I believe that all the testimony you hear today will make clear that RFID chip technology is growing rapidly and has incredible potential for both use and abuse.  I hope that my testimony has amplified two further points:  this growth is taking place largely outside of the control of the US government and it will have significant impact on every American.  What that impact will be has yet to be decided.

Congress must be vigilant and involved in how RFID technology is deployed.  What is at stake is no less than how and when Americans will be identified and tracked here and around the world.  We are at a pivotal juncture, where technology has presented us with the ability to implant monitoring devices on everything.  And their use is being contemplated on perhaps the most fundamental travel document in the world.  All without any guidance or direction from Congress or the American people.

The decisions Congress makes on RFID chips will affect the direction of this technology around the world.  You must decide whether we want to go down the path of incorporating RFID into our identity documents or to choose a less invasive technology like the two-dimensional bar code.  Over the longer term, the Congress needs to consider how the fair information principles that my fellow panelists have discussed can be applied to RFID and the many other new technologies that have placed us on the edge of becoming a surveillance society. 

The debate must begin right now.  If RFID technology is to be employed it must be carefully controlled, yet none of those controls currently exist.  A fait accompli, presented by an unelected international body, is a real possibility.  We urge you to be vigilant in monitoring these developments and creating legal controls to protect American privacy both domestically and internationally.  Thank you. 

 


 

[1]   8 U.S.C. 1732.

[2] See ACLU et. al., ""An Open Letter to the ICAO,"" March 30, 2004; online at /cpredirect/15298.

[3] See e.g. Kevin G. Hall, ""Brazil ratifies fingerprinting, photographing of U.S. visitors,"" Knight Ridder, Feb. 12, 2004; available online at http://www.miami.com/mld/miamiherald/news/world/
americas/7934565.htm
.  

[4] Rachel L. Swarns, ""Millions More Travelers to U.S. to Face Fingerprints and Photos,"" New York Times, April 3, 2004.

[5] See James Moyer, ""Security Document Theory White Paper,"" online at http://www.cfp2004.org/spapers/moyer-sdt.pdf. 

[6] ""RFID Position Statement of Consumer Privacy and Civil Liberties Organizations,"" November 2003, available online at /cpredirect/17423

Statistics image