Like many of the "B" science fiction movies from the '50s, this column features a scary, blob-like creature that shatters the tranquility of a peaceful community and threatens to rampage out of control. Unlike the plots of those movies, however, massive jolts of electricity or other extreme measures won't kill this monster. In fact, there is no way to stop it. All you can do is protect yourself from it.
You already have the tools you need: common sense—something against which this monster has no defense.
I speak here of blogs (web logs) and web sites offered by a growing number of self-proclaimed experts on RFID that pass on dubious and even erroneous information about the technology, its capabilities and, most importantly, its flaws and dangers. There are two types of these " experts" you should avoid (except to know what kind of misinformation is being circulated): the ones who don't understand the technology but are afraid of it and the ones who are expert in something other than RFID and are just looking for notoriety (typically to improve business).
The first type is generally easier to spot. They're the ones with no real understanding of RFID technology. For example, they think that a small (they'll call it " virtually undetectable"), passive RFID transponder can somehow have the same performance characteristics and range as an active (battery-powered) RFID transponder the size of a brick. In other words, they'll lump all RFID together and take either all the best or all the worst characteristics of these systems and present them as "RFID" (or RFIDs). As an aside, anyone who talks about "RFIDs" obviously doesn't understand the technology because they don't even know what RFID stands for.
The more dangerous "experts" are the ones who may well be expert in some other field but who, like the first group, really doesn't understand RFID. The difference is that these "experts" know just enough to sound credible.
One recent blog posting that illustrates this was from an Internet security guru (who does have real credentials in that area). He wrote about potential dangers posed by a government mandate to include "machine readable" information on all U.S. drivers' licenses. The first problem was that he had no clue what machine-readable really meant. He assumed it meant RFID because he was apparently blissfully unaware that linear and 2D bar codes, as well as magnetic stripes, are also "machine readable"—and these are already being used on most drivers' licenses. He also assumed that an RFID transponder in a drivers' license would be able to be read from a distance equal to (or greater than) the range achievable under optimal conditions with pallet tags.
Another example was the computer expert in Europe who claimed to have exposed serious security flaws in RFID. He created a program to "read and change the data on any RFID tag." Of course, he was reading and rewriting a 13.56 MHz, ISO 18000-read/write tag— which you're supposed to be able to read and rewrite—that didn't have encryption or data locking enabled. (The tag was a Metro customer loyalty card and these features weren't enabled because Metro never imagined anyone would want to rewrite the data. When you think about it, that's a fairly reasonable assumption.) Yet this story gained credibility—and was widely reported—because the individual was a computer-programming expert. But being a computer expert doesn't qualify him as an RFID expert (any more than being an RFID expert necessarily qualifies someone as an expert on internet security or programming). The real danger with these supposed experts is that mainstream and even tech-oriented media often don't know enough about RFID—or don't have the time—to determine the merit (or lack thereof) of these stories.
Worse, a few columnists for some of the tech sector e-news sources seem to have discovered that writing about RFID increases their readership. And, while they offer a chance for readers to comment on these articles, it seems that all they learn from the responses is that RFID articles generate a lot of feedback.
So beware the RFID blog and its evil offspring. Check the credentials of the sources. And use what you know to determine how much (if any) truth there is to a report. Most importantly, when you find misinformation in a media report (and that includes mine)—use the feedback form. The writer may not learn anything, but those viewing your comments just might.