Back when the new millennium was still a ways off, sci-fi television shows and movies depicted futuristic technologies such as auto-piloted flying cars, housekeeping robots, and tiny implantable microchips. While we are still waiting for flying cars and affordable versions of “Rosie” from “The Jetsons,” Radio Frequency Identification (RFID) technology, which uses tiny microchips known as RFID “tags,” is set to revolutionize the banking, identification, healthcare, and many other industries. Despite the tremendous potential this technology holds, there are some significant security and privacy concerns associated with a large-scale use of RFID technology.
This article will provide a brief background of RFID technology, an overview of its potential advantages and uses, and conclude with an analysis of the potential risks associated with the use of RFID technology.
What is RFID?
            Radio Frequency Identification (RFID) is the generic term used to describe automatic identification systems which use radio waves to identify people or objects.[1] Automatic identification, or Auto-ID, is essentially any “method[] of collecting data and entering it directly into computer systems without human involvement.”[2] The barcode system is a familiar example of an Auto-ID system.[3] An RFID system, like the barcode system, comprises three main components: a tag, a reader, and a database.[4]
RFID tags consist of tiny microchips that contain memory to store information, and an antenna to receive and transmit information.[5] The tags can be either active or passive.[6] Active tags contain an internal power source which continuously powers the microchip.[7] Passive tags, on the other hand, rely on the energy from radio waves as a power source.[8] As a result, passive tags are only powered on when they receive radio signals from a reader.[9]
The RFID reader sends out a signal on a specific radio frequency.[10] The signal is received by the antenna of compatible tags that are in range.[11] A response containing the unique identifying information stored in each microchip’s memory is then communicated from the tag to the reader.[12] Readers can communicate with active tags as far as a few miles away.[13] Passive tags can be read from a maximum distance of approximately 30 feet.[14]
The RFID database provides a centralized hub containing all the information pertaining to each tag on that particular system.[15] Once the reader receives the response from a tag, it can automatically access the database and retrieve all the information associated with that tag.[16] “The use of a database allows much larger amounts of information to be stored that coincide with a single RFID microchip than may be stored on a single microchip.”[17]

What are the Advantages and Potential Uses of RFID Technology?
RFID presents several improvements over the barcode system. First, RFID does not require manual scanning or orientation in a specific direction in order to be readable.[18] This allows RFID tags to be read through obstacles and at much greater distances than barcodes. Second, RFID uses a data coding system called Electronic Product Code (EPC), allowing RFID tags to store up to 356 bits of information, as opposed to the UPC data coding system used in barcodes, which can store up to only seven bits of information.[19] This increased memory capacity allows each RFID tag to maintain a unique identification code. Third, RFID tags are capable of being nearly invisible, allowing implantation in almost any person, place, or thing. In Fact, Hitachi recently announced a working RFID chip measuring 0.05mm on its sides with a thickness of just 0.005mm.[20]
Given these advantages, RFID is very useful in a number of different industries. Hitachi plans to use its nearly invisible microchips for anti-counterfeiting efforts.[21] Wal-Mart has been using RFID to track its items through the supply-chain.[22] The E-Z Pass system uses RFID to allow vehicles to pass through tollbooths without stopping.[23] RFID tags are also used in credit and identification cards. However, RFID technology is not limited to inanimate objects. RFID tags are routinely implanted under the skin of pets to reduce their risk of being lost or stolen.[24]
Perhaps the most controversial use of RFID is human implantation. In the medical field, human RFID tags “could promote the timely identification of patients and expedite access to their medical information . . . ."[25] RFID could also have the potential to “make medical processes more efficient, enabling caregivers to quickly access diagnostic tests and other patient information.”[26]
Outside of the medical field, RFID can be used for human surveillance or tracking. While large-scale human implantation of RFID for surveillance or tracking purposes has not been instituted, the U.S. government in 1994 “used RFID-tagged bracelets to track fifty thousand Haitian and Cuban refugees who were fleeing their native countries.”[27] In 2005, an elementary school in California installed RDID readers in the doorways of classrooms and bathrooms and required students to wear RFID cards on lanyards around their neck.[28] The school allowed InCom, an RFID system manufacturer, to test its product on the students in exchange for a donation to the school.[29] Ultimately, parents protested and the readers were removed.[30]

What are the Risks Associated with RFID?
            With the assistance of RFID technology, the government and private corporations have the potential to monitor our purchases, medical information, personal goods, whereabouts, and almost any information about our lives. While RFID technology could provide tremendous benefits in many aspects of life, the potential for abuse creates significant security and privacy concerns.
            Risks that could affect any RFID system include the threats of viruses and data security breaches.[31] Viruses embedded in RFID tags could infect RFID readers, giving hackers the ability to view or alter information in the system’s database.[32] This would be especially troublesome in areas where private information, such as medical data, is stored in the database.  Furthermore, the encryption key of an RFID tag could be intercepted and decoded, thereby making it possible for a thief to create a clone of the original RFID tag.[33]   This poses a great concern in the credit card industry. Specifically, an embedded RFID tag within a credit card, which never leaves a consumer’s wallet, can be decoded and cloned relatively cheaply and without the knowledge of the consumer.[34] A thief could then use the cloned RFID tag to make purchases using the consumer’s credit card.[35]
            RFID tags on consumer and personal items pose specific privacy concerns. “While one can conceivably turn off his or her cell phone and disable GPS devices, RFID chips cannot be turned off or even easily found due to their miniature size.”[36] Most people carry personal items such as cell phones, credit cards, or ID cards with them at all times. If an RFID tag was embedded in one of these items, anyone with access to a compatible RFID reader could track the individual’s location.
RFID tracking of consumer goods has already been put into practice. In 2003, Wal-Mart installed RFID tags on shelves holding lipstick in an Oklahoma store.[37] When a consumer removed the lipstick from the shelves, video cameras were triggered, allowing researchers in Ohio to watch the consumer’s reactions.[38] Although there are real privacy concerns associated with this type of surveillance, “no laws or regulations require the government, retailers, or manufacturers to disclose to consumers that the product they carry is tagged with a unique code.”[39] Regarding government surveillance, the United States Supreme Court has held that there is no expectation of privacy, and therefore no Fourth Amendment violation, in situations where an individual’s movement can be tracked through visual surveillance from public places.[40] The Supreme Court has only protected individuals' expectations of privacy inside their homes, holding that the house is off limits for surveillance technology.[41]
RFID tags implanted in humans raise perhaps the most significant concerns. Privacy and security are the main risks surrounding human RFID implants. “Maintenance of privacy is required to protect patients from embarrassment, potential social discrimination, loss of health care coverage, or other detrimental consequences.”[42] RFID viruses and hackers could potentially infiltrate human medical RFID systems. According to the American Medical Association Counsel on Ethical and Judicial Affairs, security of RFID tags is not currently at a level which can provide sufficient protection from security breaches.[43] In addition to these privacy and security concerns, there are health concerns associated with human implantation of RFID tags. A 1996 study found that RFID tags implanted in lab mice and rats caused tumors in some of the test animals.[44] Despite this concern, the FDA approved the use of passive RFID tags for implantation in humans in October 2004.[45]
Conclusion
            There are clearly many advantages to using RFID technology in several different fields. However, there are also many risks associated with the use of RFID technology, and states have attempted to combat the risks associated with RFID through legislation. In 2007, California became the third state, following Wisconsin and North Dakota, to ban forced human implantation of RFID chips.[46] Similarly, The American Medical Association Counsel on Ethical and Judicial Affairs recommends that “RFID tags should not be implanted or removed without the prior consent of patients or their surrogates.”[47] Privacy groups are also taking notice of the potential problems created by RFID. Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN) proposed the RFID Right to Know Act of 2003, federal legislation which would require the labeling of all consumer goods which contained RFID tracking technology.[48] However, CASPIAN has been unable to find a lawmaker who would sponsor the bill.[49]
            Before the true benefit of RFID can be realized, standards need to be put in place that help minimize the security and privacy risks of this new technology. Legal restrictions coupled with standards for data security and virus protection would greatly reduce the risks associated with RFID. Until that time, however, the risks of RFID will continue to impede the implantation of this valuable technology.