[Web4lib] [Publib] RFID and insecurity

Robert Balliot rballiot at gmail.com
Thu Sep 23 10:13:53 EDT 2010


I meant to say QR tag.

R. Balliot
http://oceanstatelibrarian.com



On Thu, Sep 23, 2010 at 8:53 AM, Robert L. Balliot <
rballiot at oceanstatelibrarian.com> wrote:

>
> I was asked by the president of a Library Friends group if I knew of any
> comprehensive studies since 2005 addressing the relative benefits and
> security of RFID with self-check.  To me, RFID represents some good
> inventory control benefits. It does not, however, represent anything
> resembling good security.  In fact, it represents a certain amount of
> insecurity and here is why -
>
> There are several problems with trying to find comprehensive studies -
>
> 1. Articles in the major library trade publications are essentially
> sponsored by vendor advertising and many of their tech writers are employed
> by vendors.
> 2. RFID is a big business with high profits, so vendors are unlikely to be
> self-deprecating
> 3. Libraries that use RFID/ Self Check and invested heavily in the
> technology are unlikely to point out problems because
>   - they would be publishing their security flaws
>   - they don't have an alternative because they got rid of staff
>   - they have not yet been targeted by theft
>
> The proliferation RFID tags brought up a huge privacy issue.  They transmit
> information.  I recall reading in 2005, that you could received non-powered
> RFID tag signals from about 69 feet away.    In 2005, receivers were
> expensive, large, and rare. Now they are not.
>
> So, the initial reaction from privacy advocates was to find a way to turn
> off RFID if institutions chose to use them. You can put them in a
> microwave,
> hit them with a hammer, cut the little antenna or otherwise damage them so
> that they will not transmit.
>
> But, there is a very simple, inexpensive alternative to damaging the tag -
> simply put the materials in a Faraday Bag. It blocks the transmission and
> makes the item invisible to RFID receivers.  Faraday bags are inexpensive,
> easy to manufacture, and easy to conceal. You could line book bags and
> purses and even envelopes with faraday bags and render the RFID 'security'
> completely ineffective.
>
> So, with self-check you have two issues.  If you are using barcodes for
> patrons, they are not secure. If you are using RFID it is not secure.
>
> There *are* many inventory control benefits from RFID but I believe those
> same benefits and a substantially lower unit cost could be accomplished
> with
> externally affixed GR tags.
>
> *************************************************
> Robert L. Balliot
> Skype: RBalliot
> Bristol, Rhode Island
> http://oceanstatelibrarian.com/contact.htm
> *************************************************
>
>
>
>
> _______________________________________________
> Publib mailing list
> Publib at webjunction.org
> https://lists.webjunction.org/mailman/listinfo/publib
>
>


More information about the Web4lib mailing list