The META Group Inc. which sells IT industry market and technology analyses, have come up with a very poor report on RFID tags which is circulating, presumably to influential people, and who are paying no fewer than seven "analysts" for their opinions.
c.f. the RFID Privacy happenings blog:
Here are some opinions for free:
It would appear that the META Group's so called "analysts" have either not bothered to read the
"Position Statement on the Use of RFID on Consumer Products"
or that there is a hidden commercial agenda behind their allegedly impartial advice. How many of META Group's customers have a vested commercial interest for or against the RFID bandwagon ?
What difference does it make if the normal read range of a consumer item level RFID tag is only sufficient to span the doorway entrance to a shop or other public place ? If, as at present, the cheap but stupid RFID tags or Smart Labels cannot be killed at the checkout, then they can be promiscuously read by doorway readers in other shops etc. Why won't the cost of readers fall as RFID tags are rolled out in their billions ?
Just because the tags do not contain your actual name, address and credit card details, they do contain a "unique" serial number, and so they could easily become the "3rd. Party cookies" secret consumer profiling tools of the "Internet of Things"
More of this report has now emerged out into the public domain:
"RFID SECURITY SCARES IGNORE FACTS"
This report does not even do justice to the proponents of the current state of the technology. The authors seem to be ignorant of the successful warehouse pallet and crate level trials of the last year, the developments in manufacturing technology such as fluidic assembly or conductive ink printed antennas, which are driving down the cost of the RFID tags, or the whole concept of an Auto-ID/EPCglobal scalable "Internet of Things"
The so called "analysts" have also ignored the real personal privacy issues associated by concentrating on the straw man of "satellite tracking", an issue which is dealt with in the Position Paper mentioned above.
They do not even mention some of the real security as opposed to privacy problems with RFID tags:
- Denial of Service attacks via radio in the unlicensed, no-action-from-the-authorities-if-there-is-interference Industrial, Scientific and Medical bands - remember that exclusive radio frequency allocation licences cost the mobile phone industry tens of billions to secure.
- The weak 24 bit passwords in the EPCglobal Class 0 High Frequency 13.56 MHz tag standard
- The astonishingly weak 8 bit passwords in the EPCglobal Class 1 Ultra High Frequency 868-930 MHz tag standard
"META Group analysts Dwight Klappich, Bruce Hudson, Gene Alvarez, Tim McLaughlin, Chris Kozup, John Brand, and Jack Gold contributed to this article."
Who paid for seven "analysts" to come up with such a weak and misleading report ?