Posted by Lori Ayre on August 27, 2006

According to the Electronic Privacy Information Center (EPIC), even the Department of Homeland Security's (DHS) Office of the Inspector General is concerned about the use of RFID tags.

According to EPIC, the DHS Inspector General recently (July 27, 2006) issued a report that found a "lack of systematic inventories of RFID technology and consistent policies, and identified security concerns
regarding user access permissions, password management, and auditing in
the Department's RFID databases." The report says that in the absence of "adequate security measures", data on the tag "can be read by a variety of authorized and
unauthorized readers".

The report entitled Additional Guidance and Security Controls Are Needed Over Systems Using RFID at DHS (Redacted) found that "security controls were not always present in developing systems, creating the risk that many systems under development would not be adequately tested prior to their application in the real world."

Although the report is talking about RFID tags in immigration documents and passwords, I submit that library RFID systems would qualify as "under development" too. 'Nuf said.

For more on RFID from EPIC, see