In the pre-Internet world, data was either kept on paper, on stand-alone computers, or on private computer networks not easily accessible to hackers and intruders. Since the mid 1990s, the widespread use of the Internet has created large amounts of data that is exposed on what is essentially a public network. The dramatic increase in the amount of easily accessible data in our everyday lives brings with it a set of new security and privacy concerns. For example, part of the Internet's popularity centers on electronic commerce, or e-commerce. The Internet offers a convenient way to shop and perform a variety of financial transactions. However, this also means that consumers could reveal confidential or private data, such as detailed identity and financial information over a conceivably insecure medium to potentially untrustworthy parties. A common example of this kind of disclosure occurs each time someone applies for a loan, mortgage, or just opens a bank account online. To help keep data secure, technology solutions, such as encryption, identity management, firewalls, and intrusion detection, are routinely employed.
In many ways, the issues of security and privacy related to the use of RFID applications mirror those created with the introduction of the Internet. RFID tags are essentially tiny little computers that hold information that can be confidential and personal, and potentially available on a public network. RFID applications identify ordinary objects and access or transmit data about those objects, or the object holders (for example, consumers), by radio frequency through the air around us. If left unprotected, this data becomes exposed to malicious or unauthorized use and distribution. As RFID technology and its applications become ubiquitous, nearly every item imaginablea car tire, a box of cereal, a door handle, or a beloved petwill carry an RFID tag whose data could be compromised. Consumer privacy groups contend that RFID tag data could conceivably be used by commercial or governmental agencies to track and trace people's actions and belongings in ways that might violate individual rights to privacy.
Using the Internet as our blueprint, in this chapter we provide the following: