OK. This story about RFID has been brewing for some time. Of course, the corporate hired guns are going to make threats and intimidate the researcher or anyone who will question the veracity, security or functionality of the RFID technology. C'mon, the largest retailer in the US forced the RFID technology on every producer and manufacturer of goods--all under threat of losing that retailer's business. MalWart. Thus, an immature, unsecure, questionable technology is forced into general acceptance without adequate research or testing.
So, now we have this technology applied across more of our day-to-day functions: access security, fare cards, credit and debit cards, driver licenses and (God help us) passports.
Questions about the security of the devices and their application are quickly quashed with threats of litigation. Those with an interest in preserving the perception that the devices have adequate security deployed armies of attorneys and henchmen who are highly mobile and surely expensive. Much more expensive than just fixing the damned technology in the first place. But, as it turns out, we've invested too much into the technological infrastructure around this flaky technology. So, defending stupidity and gagging critics seems to be the most effective method of self preservation.
Case in point: IOActive a couple years ago was threatened with legal action if they presented their research at BlackHat/DefCon on how simple it was, with easily obtained electronics, to clone the HID RFID-based security access cards and replay them. The premise of the threat was that the presentation would reveal trade secrets and violate patents. Yeah, right. Basically, IOActive had to cave to the pressure because they didn't have the deep pockets required to defend themselves against this kind of frivolous lawsuit.
The recent case in The Netherlands was a great relief, but then a court in the US pushed us right back to square one.
This recent pressure to quash a TV episode on MythBusters (one of the all time great TV shows, BTW), is another example of the industry heavily invested in this flaky tech protecting itself. After all, security is all about secrets, right? That is how HID views it, anyway.
Washington State recently adopted an RFID-based driver license that we are supposed to be able to use in place of passports to cross the border into Canada (sad that we must now have passports to visit friends and family in Canada). We have been repeatedly assured that the RFID will not contain anything more than a specific code that will refer back to a database somewhere in Olympia, WA with all the data in it. This makes the device secure, since the data doesn't reside in the device, but in a database elsewhere. And, we are also assured that database can't be hacked.
Then there are the idiots who are implanting RFID chips in their bodies. These chips hold the person's complete medical file. That is just nuts.
Jayne: Testing. Testing. Captain, can you hear me?
Mal: I'm standing right here.
Jayne: You're coming through good and loud.
Mal: 'Cause I'm standing right here.