Starting today, Passports or Enhanced Driver’s Licences will be needed to drive across the Canada/US border. I don’t have any issue with requiring proof of identity and citizenship to cross an international border, and I really like the concept of offering a wallet-size alternative to the passport. But adding RFID to that wallet-sized card is a bad idea.

If you’re a Canadian citizen, reside in Ontario, and have a driver’s licence you now have the option of paying an additional $40, attending an interview, and obtaining an Enhanced Driver’s Licence that will be accepted in lieu of a passport when driving across the boarder. Within the card is an RFID chip so that you can hold it up to a reader, and by the time you reach the border agent they’ll have your information on their screen. According to the Government of Ontario web site, the RFID chip only sends a unique identifier and not your personal information. The Canadian and US governments then allow each other to access their databases. Using a unique identifier is much better than, for example, allowing anyone with a RFID reader to directly obtain your name, address, etc. However, those citizens who choose to obtain an Enhanced Driver’s Licence will be carring an RFID chip with them almost everywhere they go. And it can be read at least 10m way by anyone with the right equipment.

Today the technology is new, readers are expensive and few people have the cards. But imagine what might happen if they become popular in a few years:

On Sundays, you go to your favourite store. The RFID reader at the door logs your entrance, and readers strategically located around the store track your movement. You pay for your purchase with cash, but a reader at the register associates your unique identifier with the details of your purchase. A few months later you don’t have cash with you and you use your credit card. Now they add your name. The next week they’re taking a survey and ask your postal code, and it is added to the database. A year goes by and in a moment of weakness you fill in an application for a store loyaly card. The information you supply is added to the database. Later the store is purchased by another company that also has customer database, and they combine the data.

What we often fail to consider is that the ability to uniquely identify an individual allows us to build a database and leverage that information both before and after the event. In many cases we choose to provide information, and that’s ok. But adding technology that allows anyone with an RFID reader to start collecting it is a bad idea.

Personally, I’ll stick to my passport and only carry it when I travel.

What’s your plan?

Leave a Reply