One potentially very dangerous application is RFID-enabled credit and debit cards. These are the cards that you don't have to swipe through the machine, you just wave it near a point-of-sale terminal. Sure, the commercials make it sound like it's a wonderful convenience, but are you really that lazy that you can't take your debit card out of your wallet and slide it through the terminal? The RFID Consortium for Security and Privacy Blog reveals the dangerous flip side to this so-called convenience. And it's painfully obvious. If those RFID-enabled terminals can read that little card, then it's certainly within the realm of possibility that a malicious scanner could be nearby, also taking in your personal information without your knowledge or consent. The most alarming scenario is one where a data thief armed with a handheld scanner enters a crowd. The thief only needs to pass the scanner near the victim's pocket to harvest the information. It's a high-tech form of pick-pocketing, where the thief doesn't even have to physically touch the victim.
It is possible to impose stricter security on RFID, but the industry's not interested. Similarly, government initiatives to protect your privacy from RFID-based invasions have been shot down. The latest update of California's SB 768, the "Identity Information Protection Action of 2006", as reported in the PrivSecBlog notes that after the bill was passed, governor Schwarzenegger vetoed it. The Spychips RFID Blog goes into a little more detail, quoting the Governor from a 1990 US News interview, stating "People need somebody to watch over them. Ninety-five percent of the people in the world need to be told what to do and how to behave." It's frightening that the governor of California would believe such a thing. The bill, had it passed, would have provided protection to Californians against abusive people-tracking through RFID tags.