We Need an Avi for RFIDs
When we envision a worst-case scenario for hacking electronic voting machines, many of us imagine a group of political zealots with a cracker-for-hire, or a lonely teenager looking for his 15 minutes of fame. But what about the people who have relatively easy access to the machines?
Avi Rubin proposes that the question (PDF) security experts should be asking about e-voting machines is whether a machine rigged to favor a particular candidate could actually make it into an election:
This is not a hacking challenge where a team of computer security experts tries to break into or tamper with voting machines. That is not my primary concern with voting equipment. My challenge is aimed directly at the certification and deployment of [paperless voting machines].
I'd like to see this kind of thinking applied to the roll out of Radio Frequency Identification (RFID) tags. RFID systems were designed specifically to favor the tracker, not the object (or person) tracked. The "architecture" was built for, and is controlled by, the insider. Avi has done an excellent job articulating to the public the problem with allowing this kind of scenario to play out with regard to e-voting. Is there an Avi for RFIDs?