Not a surprise that Jennifer King from U.C. Berkeley School of Law, and Andrew McDiarmid from U.C. Berkeley School of Information wrote a white paper on security and privacy concerns for end users. It's because RFID implementations fail to adequately protect personal or identifiable stored information.
Call me crazy, but I believe RFID is completely misunderstood by the general public and companies that embed RF or NFC in products must help consumers understand the technology.
Mitigating the risk requires understanding RFID and how RF transmissions work. In the research, King and McDiarmid attempt to elicit user mental models of RFID technology by interviewing users of three existing implementations of consumer-focused RFID technology: RF-enabled credit
cards, transit passes, and the U.S. e-Passport.
The two explore user comprehension of RFID technology generally and these implementations specifically to gain an understanding of how end users conceptualize RFID and its risks. We found in this initial inquiry that our subjects generally lacked a mental model of how RFID functions, and in turn did not understand risks posed by RFID implementations or how to mitigate them.
