The RFID technology used in the DHS pilot featured long-range radio frequency technology, which is considered by experts to be the most dangerous because the RFID signals can be intercepted from as far away as 30 feet. The HID proximity cards are so-called "passive" RFID technology, which transmit credential data only when stimulated by a reader device, and which are readable only within a range of a few inches.

Jim Harper, director of information policy studies at the Cato Institute, a public policy think-tank based in Washington, helped author a DHS report that reviewed security and privacy issues related to the use of RFID within the U.S. VISIT program.

The HID-IOActive imbroglio serves as yet another example of how commonly-used RFID technologies aren't ready for application in the government and elsewhere, he said.

"I don't think the government should try to lead the way on RFID; we should let the technologies mature further and iron-out the security risks first," Harper said. "Up to this point, the government has been a leading adopter, and all that has done is put U.S. citizens into the role of guinea pig."

On the flip side, RFID proponents maintain that lawmakers must be prudent in drafting any limitations they place on the use of the technology so as to not limit potentially beneficial innovation.

Randy Vanderhoof, executive director of the Smart Card Alliance, a 160-member nonprofit group that promotes the use of RFID in cutting-edge identification systems, said that legislators are correct to demand that security and privacy concerns surrounding use of the tools be addressed, but he observed that some of the bills that have been proposed are far too vague and all-inclusive.

"The intention is right in terms of protecting citizens' privacy, but legislation that seeks to outlaw technologies without further defining their use is the wrong approach," Vanderhoof said. "One of the things that people in smart card industry have told me in reading this legislative language is that it is really broad and subject to interpretation and that the technical nuances between various forms of RF-enabled technologies are not taken into consideration."

Despite the bad press being given to RFID by incidents such as the HID-IOActive squabble, the expert believes that common sense will win out and U.S. lawmakers will create regulations that allow for use of more secure applications of the technology in the government setting.

"Our interest is to try to get people to become more specific about their language. When they say it's insecure to use long read-range RFID for an access card, they're probably right," said Vanderhoof. "We would like to see legislators putting meat into laws that will make it costly for people to try to exploit weaker forms of these technologies to commit fraud; we think it's smarter to use legislation as a deterrent rather than to restrict the use of technologies, many of which have proven very cost effective and productive."

This story was corrected on March 2, 2007.