The article by Pierce Corden and David Hafemeister (Physics Today, April 2014, page 41) about nuclear proliferation and testing was interesting and useful. The authors appear to be overly optimistic, though, about the role of tags, seals, and radio-frequency identification (RFID) tags in verification. I have studied hundreds of tags and seals, including those used for nuclear applications, and I have seen no evidence that current tags and seals are useful beyond “security theater”—fake security for show. They cannot stand up to spoofing by resourceful hobbyists, much less by a nuclear state with substantial technical expertise and resources. Counterfeiting and tamper detection are largely unsolved problems, with remarkably little significant, innovative R&D under way.
Inexpensive kits available on the internet can help a person sniff, spoof, and counterfeit RFIDs, and RFID readers are typically easy to spoof remotely or by physically accessing them for a few seconds. Encryption doesn’t really address the problems with RFIDs, given the ease of counterfeiting, tampering, and transferring them from one object or container to another.
The International Atomic Energy Agency does no meaningful background checks on its employees and nuclear inspectors. That lapse increases the risk that insider attackers might defeat even effectively designed tags, seals, RFIDs, and surveillance hardware.
The field of nuclear safeguards and treaty monitoring has long been plagued by wishful thinking and deployment of hardware and software that lack adequate security. The article by Corden and Hafemeister is not helpful in addressing the problem.