California Set to Ban RFID IDs
AIM Global | May 24, 2005
The California State Senate recently passed SB 862 prohibiting the use of RFID in any state-issued "document" (including driver's licenses, ID cards, student ID cards, health insurance or benefits cards, professional licenses and library cards). The bill was supported by a number of prominent privacy and civil liberties groups including the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF).
The bill, introduced by Democratic State Senator Joe Simitian, was partly in response to the poorly-conceived RFID-enabled student ID cards issues in Sutter, California earlier this year. These cards not only contained an RFID transponder but had the student's name and picture on it.
It was, according to many reports, the clearly-visible name and picture that caused parents to object. RFID was a secondary issue. School districts in other parts of the country have issued RFID-enabled school ID badges that did not have the student's photo without generating any controversy. [For more information on the school ID, see "Implementation: Stop, Think, Act" in the February 2005 "RFID Connections".]
The bill is designed to address public concerns over the possibility that information could be "skimmed" (read covertly) from RFID transponders used in ID cards. Much of this concern is based on the initial proposal for the use of unencrypted transponders in U.S. passports, a proposal that met with wide-spread criticism both from within and outside the RFID community and has been withdrawn pending further review.
The California bill does make exceptions in the use of RFID IDs for state employees (to access secured areas), prisoner IDs and infants in hospitals. There is no mention of whether the bill applies to toll tags which are issued by a state agency.
It is interesting to note that RFID-enabled ID cards are deemed secure enough to be used by state employees to access "secured areas" but not secure enough to be used for general access control, driver's licenses or other uses.
The bill also includes a provision to make "skimming" a criminal offense.
California has been on the forefront of attempts to legislate restrictions on the use of RFID although other states, including Maryland, Missouri, Nevada, South Dakota, Utah and Virginia, have also considered regulating RFID.
A similar bill introduced in California last year that would have regulated the commercial use of RFID was killed after facing opposition from a number of business groups.
While SR 862 appears to have support in the California Assembly, California residents who feel this law is ill-conceived should write their state senators and representatives opposing it.