California Law Bans Forced Human RFID Tagging

E-Week.com covers the Governor's signing of SB 362 last week - Senator Simitian's subcutaneous implant bill. While a big victory for privacy advocates, the real test will be whether the Governor signs the Senators more ambitious RFID reform bills SB 28, 29, 30 and 31. Each of these were turned into two year bills, and could be heard in the Legislature as early as January 2008.

Renee Ferguson of E-Week writes:

It's illegal now for California employers to force anyone to have an RFID device implanted under his or her skin as a condition of receiving something—such as a paycheck or government benefits.

"RFID technology is not, in and of itself, the issue. RFID is a minor miracle, with all sorts of good uses," said Simitian, in Sacramento, Calif. "But we cannot and should not condone forced 'tagging' of humans. It's the ultimate invasion of privacy."

...

In the wake of the 2006 veto, Simitian took the next feasible step. He broke the Identity Information and Protection Act into smaller bits and shipped them off to the legislature as five separate bills. SB 362 is the first of those smaller bills to see the light of day, and it could have positive implications for the remaining four RFID bills trundling through California's legislative process.

"With the signing of SB 362, California has taken an important first step in crafting legislation to properly balance the potential benefits of RFID technology while safeguarding privacy and security," said Nicole Ozer, technology and civil liberties policy director at ACLU of Northern California, in San Francisco. "We are pleased that the governor has stood up for the privacy and security rights of Californians and not allowed these rights to be 'chipped' away by inappropriate uses of RFID technology."

...

SB 30—really the meat in Simitian's efforts—looks to mandate security and privacy provisions in RFID-chipped ID documentation required by state and local governments. The bill would do two things: require that people be informed when the technology is present and spell out what citizens can do to protect their privacy. The bill also imposes technological requirements that amount to password protection and, in cases where personal information—such as HIV-positive status or a telephone number—is present on the chip, encryption and mutual authentication technologies have to be utilized.

Read more from E-Week...