Two RFID Regulation Bills Close in On Governor Schwarzenegger's Desk
CFC and a host of other privacy protection organizations have been working hard for two years now in support of Senator Joe Simitian's landmark RFID regulation bills - SB 28, SB 29, SB 30, and SB 31. In the end, it appears out of the four bills, two, in amended form, have a shot at winning approval in the legislature and being signed by the Governor, and two, for all intents and purposes, are dead.
The Bad News...
1. SB 28 - in its original form it would have prohibited the state government from using RFID in driver's licenses for a period of three years.
Bill Status: The bill was considered unequivocally "Dead on Arrival" - with no chance of earning the Governor's signature - and recently morphed into a completely different piece of legislation dealing with the prohibition of texting while driving a motor vehicle.
2. SB 30 - the gold standard for RFID reform legislation - would have created interim privacy safeguards for any existing RFID-enabled government ID's, such as those used by students in the state college system.
Bill Status: The Governor has promised a veto of the bill and it is unlikely that it will be brought up for a floor vote in the Assembly.
The Good News...
1. SB 29 - what began as a bill that would have imposed a three-year moratorium on the use of RFID technology in public school ID cards has unfortunately been substantially modified. In its current form, SB 29 will allow RFID for attendance/tracking purposes at school if parents give their expressed and informed consent. It does not contain requirements for encryption nor does it require school districts to tell parents how the technology works and what parents should do to prevent risk.
It goes without saying that these amendments are a disappointment for privacy advocates. CFC believes that proper encryption technologies are a critical component to any RFID regulatory efforts, and we are concerned that without these standards this bill could possibly stunt more aggressive action in other states - as California is looked to as a leader on privacy issues (among others). In defense of the legislation however, is that the bill in its original form very likely would have been vetoed by the Governor. At least in this case, parents' will have an opportunity to "opt-in" and give consent rather than RFID being thrust upon them with no choice in the matter.
In the end, CFC will support this less than perfect bill.
A statement from the ACLU, who also remained in support, but withrew their sponsorship read:
The notice and affirmative parental consent are integral first steps toward protecting students' privacy and security. And, they would ensure that parents have the opportunity to consent to the use of RFID chips on their children. However, we believe that it is critical for privacy and security that any RFID devices issued to students include basic substantive protections to ensure that personal information on RFID tags is not read at a distance by unauthorized individuals who could use such information to track or otherwise harm schoolchildren.
People – especially children – should be afforded the basic protections of (1) restricting the personal information in the RFID chip to a unique number, and (2) requiring that the device be fitted with a shield device to minimize unauthorized reading and misuse of the data.
Bill Status: SB 29 passed off the Assembly Floor, and is on its way back to the Senate Floor on Concurrence. The vote was 44 to 31 - a blow to the hordes of industry lobbyists working the gate and the halls in opposition.
2. SB 31 - would make it illegal to "skim" or surreptitiously read data from an RFID document without the knowledge and consent of the ID holder.
Bill Status: is awaiting amendments on the Assembly Floor. As this measure has the support of all sides now (including the formerly American Electronics Association who opposed the bill ) it has the best chance of being signed into law of all the RFID measures this year.
No comments:
Post a Comment