Wednesday, October 1, 2008

Governor Signs SB 31 - A Modest RFID Regulatory Law

I'm not going to lie, I'm still a bit steamed the Governor vetoed SB 29...something about not giving parents control over whether their children should or shouldn't be "chipped" with an RFID tag grinds me the wrong way. I mean really, parents, not schools, should decide whether children must carry a tracking devise. Mechanical devices might be useful for tracking cattle. When it comes to our children they are no substitute for teacher and school staff responsibility.

Some good news to report however. The Governor did sign SB 31. which will make it unlawful to skim information from an RFID without the consent of the ID holder. The prohibition does not apply to law enforcement applications such as in prisons, or in valid health emergency situations.

Thankfully, the Governor Schwarzenegger at least signed this basic, common sense bill, and set what could become an important precedent for privacy protection.

For a review of the "RFID issue", let's remember, using an RFID to trigger an alarm if someone tries to shoplift clothing is pretty benign, but what about when this technology is used to track the daily movements of law abiding citizens?

Let's remember just a few recent examples:

A California school district embedded RFIDs in student IDs without the parents' knowledge, claiming it would ensure that students were accounted for, but the district failed to consider the potential for hacking by a child abductor.

FasTrak transponders make it quicker to cross Bay Area bridges, but the Metropolitan Transportation Commission has released information in messy divorce cases that was used to document when wayward spouses were traveling to places they claimed they weren’t.

The US and other countries embed RFIDs in passports. In the Netherlands, it took a local TV station only two hours to figure out how to hack a prototype RFID in a Dutch passport. Hackers could access fingerprint, photograph, and other data on the RFID tag, perfect for creating a cloned passport.

Hacking is one problem, but the threat to our privacy doesn’t stop there. RFIDs can play a useful role in protecting entry and exit from secure locations such as police stations or prisons, but do we really want government snooping into our whereabouts when it’s none of their business?

A few weeks ago New York became the first state to comply with a federal program to embed RFIDs in drivers’ licenses. California has held off – for now. But with federal highway funds threatened, it may be only a matter of time before we’re all beaming our personal information, signatures and photographs every time we’re behind the wheel.

As I recently mentioned, organizations across the political spectrum ranging from the ACLU to the Liberty Coalition support common sense regulation of RFID. High tech RFID manufacturers have successfully derailed similar legislation by Senator Simitian in the past, and they have done so again in the case of SB 29.

We know this much, we've made progress in the past couple of years, both banning the subcutaneous implanting of RFID chips by an employer and now the skimming of personal information from one person of another without consent. We also know there is much more to do, and that big business will continue to fight any effort to allow California residents to control the use of RFIDs in government-issued documents.

No comments: