California poised to enact RFID law

California could soon become one of the first states to create comprehensive safeguards for personal information collected through the use of radio frequency identification ( RFID ) tagging in government-issued documents and identification cards.

The state legislature last month passed legislation, called the Identity Information Protection Act of 2006, to protect residents from RFID abuses. The law is expected to be signed or vetoed by Gov. Arnold Schwarzenegger by the end of the month.

State Sen. Joe Simitian, who sponsored the bill, said that governments must tread carefully in forcing such technologies onto the public.

“The question we have to ask and answer is, Do we really want state and local governments to issue documents that can broadcast our personal information without our knowledge or consent?” Simitian said.

He noted that the measure would prevent both government and criminal abuse of information stored on RFID tags.

California is one of a number of states attempting to establish protections around RFID usage — which many critics say has a huge potential for invading the privacy of citizens.

In June, Wisconsin enacted legislation that forbids placing an RFID chip on a person’s body without his consent.

Wisconsin state Rep. Marlin Scheider, who sponsored the bill, said he hopes the California bill becomes law to help it gain control of the technology before it becomes so pervasive that it is “impossible to control.”

The proposed California law requires that state and local governments protect data stored on RFID chips through measures such as encryption. The law forbids what is known as skimming — the reading of an RFID chip’s content without the holder’s knowledge.

Simitian filed an initial version of the bill in early 2005, and the effort followed what he called “a long torturous path” before its approval by the legislature.

Schwarzenegger is expected to make a decision on the bill on or around Sept. 30, according to a spokeswoman for the governor. As of late this week, he had no position on the legislation, the spokeswoman said.

The proposed law is backed by the American Civil Liberties Union of Southern California, which views the California legislation as a template for the rest of the country to use.

“There are some obvious privacy risks with the application of RFID technology, especially identity theft — one of the fastest growing crimes in the nation,” said Ramona Ripston, executive director of the ACLU of Southern California, in a statement.

Some industry groups are critical of the proposed law.

In a letter to Schwarzenegger, Richard Chace, executive director of the Alexandria, Va.-based Security Industry Association, which represents manufacturers, distributors and other companies in the computer security, biometrics and access-control industries, predicted that if signed, the law will lead to excessive litigation against government agencies.

It also could compromise security operations, since it mandates the public disclosure of the sites of all RFID readers, an association spokesman said.

The organization anticipates having to confront RFID legislation in other states as well. According to Chace, the group’s aim is to educate legislators rather than “gratuitously bash them on this issue.”

Related Download
Improving the State of Affairs With Analytics Sponsor: SAS
Improving the State of Affairs With Analytics
Download this case study-rich white paper to learn why data management and analytics are so crucial in the public sector, and how to put it to work in your organization.
Register Now