Washington Gov. Chris Gregoir this week signed a bill making it a Class C felony to use RFID technology to spy on someone. The bill was signed about a week after the Washington State Senate unanimously passed Bill 1031, which makes it a crime to intentionally scan people's identification remotely without their knowledge and consent, for the purpose of fraud, identity theft, or some other illegal purpose. The bill specifically cites RFID and facial recognition technology.
Violators face a prison sentence of up to 10 years. In addition, if the illegally gathered data is used in a separate crime, up to 10 years could be added to whatever sentence they receive for the second crime.
"Our intent was to put some basic rules of the road in place," said State Rep. Jeff Morris. "As the technology is being deployed, it needs to be done in a way that the public won't sense there's a huge violation to their privacy rights. My fear is that state legislatures are good at being reactionary when something atrocious happens. We wanted to be ahead of this one."
Morris, who sponsored the bill, noted that Washington state began using so-called Enhanced Driver Licenses this winter. The new licenses use RFID tags and can be used at the Canadian border crossing instead of a passport. In light of these new ID cards and the growing number of RFID-based customer loyalty cards and company ID cards, Morris said it was time for a law that protects people's privacy.
The law, which goes into in July, focuses on skimming or lifting information from RFID tags without the knowledge of the owner. A person, for instance, could sit in a crowded outdoor cafe and surreptitiously use an RFID reader to pick up information from any number of RFID-based cards in the area.
"If I take an RFID card from work or the grocery store, I should know that it's protected, and someone else can't read that card to get my identity, steal from me or stalk me," said Morris. "What I found out is when people are made aware of the technology, they get very concerned about the implications it will have on their own security -- not knowing when people are looking over their shoulder."
Morris said the bill that was passed this week is a watered-down version of what he started with. Now that this law is in place, he said he wants to focus on companies putting RFID tags in customer loyalty cards or other forms of customer identification without the person's knowledge.
Related content:
Enhanced drivers' licences create furore in Canada and U.S.
Opinion: RFID technology in health care - it's not the end of privacy, it's the beginning
U.S. borders axe RFID security