SACRAMENTO - The first bill in the country to require privacy and security protections for the use of Radio Frequency Identification (RFID) tags in state government-issued ID's passed last night in the Senate with a strong bipartisan vote of 30-7 and is now heading for the Governor's desk. The bill passed out of the Assembly with a bi-partisan vote of 49-26 on August 21.
The Identity Information Protection Act (SB 768) is authored by Senator Joe Simitian (D-Palo Alto). The bill ensures that state-issued identification, such as a driver's license, will have adequate privacy and security protections. The bill also guarantees that Californians will be able to decide who and when others can access their personal information.
"RFID technology is not in and of itself the issue. The issue is whether and under what circumstances the government should be allowed to compel its residents to carry technology that broadcasts their most personal information," said Senator Simitian. "This bill provides a thoughtful and rational policy framework for making those decisions. I hope the Governor agrees."
Since the introduction of SB 768, the legislation has become even more salient as the vulnerabilities of RFID technology have become more public and the potential use of RFID technology in identification documents has become more widespread. In the past year, the security on the RFID-embedded Dutch e-passport and the VeriChip- the RFID chip approved for implantation in humans- were both breached and the U.S. Government Accountability Office released a report detailing privacy and security concerns with the use of RFID technology.
The California bill has drawn national attention following the federal government's decision to embed RFID tags in new U.S. passports. The bill is a model for other states considering the use of RFID tags because it provides safeguards and guidelines on how to protect the privacy rights of individuals.
RFID tags are tiny computer chips that can be embedded in public documents. The danger is that anyone with an RFID scanner can read the personal data stored on the chips. The chips do not alert the person that his or her personal information is being transmitted. The unknown disclosure of that information can put a person at risk of tracking, stalking and identity theft. Last year, more than 39,000 Californians were victims of identity theft and these devices would make that crime even easier to commit.
"There are some obvious privacy risks with the application of RFID technology, especially identity theft - one of the fastest growing crimes in the nation," said Ramona Ripston, executive director of the ACLU/SC. "That is exactly why the Governor must sign SB 768 into law - to protect Californians from harm to their privacy, financial security and personal safety."