Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

California RFID Bill One Step Away from Law

The RFID Law Blog has published an article on the latest development in the California legislation concerning RFID technology. Last Thursday, the California Senate approved the bill in question by a wide margin of 30 to seven. There is now one remaining step for it to become law: the governor must sign it.
Tags: Privacy
Sep 07, 2006This article was originally published by RFID Update.

September 7, 2006—The RFID Law Blog has published an article on the latest development in the California legislation concerning RFID technology. Last Thursday, the California Senate approved the bill in question by a wide margin of 30 to seven. There is now one remaining step for it to become law: Governor Arnold Schwarzenegger must sign it.

The bill is sponsored by Senator Joe Simitian and calls for a number of regulations that would tighten the security and privacy-protection of RFID applications in California's public sector. Among the regulations noted in the article:
  • Public entities must notify contactless (RFID) cardholders that their cards could expose them to identity theft.
  • Public entities must provide cardholders with a list of every RFID reader, including locations and exactly what information is collected.
  • Public entitles must maintain a website that cardholders can access to download a list of RFID reader locations.
  • Cardholders who suffer data theft due to hacking of their RFID cards will be allowed to seek restitution against the government agency that installed the RFID system for which the card was used.
  • RFID card systems must include one of the following opt-out capabilities:
    • Cards must have a physical switch the cardholder can flip to block wireless transmissions.
    • Systems must offer manual key punches at RFID access chokepoints so that cardholders can enter their access codes physically instead of using the wireless system.
    • A guard must be stationed at such locations to offer human, visual inspection of the cards.
The bill also advises a study on RFID risks and best practices to counter them.

The RFID Law Blog comes out quite strongly against the proposed legislation. First, it considers the bill a solution in search of a problem, noting that the theft of personal data from RFID cards is not a widely reported problem (unlike the theft of such data from hacked online databases, for example).

Second, the bill would probably stunt the adoption of contactless systems, as affected public institutions consider other technologies that are less regulated. "Do you think a library or public utility is going to pay someone to stand at each entrance to look at ID cards as employees enter, so they don't have to risk having a hacker nearby with a high-powered scanner stealing their information during the 2 seconds that their ID card is waved in front of the door reader? It's kind of silly. Instead of making RFID safer to use, the more likely scenario is that different solutions will get a second look - to avoid the cost and risk of deploying an RFID system."

Third, while the existing legislation only addresses public institutions, it could likely have a spillover effect on private ones. The legislation would essentially stigmatize RFID as a risky technology, making the private sector more wary of deploying it.

The article notes that despite these issues, many of the industry stakeholders are actually not opposed to the bill (with the exception of the Security Industry Association). The reason is probably because in its current form the bill is a marked improvement over the original version, which would have imposed a sweeping three-year ban on certain applications of RFID systems in the public sector. However, this logic is not necessarily appropriate, argues the article. "Just because the legislation is 'less bad', it doesn't mean that it is 'good'. The IT and RFID industry in general have given Governor Schwarzenegger very little justification for vetoing legislation that passed by significant margins, when most are not even opposing the legislation themselves." Without more push-back from heretofore quiet stakeholders, it is likely the bill will pass. "The only hope is that companies who have not been at the negotiating table speak up about why the legislation would make us less safe, rather than safer. Or customers who use RFID systems speak up about the impact this legislation might have on them."

Read the entire article from RFID Law Blog
  • Previous Page
  • 1
  • Next Page

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

PREMIUM CONTENT
Case Studies Features Best Practices How-Tos
RFID JOURNAL EVENTS
Live Events Virtual Events Webinars
ASK THE EXPERTS
Simply enter a question for our experts.
TAKE THE POLL
JOIN THE CONVERSATION ON TWITTER
Loading
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations
© Copyright 2002-2016 RFID Journal LLC.
Powered By: Haycco