 |
THE WORLD'S RFID AUTHORITY
 PREMIUM = Requires Subscription. Learn More
Article Link: A Moratorium on Stupidity
details of California action
by DANIEL DOBKIN, posted 06/30/2006
I must admit I haven't seen the final version but the draft legislation (SB768) included features specifically designed to create the social presumption that individuals should have control over access to their personal information. Specifically, uses that are allowed must provide remediation in the form of encryption and/or mutual authentication, and access control must be present so that the user can control when the RFID information on the card is read. Access control can consist of a physical shield attached to the card, a switch to activate the RFID tag, or a bar code that has to be scanned before the card information can be accessed. Ideally this will create the presumption in the public that they should always have control over tagged information, and that presumption will then carry over to later use in required documents such as driver's licenses.
This is in strong contrast to the Federal RFID-enabled passport program, in which State Department personnel disseminated incorrect information about the read range of the devices used (claimed 10 cm vs. actual of several meters) and originally proposed a passport with all information unencrypted. Given such irresponsible behavior on the part of the Federal government, it is not unreasonable to seek a moratorium in which a consensus on the balance between privacy, security, and disclosure can be sought. [My thanks to Steven Colby for discussions on this issue.] Message threads
|
    |
|||||||||||||
