Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

Washington State Governor Signs Anti-Skimming Law

The new law makes it a felony to scan an RFID tag belonging to another person without that individual's consent, and use that data for an illegal purpose. The bill's sponsor plans to introduce additional RFID legislation.
By Claire Swedberg
Mar 27, 2008Washington State Governor Christine Gregoire signed a bill into law Wednesday that will make "skimming"—the unauthorized reading of data stored on an RFID tag—for criminal purposes such as fraud, identity theft or stalking. The new legislation, which goes into effect July, 2008, is the first of its kind to be approved in the United States and makes violation of the law a Class C felony, with violators subject to five years in prison and a $10,000 fine. (The California state legislature is considering its own anti-skimming bill, SB 31, which would make it a crime to intentionally reading a person's RFID data without his or her knowledge or consent, regardless of intent, and would impose a sentence of up to one year of jail and a fine of $1,500.)

The law prohibits, for example, a thief from using an RFID interrogator to captured RFID data from chips in someone's home to learn about the home's occupants and what they may have purchased. Another illegal scenario would be use RFID technology to stalk someone by means of the RFID chip embedded in that individual's driver's license or passport.

The Washington State law is a scaled-down version of House Bill 1031 that would have also required that consumers "opt-in" to using RFID technology. In other words, retailers would be required to notify consumers and obtain signatures of approval to use RFID technology such as with a customer loyalty card that contains an RFID chip with an ID number that links to the consumer's information and spending habits. The bill approved by the House in February (see Washington State House Gives Nod to Privacy Bill) had included the following language: "If a governmental or business entity intends to collect, use, or retain the data associated with a person after a sales transaction or service has been completed, the governmental or business entity first must obtain express, opt-in consent from the person associated with the data.... In obtaining consent, the governmental or business entity shall unambiguously disclose that, by consenting, that person agrees to have the governmental or business entity collect, use, or retain data gathered from the identification device." The state's senate, however, had removed those provisions, as well as others, prior to passing the bill earlier this month.

State Rep. Jeff Morris (D-Mount Vernon), who sponsored the bill, says he is pleased with the newly approved anti-skimming law, but intends to introduce new legislation at the beginning of the next session, in January 2009, that would again address the opt-in measure and could make it a crime to use RFID for marketing purposes without alerting and gaining consent from consumers.

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations