Sep 22, 2006This article was originally published by RFID Update.
September 22, 2006—California Senate Bill 768 (SB 768), which would put new restrictions on RFID cards and documents issued by California government bodies, may not be good legislation, but it represents a good compromise, according to several industry associations who were involved in the legislative process. The original version of State Senator Joe Simitian's Identity Information Protection Act called for an outright ban on RFID cards and documents. A strong industry response led by the AeA (formerly American Electronics Association) won hard-fought concessions.
"The final version is a good middle ground for all of us," AeA Senior Vice President for California Public and Legislative Affairs Roxanne Gould told RFID Update. "It provides protections without demonizing the technology. It's probably the best we can get out of the legislative process."
California Governor Arnold Schwarzenegger has until September 29, 2006 -- a week from today -- to sign the bill into law. Gould, who has worked with California lawmakers for more than two years as the bill has worked through the legislative process, said the governor's office has given no indication whether SB 768 will be signed or rejected.
The proposed law would apply only to state and local California government bodies, including transit authorities, but not the private sector.
AIM Global and the Secure ID Coalition joined the AeA in advising the California legislature about RFID technology and policy implications, and succeeded in having some of the most restrictive requirements excluded from the final bill. Some specific forms of data protection and other security measures were removed, creating more flexibility for RFID implementations.
"We've seen a lot of innovation and a lot of positive developments with RFID tags and security, even in just the last six months," AIM Global President Dan Mullen told RFID Update. "More legislation could limit technology or stifle innovation." As an example of continuing innovation, Mullen cited a new security feature developed for the US e-passport program that only allows the RFID chip to be read immediately after the passport is scanned by an OCR machine.
"We didn't want the state law that mandates specific protection or locks in on a single technology," said Gould. "That would be like requiring people to use 8-track after the world evolves to MP3."
For years, slow RFID adoption despite its many benefits led industry observers to call RFID "a solution looking for a problem." The same can now be said about legislation and other proposed "solutions" to undocumented RFID security problems. RFID industry sources involved in the California legislative process question whether a separate RFID security law is necessary, since other laws already cover identity and data theft.
"There are already many laws to protect privacy," said Mullen. "Why is RFID suddenly so different?"
Tres Wiley, a founding member of the Secure ID Coalition and director of e-documents at Texas Instruments, told RFID Update the proposed legislation "has teeth and probably is going to impact some people," but does not appear likely to hinder RFID adoption.
Wiley said the Secure ID Coalition is not aware of pending RFID legislation in other states, but several may take up the issue in their next legislative sessions, and the California bill would likely serve as a model.
Ignorance of what exactly RFID is, what data RFID tags carry and how it is protected, and confusion between RFID and wireless LAN technology, which has suffered many high-profile security problems, may create confusion and momentum for additional legislation. The AeA, AIM and Secure ID Coalition say more education and advocacy will be required to help RFID gain acceptance.
"In this day and age, it can be very easy to give a sound bite and completely persuade someone about a security danger," said Gould. "It can be very difficult to break through the sound bite and get through to actually inform and educate people."
See the complete California Senate Bill 768
