Calif. Bill Seeks to Ban Tags in IDs

California's Identity Information Protection Act would prohibit the use of contactless integrated circuits in government-issued identification documents.
Published: May 2, 2005

The California state senate judiciary committee has approved a bill that if passed into law would prohibit California state-, county- or municipality-issued identification cards from containing a contactless integrated circuit, such as an RFID inlay, that could, as the bill states, “broadcast personal information or enable personal information to be scanned remotely.” Such cards would include driver’s licenses, state employee ID cards, library cards issued by any public library, and ID cards issued by a public school or university.

While California and other states have introduced legislation (none of which has been voted into law) to control the use of radio frequency identification in commercial applications in order to protect consumer privacy, the lawmakers say this is the first bill that addresses the use of RFID within a body of government.


Sen. Simitian

On Tuesday, Mar. 26, the California state senate’s judiciary committee voted 6 to 1 to pass the Identity Information Protection Act of 2005. California State Senator Joe Simitian (D-Palo Alto) introduced the bill, for which he received strong support from the American Civil Liberties Union and the Electronic Frontier Foundation. The bill is now on its way to the state senate’s appropriations committee, which is expected to approve the bill and send it on to the full senate by late May or early June.

Simitian says the bill is intended to address the privacy, personal safety and financial security of individuals. Controversy over the use of RFID in school ID cards at a Sacramento-area elementary school this winter (see RFID Takes Attendance-and Heat) spurred the bill.

The bill excludes a number of existing applications of RFID, including the use of RFID transponders for automated bridge toll payments and for the identification of prison inmates, patients in mental institutions and children in hospitals operated by the state or by a county or municipal government. It calls for the elimination of existing uses of RFID (such as for access cards) in state, county or municipal government buildings in California, by the year 2011.

It does, however, allow for government agencies to petition for the use of contactless integrated circuits in identification documents if those agencies can prove a compelling state interest for doing so and show that there is “no means less intrusive to the individual’s privacy and security that would achieve that compelling state interest.”

“The starting point of the bill is not about technological parameters, which I think are likely to change anyway,” says Simitian, referring to the various read ranges of RFID devices and the form factors in which tags and readers are available. “The starting point is, ‘Let’s keep private information private; let’s make sure that government is part of the solution and not part of the problem, at the state and local level.’ We’re not going to put this technology into identification documents unless there really is some compelling state interest and other technology simply won’t work.”

“RFID has come under increased scrutiny over the past few years. When it got to the point where it was being talked about at a local elementary school district all the way to the U.S. Department of State, it seemed to me it was time to take a step back and try to provide some thoughtful, rational policy basis for the decision-making that will be necessary in the coming years, about the appropriate use of RFID,” he says, alluding to the State Department’s plan to begin issuing U.S. passports with embedded RFID tags later this year (see U.S. Tests E-Passports). The passport’s tag would be used by the government and customs agents to call up personal information, including biometric data, on the passport holder.

The senator adds that while he believes there are legitimate privacy concerns over the uses of RFID in commercial applications, “there is a qualitative difference in implication in the use of RFID in government documents.”

The bill also states that any person reading or attempting to read an identification document without the holder’s permission may be punished, upon conviction, by imprisonment in a county jail for up to one year.