RFID Bills Pass Assembly Judiciary Committee Today

The California Assembly Judiciary Committee passed five important RFID bills today, including the Identity Information Protection Act (SB 30), which ensures that no RFID tags will be embedded into state-issued IDs, without privacy and security protections.

The San Jose Mercury News published a story about the bills on the front page today.

You wouldn't post your social security number on the Internet. You wouldn't tell a passerby on the street your name, address, and driver's license number. You know it's important to keep your personal information safe in order to protect your privacy, personal safety, and financial security

But if tiny computer chips called Radio Frequency Identification (RFID) tags are included in California ID's like drivers' licenses, student ID's, or medical and benefit cards without safeguards for your privacy and security, the choice to protect your personal information won't be yours to make.

When an RFID reader, some as small as a cell phone, emits a radio signal, the RFID tags in the vicinity respond by broadcasting their stored information- a name, address, social security number- anything that has been programmed into the tag.

This technology can be helpful when you know what reader is asking for your private information and for what purpose, like using an RFID-embedded access card to get into your office or automatically pay a bridge toll.

But, it's not good when insecure RFID technology is being used in the government identification documents that we all carry everyday and we don't know who, when or why our personal information is being read. As we are walking down the street? At a political rally? Visiting a doctor's office?

Click here for more information about RFID technology and the California legislation.

You can also read more about the issue in my upcoming article in the Stanford Law and Technology Review here.