Very Disappointing News

Oct 04, 2006
By:
Nicole A. Ozer

Page Media

ACLU of Northern CA

Very disappointing news – despite strong support from up and down the state and across the aisle and thousands of letters sent by constituents, the Governor vetoed the RFID bill.

GOVERNOR VETOES RFID PRIVACY MEASURE; SIMITIAN CALLS VETO A "MISSED OPPORTUNITY," SAYS HE'LL REINTRODUCE LEGISLATION

Sacramento – State Senator Joe Simitian (D-Palo Alto) announced today that his Senate Bill 768, which would have made California the first state in the nation to require privacy and security protections for the use of radio frequency identification (RFID) or 'smart chip' technology in government-issued identification documents, was vetoed by Governor Schwarzenegger on Saturday.

RFID devices are tiny chips with miniature antennae that can be embedded in documents for tracking and identification purposes. Simitian's SB 768 addressed concerns that, using a reader that emits a radio signal, anyone can capture the identifying information stored in the chips.

Simitian immediately announced that he will reintroduce RFID privacy protection legislation in the next session of the Legislature. "Do we really want state and local governments requiring members of the public to carry identification documents that broadcast their personal information without their knowledge or consent?" he asked. "I think most Californians will be skeptical of such a notion, and understandably so."

Known as the Identity Information Protection Act of 2006, SB 768 would have done three things: First, it ensured that state identification documents such as driver's licenses or health benefit cards would include protective features that safeguard people's personal information. Second, it made it illegal to "skim" or read a person's government-issued identification without that person's knowledge. Third, it required the California Research Bureau to provide the Legislature with expert information to guide future policy decisions about the use of RFID technology in government-issued documents.

Simitian added that he was "both surprised and disappointed by the veto." He noted that, "The final version of the bill was the result of more than a year of negotiations with the RFID industry," and that, "Most industry representatives had dropped their opposition to the bill."

Simitian's effort to provide privacy protections in connection with RFID technology in government-issued documents received editorial support from seven of the state's largest newspapers last year, and the final version of the bill had support from a wide-ranging coalition of privacy advocates cutting across political and ideological lines. Among the bill's supporters: the American Civil Liberties Union, Gun Owners of California, Privacy Rights Clearinghouse, Citizens Against Government Waste, California State Parent Teacher Association (PTA), Republican Liberty Caucus, and the National Organization for Women (NOW).

Simitian called the veto a "missed opportunity to get out in front of the problem, and to put California in the forefront of privacy protection." Simitian said he was particularly taken aback at the suggestion in the Governor's veto message that his RFID legislation was "premature."

"This is a rapidly proliferating technology in terms of government identity documents," said Simitian. "It's already in use by Caltrans, on our UC campuses, and right here in the Capitol building. And the technology cropped up in at least one California school district a couple of years ago, setting off a firestorm of controversy."

At the national level, RFID use in U.S. passports has been the subject of considerable controversy; and, notes Simitian, "The pending implementation of the federal Real ID Act suggests that California driver's licenses may soon be on the list."

"I think the public wants us to anticipate and solve privacy problems before they occur, not wait until there's a national headline or a tragic incident," said Simitian. The notion that his measure was "premature" was "regrettably familiar," said Simitian. "That's what I heard a year ago when I introduced a bill to outlaw 'pretexting' and the purchase and sale of phone records, and five years ago when I proposed the legislation which now requires companies that have been hacked or lost our personal data to tell us, so we can protect ourselves."

"Would you allow a stranger to sift through your purse or wallet and take your driver's license? Would you publicly broadcast your personal information to anyone that passes by? Of course not," said Nicole Ozer, Technology & Civil Liberties Policy Director of the ACLU of Northern California. "That's exactly why the Governor should have signed SB 768 into law-to protect Californians from harm to their privacy, financial security, and personal safety."

"RFID technology is not in and of itself the issue. I think the technology itself is a minor miracle, with all sorts of good uses," said Simitian. "The issue is whether and under what circumstances the government should be allowed to compel its residents to carry technology that broadcasts their most personal information. This bill provided a thoughtful and rational policy framework for making those decisions."

To test just how easy it is for anyone to read an identification card with RFID from a few feet away, Simitian asked self-described security consultant Jonathan Westhues to "skim" the information from a State Senate or Assemblymember's identification card. With a homemade antenna and a laptop, Westhues was able to read the information, duplicate it in a split second; and then enter a secured "Legislators Only" area of the State Capitol.

Simitian said of the experiment, "If you can read a person's information, clone it, and then pass yourself off as him or her, imagine the potential harm people can do with this technology."

SB 768 was limited to the public sector issuance of government identity documents, and did not apply in any way to private sector use of RFID technology. Simitian introduced SB 768 after an elementary school in Sutter, California required its students to wear identification badges that contained RFID tags that broadcast the students'identification information. Parents successfully petitioned the school to remove the RFID tags.

For more information about the Identity Information Protection Act (SB 768), please click here.

Keeping Busy:

Lawsuit against AT&T and Verizon for disclosure of telephone call records to the NSA (click here)

Bringing the privacy and free speech issues related to municipal wireless to the attention of the Silicon Valley cities and San Francisco (click here for more information).

Trying to stop the nightmare of Real ID. See www.realnightmare.org for more information.

Spreading the real story that video surveillance cameras do not prevent or reduce crime, but just threaten privacy and free speech rights. (click here for more information)

About Town:

Companies Caught in the Middle: USF Law School Symposium

Saturday October 28

http://www.usfca.edu/lawreview/symposium.html

I will be speaking on the afternoon panel: Balancing Customer Privacy and Government Needs: Is the Current Legal Framework Adequate?

Unblinking Eye: New Perspectives on Visual Privacy in the 21st Century

November 3-4

Mark Schlosberg, Police Practices Policy Director, and I will be speaking about the proliferation of video surveillance in Northern California.