CFC’s RFID FACT SHEET
that transmit information about us without our knowledge. They can be
embedded in driver’s licenses, student ID’s, government issued cards,
and other items.
Why should Californians be concerned? RFID chips allow
businesses and government agencies to track our whereabouts, are
susceptible to a hacker with an RFID scanner, and expose us to the
threat of privacy violations, identity theft, property theft, and
stalking. Even protected RFID systems have been hacked, some in a
matter of minutes.
RFID, the California Constitution, and Big Brother:
‘ Article 1 of the California Constitution notes that
citizens of the state have an inalienable right to
‘safety’happiness’and privacy.’ Under this provision, California courts
must only determine whether a person had an expectation of privacy and,
if so, whether it was breached.
‘ A May 2005 GAO report warned that RFID’s can
be used for ‘tracking an individual’s movements, profiling an
individual’s habits’and allowing for secondary uses of information.’
‘ Such risks are serious enough when they are associated with private
sector products, over which consumers have some control. They are far
more significant when incorporated in government-issued identity
documents that citizens are compelled to carry. Unlike Fastrak, which
also uses RFID technology, citizens don’t have a choice over the
technology in their driver’s license, student ID cards, or US
Passports. Nor do they generally have a meaningful choice to not carry
these documents.
RFID and Identity Theft:
‘ RFID in its most basic form is totally unsecured and
would immediately increase the threat of identity theft. Anyone with a
couple of hundred bucks for a chip reader and some tech savvy could
obtain the name, address, social security number and other information
about passerby on the street without their knowledge or consent.
RFID Breaches and Abuses Have Already Occurred:
‘ A California school district embedded RFIDs in student IDs without
the parents’ knowledge, and only stopped after an outcry about the
potential for hacking by a child abductor.
‘ A Dutch prototype for an RFID embedded in a passport was hacked in
two hours by a local TV station. Hackers could access fingerprint,
photograph, and other data on the RFID tag, perfect for creating a
cloned passport.
‘ Successful hacks of the Exxon Mobile key fob, the VeriChip human RFID
implant, the California State Capitol building access system, and the
new RFID passports show how easy it is to skim and clone poorly
protected RFID devices and compromise RFID-dependent security systems.
‘ The Metropolitan Transportation Commission, which oversees the Bay
Area’s toll system, was found to have been releasing information to
divorce lawyers regarding the location and times when cars using
FasTrak transponders crossed the region’s bridges.
Common Sense RFID Protection Bills in the State Legislature:
‘
State Sen. Joe Simitian has resubmitted his landmark RFID legislation
from 2006 ‘ this time in five separate bills. Currently, the bills are
working their way through various legislative committees along with
another important RFID bill addressing private sector abuses authored
by Senator Ellen Corbett.
‘ SB 28 and 29 would impose a three-year moratorium on the use of the technology in California driver’s licenses and in public school ID cards. SB 30 would create interim privacy safeguards for any existing RFID-enabled government IDs, such as those used by students in the state college system.
SB 31 would make it a crime to ‘skim,’ or
surreptitiously read, data from an RFID document without the knowledge
and consent of the ID holder. SB 362 would prohibit any person from
forcing any other person to undergo an RFID implant in their body or
any other device that transmits their personal information. Finally, SB 388 (Corbett) would require companies to inform customers of
any radio frequency identification tags containing the recipient’s
personal information that are embedded in credit cards or other
documents.
Chip Manufacturers Claims are Unsupported by the Facts:
‘ Consumers should always be skeptical of ‘the sky is falling’ claims
from industry or government – particularly when their profits and power
stand to expand. The solutions authored by Senator’s Simitian and
Corbett are reasonable and restrained approaches that balance the
beneficial uses of the technology with the need for common sense
privacy protections.
‘ In fact, these measures preserve the commonly accepted uses of the
technology, including: in the criminal justice system; for entry into
secure government buildings; tracking of pharmaceuticals from the point
of manufacture to the point of dispensing; tracking manufactured goods
from the point of manufacture to the location where they will be
shelved for sale; and detection of items containing toxic substances
when they are delivered to a landfill.
‘ Chip manufacturers would do better to work with legislators – thereby
assuring the future viability of RFID technology and enhance consumer
confidence in it as well.
Conclusions:
‘Looking before you leap’ when determining how to utilize a
technology that poses such a clear threat to our personal privacy isn’t
about demonizing technological advancement – it’s about using it
judiciously, prudently, and in a way that respects the rights of
California citizens.
Would you want a stranger to sift through your purse or wallet and
take your driver’s license? Would you want your personal information
broadcast to anyone who walks by? Or worse, do we really want to issue
millions of government ID documents before we determine whether the
proper privacy protections are in place to guard against an identity
thief skimming information from your driver’s license or the government
tracking your whereabouts?
California has an opportunity to lead the nation and set some basic standards
before a major security breach occurs. Governor Schwarzenegger voiced
concern for identity protection when he first ran in the 2003 recall
election and even championed tougher security requirements for driver’s
licenses. Yet after intense pressure from chip manufacturers he vetoed
SB 768 – Senator Simitian’s RFID privacy protection bill.
The Governor and the State Legislature must reaffirm their commitment to the protection of our privacy and the California Constitution by supporting SB 28, 29, 30, 31, 362, and 388.