Stop Big Brother’s Invasion of our Privacy

by Zack Kaldveer, Consumer Federation of California

Tiny computer chips called Radio Frequency Identification (RFID) tags that
transmit information about us can be embedded in driver’s licenses,
student ID’s and other government issued cards without our knowledge.
These chips allow government agencies to track our whereabouts, are
susceptible to a hacker with an RFID scanner, and expose us to the
threat of privacy violations, identity theft, property theft, and
stalking. Even protected RFID systems have been hacked, some in a
matter of minutes.

These threats to our privacy and safety are real. Consider:

‘ A California school district embedded RFIDs in student IDs without
the parents’ knowledge, and only stopped after an outcry about the
potential for hacking by a child abductor.

‘ A Dutch prototype for an RFID embedded in a passport was hacked in
two hours by a local TV station. Hackers could access fingerprint,
photograph, and other data on the RFID tag, perfect for creating a
cloned passport.

‘ Successful hacks of the Exxon Mobile key fob, the VeriChip
human RFID implant, the California State Capitol building access
system, and the new RFID passports show how easy it is to skim and
clone poorly protected RFID devices and compromise RFID-dependent
security systems.

Watch Kurtis Ming of Sacramento’s CBS Channnel 13 expose the RFID threat.

Privacy is an inalienable right under the California Constitution yet
our state lacks even minimum safeguards for RFID-enabled,
government-issued IDs. Neither existing statute nor current practice
requires protections against the threats posed by the inclusion of RFID
in government-issued IDs.

According to Senator Joe Simitian, independent sources agree
RFID should be used judiciously, if at all, in government-issued human
identification documents. Government studies of RFID indicate
significant problems with reliability. In tests of the US-VISIT program
at the border, researchers found the RFID system correctly identified
vehicles 14 percent of the time at one check-point and only 4 percent
at another.

It’s simply not right for government to compel its citizens to
carry RFID-enabled identification documents that compromise personal
security and public safety. Yet, as it now stands, government can do
just that.

Senator Simitian has introduced four bills (SB 28, SB 29, SB 30, and SB 31)
that would curb and control the use of RFID in government-issued, human
identification documents, and prevent government from forcing citizens
to carry unprotected RFID-enabled devices. SB 28 and 29 would impose a
three-year moratorium on the use of the technology in California
driver’s licenses and in public school ID cards. SB 30 would create
interim privacy safeguards for any existing RFID-enabled government
IDs, and SB 31 would make it a crime to surreptitiously read data from
an RFID document without the knowledge and consent of the ID holder.

Last year, Governor Schwarzenegger vetoed legislation that would
have controlled the use of RFID’s in drivers’ licenses and other
government ID cards. However, the governor’s veto did not stop our
campaign, or Senator Simitian’s efforts, to protect your privacy.
Ultimately, we will win when enough Californians speak out against this
unwarranted intrusion into our lives.

UPDATE: SB 28, 29, 30 have all passed the Senate
are now under consideration in the Assembly. SB 28 just passed the
Assembly Transportation Committee on July 3rd and is now headed to the
Assembly floor. SB 29 is currently under consideration in the Education
Committee (July 11th vote). SB 30 has passed the Assembly Judiciary
Committee and will be heard by the Assembly Appropriations Committee on
July 11th. SB 31 remains stuck in the Senate Public Safety Committee
until January with other bills that could contribute to prison

These bills do not affect RFIDs in use in the criminal justice system,
for entry into secure government buildings and in other limited cases
where they make sense.

CFC also supports AB 388 (Corbett), which would require businesses to
inform consumers of any radio frequency identification tags containing
the recipient’s personal information that are embedded in credit cards
or other documents.

There are some legitimate uses for RFIDs, but without strict
laws curtailing how and when they are used, our privacy is in jeopardy.
None of the bills outlined affect RFIDs in use in the criminal justice
system, for entry into secure government buildings and in other limited
cases where they make sense.

The issue before Californians is whether the government should be
allowed to compel its residents to carry technology that broadcasts our
most personal information?

Senator Simitian sums up the issue thusly, "Do you really want to issue
millions of government ID documents before we determine whether the
proper privacy protections are in place to guard against an identity
thief skimming information from your driver’s license or the government
tracking your attendance at an antiwar rally or a gun show?"

The answer of course, is NO!

Other RFID related bills that recently passed the Senate and are
currently making their way through the Assembly that CFC has endorsed
are SB 362 (D-Simitian), which would prohibit forced implantation of
subdermal (RFID)-enabled devices in people and SB 388 (D-Corbett),
which would require any private entity that issues a card or other item
containing a RFID tag to inform the recipient of this fact.

CFC strongly believes that any RFID technology must be strictly regulated to safeguard our privacy and our liberty.