Skip to content

SB 768: Identity Information Protection Act (2005)

Summary

(Note: The bill was vetoed by the Governor.)

SB 682 (2005) would have prohibited any person or entity from intentionally reading a person’s government-issued identification document (ID) remotely using radio waves without the knowledge of that person.  It includes strong criminal penalties for anybody who violates this statute.

SB 682 would have required a governmental entity that issues IDs that can be read remotely using radio waves to provide the following basic security protections for the holders of those IDs:

  1. Limiting the remote transmission of any personal information other than a unique identifier number.
  2. Robust encryption to protect against the unauthorized reading of transmitted information.
  3. Mutual authentication to ensure as best as possible that only those who are supposed to have access to the data stored on the ID can read it.
  4. An additional security feature to ensure that the ID cannot be read unless the ID’s holder specifically authorizes that reading.
  5. Written notification:
    1. That the ID can communicate information using radio waves.
    2. That the use of shield devices can help mitigate the privacy and security risks associated with the ID.
    3. Of the location of readers intended to be used to read the ID.
    4. Of the information that is being collected or stored regarding the individual in a database in conjunction with the ID.

SB 682 recognized that there are cases in which IDs do not need to meet the above five security standards and would have exempted the corrections system, emergency first responders, ID bracelets used in medical facilities or for emergencies, door/garage access cards, and automatic toll-bridge collection systems from having to meet most or all of those security standards.  SB 682 also would have exempted all systems currently in use by state, county, or municipal governments from the provisions of the bill.

Because of the unique security and privacy problems associated with mass-distributed government IDs and the existence of more secure, equally cost-effective alternatives, SB 682 would have limited drivers’ licenses, K-12 student ID cards, government health and benefit cards, and public library cards from communicating personal information via radio waves for three years from the date the bill was enacted.

Final Status and Text

SB 768 is no longer active. Its final status was:
Vetoed by the Governor

You can read its final text on the Legislature's Bill Information site.

News & Press Releases about SB 768

04/14/2011 - Simitian's Consumer Privacy Protection Bill Passed By Senate

08/16/2007 - Consumer Rights Group Rates Simitian 100%

10/01/2006 - Governor Vetoes RFID Privacy Measure; Simitian Calls Veto a "Missed Opportunity"

02/09/2005 - SB 768: RFID Protections for Government IDs