Skip to content

SB 29: RFID in Schools - Parental Choice (2007)

Summary

Although the technology has been around since World War II, state and local governments have recently begun incorporating Radio Frequency Identification (RFID) devices into identification documents such as student IDs and passports.  Citizens are compelled to carry these RFID-enabled devices, which broadcast personal information and often lack meaningful privacy and security protections.  As a result, government is forcing citizens to carry devices that compromise their safety. 

SB 29 responds to this problem by putting parents in the driver’s seat when it comes to the RFID-enabled devices that schools issue to their kids.  To this end, SB 29 would do two things: 

  • Notice—First, SB 29 would require schools that voluntarily choose to issue RFID-enabled devices to kids—such as an ID or building access card—to tell parents how the technology used in the device works, what the privacy and security risks are, and what the school has done to make sure the devices it’s using are compliant with student privacy laws. 
  • Consent—Second, SB 29 would require the affirmative consent of a parent before a school could compel a student to carry an RFID-enabled device that is designed to track that student’s physical location, or record his or her attendance at school.

After this bill passed the Legislature, Senator Simitian sent a letter to the Governor urging his signature on this bill.

For more information, you can read the SB 29 "Fact Sheet" prepared by a member of Senator Simitian's staff.

Final Status and Text

SB 29 is no longer active. Its final status was:
Vetoed by the Governor

You can read its final text on the Legislature's Bill Information site.

Background Information

WHAT IS RFID?

  • RFID devices are tiny chips with miniature antennae that are embedded within documents or objects for tracking and identification purposes.  When a RFID reader emits a radio signal, the devices in the vicinity respond by automatically transmitting their stored information to the reader.
  • RFID is promising, but not without risks.  RFID has many useful and promising applications, such as inventory tracking and automatic toll-road payment systems.  At the same time, however, it can pose serious privacy and security risks.  When embedded in identification documents, for example, information can be scanned off a RFID device at a distance and with no indication to the holder of the RFID device that any information has been remotely transmitted or recorded.  Without adequate protections, unauthorized readers can surreptitiously read and skim the personal information stored on a device—such as a birth date, digital picture, or unique identifier number—all without the knowledge of the RFID holder.
  • RFID has been put to use in many applications, perhaps most successfully for tracking inventory and for automatic toll-road payment systems.  Recently, RFID industry advocates have been pushing the use of RFID for tracking and monitoring students in our schools.
  • The kinds of “passive” RFID devices issued to monitor students, such as those used in a northern California school district in 2005, have standard read ranges of 15-20 feet.

WHY DO WE NEED SB 29?

  • Parents, not schools, should be the ones deciding whether or not their kids must carry an RFID-enabled device.    In the 2005 incident that sparked the RFID debate in California, a northern California school district issued RFID-enabled IDs to kids without even telling parents what they were doing, let alone advising parents of the risks or seeking their consent.  It was only after a parent discovered a child carrying the RFID-enabled ID that important questions started getting asked.
  • Schools are not places for compulsory RFID tracking.  Students who go to public schools should not be forced to be tagged and tracked like cattle.  Yet this is precisely what the RFID industry would like to happen, supposedly in the name of “efficiency and safety.”  The industry still sees a big potential market in government-issued IDs and has offered schools financial incentives to embrace RFID for student monitoring.  RFID should be used where it is appropriate, such as for tracking merchandise in a store or prisoners in a jail — not for children in a public school whose parents aren’t informed and haven’t consented to the tracking of their kids.
  • When it comes to student safety, RFID is no substitute for teacher and school staff responsibility.  Absent significant protections, RFID does not offer a reliable way to identify individuals, according to a recent report by the privacy office of the federal Department of Homeland Security.  Unlike sheep, students can ask their friends to hold their RFID devices, trade them with each other, put them in the classroom and then leave, lose them, or simply not keep them on their body.  If any of these situations were to occur, teachers and school staff who put their trust in RFID as a quick and reliable way to keep track of students would be seriously misled as to their students’ actual whereabouts.
  • Recording attendance using RFID invites attendance inaccuracies and ADA (average daily attendance) calculation errors.  Because of the limited reliability of using RFID to identify individuals accurately, RFID attendance-recording systems are prone to serious errors, such as misidentifying students or not counting a student at all.  This can lead to situations in which schools produce misleading ADA data and either claim funding from the state that is not owed to them or receive less money than they should.
  • RFID can endanger students’ privacy and safety off-campus. The lack of even the most basic security protections in school-issued RFID devices (the devices used in the northern California school district in 2005, for example, had none) means students are vulnerable to tracking and stalking off-campus.  School-issued RFID devices can also be easily cloned, allowing others to pose as them or steal their identity.  If a student’s sensitive personal information is stored on the RFID device without effective encryption and authentication protections, identity thieves can remotely and surreptitiously scan the information off the RFID device and use it to commit identity fraud or worse.

 


News & Press Releases about SB 29

05/20/2009 - Privacy Piracy interview with California State Senator Joe Simitian, 11th District

08/30/2007 - Simitian Bill to Ban 'Tagging' Humans Closer to Becoming Law - "RFID" at Issue

06/26/2007 - State Senator Argues that RFID Technology Allows the Government to Track Your Whereabouts

06/25/2007 - Editorial: State needs law to protect personal data on chips

06/19/2007 - Raising privacy alarm over RFID chips

05/09/2007 - Call Kurtis: Hacking Into Secure Buildings

04/24/2007 - Simitian Bills to Protect Public Privacy and Student Safety Pass Senate - "RFID" Documents at Issue

04/16/2007 - California Senate OKs bill banning student monitoring devices

04/02/2007 - California lawmakers try again to create RFID protections

02/23/2007 - Is RFID Technology a Security Risk? (video)