Share this pageFOR IMMEDIATE RELEASE
January 30, 2008
For More Information, Contact:
Hema Sareen Mohan (650) 688-6384
SACRAMENTO - The California State Senate took action today to outlaw “skimming,” the surreptitious reading of personal information stored on RFID-enabled ID cards, State Senator Joe Simitian (D-Palo Alto) announced today.
RFID stands for radio frequency identification. It involves placing a “tag,” a tiny receptor device containing electronic information, on an object. The tag can be read by directing radio waves at it, which causes the tag to send back a signal containing the information.
“The problem is real,” Simitian said. In a controlled experiment, “the card I use to access the State Capitol was skimmed and cloned by a hacker in a split second. Minutes later, using that clone of my card, he was able to walk right into the Capitol through a ‘secure’ and locked entrance.”
In their simpler forms, RFID tags can quickly identify objects, such as shipping containers or cattle. The tags can also be used, however, on a variety of identification cards, such as driver’s licenses and student IDs.
“If you’ve been mugged, or even had your pocket picked, you know you’ve been a victim. You can take steps to protect yourself against identity theft,’’ said Simitian. “But if your personal information has been ‘skimmed’ without your knowledge or consent, you’re completely vulnerable.”
By a vote of 36 to 3, the Senate passed Simitian’s Senate Bill (SB) 31, which now moves to the Assembly. The bill would make it a crime to surreptitiously read information stored on tiny electronic devices known as RFID tags.
“Right now if someone steals your ID, it’s a crime; but if they steal the information on your ID by ‘skimming,’ it’s not. That makes no sense whatsoever,” Simitian said. “The problem is particularly serious because we’ve got millions of IDs and access cards out there with no limitation on the kind of information they carry, and no requirement that they use any of the privacy protection technology that’s readily available.”
Simitian said, “RFID technology is not in and of itself the issue. RFID is a minor miracle with all sorts of good uses.” But, he notes, “It’s easier than ever to steal someone’s personal information with an unauthorized reader – technology that is readily available, off-the-shelf, and surprisingly inexpensive.”
Simitian has expressed concern about the potential privacy pitfalls of RFID technology as its use becomes more widespread in identification documents. He said he was pleased to see the Senate return to the issue after Governor Arnold Schwarzenegger signed another RFID bill he authored just last year.
RFID technology is decades old. But miniaturization in electronics has enabled it to be employed much more widely in recent years.
These days, RFID technology is increasingly used to encode information on identification documents, such as driver’s licenses and passports. Businesses or schools may use it on ID cards for employees or students. On a health insurance card, it might not only identify the bearer, but provide essential—and deeply personal—medical information.
It is possible to encode tags with almost any type of personal information, including birth dates, social security numbers, addresses, drivers license numbers, or bank account numbers.
Unlike swipe cards, which must be held close to a reader to register, RFID tags can be read automatically, without the bearer doing anything, or even noticing. Some can be read only from an inch or two, but others may be readable over several yards.
The bill makes exceptions for inadvertent scanning of RFID tags. It also permits various emergency medical services, and law enforcement agencies to scan without a bearer’s permission to identify or assist an unresponsive person, or to solve a crime, as long as a search warrant has been issued.
For more information about SB 31, go to www.senate.ca.gov and click on the link for Legislation.