SB 682, the Identity Information Protection Act, was passed by the California Senate last May, following concern about application of the technology in a school in Palo Alto, Calif., that used RFID tags to report student attendance.
Parents reportedly became concerned about the studentsâ€™ personal information being obtained surreptitiously through use of the RFID technology. But Holly Sacks, vice president of marketing for access control developer HID Corp., Irvine, Calif., maintains this was a misuse of the technology.
â€œThis was a very unusual deployment of active RFID technology,â€ insisted Sacks, pointing out that it rarely has been used to identify people. â€œWe think the legislature needs to be educated.â€
To accomplish that, security industry representatives have met with members of the California legislature to clarify misconceptions about the technology, and legislators are amenable to learning more, Sacks reported.
The law would prohibit use of RFID tags in state facilities, universities and any other building managed by the state.
The RFID cards at the school were thought by Sacks to have not only a studentâ€™s name, address, phone number and date of birth, but also his or her social security number.
However, more personal information can be obtained from a personâ€™s cell phone, PDA, bar codes, a magnetic stripe on a credit card or a license plate number than can be obtained easily from RFID tags because the database is difficult to locate, Sacks maintained. Passive RFID technology has been used in proximity access cards for years, she noted.
â€œWe already have right-to-privacy laws in place,â€ she pointed out. â€œWe think this law [SB 682] does not get the job done and creates obstacles to a technology that is beneficial to the state.â€
Sacks expects the progress of the law to slow as it moves to the assembly and committees. She thinks it may end up being amended and have to go back to committee.
Sacks cannot say now whether any law that emerges will harm RFID technology because the language of the proposed legislation is so unclear.
â€œLegislating against technology is not useful,â€ Sacks emphasized. â€œLegislating against misuse of technology and theft of identification is appropriate.â€