Landmark Privacy Bill Wins Bipartisan Support from California Lawmakers

August 31, 2006

SACRAMENTO – The American Civil Liberties Union’s three California affiliates today applauded the State Legislature for passing the first bill in the country to require privacy and security protections for the use of Radio Frequency Identification (RFID) tags in government-issued ID’s. The bill passed last night in the Senate with a strong vote of 30-7 after passing out of the Assembly with a bipartisan vote of 49-26 on August 21. The landmark privacy bill is now heading for the governor’s desk.

“There are some obvious privacy risks with the application of RFID technology, especially identity theft—one of the fastest growing crimes in the nation,” said Kevin Keenan, Executive Director of the ACLU of San Diego & Imperial Counties. “That is exactly why the governor must sign this bill into law — to protect Californians from harm to their privacy, financial security and personal safety.”

The Identity Information Protection Act (SB 768), which is authored by Senator Joe Simitian (D-Palo Alto), ensures that state-issued identification, such as a driver’s license, will have adequate privacy and security protections. The bill also guarantees that Californians will be able to decide who can access their personal information.

“RFID technology is not in and of itself the issue,” said Senator Simitian. “The issue is whether and under what circumstances the government should be allowed to compel its residents to carry technology that broadcasts their most personal information. This bill provides a thoughtful and rational policy framework for making those decisions. I hope the governor agrees.”

The California bill has drawn national attention following the federal government’s decision to embed RFID tags in new U.S. passports. The ACLU said this bill should serve as a model for other states considering the use of RFID tags because it provides safeguards and guidelines on how to protect the privacy rights of individuals.

The California bill has become even more salient as the vulnerabilities of RFID technology have become public. In the past year, the security on the RFID-embedded Dutch e-passport and the VeriChip — the RFID chip approved for implantation in humans — were both breached. The U.S. Government Accountability Office recently released a report detailing privacy and security concerns with the use of RFID technology.

RFID tags are tiny computer chips that can be embedded in public documents. The danger is that anyone with an RFID scanner can read the personal data stored on the chips. The chips do not alert the person that his or her personal information is being transmitted. The unknown disclosure of that information can put a person at risk of tracking, stalking and identity theft. Last year, more than 39,000 Californians were victims of identity theft and these devices would make that crime even easier to commit, said the ACLU.