Posted by Lori Ayre on June 26, 2005

Senator Joe Simitian (D-Palo Alto) seems to be fighting an uphill battle with AB 682, a bill originally designed to prohibit the use of RFID in driver's licenses, student IDs, government health and benefit cards and public library cards. Now, instead of prohibiting the use of RFID, the bill mandates security measures that must be used when employing RFID on such documents. Not exactly what he had in mind:

  • The document?s RFID tag must not transmit anything other than a unique ID number.
  • Encryption must be used to protect the data on the RFID chip from unauthorized reading.
  • The reader and document?s chip must use mutual authentication.
  • The ID holder must authorize the reading of the ID?s data and be notified in writing that the ID uses RF to transmit information, and that he or she can use a shield to prevent the data from being transmitted through RF.
  • The ID holder must be informed of the locations of all devices intended for use in reading the ID.

Something called the High Tech Trust Coalition has tried to convince Simitian that there should be a three-tiered approach to securing RFID-enabled documents. The strongest data protection would be reserved for driver's licenses, whereas items like library cards and identification badges for accessing buildings would "have progressively fewer security protections."

Source: RFID Journal

Read SB 682 (the entire bill, as amended June 15th. Ed: broken link removed 2011