August 31, 2006
FOR IMMEDIATE RELEASE
CONTACT:
media@aclu.org SACRAMENTO - The
American Civil Liberties Union of Southern California today applauded the State
Legislature for passing the first bill in the country to require privacy and
security protections for the use of Radio Frequency Identification (RFID) tags
in government-issued ID's. The bill passed last night in the Senate with a
strong vote of 30-7 after passing out of the Assembly with a bipartisan vote of
49-26 on August 21. The landmark privacy bill is now heading for the governor's
desk.
“There are some obvious privacy risks with the application of
RFID technology, especially identity theft—one of the fastest growing crimes in
the nation,” said Ramona Ripston, Executive Director of the ACLU of Southern
California. “That is exactly why the governor must sign this bill into law — to
protect Californians from harm to their privacy, financial security and personal
safety.”
The Identity Information Protection Act (SB 768), which is
authored by Senator Joe Simitian (D-Palo Alto), ensures that state-issued
identification, such as a driver's license, will have adequate privacy and
security protections. The bill also guarantees that Californians will be able to
decide who can access their personal information.
"RFID technology
is not in and of itself the issue,” said Senator Simitian. “The issue is whether
and under what circumstances the government should be allowed to compel its
residents to carry technology that broadcasts their most personal information.
This bill provides a thoughtful and rational policy framework for making those
decisions. I hope the governor agrees."
The California bill has
drawn national attention following the federal government's decision to embed
RFID tags in new U.S. passports. The ACLU said this bill should serve as a model
for other states considering the use of RFID tags because it provides safeguards
and guidelines on how to protect the privacy rights of
individuals.
The California bill has become even more salient as
the vulnerabilities of RFID technology have become public. In the past year, the
security on the RFID-embedded Dutch e-passport and the VeriChip -- the RFID chip
approved for implantation in humans -- were both breached. The U.S. Government
Accountability Office recently released a report detailing privacy and security
concerns with the use of RFID technology.
RFID tags are tiny
computer chips that can be embedded in public documents. The danger is that
anyone with an RFID scanner can read the personal data stored on the chips. The
chips do not alert the person that his or her personal information is being
transmitted. The unknown disclosure of that information can put a person at risk
of tracking, stalking and identity theft. Last year, more than 39,000
Californians were victims of identity theft and these devices would make that
crime even easier to commit, said the ACLU.
