{"id":6245,"date":"2008-08-07T12:00:12","date_gmt":"2008-08-07T12:00:12","guid":{"rendered":"http:\/\/multiracial.com\/?p=6245"},"modified":"2017-02-14T08:43:05","modified_gmt":"2017-02-14T08:43:05","slug":"sb-31-radio-frequency-identification-technology-privacy-concerns-and-standards","status":"publish","type":"post","link":"https:\/\/multiracial.com\/index.php\/2008\/08\/07\/sb-31-radio-frequency-identification-technology-privacy-concerns-and-standards\/","title":{"rendered":"SB 31: Radio frequency identification technology privacy concerns and standards"},"content":{"rendered":"
BILL ANALYSIS\r\n\r\n\r\n           ------------------------------------------------------------ \r\n          |SENATE RULES COMMITTEE            |                    SB 31|\r\n          |Office of Senate Floor Analyses   |                         |\r\n          |1020 N Street, Suite 524          |                         |\r\n          |(916) 651-1520         Fax: (916) |                         |\r\n          |327-4478                          |                         |\r\n           ------------------------------------------------------------ \r\n           \r\n                                        <\/u> \r\n                              UNFINISHED BUSINESS\r\n\r\n\r\n          Bill No:  SB 31\r\n          Author:   Simitian (D)\r\n          Amended:  8\/7\/08\r\n          Vote:     21\r\n\r\n           \r\n           SENATE JUDICIARY COMMITTEE <\/u> :  3-2, 3\/13\/07\r\n          AYES:  Corbett, Kuehl, Steinberg\r\n          NOES:  Harman, Ackerman\r\n\r\n           SENATE PUBLIC SAFETY COMMITTEE <\/u> :  4-0, 1\/15\/08\r\n          AYES:  Romero, Cogdill, Margett, Perata\r\n          NO VOTE RECORDED:  Cedillo\r\n\r\n           SENATE APPROPRIATIONS COMMITTEE <\/u> :  Senate Rule 28.8\r\n\r\n           SENATE FLOOR <\/u> :  36-3, 1\/30\/08\r\n          AYES:  Aanestad, Alquist, Ashburn, Battin, Calderon,  \r\n            Cedillo, Cogdill, Corbett, Correa, Cox, Denham, Ducheny,  \r\n            Dutton, Florez, Hollingsworth, Kehoe, Kuehl, Lowenthal,  \r\n            Machado, Maldonado, Margett, Migden, Negrete McLeod,  \r\n            Oropeza, Padilla, Perata, Romero, Runner, Scott,  \r\n            Simitian, Steinberg, Torlakson, Vincent, Wiggins, Wyland,  \r\n            Yee\r\n          NOES:  Ackerman, Harman, McClintock\r\n          NO VOTE RECORDED:  Ridley-Thomas\r\n\r\n           ASSEMBLY FLOOR <\/u> :  77-0, 8\/11\/08 - See last page for vote\r\n\r\n\r\n           SUBJECT <\/u> :    Radio frequency identification technology  \r\n          privacy concerns\r\n                      and standards\r\n                                                           CONTINUED\r\n\r\n\f\r\n\r\n\r\n\r\n                                                                 SB 31\r\n          <\/u>                                                      Page  \r\n          2\r\n\r\n\r\n           SOURCE <\/u> :     Author\r\n\r\n\r\n           DIGEST <\/u> :    This bill (1) defines a new misdemeanor that is  \r\n          committed where a person or entity, without consent, uses  \r\n          radio waves to remotely read, or attempt to read, another  \r\n          persons identification document, (2) defines a new  \r\n          misdemeanor that is committed where a person or entity  \r\n          reveals operation keys to a radio frequency identification  \r\n          (RFID) system, and (3) defines relevant terms and  \r\n          exceptions.\r\n\r\n           Assembly Amendments <\/u> (1) removed conjoining language to SB  \r\n          30 (Simitian), (2) added penalties for a person who  \r\n          knowingly discloses the operational system keys used in a  \r\n          contactless identification system, and (3) made clarifying  \r\n          changes.\r\n\r\n           ANALYSIS <\/u> :    Existing law provides that all people in  \r\n          California have a constitutional right to privacy.\r\n\r\n          Existing law, the Information Practices Act of 1977,  \r\n          precludes a state agency from disclosing personal  \r\n          information it possesses \"in a manner that would ink the  \r\n          information disclosed to the individual to whom it  \r\n          pertains,\" except in specified circumstances.\r\n\r\n          Existing law establishes that a person who intentionally  \r\n          discloses non-public information obtained from a state or  \r\n          federal agency is subject to a civil action for invasion of  \r\n          privacy.\r\n\r\n          Existing law establishes that a person who willfully  \r\n          requests or obtains any record containing personal  \r\n          information from an agency under false pretenses is guilty  \r\n          of a misdemeanor.\r\n\r\n          This bill provides that the intentional remote reading, or  \r\n          attempted reading, of a person's identification document  \r\n          using radio waves for the purpose of reading that person's  \r\n          identification document, without the knowledge or consent  \r\n          of the person, is a misdemeanor, punishable by a jail term  \r\n          of one year, a fine of up to $1,500, or both.\r\n\r\n\r\n\r\n\f\r\n\r\n\r\n\r\n                                                                 SB 31\r\n          <\/u>                                                      Page  \r\n          3\r\n\r\n\r\n          This bill, among other terms, defines \"identification  \r\n          document\" as any document containing data used solely by an  \r\n          individual for the purpose of establishing identity.   \r\n          Identification documents will specifically include, but not  \r\n          be limited to:\r\n\r\n          1.Drivers licenses.\r\n          2.Identification cards issued for employees or contractors,  \r\n            by educational institutions, or pursuant to the Vehicle  \r\n            Code.\r\n          3.Health insurance or benefit cards.\r\n          4.Licenses, certificates, registration, or other means to  \r\n            engage in a business or profession regulation under the  \r\n            Business and Professions Code.\r\n          5.Library cards issued by any public library.\r\n\r\n          This bill exempts the following situations from its  \r\n          prohibition:\r\n\r\n          1.Triage or medical care during a disaster and immediate  \r\n            hospitalization or immediate outpatient care directly  \r\n            related to a disaster.\r\n\r\n          2.Reading by a health care professional for reasons  \r\n            relating to health or safety of that person, or  \r\n            identification issued by emergency services.\r\n\r\n          3.Individuals incarcerated, detained in a juvenile  \r\n            facility, housed in a mental hospital or upon court order  \r\n            after being charged with a crime, or pursuant to  \r\n            court-ordered electronic monitoring.\r\n\r\n          4.Law enforcement, government personnel, or authorized  \r\n            parties who must read a lost identification document when  \r\n            the owner is unavailable for notice, knowledge or  \r\n            consent.\r\n\r\n          5.Law enforcement personnel who need to read an  \r\n            individual's identification document pursuant to a search  \r\n            warrant or after an accident when the person is  \r\n            unavailable for notice, knowledge or consent.\r\n\r\n          6.Reading of an identification document in the good faith  \r\n\r\n\r\n\r\n\f\r\n\r\n\r\n\r\n                                                                 SB 31\r\n          <\/u>                                                      Page  \r\n          4\r\n\r\n            course of security research, experimentation of  \r\n            scientific inquiry, including analysis of security  \r\n            vulnerabilities.\r\n\r\n          This bill defines a \"key\" as \"a string of bits of  \r\n          information used as part of a cryptographic algorithm used  \r\n          in encryption.\"\r\n\r\n          This bill provides, with specified exceptions, that a  \r\n          person or entity that intentionally remotely reads or  \r\n          attempts to remotely read a person's identification  \r\n          document using RFID, for the purpose of reading that  \r\n          person's identification document without that person's  \r\n          knowledge and prior consent, shall be punished by  \r\n          imprisonment in a county jail for up to one year, a fine of  \r\n          not more than $1,500, or both that fine and imprisonment.\r\n\r\n          This bill further provides that a person or entity that  \r\n          knowingly discloses, or causes to be disclosed, the  \r\n          operational system keys used in a contactless  \r\n          identification document system shall be punished by  \r\n          imprisonment in a county jail for up to one year, a fine of  \r\n          not more than $1,500, or both that fine and imprisonment.\r\n\r\n          This bill provides that these provisions do not apply to a  \r\n          person or entity that unintentionally remotely reads a  \r\n          person's identification document using RFID in the course  \r\n          of operating a contactless identification document system  \r\n          unless it knows it unintentionally read the document and  \r\n          thereafter intentionally does any of the following acts:\r\n\r\n          1.Discloses what it read to a third party whose purpose is  \r\n            to read a person's identification document, or any  \r\n            information derived therefrom, without that person's  \r\n            knowledge and consent.\r\n\r\n          2.Stores what it read for the purpose of reading a person's  \r\n            identification document, or any information derived  \r\n            therefrom, without that person's knowledge and prior  \r\n            consent.\r\n\r\n          3.Uses what it read for the purpose of reading a person's  \r\n            identification document, or any information derived  \r\n            therefrom, without that person's knowledge and prior  \r\n\r\n\r\n\r\n\f\r\n\r\n\r\n\r\n                                                                 SB 31\r\n          <\/u>                                                      Page  \r\n          5\r\n\r\n            consent.\r\n\r\n          4.To the reading, storage, use, or disclosure to a third  \r\n            party of a person's identification document, or  \r\n            information derived therefrom, in the course of an act of  \r\n            good faith security research, experimentation, or  \r\n            scientific inquiry, including, but not limited to,  \r\n            activities useful in identifying and analyzing security  \r\n            flaws and vulnerabilities.\r\n\r\n          This bill provides that \"radio frequency identification\" or  \r\n          \"RFID\" means the use of electromagnetic radiating waves or  \r\n          reactive field coupling in the radio frequency portion of  \r\n          the spectrum to communicate to or from an identification  \r\n          document through a variety of modulation and encoding  \r\n          schemes.\r\n\r\n           Prior Legislation\r\n\r\n          SB 768 (Simitian) - 2005-06 Session <\/u> .  Passed the Senate on  \r\n          8\/30\/06 with a vote of 30-7.  Vetoed by the Governor.\r\n\r\n           SB 30 (Simitian) - 2007-08 Session <\/u> .  Passed the Senate on  \r\n          5\/24\/07 with a vote of 30-3.  (On Assembly Inactive File)\r\n\r\n           Governor's Veto Message from SB 768 of 2006\r\n\r\n          <\/u> The provisions of this bill, contained in SB 768  \r\n          (Simitian), were vetoed in 2006.  In addition to concerns  \r\n          relating to the federal REAL ID Act, the Governor stated:\r\n\r\n            \"[T]his bill may inhibit various state agencies from  \r\n            procuring technology that could enhance and streamline  \r\n            operations, reduce expenses and improve customer  \r\n            service to the public and may unnecessarily restrict  \r\n            state agencies.  In addition, I am concerned that the  \r\n            bill's provisions are overbroad and may unduly burden  \r\n            the numerous beneficial new applications of contactless  \r\n            technology.\"\r\n\r\n          Those concerns, relating to the arguable restriction on  \r\n          state agencies and burden on future applications of RFID  \r\n          technology, focus on the portion of SB 768 that would have  \r\n          imposed minimum RFID security standards for government  \r\n\r\n\r\n\r\n\f\r\n\r\n\r\n\r\n                                                                 SB 31\r\n          <\/u>                                                      Page  \r\n          6\r\n\r\n          issued identification documents.  As stated above, that  \r\n          portion of SB 768 is located in SB 30, which is currently  \r\n          on the Assembly Inactive File.  Thus, the stated objections  \r\n          are not directly applicable to this bill.\r\n\r\n           FISCAL EFFECT <\/u> :    Appropriation:  No   Fiscal Com.:  Yes    \r\n          Local:  Yes\r\n\r\n           SUPPORT <\/u> :   (Verified  8\/13\/08)\r\n\r\n          American Association of Retired Persons\r\n          American Civil Liberties Union\r\n          ACLU SD\/Imperial\r\n          American Electronics Association\r\n          Asian Americans for Civil Rights and Equality\r\n          California Immigrant Policy Center\r\n          California Labor Federation\r\n          Commission on the Status of Women\r\n          Consumer Action\r\n          Consumer Federation of CA\r\n          Consumer's Union\r\n          Eagle Forum\r\n          Gun Owners of California\r\n          Los Angeles County District's Attorney's Office\r\n          Liberty Coalition - letter signed by the following  \r\n          organizations: \r\n               Liberty Coalition\r\n               Bob Barr (former Member of Congress) Chairman and CEO  \r\n               of Liberty Strategies, LLC\r\n               The Multiracial Activist\r\n               The New Grady Coalition\r\n               American Policy Center\r\n               Citizen Outreach Project\r\n               U.S. Bill of Rights Foundation\r\n               BT Counterpane\r\n               Consumer Action \r\n               The Rutherford Institute\r\n               Council for Citizens Against Government Waste\r\n          PORAC\r\n          Privacy Activism\r\n          Privacy Rights Clearinghouse\r\n          State Building and Construction Trades Council\r\n          SEIU - California State Council\r\n\r\n\r\n\r\n\r\n\f\r\n\r\n\r\n\r\n                                                                 SB 31\r\n          <\/u>                                                      Page  \r\n          7\r\n\r\n           ARGUMENTS IN SUPPORT <\/u> :    According to the author's office,  \r\n          \"Although the technology has been around since World War  \r\n          II, state and local governments have recently begun  \r\n          incorporating Radio Frequency Identification (RFID) devices  \r\n          into identification documents like driver's licenses and  \r\n          passports.  Businesses are using RFID technology in a wide  \r\n          range of applications.   Many citizens are now aware of the  \r\n          risks to their privacy and financial security presented by  \r\n          misuse of RFID, particularly where RFID documents and tags  \r\n          can be remotely read without the consent or even knowledge  \r\n          of the citizen.\r\n\r\n          \"SB 31 is part of a package of bills concerning privacy and  \r\n          RFID technology.  SB 31 defines misdemeanors for  \r\n          non-consensual remote reading of RFID and for improper  \r\n          disclosure of the keys to RFID systems.  Persons and  \r\n          entities that misuse this powerful technology must face  \r\n          reasonable sanctions.\"\r\n\r\n\r\n\r\n           ASSEMBLY FLOOR <\/u> : \r\n          AYES:  Adams, Aghazarian, Anderson, Arambula, Beall,  \r\n            Benoit, Berg, Berryhill, Brownley, Caballero, Charles  \r\n            Calderon, Carter, Cook, Coto, Davis, De La Torre, De  \r\n            Leon, DeSaulnier, DeVore, Duvall, Dymally, Emmerson, Eng,  \r\n            Evans, Feuer, Fuentes, Fuller, Furutani, Gaines,  \r\n            Galgiani, Garcia, Garrick, Hancock, Hayashi, Hernandez,  \r\n            Horton, Houston, Huff, Huffman, Jeffries, Jones,  \r\n            Karnette, Keene, Krekorian, La Malfa, Laird, Leno,  \r\n            Levine, Lieber, Lieu, Ma, Maze, Mendoza, Mullin,  \r\n            Nakanishi, Nava, Niello, Nunez, Parra, Plescia,  \r\n            Portantino, Price, Ruskin, Salas, Saldana, Silva, Smyth,  \r\n            Solorio, Spitzer, Strickland, Swanson, Torrico, Tran,  \r\n            Villines, Walters, Wolk, Bass\r\n          NO VOTE RECORDED:  Blakeslee, Sharon Runner, Soto\r\n\r\n\r\n          RJG:cm  8\/13\/08   Senate Floor Analyses \r\n\r\n                         SUPPORT\/OPPOSITION:  SEE ABOVE\r\n\r\n                                ****  END  ****\r\n\r\n\r\n\r\n\r\n<\/pre>\n
ftp:\/\/leginfo.ca.gov\/pub\/07-08\/bill\/sen\/sb_0001-0050\/sb_31_cfa_20080813_175323_sen_floor.html<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
BILL ANALYSIS ———————————————————— |SENATE RULES COMMITTEE | SB 31| |Office of Senate Floor Analyses | | |1020 N Street, Suite 524 | | |(916) 651-1520 Fax: (916) | | |327-4478 | | ———————————————————— UNFINISHED...<\/p>\n","protected":false},"author":1,"featured_media":6239,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[57],"tags":[93,118],"class_list":["post-6245","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-legislation","tag-california","tag-legislation"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/multiracial.com\/wp-content\/uploads\/2017\/02\/California.png","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p89tuq-1CJ","_links":{"self":[{"href":"https:\/\/multiracial.com\/index.php\/wp-json\/wp\/v2\/posts\/6245","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/multiracial.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/multiracial.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/multiracial.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/multiracial.com\/index.php\/wp-json\/wp\/v2\/comments?post=6245"}],"version-history":[{"count":1,"href":"https:\/\/multiracial.com\/index.php\/wp-json\/wp\/v2\/posts\/6245\/revisions"}],"predecessor-version":[{"id":6246,"href":"https:\/\/multiracial.com\/index.php\/wp-json\/wp\/v2\/posts\/6245\/revisions\/6246"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/multiracial.com\/index.php\/wp-json\/wp\/v2\/media\/6239"}],"wp:attachment":[{"href":"https:\/\/multiracial.com\/index.php\/wp-json\/wp\/v2\/media?parent=6245"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/multiracial.com\/index.php\/wp-json\/wp\/v2\/categories?post=6245"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/multiracial.com\/index.php\/wp-json\/wp\/v2\/tags?post=6245"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}