April 19, 2006 5:05 PM PDT

Tech industry attacks state anti-RFID laws

ARLINGTON, Va.--In at least a dozen states, the electronics industry has been waging a battle against a rash of proposed laws aimed at limiting--and in some cases outlawing--use of electronically readable chips in personal identification documents.

No states have enacted such laws yet, but bills have been up for debate in California, New Hampshire, Washington, Rhode Island, New Mexico, Illinois and Missouri, among others, during the past couple of years, panelists said Wednesday at an industry conference here about smart card use by the government.

Those proposed laws have been introduced because of concerns raised by privacy advocates over the possibility that as radio-frequency identification, or RFID, chips, become more commonly used in government-issued IDs, they could be abused for secret tracking or unauthorized collection of information about the people who carry the IDs.

State legislators have been far too quick to believe "misinformation" spread by "the tinfoil hat crowd," said Richard Varn, a consultant who counts RFID technology manufacturer HID among his clients.

Varn, formerly Iowa's chief information officer, joined other industry advocates in urging chipmakers to drown out what they deemed a campaign based on fear, uncertainty and doubt. Consumers Against Supermarket Privacy Invasion and Numbering, for instance, started life as a way to oppose supermarket discount cards and has found a new cause in opposition to RFID. CASPIAN founder Katherine Albrecht has co-authored a book that's described as outlining how RFID fulfills "biblical prophesies" in a way that's "uncannily similar to the prophecies of Revelation."

The industry agrees with privacy advocates that skimming information off RFID-laced documents should be a crime bearing strong penalties. But the panelists said they would urge state governments to make use of laws they already have. Many states, for instance, already prohibit theft of information via magnetic stripes on credit cards and other documents, so they could simply broaden and update those laws to make it clear that RFID chips are also included in that category, Varn suggested.

"Consumers don't know what RFID does, so to them it's voodoo, it's magic," said Marc Anthony Signorino, technology policy director for the American Electronics Association, which represents about 2,700 companies. "Part of our job is to educate them about what it can do and what it cannot do."

Some of the proposed state laws, the bulk of which now lack adequate support or lie dormant, have contained such broad definitions of concepts like "personal information" and "tracking device" that they risked wiping out a sweeping list of technologies traditionally lauded by politicians, the panelists said. They said some of the sweeping measures would have outlawed everything from the enhanced 911 system, which can automatically pinpoint a caller's location, to RFID-equipped hospital bracelets aimed at keeping tabs on newborn babies, to the toll-collecting transponders affixed to car windshields.

When alerted to such unintended consequences, many states backpedaled on their requirements, the panelists said. "The longer they start thinking, the more carve-outs they have to grant, so the legislation ends up looking like Swiss cheese," Signorino said.

But the industry's fight continues, as not all states have shelved the idea yet. A bill introduced just last week in the California legislature would prohibit the issuance of state driver's licenses or identification cards that use "radio waves to either transmit personal information remotely or to enable personal information to be read from the license or card remotely."

It's most likely a response to upcoming regulations from the U.S. Department of Homeland Security prescribing standards for states to roll out a uniform national identification card, which may be required for all Americans by 2008. The law, known as the Real ID Act, has drawn widespread opposition from states, and the New Hampshire House of Representatives recently approved a bill that would prohibit it from participating.

The new DHS regulations, expected later this year, likely won't require the cards to employ RFID because it's too volatile a political issue, said Robert Atkinson, a former analyst at a Democratic Party-affiliated group who recently founded a new think tank called the Information Technology and Innovation Foundation. Even so, he added, "I just can't stress enough the importance of really fighting this fight now....We're just lucky these bills didn't pass."

See more CNET content tagged:
RFID, RFID chip, law, personal information, state

2 comments

Join the conversation!
Add your comment
RFID
"Give me liberty, or give me Death!"
"Live free, or die!!!
What ever happened to these concepts, thought out by our forefathers??!
Anyone read the Tenth Amendment lately? The DOHS has/is taking our Americanism away from us....with out our say so.

Homeland Security???....see the Second Amendment!
Anthony V
Posted by anthonyv60 (7 comments )
Reply Link Flag
The industry says what?
If there isn't an issue, then why have there been reports of security 'holes' with RFID such as the ability to swipe info from a distance (w/o you knowing) or the virus (that is *feasible*)?

RFID needs to mature before it can handle anything needing or relating to security or privacy.
Posted by hawkeyeaz1 (569 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.