California Senator introduces bill to regulate the use of RFID
February 24, 2004
California state Senator Debra Bowen has introduced a bill to regulate the use of radio frequency identification (RFID) systems.
A PDF file of the bill can be found here.
The bill would require individuals' consent before "attaching or storing personally identifiable information with data collected via an RFID tag or before any personally identifiable information collected via an RFID system is shared with a third party."
Says MIT blogger Simson Garfinkel:
One of the big problems with this bill: it doesnít define what RFID is. I think that itís talking about Electronic Product Code tags, but itís hard to know for sure. Perhaps its talking about Mobil Speed Pass. Perhaps it is talking about your building entry proximity card.Ross Stapleton-Gray comments:
There are some knotty problems of inference left untouched here as well. For example, "Collecting information through an RFID system that is aggregate in nature and that does not personally identify an individual is not a violation of this chapter" means that I could use RFID to compile an exhaustive record of tag comings & goings that might be of use to some other party... I could, say, record all the RFID tags entering/exiting a hundred monitored points in my mall/office building/business district, then sell the resulting data set to an out-of-state data aggregator which could cross-reference tags seen with other known information. So I've got 200 instantiations of Tag #123456 with dates/times/places; BigSibling Corp., it turns out, happens to know that Tag #123456 happens to correspond to Jane Q. Public's attache case, and pays me handsomely for the raw transactional data I provide.
Posted by andersja