By Chris Corum, ContactlessNews Executive Editor
The state that found OJ and MJ ‘safe’ to return to the streets may well find RF so dangerous that they lock it up just as the rest of the world begins reaping its massive benefits. There is some progress, however, as some softening of the reactionary language was included via recent amendments. But, the fact that it was amended at all, suggests that it is still receiving serious consideration. The bill seeks to ban the use of contactless and RFID technology in government-issued IDs and though it has at least two more hurdles to clear to become law, many observers including the bill’s author remain optimistic.
Rather than a total ban of contactless IDs, the new language requires that the IDs meet the following requirements:
- It can contain no personal information other than a unique ID number
- It must implement strong encryption “at least as strong as RSA encryption using a key length of 1024 bit”
- It must implement mutual authentication technigues
- It must include at least one of the following privacy safeguards:
(a) An access control protocol requiring the optical or other non-RF reading of information from the card prior to RF transmission;
(b) A shield device to block unauthorized reading;
(c) A cardholder-operated “switch” to turn the contactless function on.
The new legislation opened up to enable more acceptable uses of contactless IDs, most notably:
“An identification document that is issued to a person for the
limited purpose of facilitating secured access by the identification
document holder to a secured public building or parking area, if the
requirements of paragraphs (1), (4), and (5) of subdivision (a) are
It seems that the acceptable uses are being expanded to the point where the bill’s original intent is changing from an outright ban to a restriction against the use of the technology in ‘politically-popular’ areas. Specific non-acceptable uses include:
- Drivers’ licenses or identification cards issued pursuant to Section 13000 of the Vehicle Code.
- Identification cards issued to students by educational
institutions, including but not limited to, all K-12 schools, the
University of California, California State Universities, and the
community colleges.Note: A later amendment removed the universities, colleges, and community colleges leaving only K-12 schools in the legislation’s sites.
- Health insurance, health benefit, and benefit cards issued in conjunction with any government-supported aid program.
- Library cards issued by any public library.
The new language also removes the time cap that existing projects would be allowed to continue. Instead of killing existing contactless projects at a date certain, the projects would be allowed to continue indefinitely as long as the scope of the project did not grow.
So is this new version of the legislation better? It is much more convoluted and open to argument and dispute, but it is a bit less totalitarian, orwellian, or other ‘blah,blah,blahian’ in its scope. Still it seems to this author to be a reactionary attempt to protect some misguided concept of a looming privacy intrusion … by banning a technology that offers benefits far outweighing the faults.
Though I am certainly not the first to point this out, contactless ICs don’t kill people … people kill people. Maybe the RF industry should check to see if Thomas Mesereau wants to do some more work in California?
To read the revised language, click here.