Following recent events in the news about the US State Department rethinking its mandate for RFID chips in passports comes word that the California legislature is moving forward with a bill which would limit RFID use by California government agencies.
The bill…would prohibit the use of radio-frequency identification, or RFID, chips in state identity documents such as student badges, driver’s licenses, medical cards and state employee cards. The bill allows for some exceptions…such as devices used for paying bridge and road tolls, ID badges used for inmates housed in prisons or mental health facilities, or ID bracelets and badges used for children under the age of four who are in the care of a government-operated medical facility.
At the same time, the Texas legislature is working on a bill which would mandate the use of RFID tags as part of vehicle inspection stickers. From RFIDNews:
Texas state representative Larry Phillips (R) has proposed a bill mandating RFID tags in vehicle inspection stickers. The tag would store information on the vehicle, its registration and insurance coverage.
The folks in California who are pushing this bill apparently are clueless. According to the Wired article cited above they’re worried about privacy yet will still allow RFID tags to be used to pay road tolls. So it’s bad to use RFID to facilitate checking a book out of a library but it’s OK to know who’s driving where at exactly what time?
Now, on the other hand, the State Department’s plan to include information in US passports was not well thought out, but not for the reason that most people have cited. I was stunned to learn that the passport specs released by the government called for all the information on the front page of the passport to be stored without encryption on the chip itself. The ideal situation, IMHO, would be to use an EPC-like model where the passport has a serial number in its chip, and the passport holder’s data was kept in a secure database. The passport would be scanned then the information could be retrieved based on the serial number. If DoS found the dependence on a network unattractive they could at least have spec’d that the data on the chip be encrypted.