Its illegal now for California employers to force anyone to have an RFID device implanted under his or her skin as a condition of receiving something—such as a paycheck or government benefits.
Gov. Arnold Schwarzenegger signed Senate Bill 362 on Oct. 15, prohibiting the forced implantation of RFID (radio-frequency identification) chips. The bill, authored by state Sen. Joe Simitian (D-Palo Alto), will go into effect on Jan. 1, 2008.
"RFID technology is not, in and of itself, the issue. RFID is a minor miracle, with all sorts of good uses," said Simitian, in Sacramento, Calif. "But we cannot and should not condone forced tagging of humans. Its the ultimate invasion of privacy."
The anti-tagging bill, now a law, is not the first piece of privacy-based RFID legislation authored by Simitian to pass the governors desk. A little more than a year ago Gov. Schwarzenegger quietly vetoed SB 768, also known as the Identity Information and Protection Act of 2006, which would regulate the use of RFID in state and local documents.
Click here to read more about California legislation to regulate RFID applications.
At the time, the bill was thought by many to be a call for other states to enact similar legislation. But when that effort failed, so did the hopes that Californias actions would spur additional state legislatures to address RFID-related privacy concerns.
In the wake of the 2006 veto, Simitian took the next feasible step. He broke the Identity Information and Protection Act into smaller bits and shipped them off to the legislature as five separate bills. SB 362 is the first of those smaller bills to see the light of day, and it could have positive implications for the remaining four RFID bills trundling through Californias legislative process.
"With the signing of SB 362, California has taken an important first step in crafting legislation to properly balance the potential benefits of RFID technology while safeguarding privacy and security," said Nicole Ozer, technology and civil liberties policy director at ACLU of Northern California, in San Francisco. "We are pleased that the governor has stood up for the privacy and security rights of Californians and not allowed these rights to be chipped away by inappropriate uses of RFID technology."
Simitian also now has "prior knowledge" on his side.
"When there are 2,800 bills that move through the system in a year, the governor has hundreds and hundreds of bills come at the end of the session. Sometimes its helpful to narrow the issue a bit; that helps to force the question," Simitian said. "We were at a bit of a disadvantage last year with a broader, more comprehensive package, with a technology that the administration is largely unfamiliar with and not the time to give it careful consideration. When in doubt, the veto falls."
Simitian said that taking the issues and breaking them into more manageable, bite-sized pieces makes it easier to focus on the fundamental privacy implications of RFID.
The additional four bills—SB 28, 29, 30 and 31—address different aspects of RFID implementation and use. SB 28 calls for a three-year moratorium on the use of RFID in state drivers licenses.
SB 29 would put a similar three-year moratorium on the use of RFID in K-12 student identification cards. SB 30—really the meat in Simitians efforts—looks to mandate security and privacy provisions in RFID-chipped ID documentation required by state and local governments. The bill would do two things: require that people be informed when the technology is present and spell out what citizens can do to protect their privacy.