Card companies take a swipe at proposed bill in Calif.

Friday, July 1, 2005

SACRAMENTO, Calif.--A bill, called the Identity Information Protection Act, that passed in the California State Senate in May and has been sent to the second legislative house, could potentially prohibit the use of RFID technology in state issued documents.
As this happens, card companies here, who independently followed the legislation, are working to recommend amendments and educate lawmakers on contactless and RFID technology.
The bill's intent is to protect personal privacy and reduce the risk of identity theft. But the current language of the bill reads that RFID cards will be prohibited in state applications such as driver's licenses, ID cards, health insurance or benefit cards.
Although many companies agree with the bill's aim to maintain privacy and decrease the risk of identity theft--what causes concern to some is that in this technology, "ID codes cannot in themselves be used to violate anyone's privacy," said Mark Freundlich, president of Indala, a San Jose, Calif.-based proximity card and reader company.
Although an industry-wide group has not yet been formed to tackle the bill, some card companies have teamed up with members of the state legislature to voice their opposition and offer suggestions.
"The industry is concerned and actively working through the process to help make a responsible decision for this state," said Randy Vanderhoof, executive director of the Smart Card Alliance.
The bill's inception stems from a parent's response to school issued ID cards. State Senator Joe Simitian introduced the bill, after a parent objected to having his child wear an ID badge with her photo and name printed on the card. The parent complained that someone outside of the school could see this information and use it against the child, according to Freundlich.
"It had nothing to do with the fact that the card had electronics in it or not," Freundlich said. "So, any type of ID technology can be problematic, if not applied properly."
According to Freundlich, legislating the use of technology is something that shouldn't be happening. "The focus should be on how the technology is applied, relative to public or private rights," he added.
As the legislation is discussed in committee, companies that manufacture or market RFID products will "need to determine if the bill impacts their business in California," said Holly Sacks, executive vice president of marketing at HID Corp., an Irvine, Calif.-based manufacturer of contactless access control cards and readers.
If the bill passes in the assembly, it would then go on to Gov. Arnold Schwarzenegger to be signed into law. However, if amended by the assembly, it is returned to the senate for rework. If it is not passed or amended, the bill dies.
The two card technologies, although used in similar applications, do have some differences. RFID tags have a chip that stores a static number, an ID and an antenna that enables the chip to transmit the stored number to the reader. While contactless card technology provides similar capabilities, but does not have the RF interface that allows contactless smart cards to be read at a short distance from the reader.
"We need to educate our legislative representatives so they understand that contactless cards are actually viable, economical and a convenient way to ensure personal identity security in access control applications," Sacks said.