Too much information

IT SEEMS ODD for a legislator from Silicon Valley to be pushing for unprecedented restrictions on a new technology. But that’s what Sen. Joe Simitian (D-Palo Alto) is trying to do in the arena of government-issued identity cards, much to the chagrin of some constituents.

At issue is an emerging technique for embedding personal information into driver’s licenses, library cards and other government-issued IDs. The approach uses radio frequency identification, or RFID, circuitry inside the cards to transmit their contents through the air, enabling the cards to be read from a short distance without being swiped or touched.

RFID chips are already in wide and growing use by companies to keep track of inventories, give employees access to workplaces and speed credit-card transactions. Supporters of the technology say it’s in use in more than 4 million IDs in California alone.

But Simitian and his allies, which include the liberal American Civil Liberties Union and the conservative Eagle Forum, are troubled by the fact that RFID cards can be read without the holder’s knowledge. Although the cards are typically designed to transmit data only a few inches, researchers have picked up the signals from several feet away. That means the cards could conceivably be used to track people covertly.

His bill, which would apply only to government-issued IDs, would put a three-year moratorium on RFID in driver’s licenses, school IDs, benefit cards from government-supported health programs and cards from public libraries. Other new uses of RFID would have to comply with strict standards designed to protect the data against unauthorized capture. And the measure would make it illegal to read an RFID-powered card without the owner’s knowledge.

The tech industry complains that the bill, which the Senate overwhelmingly approved, is unnecessary because hackers have never cracked the security on RFID cards. Nevertheless, Simitian is on the right track. Neither government nor private industry has given the public much reason to trust their ability to safeguard sensitive personal information.

RFID chips, when properly secured, could be part of the solution to identity theft. But the Legislature should not trust market forces or cash-strapped local governments to provide security. And a three-year moratorium would give California time to learn from the experience of the federal government, which is still weighing how to protect RFID-powered passports, before the state issues millions of IDs with the same vulnerabilities.