California outlaws RFID card skimming

Gov. Schwarzenegger signs bill seven months after similar law is enacted in Washington state

California lawmakers this week passed a bill that makes it illegal to surreptitiously read someone else's radio frequency identification (RFID) card.

Gov. Arnold Schwarzenegger signed the legislation into law on Tuesday, just days after vetoing another piece of legislation that dealt with using RFID technology in school identification documents.

The California law comes about seven months after the state of Washington enacted a law making it a crime to intentionally scan RFID -- and facial recognition technology-based IDs remotely without the knowledge and consent of their owners.

California state Sen. Joe Simitian, who sponsored both bills, said more oversight into RFID technology is needed.

"The problem is real. Millions of Californians use RFID cards to gain access to their office, apartment, condo, day care center or parking garage," he said in a statement. "Our passports now use the technology, and there is continued discussion about the possible use of RFID in driver's licenses. Yet, until now, there's been no law on the books to prevent anyone from skimming your information, and it's surprisingly easy to do."

RFID technology is increasingly being used to identify people and property. The technology is often embedded in smart cards that are used to access public transportation systems and to open doors in corporate and government buildings.

Ford Motor Co. announced early this year that it is embedding RFID technology from ThingMagic Inc. in its pickup trucks and vans to help workers keep better track of their tools. And Airbus SAS signed a multimillion-dollar deal to use RFID technology supplied by IBM and OatSystems Inc. to streamline its supply chain and manufacturing operations.

The problem with RFID technology, according to its critics, is that the technology can be hacked.

Researchers at Radboud University Nijmegen in the Netherlands won a lawsuit this summer, allowing them to publish information about hacking into RFID-enabled smart cards that are used around the world.

"RFID technology is not, in and of itself, the issue. RFID is a minor miracle with all sorts of good uses," said Simitian. However, he added, "It's easier than ever to steal someone's personal information. With an unauthorized reader -- technology that is readily available, off-the-shelf and surprisingly inexpensive -- it's really quite simple to do."

Simitian said he ran a controlled experiment in which he allowed someone to skim the card he uses to access the State Capitol building. According to the senator, the card was quickly cloned and the hacker was able to walk into the building through a normally secure entrance.

Copyright © 2008 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon