The California State Senate voted to make it a crime to skim information stored on RFID tags.
The Senate voted 36 to 3 to pass the bill, introduced by State Sen. Joe Simitian (D-Palo Alto). The bill, SB 31, goes to the California State Assembly.
Simitian participated in a controlled experiment to demonstrate how skimming works.
"The problem is real," he said, while announcing passage of his bill. "The card I use to access the State Capitol was skimmed and cloned by a hacker in a split second. Minutes later, using that clone of my card, he was able to walk right into the Capitol through a 'secure' and locked entrance." Simitian said personal information on tags used for drivers' licenses and student IDs should be protected the same way other personal property is protected.
"If you've been mugged, or even had your pocket picked, you know you've been a victim," he said. "You can take steps to protect yourself against identity theft. But if your personal information has been 'skimmed' without your knowledge or consent, you're completely vulnerable. Right now if someone steals your ID, it's a crime; but if they steal the information on your ID by 'skimming,' it's not."
Simitian said the problem is exacerbated by the fact that millions of IDs and access cards carry unlimited information and there aren't any rules about including technology to protect privacy for privately-issued cards.
"RFID technology is not in and of itself the issue," he said. "RFID is a minor miracle with all sorts of good uses. But it's easier than ever to steal someone's personal information with an unauthorized reader -- technology that is readily available, off-the-shelf, and surprisingly inexpensive." Simitian's bill makes exceptions for inadvertent scanning. It also allows emergency medical workers and law enforcement agencies to scan cards without permission, while trying to provide care or investigate crimes -- as long as investigators have obtained a search warrant.