Menu
California makes it a crime to 'skim' RFID tags

California makes it a crime to 'skim' RFID tags

California became the second state to make it illegal to steal information from RFID cards.

This week, California became the second state to pass a law making it illegal to steal data from RFID (radio frequency identification) cards.

The law sets a penalty that includes a maximum fine of US$1,500 and up to a year in prison for someone convicted of surreptitiously reading information from an RFID card.

RFID chips, used in a growing variety of applications worldwide, store small amounts of information that a nearby device can read. Among other things, the chips can be used to store customer data on a credit card or allow authorized people to open locked office doors or car doors in "keyless" entry systems.

The California bill makes exceptions for certain emergency situations, such as permitting a health care worker to scan someone's RFID-enabled health card in order to help the person. Also, police officers would be allowed to view information on an RFID card with a warrant.

The bill was first introduced by California State Senator Joe Simitian in 2006, and the final version was signed into law on Wednesday. It was backed by a wide variety of groups ranging from the American Civil Liberties Union to the Gun Owners of California.

Earlier this year, Washington became the first state to pass a law against theft of RFID data. Washington makes it a class C felony to steal data from an RFID card specifically for the purpose of fraud, identity theft or other illegal purposes. That means that if convicted, a criminal could receive a penalty of as much as a $10,000 fine and five years in prison.

While there are security mechanisms that issuers of RFID cards can employ to make it more difficult for someone to steal data stored on them, many don't or do so poorly, so these laws could help serve as a deterrent against would-be hackers.

A paper recently published by the Stanford Law Review detailed some alarming examples of security researchers hacking into RFID systems. In one instance, researchers at Johns Hopkins University cracked the encryption code on Texas Instruments chips used in Exxon Mobil gas cards. Armed with that code, a laptop and a simple RFID device, they were able to fill up their tanks with gas for free.

The Stanford paper also cites work done by computer security researchers at IO Active showing how easily they could clone information stored on building entry cards. In another example described in the paper, researchers from the University of Massachusetts spent $150 to build an RFID reader and found they could read information such as names and other data stored on RFID-enabled credit cards. They found that data was stored on the commercially used cards unencrypted and in plain text.

California's governor this week vetoed another related bill also introduced by Simitian. That bill would have required schools to obtain written consent from parents before issuing RFID cards to students that could be used for recording attendance or tracking the students' whereabouts. The bill, drafted after controversy erupted at one California school that issued RFID cards to students, would also have required schools to take certain steps to protect students' privacy.


Follow Us

Join the newsletter!

Error: Please check your email address.

Featured

Slideshows

Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
HP re-imagines education through Auckland event launch

HP re-imagines education through Auckland event launch

HP New Zealand held an inaugural Evolve Education event at Aotea Centre in Auckland, welcoming over 70 principals, teachers and education experts to explore ways of shaping and enhancing learning using technology.

HP re-imagines education through Auckland event launch
Show Comments