Menu
California makes it a crime to 'skim' RFID tags

California makes it a crime to 'skim' RFID tags

California became the second state to make it illegal to steal information from RFID cards.

This week, California became the second state to pass a law making it illegal to steal data from RFID (radio frequency identification) cards.

The law sets a penalty that includes a maximum fine of US$1,500 and up to a year in prison for someone convicted of surreptitiously reading information from an RFID card.

RFID chips, used in a growing variety of applications worldwide, store small amounts of information that a nearby device can read. Among other things, the chips can be used to store customer data on a credit card or allow authorized people to open locked office doors or car doors in "keyless" entry systems.

The California bill makes exceptions for certain emergency situations, such as permitting a health care worker to scan someone's RFID-enabled health card in order to help the person. Also, police officers would be allowed to view information on an RFID card with a warrant.

The bill was first introduced by California State Senator Joe Simitian in 2006, and the final version was signed into law on Wednesday. It was backed by a wide variety of groups ranging from the American Civil Liberties Union to the Gun Owners of California.

Earlier this year, Washington became the first state to pass a law against theft of RFID data. Washington makes it a class C felony to steal data from an RFID card specifically for the purpose of fraud, identity theft or other illegal purposes. That means that if convicted, a criminal could receive a penalty of as much as a $10,000 fine and five years in prison.

While there are security mechanisms that issuers of RFID cards can employ to make it more difficult for someone to steal data stored on them, many don't or do so poorly, so these laws could help serve as a deterrent against would-be hackers.

A paper recently published by the Stanford Law Review detailed some alarming examples of security researchers hacking into RFID systems. In one instance, researchers at Johns Hopkins University cracked the encryption code on Texas Instruments chips used in Exxon Mobil gas cards. Armed with that code, a laptop and a simple RFID device, they were able to fill up their tanks with gas for free.

The Stanford paper also cites work done by computer security researchers at IO Active showing how easily they could clone information stored on building entry cards. In another example described in the paper, researchers from the University of Massachusetts spent $150 to build an RFID reader and found they could read information such as names and other data stored on RFID-enabled credit cards. They found that data was stored on the commercially used cards unencrypted and in plain text.

California's governor this week vetoed another related bill also introduced by Simitian. That bill would have required schools to obtain written consent from parents before issuing RFID cards to students that could be used for recording attendance or tracking the students' whereabouts. The bill, drafted after controversy erupted at one California school that issued RFID cards to students, would also have required schools to take certain steps to protect students' privacy.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.‚Äč

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments