Recent RFID Legal Developments in United States and European Union
The EU is calling for “meaningful discussion” considering its draft legislation on how to regulate RFID. The pending text can be found here, and cites past forum discussions and the EU’s commitment to “privacy, data protection and security.”
In the US, California and Washington (state) have stepped up their regulation efforts. Earlier this year, CA Senator Joseph Simitian proposed Senate Bill 31, outlawing RFID data “skimming,” which passed by a vote of 36 to 3. It now heads to the State Assembly. The most recent changes to the bill were when it would take effect (Jan 1, 2009 instead of 2009), the amount of the fine ($1500 instead of $5000) and a clause stating that the fine/imprisonment (up to one year) does not apply when:
(8) The reading of a person's identification document in the
course of an act of good faith security research, experimentation, or
scientific inquiry, including, but not limited to, activities useful
in identifying and analyzing security flaws and vulnerabilities.
The bill in its entirety can be found here.
Meanwhile, Washington’s state legislature has outlined a sort of "bill of rights" for the public in a bill that has passed the House and is going to the Senate.
You guys are great. I really do like your site.
