SENATE BILL REPORT

SHB 1011

This analysis was prepared by non-partisan legislative staff for the use of legislative members in their deliberations. This analysis is not a part of the legislation nor does it constitute a statement of legislative intent.

Background: Radio Frequency Identification (RFID) is a tagging and tracking technology that uses tags or chips equipped with antennae. Passive RFID chips receive power from the electromagnetic field emitted by a reader in order to send the information contained on the chip to the reader and active RFID chips have their own power source. Both active and passive RFID chips use radio waves to transmit and receive information.

In 2008 the Legislature passed two laws related to RFID. It is a class C felony to either (1) scan another person's identification device remotely for the purpose of fraud or identity theft, if accomplished without that person's knowledge and consent; or (2) read or capture information contained on another person's identification document using radio waves without that person's knowledge or consent.

Summary of Bill: A government or business entity is prohibited from remotely reading an identification device using RFID technology, unless the government or business entity, or one of their affiliates, is the same entity that issued the identification device. This prohibition does not apply to a person remotely reading an identification device for certain purposes, including medical care or triage during a disaster; law enforcement; security research; or inadvertent scanning while operating the person's own RFID system, if certain conditions are met. A lost identification device also may be read if the owner is unavailable for notice, knowledge, or consent, and the device is read by law enforcement or government personnel.

The unlawful reading of an identification device is a violation of the Consumer Protection Act. The Office of the Attorney General must report annually to the Legislature on personally invasive technologies that may warrant legislative action.

Staff Summary of Public Testimony: PRO: This bill is a much better honed version of last year's bill, and has been developed by working with the stakeholders. The biggest objection seems to be to Section 3, the reference to "personally invasive technology." This bill will create a situation where people can't scan random people to gather marketing information. It would protect the proprietary information of the business or entity issuing the chip, and has been crafted with a lot of input from financial institutions to protect affinity relationships. Consumers don't always know where a chip or a chip reader is, and this would protect the information of consumers who are slipped a chip. Unlike more traditional media like bar codes or magnetic strips, RFID chips can be scanned at a distance and without any physical action that might alert the consumer. This is not just a retail issue, as colleges use these technologies in student identification cards, meal cards, etc. It's unclear whether this would affect colleges too.

CON: Objections are mostly philosophical in nature. Protection shouldn't focus so much on a single type of technology, and shouldn't be restricted to "commercial." Section 3 also presupposes that RFID is personally invasive. The range of readability has been increased recently, and there have been issues involving the use of low-grade chips in Department of Licensing's enhanced IDs.

Persons Testifying: PRO: Representative Morris, prime sponsor; Violet Boyer, Independent Colleges of Washington.

CON: Lew McMurran, Washington Technology Industry Association; Tom McBride, Tech America.