New law makes "malicious" RFID spying illegal, corporations can do as they please

by Thomas Ricker posted Mar 26th 2008 at 6:23AM

When did the practice of lawmaking require an accompanying press release issued by a professional PR firm? An embedded photo of the sponsoring state official, too? Shameless. Nevertheless, it did bring our attention to a new law in the state of Washington which prohibits "malicious" RFID spying. When the new law (said to be a first of its kind in the US) goes into effect in July, anyone caught scanning a person remotely "without his or her knowledge and consent, for the purpose of fraud, identity theft, or some other illegal purpose" will be charged with a Class C felony. Great, so that covers the obvious criminal abuse of the technology. However, the original bill also included an opt-in measure that would require your approval before retailers and others could track your activity via that handy, store-issued discount card you carry, the implant you received during that stint in the joint, new credit card, or personal ID card you're required to carry. Unfortunately, the opt-in requirement was stricken from the bill (and therefore not in the final law) after succumbing to heavy corporate lobbying. You thinking what we're thinking? Contact information posted in the read link below.

Filed under: Wireless

Tags: law, rfid, washington

Subscribe to these comments

Reader Comments (Page 1 of 2)

Neutral

mundungous @ Mar 26th 2008 6:34AM

why i oughta!

Neutral

hypereric @ Mar 26th 2008 9:09AM

Anybody know if a item with an embedded RFID chip will be rendered useless by a couple of seconds in a microwave?

Neutral

UKNigel @ Mar 26th 2008 12:23PM

Or by using an electromagnetic pulse generator, which can be made out of a disposable flash camera and a lot of wire. As far as I know there is no law that prohibits me from going around and ruining the RFID chips in everybody's credit cards discretely.

Neutral

James @ Mar 26th 2008 1:55PM

what crap

Neutral

RoboDan @ Mar 26th 2008 4:54PM

New Mottos:

USA - What do you expect, you worthless ants?

Canada - What she ^ said.

UK - Privacy? Is that an english word?

The rest of Europe - Haha, stupid anglos!

Neutral

Angel @ Jun 15th 2008 7:28PM

I hope you don't take this as spam [I think it's very relevant], but this movie talks about how the gov't is becoming the big brother. ttp://www.zeitgeistmovie.com/

Neutral

Liam @ Mar 26th 2008 6:34AM

Lobbyists suck sooooo much.

Neutral

n3rd @ Mar 26th 2008 2:18PM

its not the lobbyists
its the congressmen who are so easily bought over

Highly Ranked

Jagannath A @ Mar 26th 2008 6:38AM

how would we know whether its malicious or not ??

install an anti-phishing software in our RFID chips??? :D

Highly Ranked

Randomness @ Mar 26th 2008 6:59AM

So if I'm just doing it for the lulz, and not "for the purpose of fraud, identity theft, or some other illegal purpose," then it's A-OK? Sweet!

Hey everyone! we're going into the Gap, put on your tinfoil hats so they can't see how much is in your bank account and that you really can't afford to shop here!

Highly Ranked

Wonderkid @ Mar 26th 2008 7:06AM

The greatest threat to our freedom and dignity is not government or
terrorists, but the replacement of democracy and said freedom by
(almost) automated businesses with no ethical or common sense based
guideance. It is going to be very difficult to undo our electronic
detiny unless some fairly robust action is taken - NOW! (Oh, and what happens when the terrorists are able to use their positions within a business to track an individual or group of individuals?)

Neutral

Leo @ Mar 26th 2008 10:25AM

I think there's no single greatest threat to our freedom of our existence - think about the speed at which probably human-eradicating things are happening - climate change, robotics, genetics et al

Not that there's anything wrong with capitalism but it's gone (and is going) WAY too far unchecked (easy to buy out those who'd do the checking)... Add to that the ever increasing cases of global conspiracy and we're pretty f*cked within this century. (btw I'm not gullible or anything but I saw a really convincing conspiracy doc which claimed the grand goal for the illuminati is to have EVERYBODY RFID tagged... interesting to see the continuing developments in this direction)

For the first time in hundreds of years, the current young generations are going to live WORSE than their parents did (and possibly be wiped out for the large part although that will do the planet some good - there's already about 5Bn too many people to live harmoniously with mother nature)

Rant Over!

Neutral

John @ Mar 26th 2008 11:18AM

"Oh, and what happens when the terrorists are able to use their positions within a business to track an individual or group of individuals?"

That's just a stupid statement. If businesses control the government, and terrorists run businesses they aren't terrorists anymore. They wouldn't be hiding secretly in cells, lurking in the darkness spying on people. They would run the country and control the media to get people to do what they want.They may still use fear but in a more politician running for reelection like way. Think V for Vendetta minus the happy ending.

P.S I hope you learned to not be so optimistic. *puts on tinfoil hat*

Neutral

Jerry @ Mar 26th 2008 7:38AM

cool

Neutral

s i d @ Mar 26th 2008 7:37AM

true freedom would be freedom from one's own thoughts/ prejudices n that would include one's own fear of watever ..... now feeding them creating mass hysteria n getting free promotion is just smart business.

o how long this journey to evolution, the tail is gone but is still missed

Neutral

Twitchy @ Mar 26th 2008 7:37AM

Pfft, what do I care. Honestly, the only RFID card I currently carry is an access card for my apartment building. Once I am forced to carry more as the situation dictates, then I'm getting me a Faradaic wallet.

Neutral

Joe @ Mar 26th 2008 7:38AM

Interesting way of tracking employees...

Neutral

Ryan @ Mar 26th 2008 7:38AM

I wish they kept the op-in measure

Neutral

Joseph @ Mar 26th 2008 7:40AM

As long as carrying your RFID card or whatever inside an aluminium foil or lead isn't outlawed, then its all ok for me.

Neutral

UKNigel @ Mar 26th 2008 12:27PM

When the government outlaws tinfoil hats or tinfoil in my wallet, that'll be the day when I give up and leave earth for good. I can see it happening.

Neutral

Acksaw@gmail.com @ Mar 26th 2008 7:53AM

Wow, they just made RFID a better target for hackers.

Neutral

James @ Mar 26th 2008 8:15AM

Meh. It's like those preposterous "hate crime" laws -- take something *already illegal* (be it identity theft or beating somebody up) and tack on extra charges for doing it in a way that's currently a hot topic (via RFID snarfing, or white-on-black violence). Prosecute the "core" crime and move on. If there's not already a law against "attempted identity theft" or some such, fix *that* problem -- not this nonexistent one.

Neutral

Jeff @ Mar 26th 2008 11:09AM

The issue is the crime of "identity theft" requires that you actually *do* something with the information you steal for it to be a prosecutable crime. You haven't "stolen" anyone's identity until you actually try to use it yourself. I mean, if my neighbor's electric bill blows out of his garbage can and onto my lawn and I pick it up, that doesn't make me a criminal under identity theft laws. I'd have to actually try to use his account information. "Identity theft" in legal terms is just a fancy way of saying "fraud".

The so-called "identity theft" laws that are prosecutable at the time of the data breach and that you read about in the news aren't really ID theft laws at all, they're laws just like this one that make hacking and circumvention of database protections a crime. If you hack into Citibank's servers and steal a bunch of people's credit card numbers, you're not actually being prosecuted for identity theft, you're being prosecuted for hacking the server.

This is no different than that. It has to be illegal on both ends; both the theft itself and the use of the information. You're saying the information's use is already illegal; that's not enough. People shouldn't be able to go around actively taking and reading my personal info without my knowledge, even if they don't plan on doing anything with it.

Neutral

dervheid @ Mar 26th 2008 8:29AM

So, if you're a big business and can afford to lobby the politicians, you can get your own way.
No surprises there then.

Neutral

A. Swift @ Mar 26th 2008 8:34AM

Fine. I can incorporate for a few hundred bucks and go snooping to my heart's content.

Neutral

jerry @ Mar 26th 2008 8:42AM

no surprises

Neutral

Neoprimal @ Mar 26th 2008 8:43AM

"anyone caught scanning a person remotely "without his or her knowledge and consent, for the purpose of fraud, identity theft, or some other illegal purpose"

Awesome! Because that stops credit card and identity thieves from stealing (and using) your information, right?

They need to find a way to SECURE the technology, or not use it at all. Sure CCs are not super secure, but it's way more difficult nowadays for someone who doesn't own 'yours' to use it. ANYONE that wants to, can get the info from your RFID tagged device.

The fact that this law will not (no longer*) require companies to get customer approval to spy on the chip is just sick and goes to show the kind of things that slip through the political cracks. I hope for all our sakes there's a big enough fuss to get that changed before July comes OR that RFID doesn't move into storing bank account info, ss#, private info like addresses and phone numbers etc.

Neutral

jamie @ Mar 26th 2008 8:51AM

This law ultimately doesn't mean anything... It's already illeagal to comit fraud/identity theft etc. so if you got caught hacking someones RFID whatever you would have been penalised anyway. The only part of this law that had any real meaning, was the bit disalowing corporations from tracking you, which Big Brother USA said was perfectly fine.

Course you could all just move up here to good old Canada where we still actually have freedom, liberty and democracy and where the powers of the corporations to track you have been curtailed recently after a few large US department stores had there d/b's hacked.

Neutral

hypereric @ Mar 26th 2008 8:51AM

out with the tinfoil beanies, in with the tin foil bodysuits.

Neutral

jvh @ Mar 26th 2008 9:51AM

i lost mine! >.

Neutral

hypereric @ Mar 26th 2008 10:18AM

That's OK. I just filed a provisional patent for a full body tin foil suit. I will be soon marketing them as soon as I can find an investor. Men will have a wide range of styles to choose from; women will have a wide range of colors to choose from, all of which will be made in one style: a skin-tight latex-tin-foil catsuit.

And the EULA *will* stipulate that garments cannot be worn over the catsuits.

Neutral

hypereric @ Mar 26th 2008 8:53AM

Wait a minute.... forget what I said. I need to go search google patents.

Neutral

Ratteler @ Mar 26th 2008 8:59AM

Do it as a Citizen go to jail, do it as a corporation, no problem?

When will you people stand up to this bullshit!!! In Washington State you are now a Second Class citizen to ANY non-entity!

Neutral

Hagrun @ Mar 26th 2008 9:10AM

I guess we will have to carry RF jammers to protect ourselves. I guess protecting ourselves in that manner is illegal too though. Let all move to Canada.

Neutral

John @ Mar 26th 2008 11:24AM

Sorry, but why is it illegal? Why isn't it ok if it works on a very narrow RF range? ...um is that even possible to work on a narrow range?

Neutral

Hagrun @ Mar 26th 2008 1:13PM

I just know you aren't allowed to jam radio signals for certain things like cell phones, and critical communication equipment. There may be a blanket law to cover all radio frequencies. I'm not totally sure thus the "I guess" part of the sentence. You can jam one or many frequencies at a time, depending on how your device works. If you broadcast a signal on 723 mhz it will interfere (aka jam) with any other signal that is broadcast on 723 mhz. The localization of the jamming will depend on how powerful your device is. You can only jam multiple frequencies if your device is able to broadcast on multiple frequencies.

Neutral

De @ Apr 27th 2008 11:29AM

Across the pond science-fction and science fact are beginning to blur as far as RFID trackable devices are concerned...

Take a look at 'The Last Enemy - Living in the UK':

http://deandonaldson.wordpress.com/2008/03/23/the-last-enemy-%e2%80%93-living-in-the-uk/

Neutral

SlickGnome @ Mar 26th 2008 9:48AM

I believe they would probably try to get you for carrying an RF jammer anyway. Blocking another persons RF "Aura" who is near you is probably as bad to big brother as trying to phish out numbers and such with the prevalence of all sorts of Door access cards and such. "Hey my door access badge doesn't work... Oh that guy has a jammer! Someone arrest him!"

Neutral

kakapo @ Mar 26th 2008 10:53AM

Leo....

/rant

You are pretty spot on... consider that the bar code is designed to be able to be tracked from any read direction and it begins with a "6" has a "6" in the middle and a "6" at the end... RFIDs can transmit details - and isn't the greatest threat to mankind - prostituted government and who to better buy your politicos than corporations and banks... who have the actual control in the first place. Remember there are no "accidents" in politics and banking. EVER. Too much is at risk. I am not a tin foil hat own3r but I have watched and read for 55 years. Will all the observation help me? I don't know but I do see the constant consistent enslavement of mankind- not by government but by the financial barons and commerce. What can we do? Not sure but it will take a global effort by EVERYONE. Remember divisiveness is what THEY want. It is the only way that THEY can control us!

/end rant

Cheers

Neutral

CosterMonger @ Mar 26th 2008 10:39AM

Dystopia - TODAY!

Neutral

DCGaymer @ Mar 26th 2008 7:33PM

Obviously....there's now a product niche for counter culter RFID spoof. Keep your Credit Cards in the tinfoil / lead lined section...and your Spoof ID on the outside. Then when your spoof card is hacked/scanned by an unauthorized or overly aggressive corporate system... they get a lovely spoofed response.

I can think of a few choice things I'd have as a personal response...but they're probably NSFW.

Neutral

Allen @ Mar 26th 2008 11:41AM

I agree with everyone here, and with CosterMonger. Why should it be allowed for a corporate interest to scan RFID without your consent? Also, this law leaves a loophole for RFID hackers: they can just scan the data and not use it for identity theft. Then, after they have enough, they could. Of course, it could be argued in court that that was the whole object from the beginning, and hence the hacker would be tried.

But what does a corporation use RFID info for? They too sell ID's to other companies, even overseas where US regulatory efforts end. Then that'd be participating in identity theft.

Also, maybe I don't really want anyone knowing any of the information on an RFID. I could just then not carry one, but considering some forms of credit card are headed into RFID exclusivity, that would mean eventually you couldn't get a non RFID credit card.

Neutral

louage @ Mar 26th 2008 12:49PM

I must be getting old.. I can't place the movie in the image for this story :( - can someone help me out?!

Neutral

Suzanne Shea @ Mar 26th 2008 7:41PM

louage, the picture is from Minority Report. It is good, and germane to this story.

Neutral

Humanmind @ Mar 26th 2008 1:01PM

Hows about we stop carrying things like credit cards that would have "shopper" RFID info on them.
A: No tracking
B: No buying sh*t we don't need.

Neutral

GETYOID @ Apr 16th 2008 4:12PM

I like that. Maybe these retailers and other big businesses will realize, once they go OUT of business, that us US that pays their salaries. And, while we're at it, lets fire ALL of Washington and put people in there that actually represent the people. People who actually realize that THEY work for US and not the other way around... unless they want another revolution.

Neutral