RFID bill: Oklahoma Lawmakers Led Astray by the lobbyist from the SIA

May 11, 2010 the Oklahoma House which previously passed HB 2569 by a wide margin (76-13 with 12 excused) failed to get enough votes to override the Governor’s Veto of the Radio Frequency ID bill.

Do Oklahoma legislators really think using any sort of tracking device on documents that we must carry with us nearly everywhere is a good idea?

Henry spokesman Paul Sund thanked the lawmakers for reviewing the legislation and sustaining the governor’s veto.

“It made no sense to prospectively ban technology that can provide future benefits,” Sund said. “Claims that the technology will be used to track people are inaccurate.”

Read more about the failed veto override vote on May 11, 2010 in this Tulsa World article

I noticed that Mr. Sund does not deny that the technology can track individuals; he is simply stating that it won’t be. If that is the case then why even use it?.

Why should we take Mr. Sund’s word? Where does he get his information and what evidence does he provide to back up his claim?

We know that powerful technology industry lobbying group, the Security Industry Association, or SIA
had
an impact on the bill
and one would assume, Mr. Sund and Oklahoma lawmakers as well.

SIA CEO Richard Chace says in his letter to Gov. Henry;

“Unfortunately, this legislation reflects common misperceptions about RFID applications that are based upon twisted facts and emotions generated by ill-informed “privacy rights” advocates.”

And

“Governor, please be assured that safeguarding the privacy of personal information collected through government-issued identification documents is of paramount concern to our membership”. Read the letter

But when SIA CEO Richard Chace is speaking to investors his tune changes just a little;

“First and foremost my duty is to the SIA membership and to execute the “will” of the SIA Board of Directors. My role at SIA is to perpetuate and regularly articulate the association’s strategic mission and vision[. . . ]Our members primarily join because they find tremendous value connecting and networking with their peers, but they also recognize and like that our organization impacts government and public policy; that it offers a wide range of benefits that help grow their business. . .’

Who is SIA’s members?

We are repeatedly told that radio frequency technology is a necessary security feature.

But according to these and many more experts;
” the risks of eavesdropping, cloning, and skimming arguably open the e-Passport holder to greater risks than the original paper-based design.”

Security and Privacy Risks of Embedded RFID in Everyday Things: the e-Passport and Beyond

Who is running this show? DC Lobbyists or our state legislators?

With one quick search I turned up 7 SIA Lobby letters either interfering with state legislation like HB 2569 in Oklahoma or praising lawmakers for their fidelity to the Security Industry Associations’ cause.

2 of the 7 were addressed to Oklahoma officials!

I don’t know that there is any chance of competing with the beguiling Mr. Chace but there are ample sources that refute the industry tripe that Mr. Sund and some of our state legislators are trying to feed us. These opinions and studies bear repeating because apparently all of the statements, studies and demonstrations provided by security experts, scientists and researchers that show that this technology is not only insecure and inappropriate for human ID has not sunk in yet.

For starters, I suggest the Department of Homeland Security’s own Data Privacy and Integrity Advisory Committee;

“But for other applications related to human beings, RFID appears to offer little benefit when compared to the consequences it brings for privacy and data integrity.

Instead, it increases risks to personal privacy and security, with no commensurate benefit for performance or national security.”

The committee goes on to say;

Most difficult and troubling is the situation in which RFID is ostensibly used for tracking objects (medicine containers, for example), but can be in fact used for monitoring human behavior. These types of uses are still being explored and remain difficult to predict.

For these reasons, we recommend that RFID be disfavored for identifying and tracking human beings.

These statements are from the original report the committee issued which was presented to the full Advisory Committee on June 7, 2006, at a public meeting in San Francisco where it was not very well received.

According to this report

. . . it received a chilly reception by many representatives from companies selling RFID technology used in identification and credential applications, as well as from technology industry groups, because it came down hard on the use of RFID in identity documents.

“The powers that be took a good run at deep-sixing this report,” Said one committee member

Sure enough the paper was delayed (and revised). By the time it was finally released, although still firmly disfavoring the use of the chips, the report was irrelevant because the policy had already been implemented.

Here is another source that may hold some sway with hard to convince officials in Oklahoma-RAND. This study illustrates some of the problems with RFID that many people may not be aware of due to the hidden nature of the ways in which information can flow and be connected. The RAND report states;

RFID tags and fine-grained access controls within a building make it possible to observe the movements of any employee all the time.”

Government and industry spokespersons are fond of explaining that the chips contain only a unique identification number, not personal information.

Gee, isn’t our social security number just a unique number? And one that the government swore would never be used as a personal identifier. If you can comprehend how the SSN is used as an identifier, then you should have no trouble comprehending how those innocent little chips could also be used in this manner.

Oklahoma officials have no trouble understanding how bits of data can be used to identify and trace someone when it applies to them!

Here is someone who ought to know about personal data collection, Dewade Langley, Director of OSBI. He understands how bits of information collected can quickly add up to a reveal an awful lot about a person. Unfortunately, these Oklahoma officials’ advocacy of personal privacy and security do not apply to the average Oklahoman. In fact they are trying to keep information that is rightfully a matter of public record, secret. But only for “special” people you understand.

“Over 100 of our employees have voiced concern because once you have a person’s full name and date of birth, you’re two-thirds of the way there if you want to steal someone’s identity.”

READ MORE; The OPEA announces that they, along with Oklahoma’s finest are going to bat for privacy rights.

Simply put;

While RFID technology has existed for decades, these new applications carry with them substantial new privacy and security risks for individuals. These risks arise due to a combination of aspects involved in these applications:

1) The transponders are permanently embedded in objects individuals commonly carry with them

2) Static data linkable to an individual is stored on these transponders

3) The objects these transponders are embedded in are used in public places where individuals have limited control over who can access data on the transponder.

Read more
Security and Privacy Risks of Embedded RFID in Everyday Things: the e-Passport and Beyond

But we are supposed to believe the industry lobbyists when they tell us that a unique number on an auto identification device that is embedded in our driver’s license that can be remotely read and associated with us is no threat?

If that is the case, why don’t we just put our social security number on our foreheads?! Why the fuss about any unique number associated with a particular person? Shall we take the word of Richard Chace over the Government Accountability Office (GAO)?

The GAO states;

The widespread adoption of the technology can contribute to the increased occurrence of these privacy issues. As previously mentioned, tags can be read by any compatible reader. If readers and tags become ubiquitous, tagged items carried by an individual can be scanned unbeknownst to that individual. Further, the increased presence of readers can provide more opportunities for data to be collected and aggregated –Government Accountability Office, Report to Congressional Requesters: Information Security: Radio Frequency Identification Technology in the Federal Government, GAO-05-551

And also:

In Congressional testimony, March 2007, a GAO official cautioned against the use of RFID technology to track individuals;

“Once a particular individual is identified through an RFID tag, personally identifiable information can be retrieved from any number of sources and then aggregated to develop a profile of the individual. Both tracking and profiling can compromise an individual’s privacy,” –Linda D. Koontz, Dir., Info. Mgmt. Issues, Gov’t Accountability Office

Why should Oklahoma legislators be more interested in keeping the door open for future placement of radio frequency tech on our ID cards and DL’s than in protecting us from these imposed risks?


Whose rights are they protecting by voting against a measure that would have prohibited the use of RFID technology in our state Driver’s licenses or other identity cards?

Government mandated auto id devices on our documents that are required for access to many of our daily necessities is a possibility that looms large with legislation and laws like REAL ID, PASS ID, and even the proposed “immigration reform” bill that would require a government verified biometric ID card giving us permission to work.

We have a vested interest in the systems of access control that our government has made clear it intends to implement widely. The enhanced drivers licenses and new passport cards that utilize EPC Gen 2 RFID devices are simply the beginning.

This is an area where our state legislators can and should play a key role and be willing to stand in the gap for us.

The industry has freely exerted its power to quash potentially
revealing reviews.


Here is an example of HID Global taking action to protect their interests by taking steps to gag a security researcher in order to keep him from alerting the public about the insecure nature of their product.

The researcher says;“Our intent was to disseminate information so people could make informed decisions about RFID technology they’re deploying. For example, whether to deploy a proximity card with a secondary factor like a biometric or PIN [personal ID number]. But we’ve been prevented by HID from discussing that, and we believe it’s detrimental to the security community,”

HID global is the very same international company that endeavored to
emasculate HB 2569, Oklahoma’s anti-RFID bill.

The assurances that RFID technology will not be used to track or monitor us falls flat.

Another expert, IBM, received approval for a patent in 2006 ”Identification and tracking of persons using RFID-tagged items” is the name of this invention. IBM explains how to collect information about people that could be ”used to monitor the movement of the person through the store or other areas.”

The patent makes clear, IBM’s invention could work in other public places, ”such as shopping malls, airports, train stations, bus stations, elevators, trains, airplanes, restrooms, sports arenas, libraries, theaters, museums, etc. Read more; http://www.katu.com/internal?st=print&id=14453392&path=/news/tech


We are being told that the inclusion of radio frequency technology is a necessary security feature.

” but the risks of eavesdropping, cloning, and skimming arguably open the e-Passport holder to greater risks than the original paper-based design.”

source

The idea of a global identity card is frightening enough. It is even more galling to learn that the US insisted that these new ID cards be built in the most insecure manner, blocking proposals to protect RFID chips placed in identity documents with security measures that are sufficient to protect the privacy of their bearers. Source

Yet when presented with an opportunity to give the people of this state a measure of protection, many Oklahoma lawmakers due to partisanship, ignorance or personal gain choose not to do so.

I know that I am not alone in my sense of betrayal.

Everyone should make sure that the override vote avoiders and the ones that opposed HB 2569 have ample information that demonstrates that the SIA and HID Global are not being forthright. We must demand our elected officials vote according to our best interests and NOT the financial interests of the lobbyists!

They need to know that we will not forget their betrayal come election season and will make sure that their constituents have all the information they need to cast a well informed vote!

On the May 11, 2010 override vote 69 House members voted in favor of the override, 19 against and 13 were excused. Out of the 13 who were excused, only 3 were actually absent from the Capitol.

The 13 who did not cast a vote on May 11th

Contacted them and asked if they would be so kind as to cast their vote in favor of HB 2569 which would indicate a desire to serve the interests of their constituents over those of the industry promoters.

  1. Neil Brannon – neilbrannon@okhouse.gov 1-405-557-7413
  2. Mike Brown – mikebrown@okhouse.gov 1-405-557-7408
  3. John Carey – johncarey@okhouse.gov 1-405-557-7366
  4. Lee Denney – leedenney@okhouse.gov 1-405-557-7304  (says she will vote yes)
  5. Wes Hilliard – weshilliard@okhouse.gov 1-405-557-7412
  6. Chuck Hoskin -chuck.hoskin@okhouse.gov 1-405-557-7319
  7. Scott Inman – scott.inman@okhouse.gov 1-405-557-7370
  8. Danny Morgan – dannymorgan@okhouse.gov 1-405-557-7368
  9. Richard Morrissette – richardmorrissette@okhouse.gov 1-405-557-7404
  10. Bill Nations – billnations@okhouse.gov 1-405-557-7323
  11. Mike Shelton – mikeshelton@okhouse.gov 1-405-557-7367  (walked vote)
  12. John Trebilcock – johntrebilcock@okhouse.gov 1-405-557-7362  (says he will vote yes)
  13. Purcy Walker – purcywalker@okhouse.gov 1-405-557-7311

OK House Toll Free Number: 1-800-522-8502.

No Votes on May 11th-These legislators voted AGAINST a veto override for HB 2569

We are in the midst of a revolution in computing technology. Our ability to transfer data, store it and collect it has made rapid gains that far exceed our ability to make adequate adjustments in our thinking or our laws and the policies that we develop today can go a long way in preventing dangerous ethical shifts that are being driven by the unholy marriage of corporate financial interests and government security concerns.


It is this dynamic duo is producing a climate of wholesale fear mongering and a result we are being inundated with false solutions that fatten the wallets of executives and give cover to the politicians eager to ingratiate themselves with said executives.

All Oklahomans and their representatives should be outraged by the fact that the technology industry is directing state policy in this manner.


2 responses to “RFID bill: Oklahoma Lawmakers Led Astray by the lobbyist from the SIA

  1. That’s another one that needed to die. I even have reservations about the Pike Pass.

  2. Pingback: RFID bill Oklahoma Lawmakers Led Astray by the lobbyist from the SIA

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s