INTERNET LAW - Anti-Skimming Laws in the United States

Skimming involves pilfering information from nonencrypted RFID tags or chips. RFID chips consist of a microchip and a tiny antenna which transmits data from the chip to a reader. The reader is activated whenever the antenna comes into range. The United States has legally used this system for passport and other border patrol duties. For instance, documents such as U.S. passports issued after October 2006 contain RFID chips. The U.S. passport comes with a foil wrapper designed to prevent skimming of the RFID data, but it has been shown to fail if the passport is even slightly open. Data included in RFID chips can also be used to trigger an event – such as ordering more stock or providing identification details to border patrol officials.

Washington State’s anti-skimming legislation was passed in February 2008 and became effective in July 2008. The law makes it a felony to scan a Radio Frequency Identification Device (RFID) tag belonging to another without that person’s consent and to use the data for an illegal purpose, including fraud, identity theft, or stalking. In October 2008, California followed Washington State and enacted similar legislation.

California's bill was adopted and signed by Governor Arnold Schwarzenegger in October 2008, following a demonstration showing that personal information skimmed from civil servants’ entry-card badges allowed hackers to access secured areas of government offices.

The legislation follows various high-profile incidents involving RFID hacking, such as that of an Exxon Mobile key fob. Nevertheless, neither the measures taken in California, nor those adopted in Washington State mandate any RFID encryption, thus leaving the system vulnerable to interference.

This article is only available to members,
click here to learn more

Staff Attorneys, IBLS Editorial Board