By Dan Goodin in San Francisco
20th February 2009
The sponsor of a controversial bill before the Nevada legislature has
promised to introduce amendments after security experts and civil
libertarians warned it would make felons of people studying privacy
threats involving RFID, or radio frequency identification.
In its present form, Senate Bill 125 (PDF) would make it a felony for
anyone to possess, read or capture the personally identifying RFID
information of others without their consent. Without changes, the
legislation would prevent the testing and demonstrating of RFID
weaknesses in a state that hosts Defcon and Black Hat, the biggest
hacker conference and one of the biggest security conferences
State Senator David Parks, the original sponsor of the bill, said he
intends to amend the bill on Monday to exempt people carrying out
"legitimate research." Security experts say that is important because
the bill as it's now written would seriously impinge on their ability to
test the security of RFID in real-world scenarios.
"The ability to be able to take this RFID technology into the real world
and actually show it to people is pretty crucial because there is a lot
of misunderstanding about the technology and people need practical
demonstrations of things in order to understand the weaknesses in it,"
said Chris Paget, who last month demonstrated a low-cost mobile platform
that can clone large numbers of unique RFID tags embedded in US passport
cards and next generation drivers licenses. "It definitely needs an
Best Selling Security Books and More!