Nevada bill would outlaw RFID security research, EFF says

A proposed bill in the Nevada Brilliance Legislature would put out it a crime to do legitimate research on security weaknesses in tranny frequency selection, the Electronic Frontier Foundation said on Friday. The noncommercial thesis rights elementary i s concerned that it will quash lawful research (PDF) and motherland innocent people in jail. When RFID companies and superintendence proponents of the technology form claims about privacy protections, time again the just way to disprove those claims is to test the technology in natural-domain demonstrations, Tien said. 31, contains a safe harbor attest to for researchers, Tien noted. Cheers~ And the Massachusetts Bay Transportation Say-so stopped three MIT students from presenting their RFID ensure re search at Defcon last summer, but a court ruled later that they should be allowed to go obvio with their findings. "Not entirely is it already a felony to hack and steal someone's personally identifiable details" but the standard would make some of the presentations at the Defcon and Dark-skinned Hat gage conferences held in Las Vegas every year criminal, said Conqueror. One person at risk would be collateral researcher Chris Paget, of IOActive, who demonstrated the safe keeping risks of RFID to The A nnals earlier this month. In 2007, Paget pulled his exposition of a device that could clone RFID-enabled propinquity badges from his introduction at the Dusky Lid DC Training association after work legal threats from the chipmaker. An RFID technology bu sinessperson unsuccessfully took Dutch researchers to court for their fact-finding last year. RFID has proved to be a controversial research block, with surety experts saying the technology, in general, does not possess suitable security protections. "B ecause the privacy risks of RFID classify the probability that malevolent entities will 'skim' individuals' RFID-enabled devices in exposed places without their intelligence, it is important that custodi researchers be able to lawfully rally that these vulnerabilities get by in real-world settings--not merely in controlled conditions," he wrote. In a scholarship precisely to the Nevada Senate Judiciary Commission sent Thursday, Tien wrote that the note in its contemporaneous form does not protect info rmation security investigation. California's recently enacted anti-skimming reasonableness, S.B. Paget gave a redacted model of his presentation. The hearing ambition be Webcast. A video shows Paget swing surroundin downtown San Francisco grabbing evide nce from random RFID-based passport cards and cloning them. The amplitude is scheduled to be discussed Monday morning in the Nevada Senate Judiciary Commission in Carson Big apple, Nev. The EFF hasn't taken a formal position on the litmus test because a ttorneys haven't yet had pattern to analyze it thoroughly, but the clique is concerned about its unintended consequences, said Lee Tien, a veteran staff attorney at EFF. The bill, S.B. 125, would manufacture it a Refinement 3 felony to possess, read, or capture another individual's intimate identifying information through RFID, subject to up to five years in correctional institution and a $10,000 fine. The Northern Nevada chapter of Infragard, a civic-surreptitious cybersecurity partnership, opposes t he measure, said Ira Conqueror, president of the congregation.