State Codes and Statutes

Statutes > California > Civ > 1798.79-1798.795

CIVIL CODE
SECTION 1798.79-1798.795



1798.79.  (a) Except as provided in this section, a person or entity
that intentionally remotely reads or attempts to remotely read a
person's identification document using radio frequency identification
(RFID), for the purpose of reading that person's identification
document without that person's knowledge and prior consent, shall be
punished by imprisonment in a county jail for up to one year, a fine
of not more than one thousand five hundred dollars ($1,500), or both
that fine and imprisonment.
   (b) A person or entity that knowingly discloses, or causes to be
disclosed, the operational system keys used in a contactless
identification document system shall be punished by imprisonment in a
county jail for up to one year, a fine of not more than one thousand
five hundred dollars ($1,500), or both that fine and imprisonment.
   (c) Subdivision (a) shall not apply to:
   (1) The reading of a person's identification document for triage
or medical care during a disaster and immediate hospitalization or
immediate outpatient care directly related to a disaster, as defined
by the local emergency medical services agency organized under
Section 1797.200 of the Health and Safety Code.
   (2) The reading of a person's identification document by a health
care professional for reasons relating to the health or safety of
that person or an identification document issued to a patient by
emergency services.
   (3) The reading of an identification document of a person who is
incarcerated in the state prison or a county jail, detained in a
juvenile facility operated by the Division of Juvenile Facilities in
the Department of Corrections and Rehabilitation, or housed in a
mental health facility, pursuant to a court order after having been
charged with a crime, or to a person pursuant to a court-ordered
electronic monitoring.
   (4) Law enforcement or government personnel who need to read a
lost identification document when the owner is unavailable for
notice, knowledge, or consent, or those parties specifically
authorized by law enforcement or government personnel for the limited
purpose of reading a lost identification document when the owner is
unavailable for notice, knowledge, or consent.
   (5) Law enforcement personnel who need to read a person's
identification document after an accident in which the person is
unavailable for notice, knowledge, or consent.
   (6) Law enforcement personnel who need to read a person's
identification document pursuant to a search warrant.
   (d) Subdivision (a) shall not apply to a person or entity that
unintentionally remotely reads a person's identification document
using RFID in the course of operating a contactless identification
document system unless it knows it unintentionally read the document
and thereafter intentionally does any of the following acts:
   (1) Discloses what it read to a third party whose purpose is to
read a person's identification document, or any information derived
therefrom, without that person's knowledge and consent.
   (2) Stores what it read for the purpose of reading a person's
identification document, or any information derived therefrom,
without that person's knowledge and prior consent.
   (3) Uses what it read for the purpose of reading a person's
identification document, or any information derived therefrom,
without that person's knowledge and prior consent.
   (e) Subdivisions (a) and (b) shall not apply to the reading,
storage, use, or disclosure to a third party of a person's
identification document, or information derived therefrom, in the
course of an act of good faith security research, experimentation, or
scientific inquiry, including, but not limited to, activities useful
in identifying and analyzing security flaws and vulnerabilities.
   (f) Nothing in this section shall affect the existing rights of
law enforcement to access data stored electronically on driver's
licenses.
   (g) The penalties set forth in subdivisions (a) and (b) are
independent of, and do not supersede, any other penalties provided by
state law, and in the case of any conflict, the greater penalties
shall apply.


1798.795.  For purposes of this title, the following definitions
shall apply:
   (a) "Contactless identification document system" means a group of
identification documents issued and operated under a single authority
that use RFID to transmit data remotely to readers intended to read
that data. In a contactless identification document system, every
reader must be able to read every identification document in the
system.
   (b) "Data" means any information stored or transmitted on an
identification document in machine-readable form.
   (c) "Identification document" means any document containing data
that is issued to an individual and which that individual, and only
that individual, uses alone or in conjunction with any other
information for the primary purpose of establishing his or her
identity. Identification documents specifically include, but are not
limited to, the following:
   (1) Driver's licenses or identification cards issued pursuant to
Section 13000 of the Vehicle Code.
   (2) Identification cards for employees or contractors.
   (3) Identification cards issued by educational institutions.
   (4) Health insurance or benefit cards.
   (5) Benefit cards issued in conjunction with any
government-supported aid program.
   (6) Licenses, certificates, registration, or other means to engage
in a business or profession regulated by the Business and
Professions Code.
   (7) Library cards issued by any public library.
   (d) "Key" means a string of bits of information used as part of a
cryptographic algorithm used in encryption.
   (e) "Radio frequency identification" or "RFID" means the use of
electromagnetic radiating waves or reactive field coupling in the
radio frequency portion of the spectrum to communicate to or from an
identification document through a variety of modulation and encoding
schemes.
   (f) "Reader" means a scanning device that is capable of using RFID
to communicate with an identification document and read the data
transmitted by that identification document.
   (g) "Remotely" means that no physical contact between the
identification document and a reader is necessary in order to
transmit data using RFID.


State Codes and Statutes

Statutes > California > Civ > 1798.79-1798.795

CIVIL CODE
SECTION 1798.79-1798.795



1798.79.  (a) Except as provided in this section, a person or entity
that intentionally remotely reads or attempts to remotely read a
person's identification document using radio frequency identification
(RFID), for the purpose of reading that person's identification
document without that person's knowledge and prior consent, shall be
punished by imprisonment in a county jail for up to one year, a fine
of not more than one thousand five hundred dollars ($1,500), or both
that fine and imprisonment.
   (b) A person or entity that knowingly discloses, or causes to be
disclosed, the operational system keys used in a contactless
identification document system shall be punished by imprisonment in a
county jail for up to one year, a fine of not more than one thousand
five hundred dollars ($1,500), or both that fine and imprisonment.
   (c) Subdivision (a) shall not apply to:
   (1) The reading of a person's identification document for triage
or medical care during a disaster and immediate hospitalization or
immediate outpatient care directly related to a disaster, as defined
by the local emergency medical services agency organized under
Section 1797.200 of the Health and Safety Code.
   (2) The reading of a person's identification document by a health
care professional for reasons relating to the health or safety of
that person or an identification document issued to a patient by
emergency services.
   (3) The reading of an identification document of a person who is
incarcerated in the state prison or a county jail, detained in a
juvenile facility operated by the Division of Juvenile Facilities in
the Department of Corrections and Rehabilitation, or housed in a
mental health facility, pursuant to a court order after having been
charged with a crime, or to a person pursuant to a court-ordered
electronic monitoring.
   (4) Law enforcement or government personnel who need to read a
lost identification document when the owner is unavailable for
notice, knowledge, or consent, or those parties specifically
authorized by law enforcement or government personnel for the limited
purpose of reading a lost identification document when the owner is
unavailable for notice, knowledge, or consent.
   (5) Law enforcement personnel who need to read a person's
identification document after an accident in which the person is
unavailable for notice, knowledge, or consent.
   (6) Law enforcement personnel who need to read a person's
identification document pursuant to a search warrant.
   (d) Subdivision (a) shall not apply to a person or entity that
unintentionally remotely reads a person's identification document
using RFID in the course of operating a contactless identification
document system unless it knows it unintentionally read the document
and thereafter intentionally does any of the following acts:
   (1) Discloses what it read to a third party whose purpose is to
read a person's identification document, or any information derived
therefrom, without that person's knowledge and consent.
   (2) Stores what it read for the purpose of reading a person's
identification document, or any information derived therefrom,
without that person's knowledge and prior consent.
   (3) Uses what it read for the purpose of reading a person's
identification document, or any information derived therefrom,
without that person's knowledge and prior consent.
   (e) Subdivisions (a) and (b) shall not apply to the reading,
storage, use, or disclosure to a third party of a person's
identification document, or information derived therefrom, in the
course of an act of good faith security research, experimentation, or
scientific inquiry, including, but not limited to, activities useful
in identifying and analyzing security flaws and vulnerabilities.
   (f) Nothing in this section shall affect the existing rights of
law enforcement to access data stored electronically on driver's
licenses.
   (g) The penalties set forth in subdivisions (a) and (b) are
independent of, and do not supersede, any other penalties provided by
state law, and in the case of any conflict, the greater penalties
shall apply.


1798.795.  For purposes of this title, the following definitions
shall apply:
   (a) "Contactless identification document system" means a group of
identification documents issued and operated under a single authority
that use RFID to transmit data remotely to readers intended to read
that data. In a contactless identification document system, every
reader must be able to read every identification document in the
system.
   (b) "Data" means any information stored or transmitted on an
identification document in machine-readable form.
   (c) "Identification document" means any document containing data
that is issued to an individual and which that individual, and only
that individual, uses alone or in conjunction with any other
information for the primary purpose of establishing his or her
identity. Identification documents specifically include, but are not
limited to, the following:
   (1) Driver's licenses or identification cards issued pursuant to
Section 13000 of the Vehicle Code.
   (2) Identification cards for employees or contractors.
   (3) Identification cards issued by educational institutions.
   (4) Health insurance or benefit cards.
   (5) Benefit cards issued in conjunction with any
government-supported aid program.
   (6) Licenses, certificates, registration, or other means to engage
in a business or profession regulated by the Business and
Professions Code.
   (7) Library cards issued by any public library.
   (d) "Key" means a string of bits of information used as part of a
cryptographic algorithm used in encryption.
   (e) "Radio frequency identification" or "RFID" means the use of
electromagnetic radiating waves or reactive field coupling in the
radio frequency portion of the spectrum to communicate to or from an
identification document through a variety of modulation and encoding
schemes.
   (f) "Reader" means a scanning device that is capable of using RFID
to communicate with an identification document and read the data
transmitted by that identification document.
   (g) "Remotely" means that no physical contact between the
identification document and a reader is necessary in order to
transmit data using RFID.



State Codes and Statutes

State Codes and Statutes

Statutes > California > Civ > 1798.79-1798.795

CIVIL CODE
SECTION 1798.79-1798.795



1798.79.  (a) Except as provided in this section, a person or entity
that intentionally remotely reads or attempts to remotely read a
person's identification document using radio frequency identification
(RFID), for the purpose of reading that person's identification
document without that person's knowledge and prior consent, shall be
punished by imprisonment in a county jail for up to one year, a fine
of not more than one thousand five hundred dollars ($1,500), or both
that fine and imprisonment.
   (b) A person or entity that knowingly discloses, or causes to be
disclosed, the operational system keys used in a contactless
identification document system shall be punished by imprisonment in a
county jail for up to one year, a fine of not more than one thousand
five hundred dollars ($1,500), or both that fine and imprisonment.
   (c) Subdivision (a) shall not apply to:
   (1) The reading of a person's identification document for triage
or medical care during a disaster and immediate hospitalization or
immediate outpatient care directly related to a disaster, as defined
by the local emergency medical services agency organized under
Section 1797.200 of the Health and Safety Code.
   (2) The reading of a person's identification document by a health
care professional for reasons relating to the health or safety of
that person or an identification document issued to a patient by
emergency services.
   (3) The reading of an identification document of a person who is
incarcerated in the state prison or a county jail, detained in a
juvenile facility operated by the Division of Juvenile Facilities in
the Department of Corrections and Rehabilitation, or housed in a
mental health facility, pursuant to a court order after having been
charged with a crime, or to a person pursuant to a court-ordered
electronic monitoring.
   (4) Law enforcement or government personnel who need to read a
lost identification document when the owner is unavailable for
notice, knowledge, or consent, or those parties specifically
authorized by law enforcement or government personnel for the limited
purpose of reading a lost identification document when the owner is
unavailable for notice, knowledge, or consent.
   (5) Law enforcement personnel who need to read a person's
identification document after an accident in which the person is
unavailable for notice, knowledge, or consent.
   (6) Law enforcement personnel who need to read a person's
identification document pursuant to a search warrant.
   (d) Subdivision (a) shall not apply to a person or entity that
unintentionally remotely reads a person's identification document
using RFID in the course of operating a contactless identification
document system unless it knows it unintentionally read the document
and thereafter intentionally does any of the following acts:
   (1) Discloses what it read to a third party whose purpose is to
read a person's identification document, or any information derived
therefrom, without that person's knowledge and consent.
   (2) Stores what it read for the purpose of reading a person's
identification document, or any information derived therefrom,
without that person's knowledge and prior consent.
   (3) Uses what it read for the purpose of reading a person's
identification document, or any information derived therefrom,
without that person's knowledge and prior consent.
   (e) Subdivisions (a) and (b) shall not apply to the reading,
storage, use, or disclosure to a third party of a person's
identification document, or information derived therefrom, in the
course of an act of good faith security research, experimentation, or
scientific inquiry, including, but not limited to, activities useful
in identifying and analyzing security flaws and vulnerabilities.
   (f) Nothing in this section shall affect the existing rights of
law enforcement to access data stored electronically on driver's
licenses.
   (g) The penalties set forth in subdivisions (a) and (b) are
independent of, and do not supersede, any other penalties provided by
state law, and in the case of any conflict, the greater penalties
shall apply.


1798.795.  For purposes of this title, the following definitions
shall apply:
   (a) "Contactless identification document system" means a group of
identification documents issued and operated under a single authority
that use RFID to transmit data remotely to readers intended to read
that data. In a contactless identification document system, every
reader must be able to read every identification document in the
system.
   (b) "Data" means any information stored or transmitted on an
identification document in machine-readable form.
   (c) "Identification document" means any document containing data
that is issued to an individual and which that individual, and only
that individual, uses alone or in conjunction with any other
information for the primary purpose of establishing his or her
identity. Identification documents specifically include, but are not
limited to, the following:
   (1) Driver's licenses or identification cards issued pursuant to
Section 13000 of the Vehicle Code.
   (2) Identification cards for employees or contractors.
   (3) Identification cards issued by educational institutions.
   (4) Health insurance or benefit cards.
   (5) Benefit cards issued in conjunction with any
government-supported aid program.
   (6) Licenses, certificates, registration, or other means to engage
in a business or profession regulated by the Business and
Professions Code.
   (7) Library cards issued by any public library.
   (d) "Key" means a string of bits of information used as part of a
cryptographic algorithm used in encryption.
   (e) "Radio frequency identification" or "RFID" means the use of
electromagnetic radiating waves or reactive field coupling in the
radio frequency portion of the spectrum to communicate to or from an
identification document through a variety of modulation and encoding
schemes.
   (f) "Reader" means a scanning device that is capable of using RFID
to communicate with an identification document and read the data
transmitted by that identification document.
   (g) "Remotely" means that no physical contact between the
identification document and a reader is necessary in order to
transmit data using RFID.