BILL ANALYSIS �
SB 29
Page 1
Date of Hearing: July 11, 2007
ASSEMBLY COMMITTEE ON EDUCATION
Gene Mullin, Chair
SB 29 (Simitian) - As Amended: June 5, 2007
SENATE VOTE : 28-5
SUBJECT : Pupil Attendance: electronic monitoring.
SUMMARY : Prohibits any school, school district, or county office
of education from issuing electronic devices that remotely use a
pupil's personal information to either record the pupil's
attendance or track the pupil's location on school grounds.
Specifically, this bill :
1)Prohibits a public school, school district, or county office
of education from issuing to a pupil any device that uses
radio waves either to transmit personal information remotely
or to enable personal information to be read remotely in order
to record the school attendance of a pupil or track a pupil's
location on school grounds.
2)Defines personal information to be name, address, telephone
number, e-mail address, date of birth, religion, ethnicity,
photograph, fingerprint or other biometric identifier, school
identification number, driver's license number, California
Identification Card number, social security number, or any
other unique identifier.
3)Remains in effect until January 1, 2011.
EXISTING STATE LAW:
1)Specifies a minimum number of minutes of attendance for pupils
in public schools, requires school districts to maintain
written contemporaneous records that document all pupil
attendance, and requires these records to be available for
audit and inspection. These attendance records form the basis
for much of the funding provided to public schools.
2)Provides that no agency may disclose personal information in a
manner that would link the information disclosed to the
individual to whom it pertains, subject to certain exceptions.
�
SB 29
Page 2
3)Requires each agency to keep an accurate accounting of the
date, nature, and purpose of each disclosure made pursuant to
one of the authorized exceptions.
4)Grants a constitutional right to privacy, that provides that
government may not intrude upon an individual's privacy unless
it is necessary to further a compelling state interest and
there is no feasible and effective alternative that would have
a lesser impact on privacy interests.
EXISTING FEDERAL LAW:
1)Protects the privacy of student education records under the
federal Family Educational Rights and Privacy Act (FERPA),
which applies to all school districts and schools, including
all California public schools, that receive funds under
programs of the U.S. Department of Education.
2)Requires schools to have written permission from the parent or
student over the age of 18 in order to release any information
from a student's education record. FERPA allows schools to
disclose those records, without consent, under limited and
specific conditions. Schools may disclose, without consent,
"directory" information such as a student's name, address,
telephone number, date and place of birth, honors and awards,
and dates of attendance. Schools must notify parents and
students over the age of 18 about a release of directory
information and allow a reasonable amount of time to request
that the school not disclose directory information.
3)Prohibits the release of non-directory information to anyone
without prior written consent, and allows district and school
staff to access non-directory information only if they have a
legitimate academic need to do so. Non-directory information
is any educational record not considered directory information
and includes Social Security numbers, student identification
number, Race/ethnicity/nationality, gender, transcripts, or
grade reports.
4)Requires schools to notify parents and students over age 18
annually of their rights under FERPA.
FISCAL EFFECT : Unknown
�
SB 29
Page 3
COMMENTS : A Radio Frequency Identification (RFID) system
consists of two primary components: a "tag", that is a microchip
with information memory and attached antenna, and a "reader"
with an antenna. The system exists in order to exchange
information between the tag and the reader. Tags can be
incorporated into objects (e.g., clothing, documents, badges,
cards) or can even be inserted subcutaneously into animals
(e.g., electronic pet identification). The exchange of
information occurs in one of two ways; either the tag is
passively queried by a nearby reader about the information that
the tag has stored in its memory, or the tag actively seeks out
nearby readers to which it can send its information. Either of
these will occur automatically whenever the object or person
carrying a tag moves near a reader; the distance over which this
exchange can occur depends upon the specific devices, but the
technology currently appears to support distances up to thirty
feet or more. Experts disagree on the potential range for RFID
transmission in the future. Once the tag's information has been
transmitted, the reader typically downloads the information to a
computer database upon which some type of analysis can be done.
Two characteristics of this RFID-based exchange of information
create the basis for much of the concern addressed by this bill.
1)An exchange of information can occur without the knowledge or
consent of the tag holder; this is true whether the reader is
known to the individual or is an unauthorized, hidden reader.
2)The tag's memory is effectively a black box, in that the tag
holder can see neither the information that is stored in that
memory nor the information that is conveyed to a reader.
Though a tag may contain only a random number that has no
meaning until the reader transmits it to a computer database
to be matched to other information, tags can contain more
complex and confidential information, such as a name, address,
a credit card number, unique identifier, or even a visual
image.
It is clear that the use of this technology in a school setting
at least creates the potential for conflict with both federal
and state law restricting the exchange of personal information
and student education records, as well as corresponding
notification and consent requirements. It should be noted that
even the federal Department of Homeland Security, in the
�
SB 29
Page 4
post-9/11 environment, has concluded that RFID is a last-choice
technology for human identification purposes, and has noted that
any future decision to deploy any RFID-enabled system to
identify individuals should have confidentiality safeguards
built in from the design stage.
Supporters of this bill focus on concerns over privacy and
confidentiality as stated above. They also argue that the
technology might facilitate identify theft, tracking, stalking,
and potentially even kidnapping of students; supporters also
contend that "tracking and monitoring students by RFID chips
threatens to erode the autonomy our children are supposed to be
learning in schools."
The effectiveness of this technology as a substitute for more
traditional or other alternative attendance accounting methods
is also questionable. The ACLU, in a letter of support, points
out "RFID is especially unreliable at schools because RFID
devices can be traded between students without the knowledge of
school administrators or teachers," and students "quickly learn
how to trick these systems." To the extent that this occurs, it
undermines the reliability of RFID created attendance reports
and creates a situation where the assigned certificated staff
person is unable to verify and sign the attendance report.
These signed, contemporaneous attendance reports are required
for the school district to include that attendance in its
Average Daily Attendance (ADA) calculations and thus for the
district to receive state funding; failure to have such reports
will lead to audit findings and ultimately to the return of
funds from the district to the state.
Opponents argue that the use of RFID technology in schools in
this manner provides for a more efficient method of recording
student attendance and monitoring the student's whereabouts.
Less time devoted to taking roll means more time devoted to
instruction. They argue that this savings is particularly
beneficial in hourly instructional programs, where the
attendance accounting burden is even greater than in traditional
classrooms. Opponents also argue that the ability to trace the
location of students is useful in the event of security
problems, violence on campus, and missing pupils. They also
argue that the technology allows for encryption and other
security measures that safeguard personal information, though it
should be noted that no statutory requirements for such measures
currently exist with respect to this technology.
�
SB 29
Page 5
Concern over the issue of RFID technology in schools grew in
2005 after a public school in the small town of Sutter,
California, required students in its K-8 school to wear badges
that used RFID technology to monitor students' movements and
record attendance. All students wore the badges, but the
devices were mainly used to track junior high students'
movements from class-to-class. The badges contained an RFID tag
that was being read by remote readers positioned around the
campus, particularly in doorways, so as to record students as
they walked in and out of classrooms. A local company that
manufactured RFID technology provided the installation service,
badges, and reading equipment to the district free of charge.
Eventually parents, outraged over the fact that they had not
been notified and that students were compelled to wear the RFID
devices under threat of suspension, organized a protest and
demanded an explanation from the school. School officials
defended their actions, but dropped the policy after media
attention increased.
Previous legislation: SB 1078 (Simitian), held in the Assembly
in 2006, was similar to this bill. SB 768 (Simitian), vetoed in
2006, would have required security and privacy protections on
specified RFID-enabled government documents, including documents
concerning K-12 pupils.
Related legislation: This year, Senator Simitian has introduced
four other bills (SB 28, SB 30, SB 31 and SB 362) in addition to
this measure, to address the governmental use of RFID
technology. SB 28 (Simitian) prohibits the Department of Motor
Vehicles (DMV) from issuing, renewing, duplicating, or replacing
a driver's license or identification card, if the license or
card uses radio waves to either transmit personal information
remotely or to enable personal information to be read from the
license or card remotely for a period of three years. SB 30
(Simitian) calls for interim security measures for
government-issued RFID devices until such time as the
Legislature enacts permanent measures based on a required study
and report to be provided by the California Research Bureau. SB
31 (Simitian) makes the intentional remote reading, or attempted
reading, of a person's identification document using radio waves
without their knowledge or prior consent a misdemeanor crime.
SB 362 (Simitian) provides that no person shall require, coerce,
or compel another person to undergo a subcutaneous implantation
of identification device that transmits personal information,
�
SB 29
Page 6
and provides for corresponding penalties and causes of actions.
In addition, SB 388 (Corbett) requires any private entity that
sells, furnishes, or otherwise issues a card or other item
containing a radio frequency identification tag to make certain
disclosures to the recipient cardholder.
REGISTERED SUPPORT / OPPOSITION :
Support
American Association of Retired Persons
American Civil Liberties Union
American Civil Liberties Union of San Diego and Imperial
Counties
American Federation of State, County and Municipal Employees,
AFL-CIO
California Alliance for Consumer Protection
California Commission on the Status of Women
California Federation of Teachers
California Immigrant Policy Center
California Labor Federation, AFL-CIO
California School Employees Association, AFL-CIO
California State PTA
California Substitute Teachers For Budget Fairness
California Teachers Association
Consumer Action
Consumer Federation of California
Consumers Union
Eagle Forum of California
Electronic Frontier Foundation
Gun Owner's of California
Liberty Coalition
National Council of La Raza
Privacy Activism
Privacy Rights Clearinghouse
Public Advocates, Inc.
State Building and Construction Trades Council
Opposition
HID Global
High-Tech Trust Coalition, including:
3M
ActivIdentity
AIM Global
�
SB 29
Page 7
Alvaka Networks
American Electronics Association
American Express
Aubrey Group, Inc.
California Business Properties Association
California Chamber of Commerce
California Financial Services Association
California Retailers Association
EDS
Elpac Electronics, Inc.
Grocery Manufacturers Association
InCom Corp.
Infineon Technologies North American Corp.
Information Technology Association of America
Matheson Tri-Gas
MAXIMUS
Motorola
National Semiconductor
Natoma Technologies, Inc.
NXP
Oberthur Card Systems
Oracle Corporation
Precision Dynamics
Retail Industry Leaders Association
San Jose Silicon Valley Chamber of Commerce
SAS
Secure Key
Semiconductor Industry Association
Sonnet Technologies, Inc.
Texas Instruments
VEDC, Inc.
Zebra Technologies
Analysis Prepared by : Gerald Shelton / ED. / (916) 319-2087