BILL ANALYSIS                                                                                                                                                                                                    Ó



                                                                     SB 249


                                                                    Page  1





          Date of Hearing:   July 14, 2015


                           ASSEMBLY COMMITTEE ON JUDICIARY


                                  Mark Stone, Chair


          SB  
          249 (Hueso) - As Amended April 30, 2015


                             As Proposed to be Amended 


          SENATE VOTE:  36-3


          SUBJECT:  Vehicles: enhanced driver's license


          KEY ISSUE:  Should the Department of Motor Vehicles enter into a  
          memorandum of understanding with the federal government in order  
          to issue, to drivers who opt to obtain them, an "enhanced  
          driver's license," which uses "RFID" CHIP Technology to  
          facilitate movement across the california-mexico border?


                                      SYNOPSIS


          This bill would authorize the Department of Motor Vehicles (DMV)  
          to enter into a Memorandum of Understanding with the federal  
          government to issue "enhanced driver's licenses" that would  
          serve as both a driver's license, and a passport to persons who  
          request them.  Pursuant to the federal Western Hemisphere Travel  
          Initiative (WHTI), persons entering the United States by land or  
          sea from Canada, Mexico, Bermuda, or the Caribbean must present  








                                                                     SB 249


                                                                    Page  2





          a passport, enhanced driver's license, or some other official  
          document that proves identity or citizenship.  Before 9-11, land  
          travel across borders, especially between the U.S. and Canada,  
          tended to be somewhat informal.  However, more rigorous  
          enforcement since 9-11 has slowed border crossings and led to  
          longer wait lines.  To reduce congestion, WHTI authorized the  
          use of enhanced driver's licenses and identification cards, and  
          the U.S. Customs and Border Protection created "Ready Lanes"  
          dedicated to travelers with RFID-enabled travel documents.   
          Under WHTI, and rules promulgated by the Department of Homeland  
          Security (DHS), states that border Mexico and Canada may enter  
          into agreements with DHS to allow issuance of enhanced driver's  
          licenses that meet certain criteria, including the use of radio  
          frequency identification (RFID) technology.  Proponents of this  
          bill, mostly business groups and local officials from Southern  
          California and Northern Mexico, argue that this measure will  
          reduce wait times and facilitate cross-border travel and trade.   
          Opponents contend that RFID-enabled documents, which allegedly  
          can be read at distances of up to 30 feet or more, pose a  
          significant threat to personal privacy and could be  
          surreptitiously copied to allow unauthorized border crossings.   
          The author and proponents respond that RFID-enabled licenses  
          will not contain any personal information beyond a  
          randomly-assigned number.  They also stress the voluntary nature  
          of the program.  The author will take amendments recommended by  
          opponents in this Committee; however, as noted in the analysis,  
          two outstanding issues remain, and it is not clear that the  
          amendments will remove any of the opposition to this bill.  Both  
          the author's office and the opponents have informed the  
          Committee, however, that they will continue to work on this  
          issue if the bill moves forward.  This bill recently passed out  
          of the Assembly Transportation Committee by a 15-0 vote. 


          SUMMARY:  Authorizes the Department of Motor Vehicles (DMV) to  
          enter into a Memorandum of Understanding with a federal agency  
          to allow DMV to offer an enhanced driver's license, as defined,  
          to applicants who request it.  Specifically, this bill:  









                                                                     SB 249


                                                                    Page  3






          1)Makes various legislative findings and declarations regarding  
            traffic congestion and wait times at points of entry between  
            California and Mexico and the potentially negative impact of  
            these wait times on international trade, travel, and commerce.  



          2)Authorizes the DMV to enter into a Memorandum of Understanding  
            (MOU) for the purpose of issuing an enhanced driver's license,  
            instructional permit, provisional license, or identification  
            card [hereafter EDL] to a person who is at least 16 years of  
            age, is a resident of California, and is a citizen of the  
            United States.  Requires the applicant to submit sufficient  
            proof that meets the requirements of the Western Hemisphere  
            Travel Initiative to establish his or her identity, residency,  
            and citizenship, and to certify, under penalty of perjury,  
            that the information submitted is true and correct to the best  
            of the applicant's knowledge.


          3)Prohibits an employer from requiring that an employee obtain  
            or use an EDL as a condition of employment, or take an adverse  
            action against an employee for refusing to do so, and provides  
            a remedy for an employee if the employer violates this  
            provision.  


          4)Requires an applicant for an EDL to sign a declaration  
            acknowledging his or her understanding of radio frequency  
            identification (RFID) technology.


          5)Requires the EDL to include reasonable security measures,  
            including the use of tamper-resistant features, to protect  
            against unauthorized duplication or disclosure of personal  
            information. 










                                                                     SB 249


                                                                    Page  4





          6)Requires DMV to provide the applicant with a protective shield  
            at the time the EDL is issued and inform the applicant either  
            orally or in writing that the randomly assigned radio  
            frequency identification number can be read remotely without  
            the holder's knowledge if the EDL is not enclosed in the  
            protective shield.


          7)Requires the EDL to include both of the following:


             a)   RFID technology that contains only a randomly assigned  
               number and that shall not contain any other personal data,  
               biometric information, or any number other than the  
               randomly assigned number.  Specifies that the randomly  
               assigned number shall be encrypted if agreed to by the  
               Department of Homeland Security.


             b)   A machine-readable zone (MRZ) or barcode that can be  
               electronically read by the border patrol and contains only  
               as much information as is required by the Western  
               Hemisphere Travel Initiative to permit a border crossing.


          8)Requires an applicant for an EDL to have his or her photograph  
            and signature captured or reproduced by DMV at the time of  
            application or renewal.  Prohibits DMV from disclosing the  
            photograph or signature, or a copy of a digital image of any  
            required document, except that DMV may make the photograph and  
            signature available to the United States Customs and Border  
            Protection data base or as required by the Department of  
            Homeland Security for purposes of facilitating the purpose of  
            the Western Hemisphere Travel Initiative. 


          9)Makes the facial image, signature, and copies or digital  
            images of any documents required for application exempt from  
            public records request. 








                                                                     SB 249


                                                                    Page  5







          10)Permits DMV to deny an application for an EDL if it is not  
            satisfied with the genuineness of the applicant's supporting  
            materials, subject to the applicant's right to appeal the  
            denial, as specified. 


          11) Requires an applicant for an EDL to pay a fee, as set by the  
            DMV but not to exceed $55, and provides that fees shall be  
            deposited in an account and to be used by DMV to implement the  
            provisions of this bill. 


          12)Requires DMV to make an annual report to relevant legislative  
            committees and requires the report to include information on  
            the number of enhanced driver's licenses and identification  
            cards issued, the effect of EDL use on wait times and traffic  
            congestion at points of entry, and whether or not there have  
            been any security or privacy breaches related to the use of  
            the EDL. 


          EXISTING LAW: 


          1)Requires DMV, upon proper application, to issue driver's  
            licenses and identification cards.


          2)Authorizes, under the federal Western Hemisphere Travel  
            Initiative, the use of EDLs to prove identity and citizenship  
            for purposes of traveling between the United States, Canada,  
            Mexico, Bermuda, and the Caribbean, so long as the EDL meets  
            specified requirements, including radio frequency  
            identification (RFID) that signals a secure government data  
            base maintained by the United States Customs and Border  
            Protection.  (Public Law 110-53.) 









                                                                     SB 249


                                                                    Page  6






          FISCAL EFFECT:  As currently in print this bill is keyed fiscal.  



          COMMENTS:  The Western Hemisphere Travel Initiative (WHTI)  
          represents a joint effort by the Department of Homeland Security  
          (DHS) and United States Customs and Border Protection (CBP) to  
          implement provisions of the Intelligence Reform and Terrorism  
          Prevention Act (IRTPA) of 2004.  As of January 1, 2009, WHTI  
          began requiring U.S. citizens traveling between the U.S. and  
          Canada, Mexico, Bermuda, and the Caribbean by land or sea to  
          present a valid U.S. Passport or other WHTI-compliant document.   
          Among the accepted documents are passports, a U.S. passport  
          card, Trusted Traveler Program cards (NEXUS, FAST, or SENTRI),  
          or an enhanced driver's license (EDL).  Before 9-11, land travel  
          across borders, especially between the United States and Canada,  
          tended to be more informal and less rigorous, with border agents  
          often accepting a birth certificate or even a person's verbal  
          affirmation of citizenship.  However, more rigorous enforcement  
          and new requirements under IRTPA slowed border crossings and led  
          to longer wait lines.  In an effort to reduce this congestion,  
          WHTI authorized the use of EDLs (including state-issued  
          identification cards), and the CBP created "Ready Lanes"  
          dedicated to travelers with RFID-enabled travel documents.  The  
          goal of the EDL program is to strengthen border security and  
          facilitate ease of entry into the United States for U.S.  
          Citizens, especially those driving across the border on a  
          regular basis. 


          Federal law requires that any border state wishing to adopt EDLs  
          must first sign a Memorandum of Understanding (MOU) with DHS.   
          So far at least four states - Vermont, New York, Michigan, and  
          Washington - have enacted authorizing legislation and already  
          have EDLs in place.  New York was the first state to sign an MOU  
          in 2007.  










                                                                     SB 249


                                                                    Page  7





          For the most part, the programs have met with success; for  
          example, the New York State DMV reports on its website that over  
          100,000 persons have availed themselves of the new licenses,  
          especially in upstate New York, near the Canadian border.  In  
          addition to decreasing overall wait times for travelers, EDL  
          holders often use RFID-enabled "Ready Lanes" created by CBP.   
          According to these official websites, use of RFID allows border  
          patrol agents to pull up a person's information and photograph  
          immediately without having to collect paper documents, inspect  
          them, and then key in any required information.  All of this is  
          done automatically when the traveler holds the EDL in front of  
          the RFID reader.  The system does not, of course, allow the EDL  
          holder to simply pass through, as in the case, for example, with  
          FasTrak; the border patrol agents must still make a visual  
          identification with the accessed photograph and may also ask  
          questions or inspect the EDL of the holder.  


          This bill would permit California citizens traveling across the  
          California-Mexico border to take advantage of this more  
          convenient and time-saving process.  According to the author,  
          the idea for this bill grew out of his experience as Chair of  
          the Select Committee on California-Mexico-Bi-National Affairs,  
          where he became aware of the significant impact of border wait  
          times on our state's economy.  Indeed, the author provided the  
          Committee with a 2007 report suggesting that long wait times  
          slow commerce and discourage personal trips across the  
          California-Mexico border.  The report claims that delays at the  
          border at the San Ysidro, Otay Mesa, and Tecate points-of-entry  
          result in the loss of millions of dollars (and even billions) in  
          lost revenue and tens of thousands of jobs in the San Diego-Baja  
          region.  (San Diego Association of Governments and the  
          California Department of Transportation, 2007 Update to Economic  
          Impacts of Wait Times at the San Diego-Baja California Border:  
          Final Report.)  Not surprisingly, many of the supporters of this  
          bill represent chambers of commerce and local officials who  
          believe that shorter wait times and more travel across the  
          border will translate into more trade and tourism.  In addition  
          to these economic benefits, the author also believes that this  








                                                                     SB 249


                                                                    Page  8





          bill will allow persons who regularly cross the border to make  
          use of the RFID-enabled "Ready Lanes." 


          Under the MOU authorized by this bill, the DMV could only issue  
          an EDL to a person who requests it and is willing to pay the  
          designated fee.  No one would be forced to obtain a license.   
          Although many of the details of the program would presumably be  
          specified in the MOU, the bill nonetheless sets forth a number  
          of specific requirements that the MOU must contain.  For  
          example, the bill would specify that the RFID technology must  
          only contain a random number, and not any other personal  
          information or biometric data; that the EDL would employ  
          reasonable security measures, including temper-resistant  
          features; that EDL applicants acknowledge their understanding of  
          RFID technology; and that applicants would be informed that the  
          random RFID number could be read remotely, especially if the EDL  
          is removed from the protective shield or similar  
          tamper-resistant device.  According to the DMV website, in  
          states that already issue EDLs, these protections appear to be  
          the standard practice. 


          The bill also sets forth requirements for applying for an EDL.   
          In addition to paying a fee not to exceed $55 and submitting  
          documents proving identity and citizenship, applicants would  
          also be required to agree to have their photograph and signature  
          captured by DMV at the time of application or renewal.  The bill  
          specifies that the photograph or signature shall only be  
          available to CBP and only used for purposes authorized by WHTI.   
          It exempts the photograph, signature, or other required  
          documents from required disclosure under the Public Records Act.  
           Finally, the bill seeks to make the program self-funding.   
          Proceeds from the application fee will be deposited into the  
          Enhanced Driver's License and Identification Subaccount, which  
          DMV will use to implement the program.  Finally, the bill  
          prohibits an employer from taking any adverse action against an  
          employee who refuses to apply for or use an EDL and provides  
          remedies for a violation of this prohibition. 








                                                                     SB 249


                                                                    Page  9







          Privacy Concerns Surrounding the use of RFID.  Much of the  
          concern relating to EDLs, and especially the DHS rule that they  
          include RFID technology, has focused on potential threats to  
          privacy.  Despite some technical-sounding terminology, the basic  
          outline of how RFID and related technologies work is fairly easy  
          to understand.  RFID "tags" or "chips" can be embedded into  
          objects, including documents, clothing, pets, and even people.   
          The RFID technology used in EDLs typically consists of a  
          microchip (that stores a randomly assigned number) and one or  
          more antennae.  Remote "readers" can read this tag, via radio  
          waves.  The reader constantly emits radio signals.  As a person  
          or object with an RFID tag moves near the reader - the distance  
          varies depending upon the device - the antennae pick up the  
          signal and transmit the number stored on the RFID tag to the  
          reader.  Most RFID tags, and apparently all of the ones used  
          thus far for EDLs are "passive," which means that they can only  
          be activated by the radio signal; others are "active," which  
          means that they can actively search out readers in the area.  In  
          either case, an authorized reader with access to a secure  
          database can then transmit this number to the database where it  
          can be matched to information about the holder.  The distinction  
          between "passive" and "active" tags is important because,  
          despite some claims to the contrary, EDLs do not "broadcast" any  
          information, personal or otherwise. 


          In some ways, RFID technology is a higher-tech version of bar  
          code and magnetic strip scanning.  However, bar code and strip  
          scanning requires direct contact between the scanner and the  
          stored information (or at least the magnetic strip or barcode  
          must be in the direct line of sight of a laser).  RFID readers,  
          on the other hand, can read the information stored on the RFID  
          tag remotely.  Many of these, like the security badges used in  
          the Legislature, must be held within a few inches of the reader.  
           Some RFID readers, however, may read tags from distances of 30  
          feet or more, according to some studies.  Experts disagree on  
          the potential range of RFID readers in the future, but as  








                                                                     SB 249


                                                                    Page  10





          technology advances it seems reasonable to assume that those  
          ranges will increase.  However, the fact that RFID tags can be  
          read at any distance creates the possibility that information  
          stored on an identification document could be read without the  
          holder's knowledge or consent. 


          Information Stored on the RFID Tag.  Given that RFID tags can be  
          read at a distance, and potentially without the holder's  
          knowledge, the critical privacy concern relates to the kind of  
          information that is actually stored on the RFID tag and the  
          usefulness of that information to any unauthorized reader.   
          According to CBP and agency websites in the four states that  
          have adopted EDLs, the RFID chip only contains a randomly  
          assigned number that has no meaning until an authorized reader  
          transmits it to a secure government data base, where the random  
          number is then matched to information in the secure data base.   
          In other words, a person or agency that already has access to  
          the data base, like the CBP, uses the random number to locate  
          the information on the cardholder.  That information does not  
          appear on the card, and the random number, therefore, is only  
          useful to someone who already has access to the database.   
          Similarly, this bill expressly states that the RFID chip will  
          contain "only a randomly assigned number" and expressly states  
          that it "shall not contain any personal data, biometric  
          information, or number other than the randomly assigned number."  
           [Emphasis added.] 


          Even if the RFID tag contains only a random number, however,  
          privacy concerns do not necessarily stop there.  For example,  
          privacy advocates claim that security measures must address more  
          than the ability of the reader to access intelligible  
          information from the tag; they must also address potential  
          security breaches along the entire transmission process from  
          tag, to reader, to computer database.  Proponents of RFID, on  
          the other hand, claim that RFID applications are confined to a  
          closed system of authorized tags, readers, and databases within  
          that system.  Even if outsiders with remote readers obtained  








                                                                     SB 249


                                                                    Page  11





          information from an RFID tag, that "information" will only  
          consist of a random number that is only intelligible to persons  
          within the system or to those who can access that system.  If an  
          unauthorized person has accessed a secure government database,  
          then clearly there is bigger problem than the unauthorized  
          reading of the random number on an RFID tag.  That number does  
          not provide access to a database or make it easier to hack the  
          data base.  Rather, the number will merely allow the border  
          patrol, or anyone who already has access to the data base, to  
          pull up stored data to which the number refers.  If an  
          unauthorized person could access the data base, he or she would  
          not need the random RFID number.  


          Opponents also contend that the random number can itself become  
          a piece of personally identifiable information, noting Civil  
          Code Section 1798.3, which defines "personal information" as  
          "any information that identifies or describes an individual."   
          Opponents note, for example, that the social security number was  
          originally a more or less random number that nonetheless has  
          become permanently associated with the person to which it was  
          assigned for the limited purpose of tracking social security  
          benefits.  However, the danger that results from the  
          unauthorized disclosure of a social security number stems from  
          the fact that a social security number is used for  
          identification purposes in a variety of other contexts, such as  
          obtaining credit, opening a bank account, or applying for a job.  
           No one could use the random number on the EDL, as one could use  
          a social security number, to open a line of credit or otherwise  
          commit identity theft.  The comparison between the random RFID  
          number and a social security number, therefore, is not very  
          persuasive.  Finally, to the extent that there is any danger of  
          unauthorized reading of the random number, this bill takes  
          additional precautions.  For example, this bill would require  
          encryption, if agreed to by DHS, and other "reasonable security  
          measures to protect against unauthorized disclosure of personal  
          information regarding the person who is the subject of license,  
          permit, or card."  The bill, as proposed to be amended,  
          clarifies that all EDL applicants must receive a protective  








                                                                     SB 249


                                                                    Page  12





          sleeve that prevent unauthorized reading. 


          According to the websites of the states that have entered into  
                                                        MOUs with DHS, the licenses appear to adopt standard  
          tamper-resistant security measures, such as a protective  
          "sleeve" or "Faraday shield" that covers the EDL and thereby  
          prevents unauthorized reading of the RFID chip - so long as the  
          sleeve is in place.  Some privacy groups claim that these  
          shields are not always adequate - in part because they are  
          apparently not always impenetrable, and in part because there is  
          no guarantee that people will use them.  (For example, banks  
          often place debit cards in sleeves when they first issue them  
          and, almost as often, people throw away the sleeve.)  However,  
          this bill, like the authorizing legislation in other states,  
          requires an applicant to sign a declaration acknowledging his or  
          her understanding of RFID technology.  As recently amended, the  
          DMV would also be required to inform applicants that the random  
          RFID number could be read without the holder's knowledge,  
          especially if the holder does not use a protective sleeve that  
          must be provided at the time the EDL is issued.  If a person  
          chooses not to use the protective sleeve, that will be the EDL  
          holder's choice, just as it will be a person's choice to request  
          an EDL in the first place.  However, even if the person removes  
          or loses the shield, it deserves reiterating that the only thing  
          the unauthorized reader would obtain would be the random number.  
           That number is only meaningful to someone who has access to an  
          existing database containing information about the EDL holder. 


          RFID and Possible Security Concerns.  Opponents also contend  
          that using RFID technology could pose security as well as  
          privacy risks.  That is, even if an RFID reader cannot access  
          the secure data base it could potentially copy the random number  
          and use it to create a counterfeit license.  According to the  
          ACLU of Washington State, studies suggest that such duplication  
          is possible.  However, the bill appears to anticipate this  
          problem by specifying that security measures shall include the  
          protective sleeve.  In addition, it should be noted that even if  








                                                                     SB 249


                                                                    Page  13





          a counterfeit EDL were made with the help of a surreptitious  
          reader, the border patrol must still visually determine that the  
          person presenting the EDL matches the photograph that is pulled  
          up from the secure database.  Obviously there is no foolproof  
          means of preventing a determined person from making counterfeit  
          EDLs, just as there is no foolproof means of preventing that  
          person from obtaining counterfeit copies of regular driver's  
          licenses or passports or any other form of identification. 


          Proposed Author's Amendments:  The author will take the  
          following amendments in this Committee.  In additional to some  
          non-substantive clarifications, the amendments listed below  
          address two concerns raised by the ACLU: (1) the language will  
          expressly provide that the applicant be provided with a  
          protective shield and be informed of its purpose at the time  
          that the document is issued (this may be implicit in the bill in  
          print); (2) specify that all privacy laws and regulations that  
          apply to standard driver's licenses will also apply to EDLs. 


             -    On page 5, line 18 after "shall" insert: provide a  
               protective shield at the time the document is issued to the  
               individual, and


             -    On page 5, line 22 delete "a" and insert: the


             -    On page 5, lines 22-23 delete "similar tamper resistant  
               device"


             -    On page 5, line 26 after "technology" insert: and the  
               purpose of the protective shield


             -    On page 6, line 9 after "license" insert: instructional  
               permit, provisional license








                                                                     SB 249


                                                                    Page  14







             -    On page 7, line 6 after "chapter." insert: All laws  
               related to the privacy or security of a driver's license,  
               instruction permit, provisional license, or identification  
               document or similar document, or regulating the use,  
               access, or sharing of information, shall apply to enhanced  
               driver's licenses, instruction permits, provisional  
               licenses and identification cards.


          Remaining Issues.  While the amendments above meet some of the  
          opposition's concerns, the author and opponents, and  
          particularly the ACLU, continue to work on two other issues.   
          However, at the time of this writing, it did not appear that  
          those issues would be resolved in time for this hearing; any  
          further amendments that the author agrees to will most likely  
          need to be taken in the Assembly Appropriations Committee, where  
          this bill will be referred should it pass out of this Committee.  
           The two remaining issues - encryption and information sharing -  
          are detailed below. 


          Encryption Requirement.  One of the remaining areas of  
          disagreement between the opposition and the author concerns the  
          need to encrypt or otherwise make a randomly assigned number  
          unintelligible should it be intercepted by an unauthorized  
          reader.  As opponents observe, the federal government allows  
          states to participate in the EDL program only on a "take it or  
          leave it" basis.  This bill seeks to "require" encryption of the  
          randomly assigned number on the RFID tag, but only "if agreed to  
          by the United States Department of Homeland Security."   
          Opponents would like to make two changes to this provision.  
          First, the opponents would strike the phrase, "if agreed to by  
          the United States Department of Homeland Security."  In short,  
          the MOU would demand encryption whether the DHS agrees or not.   
          The only option for the federal agencies at that point would be  
          to either accept this condition or not enter into the MOU with  
          the state at all.  Second, opponents would like to revise this  








                                                                     SB 249


                                                                    Page  15





          provision so that the EDL number must either be encrypted or it  
          must "generate a different unique random number each time the  
          card is read."  


          At this point, the author is unwilling to take those amendments.  
           While the federal program apparently does not presently require  
          encryption - or at least the DMV websites for the other states  
          that issue EDLs do not list this as one of the security features  
          - it is unknown whether or not the federal government would  
          honor the state's demand for encryption or approve an MOU that  
          contained such a demand.  In addition, it is not entirely clear  
          if the cost of encryption would outweigh the benefits of  
          encryption.  Encryption, after all, simply means that the  
          sequence of characters is scrambled when sent via technology  
          that allows unscrambling at the other end by an authorized  
          recipient.  Encryption, therefore, is generally required where a  
          magnetic stripe or RFID tag contains information other than a  
          random identification number (e.g. name, address, social  
          security number, bank account number, etc.) that would be  
          intelligible and useful if not scrambled.  The value of  
          requiring encryption of an already-random number, relative to  
          the cost, is not entirely clear.  Because the cost, benefit, and  
          the federal government's willingness to accept an MOU that  
          requires either encryption or a number that changes with each  
          use are not certain, the author does not want take this  
          amendment at this time.  However, the author's office has  
          indicated to the Committee that it is willing to work on this  
          issue and is attempting to consult with technical staff at DMV  
          about the feasibility of these options.  The author wants to  
          also ensure that any technological requirements required in the  
          bill are not so specific that they preclude using more effective  
          technologies that may become available in the future. 


          Law Enforcement Access and Sharing of Information.  The author  
          and opponents continue to discuss a second issue: the extent to  
          which information about the EDL holder may be shared with other  
          public agencies, especially law enforcement.  ACLU has requested  








                                                                     SB 249


                                                                    Page  16





          an amendment that would prohibit CBP from accessing or using  
          information obtained through the EDL for any purpose other than  
          facilitating border crossings.  It would also prohibit CBP from  
          sharing this information with any other public agency or private  
          entity for information obtained through the EDL.  Again, the  
          author is not willing to take this amendment without having  
          additional information.  For example, it is not entirely clear  
          what rules currently limit CBP's ability to use and share the  
          data that it collects from other sources, such as standard  
          licenses and passports.  Once it is in the database, it is not  
          entirely clear why information obtained from an EDL would be  
          treated any differently than information obtained from some any  
          other sources.  As noted above, the author has already accepted  
          an amendment providing that any privacy laws that apply to  
          standard driver's license will also apply to EDLs.  Of course,  
          this begs the question of just what privacy laws apply to  
          standard drivers' licenses.  This, too, is one of the unknowns  
          that the author wishes to explore.


          Conclusion:  This is the third consecutive session that the  
          author has brought this proposal, with only minor variations,  
          before this Committee.  Both of the earlier bills - AB 2113  
          (2012) and SB 397 (2014) - passed unanimously out of this  
          Committee but were held in the Assembly Appropriations  
          Committee, notwithstanding the fact that neither of those  
          earlier bills ever received a single negative floor or committee  
          vote.  The author has taken a number of amendments to meet some  
          of the privacy concerns raised by opponents, and the author and  
          opponents have informed the Committee that they will continue to  
          work on the remaining issues identified in this analysis if the  
          bill moves forward.  


          ARGUMENTS IN SUPPORT:  According to the California Chamber of  
          Commerce, the "ports of entry along the California-Mexico border  
          are among the busiest ports in the world."  The Chamber claims  
          that each year forty-five million vehicle passengers cross the  
          border at one of six points of entry, and that "the average wait  








                                                                     SB 249


                                                                    Page  17





          for travelers at these ports is over an hour."  The Chamber  
          further claims that these delays "result in a loss of eight  
          million trips each year," and that in San Diego County alone  
          this translates into an estimated loss of $1.2 billion in  
          revenues.  The Chamber believes that this bill will relieve  
          border congestion by allowing travelers to use "ready lanes,"  
          and that it will allow CBP officers to quickly assess  
          information "and focus on the traveler's vehicle as opposed to  
          scanning documents - reducing wait time by up to 60%." 


          The Imperial County Transportation Commission supports this bill  
          for substantially the same reasons, claiming that border wait  
          times cause "a devastating loss of nearly $1.5 billion in  
          revenues, 3.4 million potential working hours, 39, 500 jobs, and  
          $59 million in wages annually in the San Diego and Imperial  
          region alone."  Several other business groups, both from  
          Southern California and from Baja California, support this bill  
          and cite similar statistics for the economic impact on their  
          respective locales. 


          ARGUMENTS IN OPPOSITION:  In a joint letter, the ACLU, Consumer  
          Watchdog, the Eagle Forum of California, the Electronic Frontier  
          Foundation, and the Privacy Rights Clearing House oppose this  
          bill primarily due to their "profound privacy and security  
          concerns about the use of insecure Radio Frequency Identity  
          (RFID) computer chips in EDL identity documents."  In addition  
          to their general concerns that EDLs will compromise the privacy  
          of the holder's personal information, opponents also point out  
          that the EDL lacks some of the security measures used in  
          passports.  For example, they claim that in U.S. passports a new  
          random number is generated each time the RFID is read, whereas  
          EDLs now in use in other states appear to use a random number  
          that does not change with each reading.   Also, while the data  
          embedded on the passport is encrypted, this bill only provides  
          that the number will be encrypted if "agreed to by the United  
          States Department of Homeland Security."   Finally, opponents  
          claim that while EDLs may be optional now, "optional government  








                                                                     SB 249


                                                                    Page  18





          programs often turn into permanent mandatory programs." 


          The Ella Baker Center for Human Rights and the Legal Services  
          for Prisoners with Children (LSPC) opposes this bill for many of  
          the same reasons raised by the ACLU and others; however, the  
          Baker Center and LSPC also believe that SB 249 will "allow law  
          enforcement officers to racially profile Californians from a  
          distance and without their knowledge."  The Baker Center  
          contends that "personal information contained on EDLs will be  
          accessed by [CBP] through the National Law Enforcement  
          Telecommunications System (NLETS), which in turn is "accessible  
          to local law enforcement." 


          PREVIOUS LEGISLATION:  SB 397 (Hueso) of 2014 was substantially  
          similar to this bill except that it did not contain the  
          requirement that the applicant be informed, in writing, that  
          RFID random number could be read remotely and it did not provide  
          penalty provisions enforcing the prohibition against employers  
          taking adverse action against an employee who refused to apply  
          for or use an EDL.  That bill passed unanimously off the Senate  
          Floor and unanimously out of this Committee but was held in the  
          Assembly Appropriations Committee. 


          AB 2113 (Hueso) of 2012, was similar to SB 397.  That bill  
          passed unanimously out of this Committee but was held in the  
          Assembly Appropriations Committee.


          REGISTERED SUPPORT / OPPOSITION:




          Support










                                                                     SB 249


                                                                    Page  19





          Calexico Chamber of Commerce 


          California Chamber of Commerce 


          Casa Familiar 


          Chula Vista Mayor's Office 


          City of El Centro 


          City of San Diego 


          El Centro Chamber of Commerce 


          Todd Gloria, San Diego City Council Member 


          Imperial County Transportation Commission 


          Otay Mesa Chamber of Commerce 


          Representative Juan Vargas 


          San Diego Association of Governments 


          San Diego Regional Chamber 










                                                                     SB 249


                                                                    Page  20





          San Diego-Tijuana Smart Border Coalition 


          State of Baja, California 




          Opposition


          ACLU


          Consumer Watchdog


          Eagle Forum


          Ella Baker Center for Human Rights 


          Electronic Frontier Federation 


          Legal Services for Prisoners with Children 


          Privacy Rights Clearinghouse 




          Analysis Prepared by:Thomas Clark / JUD. / (916)  
          319-2334











                                                                     SB 249


                                                                    Page  21