BILL ANALYSIS Ó SB 249 Page 1 Date of Hearing: July 14, 2015 ASSEMBLY COMMITTEE ON JUDICIARY Mark Stone, Chair SB 249 (Hueso) - As Amended April 30, 2015 As Proposed to be Amended SENATE VOTE: 36-3 SUBJECT: Vehicles: enhanced driver's license KEY ISSUE: Should the Department of Motor Vehicles enter into a memorandum of understanding with the federal government in order to issue, to drivers who opt to obtain them, an "enhanced driver's license," which uses "RFID" CHIP Technology to facilitate movement across the california-mexico border? SYNOPSIS This bill would authorize the Department of Motor Vehicles (DMV) to enter into a Memorandum of Understanding with the federal government to issue "enhanced driver's licenses" that would serve as both a driver's license, and a passport to persons who request them. Pursuant to the federal Western Hemisphere Travel Initiative (WHTI), persons entering the United States by land or sea from Canada, Mexico, Bermuda, or the Caribbean must present SB 249 Page 2 a passport, enhanced driver's license, or some other official document that proves identity or citizenship. Before 9-11, land travel across borders, especially between the U.S. and Canada, tended to be somewhat informal. However, more rigorous enforcement since 9-11 has slowed border crossings and led to longer wait lines. To reduce congestion, WHTI authorized the use of enhanced driver's licenses and identification cards, and the U.S. Customs and Border Protection created "Ready Lanes" dedicated to travelers with RFID-enabled travel documents. Under WHTI, and rules promulgated by the Department of Homeland Security (DHS), states that border Mexico and Canada may enter into agreements with DHS to allow issuance of enhanced driver's licenses that meet certain criteria, including the use of radio frequency identification (RFID) technology. Proponents of this bill, mostly business groups and local officials from Southern California and Northern Mexico, argue that this measure will reduce wait times and facilitate cross-border travel and trade. Opponents contend that RFID-enabled documents, which allegedly can be read at distances of up to 30 feet or more, pose a significant threat to personal privacy and could be surreptitiously copied to allow unauthorized border crossings. The author and proponents respond that RFID-enabled licenses will not contain any personal information beyond a randomly-assigned number. They also stress the voluntary nature of the program. The author will take amendments recommended by opponents in this Committee; however, as noted in the analysis, two outstanding issues remain, and it is not clear that the amendments will remove any of the opposition to this bill. Both the author's office and the opponents have informed the Committee, however, that they will continue to work on this issue if the bill moves forward. This bill recently passed out of the Assembly Transportation Committee by a 15-0 vote. SUMMARY: Authorizes the Department of Motor Vehicles (DMV) to enter into a Memorandum of Understanding with a federal agency to allow DMV to offer an enhanced driver's license, as defined, to applicants who request it. Specifically, this bill: SB 249 Page 3 1)Makes various legislative findings and declarations regarding traffic congestion and wait times at points of entry between California and Mexico and the potentially negative impact of these wait times on international trade, travel, and commerce. 2)Authorizes the DMV to enter into a Memorandum of Understanding (MOU) for the purpose of issuing an enhanced driver's license, instructional permit, provisional license, or identification card [hereafter EDL] to a person who is at least 16 years of age, is a resident of California, and is a citizen of the United States. Requires the applicant to submit sufficient proof that meets the requirements of the Western Hemisphere Travel Initiative to establish his or her identity, residency, and citizenship, and to certify, under penalty of perjury, that the information submitted is true and correct to the best of the applicant's knowledge. 3)Prohibits an employer from requiring that an employee obtain or use an EDL as a condition of employment, or take an adverse action against an employee for refusing to do so, and provides a remedy for an employee if the employer violates this provision. 4)Requires an applicant for an EDL to sign a declaration acknowledging his or her understanding of radio frequency identification (RFID) technology. 5)Requires the EDL to include reasonable security measures, including the use of tamper-resistant features, to protect against unauthorized duplication or disclosure of personal information. SB 249 Page 4 6)Requires DMV to provide the applicant with a protective shield at the time the EDL is issued and inform the applicant either orally or in writing that the randomly assigned radio frequency identification number can be read remotely without the holder's knowledge if the EDL is not enclosed in the protective shield. 7)Requires the EDL to include both of the following: a) RFID technology that contains only a randomly assigned number and that shall not contain any other personal data, biometric information, or any number other than the randomly assigned number. Specifies that the randomly assigned number shall be encrypted if agreed to by the Department of Homeland Security. b) A machine-readable zone (MRZ) or barcode that can be electronically read by the border patrol and contains only as much information as is required by the Western Hemisphere Travel Initiative to permit a border crossing. 8)Requires an applicant for an EDL to have his or her photograph and signature captured or reproduced by DMV at the time of application or renewal. Prohibits DMV from disclosing the photograph or signature, or a copy of a digital image of any required document, except that DMV may make the photograph and signature available to the United States Customs and Border Protection data base or as required by the Department of Homeland Security for purposes of facilitating the purpose of the Western Hemisphere Travel Initiative. 9)Makes the facial image, signature, and copies or digital images of any documents required for application exempt from public records request. SB 249 Page 5 10)Permits DMV to deny an application for an EDL if it is not satisfied with the genuineness of the applicant's supporting materials, subject to the applicant's right to appeal the denial, as specified. 11) Requires an applicant for an EDL to pay a fee, as set by the DMV but not to exceed $55, and provides that fees shall be deposited in an account and to be used by DMV to implement the provisions of this bill. 12)Requires DMV to make an annual report to relevant legislative committees and requires the report to include information on the number of enhanced driver's licenses and identification cards issued, the effect of EDL use on wait times and traffic congestion at points of entry, and whether or not there have been any security or privacy breaches related to the use of the EDL. EXISTING LAW: 1)Requires DMV, upon proper application, to issue driver's licenses and identification cards. 2)Authorizes, under the federal Western Hemisphere Travel Initiative, the use of EDLs to prove identity and citizenship for purposes of traveling between the United States, Canada, Mexico, Bermuda, and the Caribbean, so long as the EDL meets specified requirements, including radio frequency identification (RFID) that signals a secure government data base maintained by the United States Customs and Border Protection. (Public Law 110-53.) SB 249 Page 6 FISCAL EFFECT: As currently in print this bill is keyed fiscal. COMMENTS: The Western Hemisphere Travel Initiative (WHTI) represents a joint effort by the Department of Homeland Security (DHS) and United States Customs and Border Protection (CBP) to implement provisions of the Intelligence Reform and Terrorism Prevention Act (IRTPA) of 2004. As of January 1, 2009, WHTI began requiring U.S. citizens traveling between the U.S. and Canada, Mexico, Bermuda, and the Caribbean by land or sea to present a valid U.S. Passport or other WHTI-compliant document. Among the accepted documents are passports, a U.S. passport card, Trusted Traveler Program cards (NEXUS, FAST, or SENTRI), or an enhanced driver's license (EDL). Before 9-11, land travel across borders, especially between the United States and Canada, tended to be more informal and less rigorous, with border agents often accepting a birth certificate or even a person's verbal affirmation of citizenship. However, more rigorous enforcement and new requirements under IRTPA slowed border crossings and led to longer wait lines. In an effort to reduce this congestion, WHTI authorized the use of EDLs (including state-issued identification cards), and the CBP created "Ready Lanes" dedicated to travelers with RFID-enabled travel documents. The goal of the EDL program is to strengthen border security and facilitate ease of entry into the United States for U.S. Citizens, especially those driving across the border on a regular basis. Federal law requires that any border state wishing to adopt EDLs must first sign a Memorandum of Understanding (MOU) with DHS. So far at least four states - Vermont, New York, Michigan, and Washington - have enacted authorizing legislation and already have EDLs in place. New York was the first state to sign an MOU in 2007. SB 249 Page 7 For the most part, the programs have met with success; for example, the New York State DMV reports on its website that over 100,000 persons have availed themselves of the new licenses, especially in upstate New York, near the Canadian border. In addition to decreasing overall wait times for travelers, EDL holders often use RFID-enabled "Ready Lanes" created by CBP. According to these official websites, use of RFID allows border patrol agents to pull up a person's information and photograph immediately without having to collect paper documents, inspect them, and then key in any required information. All of this is done automatically when the traveler holds the EDL in front of the RFID reader. The system does not, of course, allow the EDL holder to simply pass through, as in the case, for example, with FasTrak; the border patrol agents must still make a visual identification with the accessed photograph and may also ask questions or inspect the EDL of the holder. This bill would permit California citizens traveling across the California-Mexico border to take advantage of this more convenient and time-saving process. According to the author, the idea for this bill grew out of his experience as Chair of the Select Committee on California-Mexico-Bi-National Affairs, where he became aware of the significant impact of border wait times on our state's economy. Indeed, the author provided the Committee with a 2007 report suggesting that long wait times slow commerce and discourage personal trips across the California-Mexico border. The report claims that delays at the border at the San Ysidro, Otay Mesa, and Tecate points-of-entry result in the loss of millions of dollars (and even billions) in lost revenue and tens of thousands of jobs in the San Diego-Baja region. (San Diego Association of Governments and the California Department of Transportation, 2007 Update to Economic Impacts of Wait Times at the San Diego-Baja California Border: Final Report.) Not surprisingly, many of the supporters of this bill represent chambers of commerce and local officials who believe that shorter wait times and more travel across the border will translate into more trade and tourism. In addition to these economic benefits, the author also believes that this SB 249 Page 8 bill will allow persons who regularly cross the border to make use of the RFID-enabled "Ready Lanes." Under the MOU authorized by this bill, the DMV could only issue an EDL to a person who requests it and is willing to pay the designated fee. No one would be forced to obtain a license. Although many of the details of the program would presumably be specified in the MOU, the bill nonetheless sets forth a number of specific requirements that the MOU must contain. For example, the bill would specify that the RFID technology must only contain a random number, and not any other personal information or biometric data; that the EDL would employ reasonable security measures, including temper-resistant features; that EDL applicants acknowledge their understanding of RFID technology; and that applicants would be informed that the random RFID number could be read remotely, especially if the EDL is removed from the protective shield or similar tamper-resistant device. According to the DMV website, in states that already issue EDLs, these protections appear to be the standard practice. The bill also sets forth requirements for applying for an EDL. In addition to paying a fee not to exceed $55 and submitting documents proving identity and citizenship, applicants would also be required to agree to have their photograph and signature captured by DMV at the time of application or renewal. The bill specifies that the photograph or signature shall only be available to CBP and only used for purposes authorized by WHTI. It exempts the photograph, signature, or other required documents from required disclosure under the Public Records Act. Finally, the bill seeks to make the program self-funding. Proceeds from the application fee will be deposited into the Enhanced Driver's License and Identification Subaccount, which DMV will use to implement the program. Finally, the bill prohibits an employer from taking any adverse action against an employee who refuses to apply for or use an EDL and provides remedies for a violation of this prohibition. SB 249 Page 9 Privacy Concerns Surrounding the use of RFID. Much of the concern relating to EDLs, and especially the DHS rule that they include RFID technology, has focused on potential threats to privacy. Despite some technical-sounding terminology, the basic outline of how RFID and related technologies work is fairly easy to understand. RFID "tags" or "chips" can be embedded into objects, including documents, clothing, pets, and even people. The RFID technology used in EDLs typically consists of a microchip (that stores a randomly assigned number) and one or more antennae. Remote "readers" can read this tag, via radio waves. The reader constantly emits radio signals. As a person or object with an RFID tag moves near the reader - the distance varies depending upon the device - the antennae pick up the signal and transmit the number stored on the RFID tag to the reader. Most RFID tags, and apparently all of the ones used thus far for EDLs are "passive," which means that they can only be activated by the radio signal; others are "active," which means that they can actively search out readers in the area. In either case, an authorized reader with access to a secure database can then transmit this number to the database where it can be matched to information about the holder. The distinction between "passive" and "active" tags is important because, despite some claims to the contrary, EDLs do not "broadcast" any information, personal or otherwise. In some ways, RFID technology is a higher-tech version of bar code and magnetic strip scanning. However, bar code and strip scanning requires direct contact between the scanner and the stored information (or at least the magnetic strip or barcode must be in the direct line of sight of a laser). RFID readers, on the other hand, can read the information stored on the RFID tag remotely. Many of these, like the security badges used in the Legislature, must be held within a few inches of the reader. Some RFID readers, however, may read tags from distances of 30 feet or more, according to some studies. Experts disagree on the potential range of RFID readers in the future, but as SB 249 Page 10 technology advances it seems reasonable to assume that those ranges will increase. However, the fact that RFID tags can be read at any distance creates the possibility that information stored on an identification document could be read without the holder's knowledge or consent. Information Stored on the RFID Tag. Given that RFID tags can be read at a distance, and potentially without the holder's knowledge, the critical privacy concern relates to the kind of information that is actually stored on the RFID tag and the usefulness of that information to any unauthorized reader. According to CBP and agency websites in the four states that have adopted EDLs, the RFID chip only contains a randomly assigned number that has no meaning until an authorized reader transmits it to a secure government data base, where the random number is then matched to information in the secure data base. In other words, a person or agency that already has access to the data base, like the CBP, uses the random number to locate the information on the cardholder. That information does not appear on the card, and the random number, therefore, is only useful to someone who already has access to the database. Similarly, this bill expressly states that the RFID chip will contain "only a randomly assigned number" and expressly states that it "shall not contain any personal data, biometric information, or number other than the randomly assigned number." [Emphasis added.] Even if the RFID tag contains only a random number, however, privacy concerns do not necessarily stop there. For example, privacy advocates claim that security measures must address more than the ability of the reader to access intelligible information from the tag; they must also address potential security breaches along the entire transmission process from tag, to reader, to computer database. Proponents of RFID, on the other hand, claim that RFID applications are confined to a closed system of authorized tags, readers, and databases within that system. Even if outsiders with remote readers obtained SB 249 Page 11 information from an RFID tag, that "information" will only consist of a random number that is only intelligible to persons within the system or to those who can access that system. If an unauthorized person has accessed a secure government database, then clearly there is bigger problem than the unauthorized reading of the random number on an RFID tag. That number does not provide access to a database or make it easier to hack the data base. Rather, the number will merely allow the border patrol, or anyone who already has access to the data base, to pull up stored data to which the number refers. If an unauthorized person could access the data base, he or she would not need the random RFID number. Opponents also contend that the random number can itself become a piece of personally identifiable information, noting Civil Code Section 1798.3, which defines "personal information" as "any information that identifies or describes an individual." Opponents note, for example, that the social security number was originally a more or less random number that nonetheless has become permanently associated with the person to which it was assigned for the limited purpose of tracking social security benefits. However, the danger that results from the unauthorized disclosure of a social security number stems from the fact that a social security number is used for identification purposes in a variety of other contexts, such as obtaining credit, opening a bank account, or applying for a job. No one could use the random number on the EDL, as one could use a social security number, to open a line of credit or otherwise commit identity theft. The comparison between the random RFID number and a social security number, therefore, is not very persuasive. Finally, to the extent that there is any danger of unauthorized reading of the random number, this bill takes additional precautions. For example, this bill would require encryption, if agreed to by DHS, and other "reasonable security measures to protect against unauthorized disclosure of personal information regarding the person who is the subject of license, permit, or card." The bill, as proposed to be amended, clarifies that all EDL applicants must receive a protective SB 249 Page 12 sleeve that prevent unauthorized reading. According to the websites of the states that have entered into MOUs with DHS, the licenses appear to adopt standard tamper-resistant security measures, such as a protective "sleeve" or "Faraday shield" that covers the EDL and thereby prevents unauthorized reading of the RFID chip - so long as the sleeve is in place. Some privacy groups claim that these shields are not always adequate - in part because they are apparently not always impenetrable, and in part because there is no guarantee that people will use them. (For example, banks often place debit cards in sleeves when they first issue them and, almost as often, people throw away the sleeve.) However, this bill, like the authorizing legislation in other states, requires an applicant to sign a declaration acknowledging his or her understanding of RFID technology. As recently amended, the DMV would also be required to inform applicants that the random RFID number could be read without the holder's knowledge, especially if the holder does not use a protective sleeve that must be provided at the time the EDL is issued. If a person chooses not to use the protective sleeve, that will be the EDL holder's choice, just as it will be a person's choice to request an EDL in the first place. However, even if the person removes or loses the shield, it deserves reiterating that the only thing the unauthorized reader would obtain would be the random number. That number is only meaningful to someone who has access to an existing database containing information about the EDL holder. RFID and Possible Security Concerns. Opponents also contend that using RFID technology could pose security as well as privacy risks. That is, even if an RFID reader cannot access the secure data base it could potentially copy the random number and use it to create a counterfeit license. According to the ACLU of Washington State, studies suggest that such duplication is possible. However, the bill appears to anticipate this problem by specifying that security measures shall include the protective sleeve. In addition, it should be noted that even if SB 249 Page 13 a counterfeit EDL were made with the help of a surreptitious reader, the border patrol must still visually determine that the person presenting the EDL matches the photograph that is pulled up from the secure database. Obviously there is no foolproof means of preventing a determined person from making counterfeit EDLs, just as there is no foolproof means of preventing that person from obtaining counterfeit copies of regular driver's licenses or passports or any other form of identification. Proposed Author's Amendments: The author will take the following amendments in this Committee. In additional to some non-substantive clarifications, the amendments listed below address two concerns raised by the ACLU: (1) the language will expressly provide that the applicant be provided with a protective shield and be informed of its purpose at the time that the document is issued (this may be implicit in the bill in print); (2) specify that all privacy laws and regulations that apply to standard driver's licenses will also apply to EDLs. - On page 5, line 18 after "shall" insert: provide a protective shield at the time the document is issued to the individual, and - On page 5, line 22 delete "a" and insert: the - On page 5, lines 22-23 delete "similar tamper resistant device" - On page 5, line 26 after "technology" insert: and the purpose of the protective shield - On page 6, line 9 after "license" insert: instructional permit, provisional license SB 249 Page 14 - On page 7, line 6 after "chapter." insert: All laws related to the privacy or security of a driver's license, instruction permit, provisional license, or identification document or similar document, or regulating the use, access, or sharing of information, shall apply to enhanced driver's licenses, instruction permits, provisional licenses and identification cards. Remaining Issues. While the amendments above meet some of the opposition's concerns, the author and opponents, and particularly the ACLU, continue to work on two other issues. However, at the time of this writing, it did not appear that those issues would be resolved in time for this hearing; any further amendments that the author agrees to will most likely need to be taken in the Assembly Appropriations Committee, where this bill will be referred should it pass out of this Committee. The two remaining issues - encryption and information sharing - are detailed below. Encryption Requirement. One of the remaining areas of disagreement between the opposition and the author concerns the need to encrypt or otherwise make a randomly assigned number unintelligible should it be intercepted by an unauthorized reader. As opponents observe, the federal government allows states to participate in the EDL program only on a "take it or leave it" basis. This bill seeks to "require" encryption of the randomly assigned number on the RFID tag, but only "if agreed to by the United States Department of Homeland Security." Opponents would like to make two changes to this provision. First, the opponents would strike the phrase, "if agreed to by the United States Department of Homeland Security." In short, the MOU would demand encryption whether the DHS agrees or not. The only option for the federal agencies at that point would be to either accept this condition or not enter into the MOU with the state at all. Second, opponents would like to revise this SB 249 Page 15 provision so that the EDL number must either be encrypted or it must "generate a different unique random number each time the card is read." At this point, the author is unwilling to take those amendments. While the federal program apparently does not presently require encryption - or at least the DMV websites for the other states that issue EDLs do not list this as one of the security features - it is unknown whether or not the federal government would honor the state's demand for encryption or approve an MOU that contained such a demand. In addition, it is not entirely clear if the cost of encryption would outweigh the benefits of encryption. Encryption, after all, simply means that the sequence of characters is scrambled when sent via technology that allows unscrambling at the other end by an authorized recipient. Encryption, therefore, is generally required where a magnetic stripe or RFID tag contains information other than a random identification number (e.g. name, address, social security number, bank account number, etc.) that would be intelligible and useful if not scrambled. The value of requiring encryption of an already-random number, relative to the cost, is not entirely clear. Because the cost, benefit, and the federal government's willingness to accept an MOU that requires either encryption or a number that changes with each use are not certain, the author does not want take this amendment at this time. However, the author's office has indicated to the Committee that it is willing to work on this issue and is attempting to consult with technical staff at DMV about the feasibility of these options. The author wants to also ensure that any technological requirements required in the bill are not so specific that they preclude using more effective technologies that may become available in the future. Law Enforcement Access and Sharing of Information. The author and opponents continue to discuss a second issue: the extent to which information about the EDL holder may be shared with other public agencies, especially law enforcement. ACLU has requested SB 249 Page 16 an amendment that would prohibit CBP from accessing or using information obtained through the EDL for any purpose other than facilitating border crossings. It would also prohibit CBP from sharing this information with any other public agency or private entity for information obtained through the EDL. Again, the author is not willing to take this amendment without having additional information. For example, it is not entirely clear what rules currently limit CBP's ability to use and share the data that it collects from other sources, such as standard licenses and passports. Once it is in the database, it is not entirely clear why information obtained from an EDL would be treated any differently than information obtained from some any other sources. As noted above, the author has already accepted an amendment providing that any privacy laws that apply to standard driver's license will also apply to EDLs. Of course, this begs the question of just what privacy laws apply to standard drivers' licenses. This, too, is one of the unknowns that the author wishes to explore. Conclusion: This is the third consecutive session that the author has brought this proposal, with only minor variations, before this Committee. Both of the earlier bills - AB 2113 (2012) and SB 397 (2014) - passed unanimously out of this Committee but were held in the Assembly Appropriations Committee, notwithstanding the fact that neither of those earlier bills ever received a single negative floor or committee vote. The author has taken a number of amendments to meet some of the privacy concerns raised by opponents, and the author and opponents have informed the Committee that they will continue to work on the remaining issues identified in this analysis if the bill moves forward. ARGUMENTS IN SUPPORT: According to the California Chamber of Commerce, the "ports of entry along the California-Mexico border are among the busiest ports in the world." The Chamber claims that each year forty-five million vehicle passengers cross the border at one of six points of entry, and that "the average wait SB 249 Page 17 for travelers at these ports is over an hour." The Chamber further claims that these delays "result in a loss of eight million trips each year," and that in San Diego County alone this translates into an estimated loss of $1.2 billion in revenues. The Chamber believes that this bill will relieve border congestion by allowing travelers to use "ready lanes," and that it will allow CBP officers to quickly assess information "and focus on the traveler's vehicle as opposed to scanning documents - reducing wait time by up to 60%." The Imperial County Transportation Commission supports this bill for substantially the same reasons, claiming that border wait times cause "a devastating loss of nearly $1.5 billion in revenues, 3.4 million potential working hours, 39, 500 jobs, and $59 million in wages annually in the San Diego and Imperial region alone." Several other business groups, both from Southern California and from Baja California, support this bill and cite similar statistics for the economic impact on their respective locales. ARGUMENTS IN OPPOSITION: In a joint letter, the ACLU, Consumer Watchdog, the Eagle Forum of California, the Electronic Frontier Foundation, and the Privacy Rights Clearing House oppose this bill primarily due to their "profound privacy and security concerns about the use of insecure Radio Frequency Identity (RFID) computer chips in EDL identity documents." In addition to their general concerns that EDLs will compromise the privacy of the holder's personal information, opponents also point out that the EDL lacks some of the security measures used in passports. For example, they claim that in U.S. passports a new random number is generated each time the RFID is read, whereas EDLs now in use in other states appear to use a random number that does not change with each reading. Also, while the data embedded on the passport is encrypted, this bill only provides that the number will be encrypted if "agreed to by the United States Department of Homeland Security." Finally, opponents claim that while EDLs may be optional now, "optional government SB 249 Page 18 programs often turn into permanent mandatory programs." The Ella Baker Center for Human Rights and the Legal Services for Prisoners with Children (LSPC) opposes this bill for many of the same reasons raised by the ACLU and others; however, the Baker Center and LSPC also believe that SB 249 will "allow law enforcement officers to racially profile Californians from a distance and without their knowledge." The Baker Center contends that "personal information contained on EDLs will be accessed by [CBP] through the National Law Enforcement Telecommunications System (NLETS), which in turn is "accessible to local law enforcement." PREVIOUS LEGISLATION: SB 397 (Hueso) of 2014 was substantially similar to this bill except that it did not contain the requirement that the applicant be informed, in writing, that RFID random number could be read remotely and it did not provide penalty provisions enforcing the prohibition against employers taking adverse action against an employee who refused to apply for or use an EDL. That bill passed unanimously off the Senate Floor and unanimously out of this Committee but was held in the Assembly Appropriations Committee. AB 2113 (Hueso) of 2012, was similar to SB 397. That bill passed unanimously out of this Committee but was held in the Assembly Appropriations Committee. REGISTERED SUPPORT / OPPOSITION: Support SB 249 Page 19 Calexico Chamber of Commerce California Chamber of Commerce Casa Familiar Chula Vista Mayor's Office City of El Centro City of San Diego El Centro Chamber of Commerce Todd Gloria, San Diego City Council Member Imperial County Transportation Commission Otay Mesa Chamber of Commerce Representative Juan Vargas San Diego Association of Governments San Diego Regional Chamber SB 249 Page 20 San Diego-Tijuana Smart Border Coalition State of Baja, California Opposition ACLU Consumer Watchdog Eagle Forum Ella Baker Center for Human Rights Electronic Frontier Federation Legal Services for Prisoners with Children Privacy Rights Clearinghouse Analysis Prepared by:Thomas Clark / JUD. / (916) 319-2334 SB 249 Page 21