This came in as a comment. I post it here so that libraries considering RFID especially in California can learn from the nuances discussed by R. Bruce Miller:
The nuance of language is what is at issue for libraries in regard to the Simitian bill. The Library at the University of California, Merced has books that are tagged with RFID and, for the library card, we use the campus "one-card" which has an RFID tag.
The nuance is that the library card RFID information is solely the number that serves as a key to the campus ID management system which then provides the ID info to the Library management system, i.e., the classic meaningless library card number, sometimes incorrectly referred to as the "bar code number".
At no time in the local transaction is personal information transmitted by RF nor is there personal information on the RFID on the card. If the card is lost, we simply use the system to turn off that random number "key" and we then issue a new card with a new random number key. (BTW we rely on substantial encryption for our RFID applications.)
The nuance of language in this issue is that Senator Simitian believes that the library card number is personal identification information. I discussed this in depth with the Senator and his staff. They remained steadfast in including library card numbers as personal identification information.
Their position is that a library might choose to use SSN or driver's license number for the library card and that would be compromising information that could be used in identity theft.
I pointed out that use of such numbers is now illegal and also is in violation of libraries' strict code of ethics regarding privacy. The Senator told me that he knew that but that he was concerned that a small town library might not know that they should not use personal identification information in that way. Simitian is adamant that the library card number be considered personal identification information and that library cards are personal identification documents.
My personal take on the bill is that the intentions are honorable. I support good policy that protects personal identity information. Unfortunately, the bill focuses on prohibitions against technology and does not provide much in the way of useful policy. I am perplexed that we are working so hard to ensure personal privacy and yet somehow we have become the enemy.
R Bruce Miller
University of California, Merced