RFID implants pose serious risks
Originally written February 17, 2006 for The Poly Post.
Two employees of a Cincinnati surveillance company recently had identity tags implanted under their skin, raising huge privacy and security concerns.
The security company CityWatcher has reportedly become the first American company to use radio frequency identification, or RFID, technology embedded in living humans.
CityWatcher claims that having the RFID chips injected is not a requirement to remain employed. But one wonders how seriously that claim can be taken when the chips are required for access to the company's datacenter. In fact, if one's job requires them to have access to the datacenter then this new chip is in fact a requisite for the job. Forcing employees to have a surgical procedure, however minor, in order to simply start a job sets a dangerous precedent for privacy and civil liberties, not to mention being immoral on its face.
CityWatcher also claims that the chips will only be read when brought within inches of a reader, and for their own uses this is probably true. They may genuinely have nothing malicious in mind. RFID chip manufacturer VeriChip, however, claims readability on their product from up to 15 feet away. With readability from such a distance, suddenly it becomes feasible for a company to install RFID readers throughout its entire building so it knows where everybody is at all times.
And if a company can do it, why not a city? Why not a state, or the entire country? Tracking of entire populations is no longer in the realm of science fiction. We need to realize the cows are starting to leave the barn and close the door before it's too late.
Besides the privacy and freedom concerns, which should be an issue to all of us, are issues of security, which should be an issue to the companies thinking of implementing such draconian measures. Implanting RFID chips may actually decrease security, not increase it.
An RFID device is dead most of the time since it doesn't have it's own internal source of power. Rather, the reader sends a burst of power through radio waves that turn on the device, and then a second signal sends a request for the device's ID.
The thing is, anybody with patience enough to wait for someone to use the door can pick up this unsecured conversation with a simple directional antenna. Or, if you have the signal broadcast by the door, you can program it into your own handheld reader and use it to trigger the unwitting employee's ID tag. Then, presto, you have all the information you need to make your own CityWatcher datacenter RFID chip. And with no human element in the security chain who would spot the unknown face going places he shouldn't be, the criminal now has unfettered access to as many "secure" locations as he has time to scan arms and clone chips for.
The best way to resist this trend right now is to simply refuse RFID implantation while you still can. If every one of CityWatcher's employees had refused the procedure, suddenly there would have been nobody to run the datacenter and the policy would have had to change.
Here's to hoping the rest of us have the guts to do what those cowardly two CityWatcher employees did not.