Back to Search Results

First Match

Positive ID?

The implantation of radio-frequency identification chips in four video-surveillance company employees will likely add to a growing debate over the merits of this technology.

Friday, June 16, 2006
Write To The Editor Reprints

Cincinnati-based private video-surveillance company recently embedded silicon chips in four of its employees, as the company tested the technology in an effort to control access to a room where it holds security video footage for government agencies and police.

The dime-sized chips, manufactured by Delray Beach, Fla.-based VeriChip Corp., were implanted into the employees' arms, says Sean Darks, CityWatcher CEO, after the company explored various types of biometric applications such as fingerprint and handprint identification systems. CityWatcher turned to radio-frequency identification chips, a less costly alternative to typical biometric systems, to "make security improvements," he says, and eliminate the possibility of employees losing or misplacing proximity cards or other forms of identification.

RFID > chips are inexpensive radio transmitters that emit a unique identifying signal. The chips are commonly used for tracking merchandise in transit, but they can also be implanted in pets to identify them in the event they're separated from their owners and can be used in humans for medical purposes -- to link patients to their medical records in emergency situations, for instance.

However, CityWatcher's implementation of < RFID > is the first known case in which U.S. workers have been "tagged" electronically as a way of identifying them, and is likely to add to a growing controversy surrounding < RFID >, predicted as one of the next big growth industries.

Each chip was embedded with the employee's consent, says Darks, and the company intends to monitor access to an area within the company's facility, rather than monitor the actions of its employees, he says. Darks himself has been implanted with a chip and says the technology does not have the capability to "track" employees outside the workplace. < RFID > chips send short-distance signals when activated, usually by coming into close proximity to a device designed to activate it. The chips have no power sources; the activation devices essentially just transmit small amounts of power to temporarily activate them.

< RFID > technology has been used to help companies track their product shipments since the 1980s. More recently, it's become very popular as a security application. A 2004 poll of 450 software developers in North America, Europe, Asia and Latin America by Santa Cruz, Calif.-based Evans Data Corp. found that 30 percent of the companies surveyed use < RFID > for security and access-control purposes, compared to 20 percent that were using < RFID > in inventory-control software.

Given its growing ubiquity as a security tool, perhaps it was only a matter of time before someone came up with a way to use < RFID > to track humans. In August 2002, shortly after the highly-publicized abduction of two 10-year-old British girls, Kevin Warwick, a professor of cybernetics at England's Reading University, reportedly offered to implant a tracking device in an 11-year-old girl as an anti-abduction measure. Whether or not Warwick intended to follow through with his proposal -- if he, in fact, made such an offer -- the idea drew mixed reactions from a number of children's societies and parents, and was not pursued.

Indeed, the idea of using < RFID > in this manner raises the hackles of privacy advocates. Liz McIntyre, communications director of Consumers Against Supermarket Privacy Invasion and Numbering, a nonprofit group focused on consumer privacy issues, is an outspoken critic of < RFID > technology. The use of < RFID > chips in humans raises serious privacy and civil-liberty issues and portends a culture in which all actions by individuals could be monitored, whether they realize it or not, says McIntyre, who also co-authored a book, Spychips: How Major Corporations and Government Plan to Track Your Every Move with < RFID >.

McIntyre says the widespread use of < RFID > to monitor employees in the workplace could have unpleasant consequences, such as employees being pressured to undergo implantation with < RFID > chips in order to keep their jobs.

However, Darks and other proponents brush off the thought of < RFID > as part of a movement toward a "Big Brother"-dominated culture. He stresses that the decision to be implanted with the chips rested with CityWatcher employees.

"If [being chipped] is voluntary," he says, "I don't see how it would raise privacy issues."

Whether or not implanting < RFID > chips in humans becomes a common workplace security measure remains to be seen, but as for its possible uses in the future, as well as the debate this emerging technology figures to spark, "this is just the beginning," says McIntyre.

Practical Issues

While CityWatcher is the first known U.S. company to insert < RFID > chips in its employees, it is not the first ever. The Mexican Ministry of Justice's organized crime division used the chips for access-control purposes until about six months ago, when the department re-evaluated its security requirements, says John Procter, spokesman for VeriChip Corp. About 160 employees in that division were voluntarily implanted with the chip, to gain access to areas containing "very sensitive" information regarding key figures in the country's organized-crime world, he says.

VeriChip Corp., which claims to produce the only < RFID > chip approved by the Food and Drug Administration for implantation in humans, also provided the chips used by the Mexican Ministry of Justice, through a distributor in Mexico, Procter says.

While the company says its "core focus" continues to be in the medical field, VeriChip also plans to market the < RFID > chip as a means of identifying employees, says Procter.

< RFID >'s future in the workplace, experts say, will most likely include its usage as a means for monitoring or limiting admittance to a given area or facility.

"What we will see is the use of < RFID > to allow users to authenticate access to systems and physical access to buildings," says Stacey Quandt, research director for security solutions and services at the Aberdeen Group, a Boston-based research organization focused on technology-driven markets.

If that prediction holds true, another important question surrounding < RFID > is whether it truly provides an advantage over other, more commonly used tools such as swipe cards or other security devices.

Security researcher Jonathan Westhues has studied < RFID > technology, and he cautions companies to carefully weigh its benefits versus risks when comparing < RFID > to other security options -- proximity cards, ordinary metal keys or employing security guards, for example.

"If you think about what < RFID > actually gets you, the big advantage of sticking the thing under your skin is that you can't lose it," he says. "So that problem, and all the attendant problems -- getting mugged, forgetting it on the subway -- are presumably gone. So, in that sense it's an advantage."

On the other hand, Westhues sees potential problems with < RFID >'s ability to truly verify employees' identities. The chips, he says, were originally designed to identify lost housepets or, later on, individuals in medical emergencies, "not authenticate them." That, he says, opens the door for would-be hackers to create "copies" of < RFID > chips and gain the same access as employees to supposedly secure areas.

The VeriChip was initially created "with no attempt" at security, Westhues says, and he has demonstrated how the VeriChip can be hacked and cloned by building a "very generic" piece of test equipment "that can talk to just about any low- or high-frequency < RFID > tag on the market."

A typical < RFID > tag, he says, sends a signal that carries information -- in the case of the VeriChip, a unique, 16-digit ID number. Once Westhues obtained a VeriChip tag reader, "it was literally just a few hours work to add support for that device to my software," at which point he could, theoretically, obtain and replicate the number from a given chip rather easily, he says.

However, the degree of difficulty involved in cloning the chip doesn't necessarily mean < RFID > technology isn't a viable security measure, says Darks.

Newsletter Sign-Up:

HR Technology
Talent Management
HR Leadership
Inside HR Tech
Special Offers

Email Address

Privacy Policy

"Nothing is 100 percent secure," Darks says, adding that, at CityWatcher, the possibility of an individual copying one of the chip's numbers and breaking through the building's security measures is very unlikely, and "not even a concern" for the organization. 

"What's probably more important is the database the chip is linked to," Darks says, noting that obtaining a radio-frequency identification tag's unique number is futile without knowing what information it may hold the key to.

"If a person doesn't know what that chip will get [them access] to," Darks says, "[copying the chip] does no good." 

The Jury Is Out

Joyce Gioia, founding member of the Association of Professional Futurists in Waltham, Mass., is also president of the Herman Group, a Greensboro, N.C.-based firm of strategic business futurists concentrating on workforce and workplace issues.

The jury is still out on whether < RFID > will prove to be a secure form of employee identification, she says. However, for < RFID > to be beneficial in the workplace, Gioia says, companies must be able to ensure employees' privacy, and stress to workers that carrying a chip -- under their skin or otherwise -- is strictly voluntary.

The risks of this technology are currently unknown, she says.

"Presuming we don't find out that it hurts people" and if employees don't mind being "chipped," she says, then < RFID > technology could prove to be "a good thing."

When comparing the use of < RFID > chips to other types of identification -- proximity cards, badges, etc. -- she cites the chip's "convenience" as its biggest selling point, in that employees "don't have to worry about carrying badges or some other devices that would give them access" to an area or building.

Still, given a choice, she says, she would rather see organizations use proximity cards or other forms of ID that "would be a lot less invasive."

While Gioia allows that < RFID > implantation may prove to be viable, her response is simple and direct when asked if she envisions a future in which inserting chips in employees is commonplace: "Yes," she says, "and that doesn't thrill me."

That scenario doesn't excite McIntyre either, and she questions how voluntary < RFID > use will really be in the future. She also questions the level of privacy employees are able to maintain in a workplace where < RFID > is present, and fears that, as the technology develops, companies may take a more surreptitious approach to monitoring employees' movements, beyond inserting chips in workers.

In Spychips, she and co-author Katherine Albrecht suggest such a movement is afoot, citing Woodward Laboratories, an Aliso Viejo, Calif.-based company that, according to the book, has embedded a hidden tag reader into a product called the iHygiene Perfect Pump. The pump is a liquid soap dispenser doubling "as an employee badge reader and monitoring device" that captures workers' ID badge numbers and watches to see if they wash their hands.

Still, VeriChip's Procter bristles at the notion of < RFID > serving as "tracking technology" -- with or without employees' knowledge -- and says his company's product has no such capabilities. The closest the chip comes to acting as a tracking device, he says, is providing authorized individuals within the organization the ability to check a computer log to see when an individual entered a secure room. That capability, he says, is typical in "any type of secure-access" system.

"With any emerging technology, the issue of privacy is a serious one," says Procter, adding that he encourages discussion about < RFID > and its growth in coming years "based on fact and the technical realities of the device."

At this stage, Westhues says, "it's not really clear" what the benefits of < RFID > are compared to other security devices, or just how the technology will be used. But, he advises companies considering < RFID > to proceed with caution, rather than rushing to the technology simply because it appears to be the wave of the future.

Ultimately, the consideration of privacy and security issues should be driven by "a practical assessment of the risks" involved with deploying < RFID >, he says.

"With any kind of security precaution," he says, "[companies] just have to step back and ask, 'What does [< RFID] actually get us?' and trade the cost of it for the actual benefit."

Copyright 2017© LRP Publications