The trend of blundering into the void of adopting new tech, damn the consequences, full speed ahead, continues this week. The Telegraph tells us about "a number of UK legal and financial firms" are in talks with a chip company to implant their employees with RFID microchips for security purposes.
Ah, security purposes, our favorite road to hell paved with some kind of intentions. Is it like when Facebook took people's phone numbers for security purposes and handed them to advertisers? Sorry, I'm just a little cynical right now. The report explained the purpose of corporate bosses chipping their workers like a beloved Pekinese is to set restrictions on areas they can access within the companies.
"One prospective client," The Telegraph wrote, "which cannot be named, is a major financial services firm with "hundreds of thousands of employees."
Jowan Österlund, founder of chip-implant company Biohax at the center of this deal, told the outlet: "These companies have sensitive documents they are dealing with. [The chips] would allow them to set restrictions for whoever ... In a company with 200,000 employees, you can offer this as an opt-in," said Mr. Österlund. "If you have a 15 percent uptake that is still a huge number of people that won't require a physical ID pass."
Never mind that RFID badge cloning is trivial to the point of funsies for hackers (who have been experimenting with hacking biochips for a while), this is about employee efficiency. A further selling point for companies grinding privacy into bottom-line dust is that it'll save a company money. "As well as restricting access to controlled areas," The Telegraph said, "microchips can be used by staff to speed up their daily routines. For instance, they could be used to quickly buy food from the canteen, enter the building or access printers at a fastened rate."
As some readers may recall, this isn't the first instance of employee chipping in recent news. Last year, American company Three Square Market in Wisconsin made headlines when 80 of its employees got chips implanted. They use the little RFID chips in their hands (the size of a grain of rice, like the one in your cat) to scan themselves into security areas, use computers and vending machines. Interestingly, Three Square sells vending machine "mico markets" but offers a cottage industry in implants (with an angle on their use for "law enforcement solutions").
Yet the first US company to inject workers with tracking chips was a Cincinnati surveillance firm in 2006, which required all employees working in its secure data center to have RFIDs implanted in their triceps. Coming from a spying company, it's almost like asking if you'd like your Orwell with a little Orwell on top. California in 2007 swiftly moved to block companies from being able to make RFID implants mandatory, as well as blocking the chipping of students in the state.
Don't get me wrong: becoming a cyborg sounds pretty awesome. It's a fairly popular pastime for DEF CON attendees who like their hackery edge-play to get a souvenir implant while at the conference. But those people are hackers, and they know what they're getting into. And I'm just that annoying person worried about normal people not knowing how they can get pwned, and who has a few irritating questions about personal security and privacy.
According to MIT Technology review, the Three Square Market employees said they liked it — the convenience outweighed personal privacy and security concerns, which could include surveillance by higher-ups, or attackers doing a little drive-by data sniffing (when hackers ping your chip to see what's on it). President of Three Square, Patrick McMullan, told MIT that only some of the info on the chip is encrypted "but he argues that similar personal information could be stolen from his wallet, too."
Unlike a company ID card, you can't leave it at home. We might imagine that with all of these privacy and tracking concerns, female employees dealing with harassment would have an extra layer to worry about. MIT only quoted male employees, so that's worth noting.
The chip-your-workpets trend spreading to the US and UK got its foothold in Sweden where apparently they are much cooler about becoming the Borg than we are. Swedish incubator Epicenter in Stockholm "includes 100 companies and roughly 2,000 workers, began implanting workers in January 2015," reported LA Times. "Now, about 150 workers have the chips."
The chief experience officer at Epicenter, Fredric Kaijser, told press: "People ask me, 'Are you chipped?' and I say, 'Yes, why not?' And they all get excited about privacy issues and what that means and so forth. And for me it's just a matter of I like to try new things and just see it as more of an enabler and what that would bring into the future."
Again, I'll annoy you by pointing out that the evangelists here all seem to be dudes, which isn't a bad thing. It maybe might suggest no one's thinking about the inevitable DEF CON talk "Chipped employees: Fun with attack vectors," or a possible future headline about employee stalking or chip-based discrimination. I mean, we can already imagine the ones where ICE demands the last known doors opened by all employees on the RFID database who happen to be brown.
I'm sure it's all well and good until someone gets locked out of their own hand. Or the app used to access your hand gets compromised.
Like I said earlier, it's at the "damn the consequences, full speed ahead" stage.