News

Wisconsin Company’s Use of RFID Microchip Implants Raises Questions of Health, Privacy

August 11, 2017 by Heather Hamilton-Post

Employees and experts question the overall safety of RFID chips in human workers.

A company in Wisconsin announced that around 50 of their employees will be implanting RFID chips into their hands for workplace-related tasks. But employees and experts alike are questioning, both for safety and privacy.

Amidst growing speculation that AI will take over jobs, companies are attempting to integrate a variety of technology into their workflow at every organizational level. From the factory floor to the boardroom, workplaces are taking advantage of things like AI and RFID technology to transition industries.

Technology companies are obviously particularly affected, in part because they stand to play a large role in the development and implementation of new ways of approaching the same problems.

A New Kind of Wearable

In Wisconsin, a maker of cafeteria kiosks designed to replace vending machines is in the news for embedding microchips in employee hands. According to an article in USA Today, company officials said it would offer convenience to the 40 workers who wished to bypass company badges and corporate log-ons (any task involving RFID technology) by instead swiping their microchipped hand by a security device, much like a smartphone.

 

The chip in question, which is implanted in employees' hands.Image courtesy of Three Square Market

 

In this case, the chips do not contain GPS trackers—but if you’re worried about security, says Three Square Market President Patrick McMullan, you should “take your cell phone and throw it away.” 

In Wisconsin, Three Square Market wants it to be a celebration—a local tattoo artist was on hand to complete installation and volunteer employees received an “I’ve been chipped” t-shirt. While it was not mandatory, the New York Times reports that 50 of the company’s 80 employees elected to receive the chip.

Biohax Sweden manufactures the chips and boasts that nearly 3,000 people in Europe are using it. On their site, they refer to the "IoU"—the "Internet of Us", a reference to their goal of making people more connected through technology.

Employee Reactions to Implantable Tech

While many employees are happy to accept a chip the size of a grain of rice placed between their fingers, others are more hesitant. Three Square Market marketing executive Katie Langer chose not to receive the chip because of concerns relating to putting a foreign object in her hand, despite the fact that the chip received approval from the U.S. Food and Drug Administration in 2004.

“But that’s still not very long term in my book, so I’d just like to know more about the long-term health effects,” she said in the Chicago Tribune. Langer concedes that she may opt to receive the chip in the future.

Jon Krusell and Melissa Timmins both told the New York Times that they weren’t planning on getting chipped because they were leery of the implanted device but they were excited about the technology. Krusell may get a ring with a chip instead and Timmins expressed nervousness about the possibility of implantation, though she’s happy to be at the forefront of technology.

Chris Malak also opted out. “I have a coworker who can never keep track of their keys thus always asking for mine and no idea what her passwords are. This would be good for her. But as for me, hell no,” he told USA Today in a Facebook Live interview.​

A Long List of "What-Ifs" for Security and Health

Those who did not choose to receive the chip and those following along at home seem to oppose it for one of three reasons—health, privacy, and general uneasiness. And perhaps the last is a version of the former, a general uneasiness that boils down to a concern for privacy.

Health concerns, as the New York Times reports, can be difficult to assess, since there’s a lot we don’t know about future implications. The FDA does acknowledge that an implementation site can become infected and it is possible for a chip to migrate.

Chips are removable, which is perhaps why privacy concerns feel more pressing to potential implant recipients. Sam Bengston, who is a software engineer at Three Square Market, received the chip and told the Washington Post that doesn’t have concerns because his information is encrypted, which makes it more secure than a cell phone.

But encrypted can mean a lot of different things. Alessandro Acquisti, a professor of information technology and public policy at Carnegie Mellon University’s Heinz College told the New York Times that often, when companies claim that chips are secure and encrypted, they aren’t being specific. “Encrypted is a pretty vague term, which could include anything from a truly secure product to something that is easily hackable,” he said.

He worries that technology designed for one purpose may be used for something else down the road--tracking the length of bathroom and lunch breaks, for example. “Once they are implanted,” he says, “it’s very hard to predict or stop a future widening of their usage.”

Todd Westby, Three Square Market CEO, insists that that isn’t the goal. “All it is is an RFID chip reader. It’s not a GPS tracking device. It’s a passive device and can only give data when data’s requested. Nobody can track you with it,” he said.

 

Representation of an RFID transponder. Image by Maxpayne473 [CC BY-SA 4.0]

Legal Protection for Employees

Three Square Market employees could elect not to receive the chip, a choice legally guaranteed to them under Wisconsin law. Wisconsin's state legislature reviewed Assembly Bill 290 for "prohibiting the required implanting of a microchip in an individual and providing a penalty" and passed it—over 10 years ago, in 2006.

In 2006, the notion of implantable tech was not necessarily new, but it had only recently been considered possible. In 2004, the FDA to allowed a company to implant chips as a means to access medical documentation and identify patients. That same year, employees of the Mexican Ministry of Justice also had chips implanted for security purposes. Perhaps it was instances such as these that inspired Wisconsin's 2006 legislation. 

Six states aside from Wisconsin— North Dakota, California, Oklahoma, Georgia, and Virginia—have laws protecting employees against insertion of microchips if they so choose. All six states passed their legislation between 2006 and 2010, with no new legislation passed since then. But what about the 44 other states? It's hard to say for certain, but additional protections are probably forthcoming, given this renewed interest in implantable tech, particularly as it intersects with employee rights.

8 Comments
  • S
    speakermanjeffrey August 16, 2017

    What happens when the implanted chip comes in contact with a strong magnetic field, or a transmitting microwave, or even your cell phone? I cant help but believe that in some instances it could corrupt the data, which might possibly make it accessable to others, and a strong magnetic field could cause it to heat up burning the host from the inside. I definatly agree that its use by corporate entities may seem sublime but you can bet that over time it will be used for many other purposes such as where you been, what you eat, your recreational activities, if it can be programed for security it can be reprogramed for any other purpose, look at cell phones when they first came out it was just a portable phone, now the damn things do everything, including, what you do where you are what you do on the internet. No I think this is bad idea when the host has no control over the implant. The exception to me would be for needed medical monitoring.
    .

    Like. Reply
  • A
    Ariel Cotto August 16, 2017

    Life Span of the Chip? Life Span of the Electronics Component?

    Like. Reply
  • I do not Consent August 17, 2017

    As far as I am aware, the chip does not contain any information besides a unique identifier code.

    The information stored, whatever it may be, is on the computers to which the scanners are connected to.

    The identifier code may link you to one universal personal record, or it may have a different personal record on each system you access. For example, you could use the same code for work , or home security, but they can be completely separate systems. the only common item, is your identifier code.

    Some systems may have good security, and some, not so good.

    If all of the systems are linked, and you have one universal personal record, then the computer system with the weakest security ends up being the weak link in the chain.

    If you have different personal records on various computer systems, then breach of one system limits the exposure of your data. However, once your unique identifier is “out in the open”, then you may be exposed to extra, subsequent breaches of the security of other computer systems.

    Now, about the readers/scanners:

    They can be near field (range of up to about 8-10”) , or far field (range of up to about 60”).

    Far field readers/scanners can be hidden anywhere, and can be used to track people without their knowledge. They can be hidden in ceilings, floors, walls furniture etc.

    Near field readers can also be used for this, say placed beneath a counter top, or a table/desk.

    And no, not all readers beep when they read a code - even if the device does beep, it is too easy to disconnect the speaker/beeper to make it operate in a completely silent mode.

    For employers, it could be used to ascertain how long you are away from your desk, how many smokos you take, how many loo breaks, who’s desk you tend to go to when you walk around, etc.

    For governments, the tracking list is just too large to be listed here.

    For corporate/advertising etc use, they are invaluable. The uses are also to numerous to be listed here.

    Having many years of experience in IT, all I can say, is that this scares me.

    Like. Reply