cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
CraginS
Defender I

BioChipping Employees- Physical Security or Privacy?

Chipping pets has been around for years.

Chipping people has, too, but not nearly so wide spread.

The Guardian has reported that the idea of chipping employees is being discussed by employers, and unions are expressing concern.

Alarm over talks to implant UK employees with microchips
Trades Union Congress concerned over tech being used to control and micromanage

 

Consider:

Having chips in all employees and readers placed around the facility, in addition to being connected to IT systems for identification and authentication, could greatly benefit physical security and insider threat protection.

Of course, that same system could become an amazingly intrusive invasion of privacy.

 

So... would you recommend a chip program as part of the security program at a company you were advising?

Alternately, if your employer set up a voluntary chip program, would you get a chip?

Or, if your employer announced a mandatory program, would you quit?

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
48 Replies
Caute_cautim
Community Champion

There is another issue as well:

 

"The key to any successful identity token is that it can be replaced at will when compromised or considered compromised. Think somebody knows you password – then change it.  Fraudster has your credit card number – lock the card and get a new one, etc.  I’m yet to read anything on these implanted chips to suggest that this can be done in a reliable, secure, and of course, non-surgical manner."

 

So, one could nullify the original token via Radio Frequency means, and then have a new one inserted, but one could be waiting for some time waiting for an appointment. 

 

Whether it was between the thumb and forefinger or the forehead - it is a single point of failure.

 

So what does one do in between whilst waiting for their credentials to be re-assigned?

 

Regards

 

Caute_cautim

rslade
Influencer II

> CISOScott (Advocate I) posted a new reply in Industry News on 11-14-2018 03:41 PM in the (ISC)² Community :

> The next step then should be to create a governing body and standardize
> where these chips should be placed. Not everyone has hands and hands can be
> dismembered through accidents or other means so I guess you got to have a
> head to survive.... so lets put it in our foreheads.

I'd say right hand and forehead, you know, just for redundancy ...

0/' ... If the band will play six sixty six ... 0/'

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
If you spend more on coffee than on IT security, then you will be
hacked. What's more, you deserve to be hacked.
- Richard Clarke, former advisor to the President on Cybersecurity
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
CISOScott
Community Champion

Which brings up another issue. If the chips can be remotely wiped easily, then what is the purpose in having them inserted in the first place? I would be mighty upset if I got a chip inserted on Monday and was back on Wednesday to have it removed and another one inserted. A hacker could effectively DDoS the entire workforce with a remote wipe command.

Caute_cautim
Community Champion

Some brilliant thoughts going on in the background there!  So if the device is a Near Field Communications (NFC) so you need a portable device i.e. the Microchip and a fixed scanning device i.e. door way to organisation - so technically you have to be 4 cm away from the device.   But obviously getting the correct frequency and picking ones target, you could use a stronger and further away radio communications beamed transmission or even a localised EMC pulse to destroy the NFC device.    Or a strong transmitting device in the locality would do the same.

 

Or in a shop, they use NFC devices on items, and they then swipe across the counter to remove or break the NFC devices aerials after confirmation of payment.

 

Thus causing a DoS situation, or if you knew your targets were bunched together - a carefully initiated EMC pulse would take a bunch of them or cause a DDoS situation.

 

Thus negating the microchip and a new one having to be inserted etc.

 

Would you be better with an IoT device?   But how would you power it?   Wireless Power Transmission (WPT) within 30 metres, which is the current CEPT standard, still being debated globally.

 

Regards

 

Caute_cautim

Kempy
Newcomer III

I would say that GDPR would wipe out any such folly, because a business that stupid is guaranteed to loose such highly sensitive data, or maybe a disgruntled employee who allowed their rights to be violated, would just leak the data. 

 

I don't see a way for such a ridiculous policy to become mandatory unless people became someone else's property, a practice stamped out hundreds of years ago.

 

Ultimately what is the purpose? To subjugate the employee (I'll keep the id badge thanks)

Caute_cautim
Community Champion

We will ask you the same question in 2-5 years time and see if you viewpoint still holds?

 

Cheers

 

Caute_cautim


@Kempy wrote:

I would say that GDPR would wipe out any such folly, because a business that stupid is guaranteed to loose such highly sensitive data, or maybe a disgruntled employee who allowed their rights to be violated, would just leak the data. 

 

I don't see a way for such a ridiculous policy to become mandatory unless people became someone else's property, a practice stamped out hundreds of years ago.

 

Ultimately what is the purpose? To subjugate the employee (I'll keep the id badge thanks)


 

CraginS
Defender I


@Caute_cautim wrote:

I guess you have to ask the Swedes their opinion, they are embracing it wholeheartedly:

https://theconversation.com/thousands-of-swedes-are-inserting-microchips-into-themselves-heres-why-9...

  


The Financial Post republished a New York Times article to continue discussion on the Swedish experiment in the November 23 article headlined

In Sweden, cash is almost extinct and people implant microchips in their hands to pay for things. Mo...

 

The article concerns me because the entire discussion addresses the cost value of converting the economy to digital finances based on personal chipping, but there is no mention of even a hint of the possible (probable?)  massive surveillance of the population by government and by commercial interests, 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Kempy
Newcomer III

I would consider implanting a reader on the basis that every Swedish handshake is making me £30 better off 😉

Caute_cautim
Community Champion

However, we would be totally naive to think it cannot be used in the future for whatever use the government of the day deems necessary to protect its borders or reduce healthcare costs etc.

 

It could reduce crime and also reduce the amount of time taken to identify the culprit - so once again it could save time effort and costs.

 

Regards

 

Caute_cautim

 

CISOScott
Community Champion

There are several US government entities that would love to see the US go to a cashless society.

1) The IRS because then all transactions could be tracked and proper taxes collected.

2) Law enforcement agencies because it would be easier to track illicit drug sales, prostitution, other black market transactions, etc.

3) Local and state governments for both of the above reasons.

 

I think it will be hard to go to a cashless society because of the privacy concerns, but I wonder if that is why bitcoin (anonymous digital transactions) were invented.