cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Advocate I

Re: BioChipping Employees- Physical Security or Privacy?

There is another issue as well:

 

"The key to any successful identity token is that it can be replaced at will when compromised or considered compromised. Think somebody knows you password – then change it.  Fraudster has your credit card number – lock the card and get a new one, etc.  I’m yet to read anything on these implanted chips to suggest that this can be done in a reliable, secure, and of course, non-surgical manner."

 

So, one could nullify the original token via Radio Frequency means, and then have a new one inserted, but one could be waiting for some time waiting for an appointment. 

 

Whether it was between the thumb and forefinger or the forehead - it is a single point of failure.

 

So what does one do in between whilst waiting for their credentials to be re-assigned?

 

Regards

 

Caute_cautim

Advocate III

Re: BioChipping Employees- Physical Security or Privacy?

> CISOScott (Advocate I) posted a new reply in Industry News on 11-14-2018 03:41 PM in the (ISC)² Community :

> The next step then should be to create a governing body and standardize
> where these chips should be placed. Not everyone has hands and hands can be
> dismembered through accidents or other means so I guess you got to have a
> head to survive.... so lets put it in our foreheads.

I'd say right hand and forehead, you know, just for redundancy ...

0/' ... If the band will play six sixty six ... 0/'

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
If you spend more on coffee than on IT security, then you will be
hacked. What's more, you deserve to be hacked.
- Richard Clarke, former advisor to the President on Cybersecurity
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Advocate I

Re: BioChipping Employees- Physical Security or Privacy?

Which brings up another issue. If the chips can be remotely wiped easily, then what is the purpose in having them inserted in the first place? I would be mighty upset if I got a chip inserted on Monday and was back on Wednesday to have it removed and another one inserted. A hacker could effectively DDoS the entire workforce with a remote wipe command.

Advocate I

Re: BioChipping Employees- Physical Security or Privacy?

Some brilliant thoughts going on in the background there!  So if the device is a Near Field Communications (NFC) so you need a portable device i.e. the Microchip and a fixed scanning device i.e. door way to organisation - so technically you have to be 4 cm away from the device.   But obviously getting the correct frequency and picking ones target, you could use a stronger and further away radio communications beamed transmission or even a localised EMC pulse to destroy the NFC device.    Or a strong transmitting device in the locality would do the same.

 

Or in a shop, they use NFC devices on items, and they then swipe across the counter to remove or break the NFC devices aerials after confirmation of payment.

 

Thus causing a DoS situation, or if you knew your targets were bunched together - a carefully initiated EMC pulse would take a bunch of them or cause a DDoS situation.

 

Thus negating the microchip and a new one having to be inserted etc.

 

Would you be better with an IoT device?   But how would you power it?   Wireless Power Transmission (WPT) within 30 metres, which is the current CEPT standard, still being debated globally.

 

Regards

 

Caute_cautim

Tags (4)
Newcomer III

Re: BioChipping Employees- Physical Security or Privacy?

I would say that GDPR would wipe out any such folly, because a business that stupid is guaranteed to loose such highly sensitive data, or maybe a disgruntled employee who allowed their rights to be violated, would just leak the data. 

 

I don't see a way for such a ridiculous policy to become mandatory unless people became someone else's property, a practice stamped out hundreds of years ago.

 

Ultimately what is the purpose? To subjugate the employee (I'll keep the id badge thanks)

Advocate I

Re: BioChipping Employees- Physical Security or Privacy?

We will ask you the same question in 2-5 years time and see if you viewpoint still holds?

 

Cheers

 

Caute_cautim


@Kempy wrote:

I would say that GDPR would wipe out any such folly, because a business that stupid is guaranteed to loose such highly sensitive data, or maybe a disgruntled employee who allowed their rights to be violated, would just leak the data. 

 

I don't see a way for such a ridiculous policy to become mandatory unless people became someone else's property, a practice stamped out hundreds of years ago.

 

Ultimately what is the purpose? To subjugate the employee (I'll keep the id badge thanks)


 

Advocate I

Re: BioChipping Employees- Physical Security or Privacy?


@Caute_cautim wrote:

I guess you have to ask the Swedes their opinion, they are embracing it wholeheartedly:

https://theconversation.com/thousands-of-swedes-are-inserting-microchips-into-themselves-heres-why-9...

  


The Financial Post republished a New York Times article to continue discussion on the Swedish experiment in the November 23 article headlined

In Sweden, cash is almost extinct and people implant microchips in their hands to pay for things. Mo...

 

The article concerns me because the entire discussion addresses the cost value of converting the economy to digital finances based on personal chipping, but there is no mention of even a hint of the possible (probable?)  massive surveillance of the population by government and by commercial interests, 

 

 

Dr. D. Cragin Shelton, CISSP
CraginS@gmail.com
https://CraginS.blogspot.com/
Newcomer III

Re: BioChipping Employees- Physical Security or Privacy?

I would consider implanting a reader on the basis that every Swedish handshake is making me £30 better off Smiley Wink

Advocate I

Re: BioChipping Employees- Physical Security or Privacy?

However, we would be totally naive to think it cannot be used in the future for whatever use the government of the day deems necessary to protect its borders or reduce healthcare costs etc.

 

It could reduce crime and also reduce the amount of time taken to identify the culprit - so once again it could save time effort and costs.

 

Regards

 

Caute_cautim

 

Highlighted
Advocate I

Re: BioChipping Employees- Physical Security or Privacy?

There are several US government entities that would love to see the US go to a cashless society.

1) The IRS because then all transactions could be tracked and proper taxes collected.

2) Law enforcement agencies because it would be easier to track illicit drug sales, prostitution, other black market transactions, etc.

3) Local and state governments for both of the above reasons.

 

I think it will be hard to go to a cashless society because of the privacy concerns, but I wonder if that is why bitcoin (anonymous digital transactions) were invented.