RFID Injection Required for Datacenter Access

user24 writes "Security focus reports that RFID injections are now required for access to the datacenter of a Cincinnati company. From the article 'In the past, employees accessed the room with an RFID tag which hung from their keychains, however under the new regulations an implantable, glass encapsulated RFID tag from VeriChip must be injected into the bicep to gain access ... although the company does not require the microchips be implanted to maintain employment.'"

A milestone

[suso]

Is this the first time civilians have been required to do thing type of thing? I guess its no longer science fiction.

does not require the microchips be implanted

[still_sick]

Mmmm-hmmm...

They won't require you to implant the chip to keep your job. But how long can you keep your job if you can't access the datacenter?

uh, no.

[netwiz]

Isn't this illegal? I was under the impression that forced surgery as a requirement for employment was against OSHA. Maybe I'm wrong. Altho, if you're in a right-to-work state, I can't see why they can't force this on workers. If you agree to it in a contract, well, you had your opportunity to decide against it.

At the same time, where does this take us? More importantly, what new kinds of abuse will this bring about? I'm a bit spooked.

Chipped by your boss ?= chipped for life

[Statecraftsman]

So when you decide to leave your emplyoyer do they take it out free of charge? I hope so.

If not, you're likely to be tracked not just by your employer but by anyone else with an RFID scanner. There really ought to be an activator button or device that needs to be pressed or broadcasting to make such a device safe for the implanted.

Re:Religious Objection

[Bodysurf]

"Could someone object on the basis of religious discrimination if they believe that RFID implants constitute the "Mark of the Beast"?"

I would imagine it would be just like the article stated: They can't/won't force you, but if you refuse, you don't get acccess to the datacenter. Just like the Mark of the Beast "... no one may buy or sell except one who has the mark or name of the beast, or the number of his name."

Re:A milestone

[Anonymous Coward]

A milestone?

Well, it's more mill than mile.

Re:I especially like...

[Martin Blank]

This is why I keep pressing my employer to not adopt RFID badges, and keep either the magnetic swipes or move to 2D barcodes. I have an inherent distrust of anything wireless, which is why I still have cables running from my mouse and keyboard, refuse to use Bluetooth, and use wireless only when I have to and even then almost exclusively in Linux (though with WPA/WPA2 and a nice, long, random shared key, it's not so bad). My current record in a lab for cracking 128-bit WEP is about 14 minutes, start to finish.

Paranoid? Yeah, a bit. But then I've never had to worry much about someone intercepting my phone calls or passwords over the air.

On the main topic, if no one is going to be fired for refusing, but part of their job is working on equipment in the datacenter, what happens?

Why not biometrics?

[yorktown]

I wonder why the company doesn't use a biometric entry system that uses fingerprints or retinal scans for security? People are less likely to object to thumbprint scan than minor surgery. And it's probably more secure, given that RFID can be cloned.

I'm probably going to get modded as a troll, but..

[damneinstien]

It now has public attention

I don't think we can call this public attention. Seriously, if our attention actually mattered in changing any policy, don't you think Microsoft would have been extinct by now and that DRM and other things like [insert what Slashdot users think is evil here] would be under public scrutiny? The cliched Joe Sixpack will probably never hear of this; heck, I don't think Joe Sixpack knows what RFID is.

Re:A milestone

[Anonymous Coward]

"Arbeit Macht Frei" [spectacle.org] - Words on the gate of the Auschwitz.

Re:uh, no.

[SagSaw]

Altho, if you're in a right-to-work state, I can't see why they can't force this on workers. If you agree to it in a contract, well, you had your opportunity to decide against it.

IANAL, but "right-to-work" only means that a state's employment laws don't allow an employer to require that some/all employee's join the union. Even in a right-to-work state, a contract doesn't let an employer off the hook for unsafe working conditions.

Re:Spell Check?

[uncoveror]

It does not surprise me at all that this is in Cincinnati, which has a horrible anti-worker culture. Employees are considered far less valuable than office fixtures, pay is below the national average in all industries, and flexible time is a foreign concept. Most employers there resent the emancipation proclaimation. Without it, they wouldn't have to pay the drones at all. This attitude has even spilled over to the sports teams, who have lost a lot more often than they have won over the years due to skinflint ownership.

Re:Religious Objection

[thehickcoder]

OT but,

Since the book of Revelation is in the New Testament not the Old Testament, it doesn't make sense to think 666 is as a hebrew number. Instead, you should picture it as a roman numeral, in which case it is the roman equivalent if 54321 (500+100+50+10+5+1) or DCLXVI.

Re:Religious Objection

[Drachemorder]

If you think about it, Satan wouldn't have any need to be subtle about it. People will know it matches up with Revelation. They simply won't care because they don't believe the prophecy in the first place --- and perhaps they'll be so hostile to the idea of God that they'll gladly take a mark that shows that hostility. There's no need at all for the meaning to be obfuscated.

Re:"The Mark"...

[teknickle]

Implants aren't anything new. This is just a documented case of RFID and forced human adoption.

I started to track some of this a few years ago. I lost a lot of the paper articles, but maintained a bunch of html links [domain-logic.com] (many became dead links for one reason or another).

We have been monitored a long time and for many different reasons. The public is mostly ignorant, AS THEY SHOULD BE. Could someone explain to me why we would want everyone to know that our governments have monitoring in place? It isn't something that could ever openly be acknowledged. Kind of like not letting Germans know that enigma was broken during WWII (good thing we got ahold of one of the machines [myke.com])

I am not much of a Conspiracy Theorist (at least now anyway). I realize that it is necessary for a global society in the state that we are in to monitor and track. There is extreme good that can come of it, and extreme evil.

But I digress. I don't think that this instance is a notable trend towards NWO. I am MORE CONCERNED about the recent mass hiring of IT by the FBI to help develop the centralized database tracking system as part of the new national ID program. Ok, NOW you can be worried.

Re:Religious Objection

[phauxfinnish]

Sorry, but I have to call bullshit on the barcode/666 thing. We'll let this article [snopes.com] on Snopes take care of that.

Contrary to popular myth, no bar code includes the number 666. This belief arose because the number six is represented by a pattern similar to that of the guard bars used to mark the beginning, middle, and end of every bar code. Since the guard bars always appear three times in a given bar code, people who mistakenly read them as sixes claimed that the pattern 6-6-6 was embedded in every bar code. However, if you look closely at the '6' in a bar code, you will see that there is a wide white bar either to the left or the right of its pattern (depending upon where within the bar code the number is positioned), which is not the case with the guard bars.

Not only are the guard bars not used as digits, if they were they would not be proper 6's anyway. The whitespace in barcodes is not insignficant.

Re: does not require the microchips be implanted

[jambarama]

Yeah so everyone gives in and gets injected. What happens when someone LOSES their job? Surgery to remove the RFID chip? Reimplant everyone else with a new chip? It just doesn't seem workable.

Stop looking for excuses!

[Anonymous Coward]

It's pathetic that when something like this is foist upon people, I read whiney comments like "but couldn't I object on religious reasons?" Fuck that! Here's how its done: You stand up and you say "NO I WILL NOT!". Yes, you could lose your job. Yes, you like your job, as it pays for your geeky bloody ipod and other whatnot. Yes, it pays for the roof over your head. But consider this: (yes, american-centric example, deal with it) What if the founding fathers said "but can't we object to the tax on blah blah reasons? I don't want to lose the revenue... or that tea... it might make our lives difficult!" They stood up and said NO MORE! and that is what you better start doing before you become any more of a slave than you already are! And before you even start with the "but they were wealthy and became presidents and blah blah" you better read your history. Most of the signers of the declaration of independence lost their fortunes, homes, business, jobs, friends, and most of them lost family members. Sometimes you have to pay the price to stay free!

Re:Maybe they're right

[CAIMLAS]

What makes you think there has to be some sort of distinction between a company or coroporation, and a modern government?

What's the difference, really? A government is a corporation of a sort: there to make money and power while giving the perception (as much as possible) of viable services. If the shit hits the fan on a global or national scale, there will be many corporations with resources which the government doesn't have. Really, the main distinction is that the government has guns - and there are many corporations which have quite a few of those.

Re:Why?

[njyoder]

In other words, a more casual thief who knows little to nothing about RFID. He has to know how to clone it and your average thieve doesn't know how to do that. I love it when so-called "security experts" overlook the obvious because they think that security risk asessment means assuming that they must assume all of their attackers are very sophisticated.

Of course, being ignorant of RFID, you also didn't know that there are cryptographic forms of RFID. These don't transmit the same number every time they're pinged. So, of course, you have no idea what you're talking about. Using non-off-the-shelf and/or expensive technology which takes a great degree of sophistication to develop, you can crack after many hours of computation.

But hey, you're the security expert, this is probably all trivial with the latest RFID cracking and cloning devices you can buy at Wal-Mart.

Now the real question is, does VeriChip use cryptography? I know the answer, but it's clear you didn't even bother to check before making your generalizations.

Liability? What if the thing has side effects?

[Anonymous Coward]

I sure hope this compnay has talked to its lawyers. What if the things gives you bad unknown side effects, either physiological or psycological? I almost hope the two people who have had the implants fall seriously ill.

What if the side effects show up years after you have left the company's employ?

Shaheed

Comment removed

[account_deleted]

Comment removed based on user account deletion

Interresting Question

[aepervius]

I went to their web site and many time they repeat the word "secure". Now granted this could be marketing bunk destined to pointy haired boss, but a passive RFID tag without private key cannot be qualified as secure even remotely. So I will stand on a leg and state that the GP is wrong and the Parent post is right, you cannot so easily copy the tag.
Veri Chip [verichipcorp.com]
Veri Guard Brochure [verichipcorp.com]


What is quite frightening is that they purport on site tracking up to 15 foot (5 meter!). This is WAAAY beyond the distance the RFID-CHip-are-ok-sleep-safely-it-won't-be-abused-p eople purport is short. For me 1 foot is short. With 5 meters/15 feet readability, then you can REALLY immagine implementing a reader everywhere and fully track a population (in a firm/company/city/country).

VERY FISHY

[Anonymous Coward]

i saw some user comments about this same issue on another site...he brings up great points:

Did anyone read the source material? The only evidence comes from a press release of SpyChips.com, an anti-RFID group. Their source? A network administrator at CityWatcher.com. Not exactly stellar reporting, i.e. confirmation of sources. Pay close attention to the list of recommended books at the end of the press release. The last one is ?The Spychips Threat: Why Christians Should Resist RFID and Electronic Surveillance?. In other words, SpyChips.com is a front for people who think RFID is the mark of the beast.

this makes perfect sense...a group of paranoid radicals fabricating some story about a surveillence company (citywatch.com) to get thousands of people angry enough to shut them down for something they didn't do

Re:Frog in boiling water

[Eminence]

BTW, this gradual change did start with the need to prove someone's identity - with the advent of transportation people venturing outside their village needed to be identified by people other than their family and neighbors. This is the reason for paper documents which now more and more take the shape of a plastic card.

It seems that a reliable method of establishing someone's identity is indeed necessary for a modern society to function. The problem is how to achieve this goal while limiting the probability of all the Orwellian scenarios occurring. So far on sites like /. I've heard mostly outcry for RFID chips, which is understandable, outcry about biometrics (like the mass-fingerprinting of everyone crossing the US border), which is understandable and all other kinds of outcry but no proposals of solutions.

I would argue that the real question here is not this or that technical solution but the ethics of those operating them, not the tools but the hand that holds them. The most horrible totalitarian regimes were built without any RFIDs or nothing we consider today advanced technology. True, the more advanced the technology the more damage can be done with them - that's why we should worry more whether as civilization we are becoming more ethically mature with time at least as fast as we are more technologically capable.

Re:Spell Check?

[Anonymous Coward]

Huh?

I would LOVE to see you back up some of your claims: Employees considered less valuable than office fixtures? Pay below national average? Flexible time a foreign concept? Most employers resenting the emancipation proclaimation???

How this got marked Interesting is beyond me! Having worked as both an employer and an empolyee in Cincinnati, I find this total garbage. Pay below the national average? Let's see, I had job offers in Cincinnati and in Silicon Valley for tech jobs, and EVERY Cincinnati offer beat EVERY California offer by a wide margin, despite the cost of living being a fraction in Cincinnati. Pay worked out to be approximately 40% more in Cincinnati, when factoring in the cost of living.

And employers resenting the emancipation proclaimation???? Let's see... Cincinnati is in a NORTHERN state (duh, Ohio borders Canada), which was known as the slave freedom capital of the US. In fact, Cincinnati has the *Nation's* Museum dedicated to freeing the slaves (funded in great part by the PEOPLE of Cincinnati).

Bengals were 11-5. So Cincinnati Employers must be racists? huh??? How you can extend sports results to a general statement about the city's employers (notably P&G, GE Aircraft Engines, Cintas, Kroger, Federated) is beyond me!

Perhaps you'd see things differently if you removed your head from your arse.

Maybe not such a milestone

[jc42]

Is this the first time civilians have been required to do thing type of thing?

This may not be exactly the same thing, but it's somewhat of a precedent: A few years ago, after a mammogram, my wife had a biopsy to check out something "suspicious". It turned out to be nothing important, though.

Some time later, she had another x-ray at a different place, and she saw that the image had a visible object at the site of the biopsy. She was told that it was a small piece of plastic left behind during the biopsy procedure, and that this was a fairly common thing. Sort of a "We were here" tag.

Whether it's an RFID chip we don't know. But at least some medical people are already implanting small "innocuous" things without mentioning it to the patient. And there have been stories of medical uses of RFID chips to help avoid the common problem of misidentifying a patient.

It's easy to put such things together. If you've had any "penetrative" medical work done in the past few years, there's a good chance that you're carrying an RFID chip now.

Re:From TFA

[tomhudson]

A VHS tape is 7.375 inches long x 4.0625 inches wide x 1 inch thick. Each tape can hold up to 36 hours of footage on a special security time-lapse VCR. Let's be conservative and say that you'll run the cameras into a quad split, enabling you to record four cameras per tape. That means you need two tapes to store 36 hours of footage from eight cameras.

Sorry, but most of the images from those tapes run through time-lapse vcrs don't stand up in court. Heck, they aren't even useful enough to identify the SEX of the person in many cases, the image quality is so poor. They're the absolute crap. Poor resolution, and no audio, and even with image enhancement you can't tell squat. Running the cameras on quad split, as yu call it, is worse - the image resolution is only 160x120. Time-lapse that, and you're REALLY screwed.

I know because I spent 2 years developing a replacement for them to be marketed locally - DVRs that record up to 64 channels of live audio and video at up to 30 fps. And those give you pictures, unenhanced, that the cops CAN use. I was at a customers' on Friday - someone had stolen a mirror from a car in the parking lot. So, thanks to continuous (not time-lapse) coverage, he had the thiefs face, his cars make and model and color (a lot of those time-lapses are monochrome), etc. So, hit the print button and there's your guy. MUCH better.

Even in 2-hour mode, with no time-lapse, a VCR isn't going to give you the same 705x480 recording from 1 camera, never mind 8, 16, 32, or 64, and it won't be nearly as searchable.

So, to do something remotely equivalent to a DVR for 8 camersa would require 12 tapes per day x 8 (1 per camera) x 30 days per month - in just 1 month you will have gone through 288 tapes. Now, instead of 8 cameras, make it 64. 2,304 tapes per month, plus you have to manually load, unload, label, log, and manually walk them to storage. If it takes 2 minutes to do each one, this will require 2 people, 24 hours a day (because 1 person, at 2 minutes per, would need a minimum of 128 minutes an hour, not counting pee and lunch breaks). The tapes can't be the dollar-store variety either, so even at $2/tape, your tape budget alone is $4,608, plus the cost of 2 employees x 3 shifts x 7 days ... even at minimum wage, they would be more expensive than just buying a couple of terrabyes of cheap raid (6 x 300 gig == 1 month storage for 64 cameras at 25 fps, for under a grand.)

Plus, you can't just stack these tapes one on top of the other to the ceiling - you have to shelve them. That takes space, and climate control. 1 year's worth of tapes (27,648 tapes) takes up a LOT of room, compared to 72 hard disks, that can all fit in a single fireproof storage cabinet.

And if you want to be doubly secure, you can mirror the hd offsite every day and still be well within your budget. A days recordings fit in your pocket on a single hd, or you can even send them over the net in real time for critical stuff. Try doing that with tape.

Re:From TFA

[anthony_dipierro]

And anyone who requires access to the datacenter to do their job, such as operators and sysadmins, cannot DO their job unless they get the implant. And if they cannot do the job, how are they expected to maintain employment?

I'm sure the company has other jobs which the people are qualified for and do not involve access to the datacenter. Only two employees got the chip, so surely there are available job positions which don't involve getting chipped.

I suppose the official reason for termination would be "uncooperative attitude." Certainly not "he refused to get chipped." Or maybe the company will concentrate on ways to make the employee so miserable, he just quits. Problem solved.

I doubt it. In either of those two situations the company would likely be responsible for paying unemployment compensation and/or severance pay. It seems like a much better solution for the company to just give the person an alternative job.

Sure, the person might wind up getting passed over for the next promotion, but if the company is smart that's about the extent of it.

Re:From TFA

[pushf popf]

I suppose the official reason for termination would be "uncooperative attitude." Certainly not "he refused to get chipped." Or maybe the company will concentrate on ways to make the employee so miserable, he just quits. Problem solved.

When I was young and dumb, I was forced out of a job in exactly that way (made me so miserable, I quit). It turns out that's very common in some companies and keeps their unemployment insurance rates low.

Later on, I learned that it was also illegal (at least here), although by that time I had lost interest in doing anything about it.

I would also expect that being microchipped would have the Chritians up in arms over "The Mark of the Beast" (can't blame them on this one), and Jews (and possibly others) have a prohibition on body modification.

I'm pretty much astonsished that anybody would actually require this, and given the bizzareness of the requirement, would be more likely to suspect that this is a troll