Wisconsin-based Three Square Market made headlines this week when it announced that it would soon inject RFID microchips into more than half of its employees. The company says the implants, which are voluntary, will allow workers to open locked doors and pay for snacks and meals in its cafeteria similar to traditional security cards.
And Three Square Market, which builds automated kiosks for snacks and meals, isn’t the only organization interested in the technology.
“You won’t believe the number of companies who reached out to us in the last two days, asking how it’s going and how to offer this to their employees,” Three Square Market vice president of international development Tony Danna told Yahoo Finance.
But having an employer implant chips into its employees naturally raises privacy and security concerns, and may not exactly be as convenient as it seems.
A tracker you can’t leave behind
Imagine you’re running late for work. You slip in the side door to avoid your boss and quietly slide into your seat. But no matter how smooth you think you were, your boss already knows you were late. That’s because the RFID chip in your hand registered the time you got into the office. And now your boss is breathing down your neck about your deadlines.
Sure, you could say the same thing about standard office security cards, but there’s a difference between a chip card that narcs on you for being late, and your own hand selling you out.
Such implants could also tell your boss how much time you spend in the cafeteria, bathroom or how often you go to other parts of your office. Again, all of this can be tracked using an ID card, too. But you always have the option of putting down a card. Implantable chips are literally a part of you.
It’s important to note that Three Square Market isn’t collecting any data from its employees, and workers who volunteer for the implants will decide what information they want associated with their chips.
RFID isn’t GPS
To be clear, RFID chips, which are similar to chips implanted in pets to find them when they’re lost, aren’t the same as GPS chips. RFID chips need to be swiped or held close to a receiver to do things like let you unlock doors. When you unlock the door, your company can see where you’ve been in your office. GPS chips, on the other hand, can track you anywhere a GPS signal is available, which is pretty much everywhere.
And Three Square Market’s Danna is adamant about his company’s dedication to not using its RFID chips to track its employees.
“It’s more of just a convenience standpoint,” he said.
What’s more, the vice president says company employees are willing to get the implants because the organization is made up of individuals who are “well educated on technology.”
But as Carnegie Mellon’s associate head of engineering and public policy, Lorrie Faith Cranor, explains, other companies may initially say they don’t plan on collecting chip data, but change that policy down the road.
“What am I going to do? Go have it removed from me if I don’t like it?” she asked rhetorically.
“It is also the sort of thing that has that kind of ick factor,” Cranor said. “I don’t know if I want to implant this, and I don’t know if I want my boss to have that ability to track me.”
If you do want to ditch your RFID chip, Danna explained, it’s similar to removing a splinter. You simply push on the implant and pull it out.
They’re secure, but not completely
The kind of RFID chips being embedded into Three Square Market’s employees use essentially the same technology as your smartphone or tab to pay credit card. They transfer encrypted signals to RFID readers to access your information. But like any kind of technology, RFID chips aren’t completely secure.
“I could see bad actors trying several techniques to attack the chip itself or the data that is transmitted to and from the chip,” explained McAfee’s chief consumer security evangelist Gary Davis.