Slashdot Mirror
RFID Injection Required for Datacenter Access
user24 writes "Security focus reports that RFID injections are now required for access to the datacenter of a Cincinnati company. From the article 'In the past, employees accessed the room with an RFID tag which hung from their keychains, however under the new regulations an implantable, glass encapsulated RFID tag from VeriChip must be injected into the bicep to gain access ... although the company does not require the microchips be implanted to maintain employment.'"
Is this the first time civilians have been required to do thing type of thing? I guess its no longer science fiction.
Mmmm-hmmm...
They won't require you to implant the chip to keep your job. But how long can you keep your job if you can't access the datacenter?
...Also, I didn't know Buggalo could fly.
If not, you're likely to be tracked not just by your employer but by anyone else with an RFID scanner. There really ought to be an activator button or device that needs to be pressed or broadcasting to make such a device safe for the implanted.
I would imagine it would be just like the article stated: They can't/won't force you, but if you refuse, you don't get acccess to the datacenter. Just like the Mark of the Beast "... no one may buy or sell except one who has the mark or name of the beast, or the number of his name."
This is why I keep pressing my employer to not adopt RFID badges, and keep either the magnetic swipes or move to 2D barcodes. I have an inherent distrust of anything wireless, which is why I still have cables running from my mouse and keyboard, refuse to use Bluetooth, and use wireless only when I have to and even then almost exclusively in Linux (though with WPA/WPA2 and a nice, long, random shared key, it's not so bad). My current record in a lab for cracking 128-bit WEP is about 14 minutes, start to finish.
Paranoid? Yeah, a bit. But then I've never had to worry much about someone intercepting my phone calls or passwords over the air.
On the main topic, if no one is going to be fired for refusing, but part of their job is working on equipment in the datacenter, what happens?
You can never go home again... but I guess you can shop there.
I wonder why the company doesn't use a biometric entry system that uses fingerprints or retinal scans for security? People are less likely to object to thumbprint scan than minor surgery. And it's probably more secure, given that RFID can be cloned.
It now has public attention
I don't think we can call this public attention. Seriously, if our attention actually mattered in changing any policy, don't you think Microsoft would have been extinct by now and that DRM and other things like [insert what Slashdot users think is evil here] would be under public scrutiny? The cliched Joe Sixpack will probably never hear of this; heck, I don't think Joe Sixpack knows what RFID is.
Altho, if you're in a right-to-work state, I can't see why they can't force this on workers. If you agree to it in a contract, well, you had your opportunity to decide against it.
IANAL, but "right-to-work" only means that a state's employment laws don't allow an employer to require that some/all employee's join the union. Even in a right-to-work state, a contract doesn't let an employer off the hook for unsafe working conditions.
Come test your mettle in the world of Alter Aeon!
It does not surprise me at all that this is in Cincinnati, which has a horrible anti-worker culture. Employees are considered far less valuable than office fixtures, pay is below the national average in all industries, and flexible time is a foreign concept. Most employers there resent the emancipation proclaimation. Without it, they wouldn't have to pay the drones at all. This attitude has even spilled over to the sports teams, who have lost a lot more often than they have won over the years due to skinflint ownership.
The Uncoveror: It's the real news.
OT but,
Since the book of Revelation is in the New Testament not the Old Testament, it doesn't make sense to think 666 is as a hebrew number. Instead, you should picture it as a roman numeral, in which case it is the roman equivalent if 54321 (500+100+50+10+5+1) or DCLXVI.
If you think about it, Satan wouldn't have any need to be subtle about it. People will know it matches up with Revelation. They simply won't care because they don't believe the prophecy in the first place --- and perhaps they'll be so hostile to the idea of God that they'll gladly take a mark that shows that hostility. There's no need at all for the meaning to be obfuscated.
I started to track some of this a few years ago. I lost a lot of the paper articles, but maintained a bunch of html links (many became dead links for one reason or another).
We have been monitored a long time and for many different reasons. The public is mostly ignorant, AS THEY SHOULD BE. Could someone explain to me why we would want everyone to know that our governments have monitoring in place? It isn't something that could ever openly be acknowledged. Kind of like not letting Germans know that enigma was broken during WWII (good thing we got ahold of one of the machines)
I am not much of a Conspiracy Theorist (at least now anyway). I realize that it is necessary for a global society in the state that we are in to monitor and track. There is extreme good that can come of it, and extreme evil.
But I digress. I don't think that this instance is a notable trend towards NWO. I am MORE CONCERNED about the recent mass hiring of IT by the FBI to help develop the centralized database tracking system as part of the new national ID program. Ok, NOW you can be worried.
Sorry, but I have to call bullshit on the barcode/666 thing. We'll let this article on Snopes take care of that.
Contrary to popular myth, no bar code includes the number 666. This belief arose because the number six is represented by a pattern similar to that of the guard bars used to mark the beginning, middle, and end of every bar code. Since the guard bars always appear three times in a given bar code, people who mistakenly read them as sixes claimed that the pattern 6-6-6 was embedded in every bar code. However, if you look closely at the '6' in a bar code, you will see that there is a wide white bar either to the left or the right of its pattern (depending upon where within the bar code the number is positioned), which is not the case with the guard bars.
Not only are the guard bars not used as digits, if they were they would not be proper 6's anyway. The whitespace in barcodes is not insignficant.
What makes you think there has to be some sort of distinction between a company or coroporation, and a modern government?
What's the difference, really? A government is a corporation of a sort: there to make money and power while giving the perception (as much as possible) of viable services. If the shit hits the fan on a global or national scale, there will be many corporations with resources which the government doesn't have. Really, the main distinction is that the government has guns - and there are many corporations which have quite a few of those.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
In other words, a more casual thief who knows little to nothing about RFID. He has to know how to clone it and your average thieve doesn't know how to do that. I love it when so-called "security experts" overlook the obvious because they think that security risk asessment means assuming that they must assume all of their attackers are very sophisticated.
Of course, being ignorant of RFID, you also didn't know that there are cryptographic forms of RFID. These don't transmit the same number every time they're pinged. So, of course, you have no idea what you're talking about. Using non-off-the-shelf and/or expensive technology which takes a great degree of sophistication to develop, you can crack after many hours of computation.
But hey, you're the security expert, this is probably all trivial with the latest RFID cracking and cloning devices you can buy at Wal-Mart.
Now the real question is, does VeriChip use cryptography? I know the answer, but it's clear you didn't even bother to check before making your generalizations.
If most of the employers in a town suck, you can do quite well by being the one place that doesn't. Grab the 20-percenters from every other IT outfit in town.
I did a bunch of interviews to pick out a developer for a customer of mine in Denver once. We weren't offering a whole lot of money, but just the fact that we were doing something moderately interesting attracted an amazing level of quality among the applicants I saw.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
I went to their web site and many time they repeat the word "secure". Now granted this could be marketing bunk destined to pointy haired boss, but a passive RFID tag without private key cannot be qualified as secure even remotely. So I will stand on a leg and state that the GP is wrong and the Parent post is right, you cannot so easily copy the tag.
p eople purport is short. For me 1 foot is short. With 5 meters/15 feet readability, then you can REALLY immagine implementing a reader everywhere and fully track a population (in a firm/company/city/country).
Veri Chip
Veri Guard Brochure
What is quite frightening is that they purport on site tracking up to 15 foot (5 meter!). This is WAAAY beyond the distance the RFID-CHip-are-ok-sleep-safely-it-won't-be-abused-
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
It seems that a reliable method of establishing someone's identity is indeed necessary for a modern society to function. The problem is how to achieve this goal while limiting the probability of all the Orwellian scenarios occurring. So far on sites like /. I've heard mostly outcry for RFID chips, which is understandable, outcry about biometrics (like the mass-fingerprinting of everyone crossing the US border), which is understandable and all other kinds of outcry but no proposals of solutions.
I would argue that the real question here is not this or that technical solution but the ethics of those operating them, not the tools but the hand that holds them. The most horrible totalitarian regimes were built without any RFIDs or nothing we consider today advanced technology. True, the more advanced the technology the more damage can be done with them - that's why we should worry more whether as civilization we are becoming more ethically mature with time at least as fast as we are more technologically capable.
Is this the first time civilians have been required to do thing type of thing?
This may not be exactly the same thing, but it's somewhat of a precedent: A few years ago, after a mammogram, my wife had a biopsy to check out something "suspicious". It turned out to be nothing important, though.
Some time later, she had another x-ray at a different place, and she saw that the image had a visible object at the site of the biopsy. She was told that it was a small piece of plastic left behind during the biopsy procedure, and that this was a fairly common thing. Sort of a "We were here" tag.
Whether it's an RFID chip we don't know. But at least some medical people are already implanting small "innocuous" things without mentioning it to the patient. And there have been stories of medical uses of RFID chips to help avoid the common problem of misidentifying a patient.
It's easy to put such things together. If you've had any "penetrative" medical work done in the past few years, there's a good chance that you're carrying an RFID chip now.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
I know because I spent 2 years developing a replacement for them to be marketed locally - DVRs that record up to 64 channels of live audio and video at up to 30 fps. And those give you pictures, unenhanced, that the cops CAN use. I was at a customers' on Friday - someone had stolen a mirror from a car in the parking lot. So, thanks to continuous (not time-lapse) coverage, he had the thiefs face, his cars make and model and color (a lot of those time-lapses are monochrome), etc. So, hit the print button and there's your guy. MUCH better.
Even in 2-hour mode, with no time-lapse, a VCR isn't going to give you the same 705x480 recording from 1 camera, never mind 8, 16, 32, or 64, and it won't be nearly as searchable.
So, to do something remotely equivalent to a DVR for 8 camersa would require 12 tapes per day x 8 (1 per camera) x 30 days per month - in just 1 month you will have gone through 288 tapes. Now, instead of 8 cameras, make it 64. 2,304 tapes per month, plus you have to manually load, unload, label, log, and manually walk them to storage. If it takes 2 minutes to do each one, this will require 2 people, 24 hours a day (because 1 person, at 2 minutes per, would need a minimum of 128 minutes an hour, not counting pee and lunch breaks). The tapes can't be the dollar-store variety either, so even at $2/tape, your tape budget alone is $4,608, plus the cost of 2 employees x 3 shifts x 7 days ... even at minimum wage, they would be more expensive than just buying a couple of terrabyes of cheap raid (6 x 300 gig == 1 month storage for 64 cameras at 25 fps, for under a grand.)
Plus, you can't just stack these tapes one on top of the other to the ceiling - you have to shelve them. That takes space, and climate control. 1 year's worth of tapes (27,648 tapes) takes up a LOT of room, compared to 72 hard disks, that can all fit in a single fireproof storage cabinet.
And if you want to be doubly secure, you can mirror the hd offsite every day and still be well within your budget. A days recordings fit in your pocket on a single hd, or you can even send them over the net in real time for critical stuff. Try doing that with tape.
And anyone who requires access to the datacenter to do their job, such as operators and sysadmins, cannot DO their job unless they get the implant. And if they cannot do the job, how are they expected to maintain employment?
I'm sure the company has other jobs which the people are qualified for and do not involve access to the datacenter. Only two employees got the chip, so surely there are available job positions which don't involve getting chipped.
I suppose the official reason for termination would be "uncooperative attitude." Certainly not "he refused to get chipped." Or maybe the company will concentrate on ways to make the employee so miserable, he just quits. Problem solved.
I doubt it. In either of those two situations the company would likely be responsible for paying unemployment compensation and/or severance pay. It seems like a much better solution for the company to just give the person an alternative job.
Sure, the person might wind up getting passed over for the next promotion, but if the company is smart that's about the extent of it.