On average, every adult has at least 27 discrete passwords or access codes they need to log on to their computer, open a door, make an online purchase or watch a movie. For security purposes, we are often prompted to change those passwords and make them even more complicated or obscure. While making them more difficult for others to intercept, those passwords often become jumbled.
Gone are the days when you could use your birthday, social security number or “password” as your password. Storing all of your passwords on your computer or smartphone is no longer recommended. To assuage this issue, a Swedish company is experimenting with inserting microchips in employees to relieve the need for PINs, passcodes and cards. This announcement has sent shockwaves through workplaces around the world, as many fear this may become commonplace in the near future.
In recent years, employers have tried a number of methods to permit employees access to the workplace, computer systems, office equipment and timekeeping systems. Those innovations have met with mixed reviews. Many employees are reluctant to provide fingerprints fearing they could be used by the government to track them and by hackers to steal their identity. Likewise, retinal scans have caused some employees to recoil because of the intimacy or inconvenience of the exercise (one employee said it felt like he was either a secret agent or a creep looking through a peep hole).
Biometrics on timeclocks was popular until they collided with cold and flu season. We have all been frustrated by a lost pass card, key or fob. Who hasn’t had a panicked moment trying to get into a secure parking garage, office or restroom when a PIN or passcode is forgotten?
But are we ready to have a chip implanted in us to avoid delay or other inconveniences?
The Swedish Solution
A Swedish technology complex, housing as many as 100 companies and aptly named Epicenter, is at the forefront of this innovation. Employees of resident companies were introduced to the concept as a part of the unveiling of their new offices. The complex’s chief development officer took the first step into this brave new world by having the microchip, which is the size of a grain of rice, implanted in his hand, between his thumb and index finger. This was done live, onstage, at the opening ceremony for the new building. Apparently a group photo of executives in hardhats with shovels or smashing a bottle on the bow of a ship or simply cutting a ribbon isn’t flashy enough.
The publicized benefits of the microchip are access to doors, photocopiers and cafe purchases. Yes, with just a wave of the hand like a simple greeting in the hallway or mystical wave of a wand, doors open, equipment is accessed and Twinkies are within your reach.
But what if you are just waving to a co-worker or guest and you don’t need access to the copier, restroom or snack machine, and the gesture opens a portal? Would that cause the workplace to be less cordial with employees keeping their arms by their sides, hands in pockets and exchanging only grunts as they pass by for fear of triggering an unintended mechanical response?
Some employees at the Epicenter complex welcomed the convenience and the innovation of the chip. Surprisingly, those were a few older employees. Perhaps they simply couldn’t remember their passwords and thought why fight the change. A few said that with smartphones and wearables, like Fitbits or the Apple Watch, we are already using available technology to do everything from accessing the gym, paying tolls or buying a non-fat latte. Others objected to the optional chipping as an invasion of privacy, not only of the person’s hand but because of the potential tracking of the employee by the company and others.
And that is the obvious elephant in the room (or should I just say Big Brother), employee privacy concerns. The implanting of a device in an employee’s body not only causes many to recoil from the thought of a needle or scalpel and invokes images from futuristic horror movies or orthodox religious warnings about body modification.
It also raises legitimate and reasonable concerns about the information this technology can obtain and reveal about the host. Federal and state privacy laws haven’t caught up with technology, at least not RFID (radio frequency identification). RFID technology is often referred to as next-generation bar code (though its been around since the 80s). A simple RFID tag consists of a microchip and antenna that, when stimulated by a remote reader, sends information via radio waves.
The use of RFID has raised privacy concerns in some states, particularly with regard to linking personal information with RFID tags. While many states have proposed legislation or adopted laws dealing with electronic surveillance or monitoring, and some have studied concerns about misused RFID commercial applications, only a few states have addressed the potential for using RFID at work. Missouri is the only state to ban the use of RFID, and specifically, devices implanted in employees.
Scant NH Law
The NH legislature has looked at this issue but so far only passed one law dealing with the protection of student privacy. There are state laws that deal with RFID chips in drivers licenses and other devices, as well as GPS and other technology used to track equipment and criminal offenders, but there are generally no laws that prohibit inserting microchips in employees, assuming the employee volunteers or consents to the bodily intrusion. It is only a matter of time before those bills are introduced.
The privacy concerns raised come from the possibility of tracking individuals’ health and wellness, monitoring their location and their productivity. Some state and federal laws address gathering and using, or misusing, that information.
• The Americans with Disabilities Act and state disability discrimination laws, which include requirements to keep an employee’s medical record confidential and prohibit discrimination based on physical or mental impairments;
• The Genetic Information Notification Act, which protects employees from discrimination based on family genetic information;
• The National Labor Relations Act, which prohibits spying or monitoring the activities of employees who may be engaged in union organizing or other protected activities;
• The Fair Labor Standards Act and state wage laws, which require the payment of wages for all work activity for the benefit of the employer, no matter how productive.
There are also data breach laws that require those who collect and maintain data to protect it from unauthorized disclosure and to notify affected individuals when their data may have been accessed by others.
While there are common law privacy rights that protect employees where they have a reasonable expectation of privacy, it is hard to argue privacy rights in cases where an employee consents to monitoring unless the employer has exceeded its authority. Again, state legislatures haven’t caught up yet. It’s just a matter of time.
For now employers are free to suggest and employees are free to accept or reject the implanting of microchips in their bodies. One recommendation: if your employer gives you the option of having a microchip surgically tucked under your skin to gain access to your workplace, you should balance that convenience against your employer, and potentially others, knowing all about you, where you are, what you do and other details you might not otherwise share.
Somehow remembering your mother’s maiden name, the make of your first car, the name of your childhood family pet and other access code prompts or reminders are not so bothersome.
In short, yes, the end is nigh. You may want to update your workplace policies to also deal with self-aware robots, zombies and flying monkeys. And look busy.
Attorney Jim Reidy is the chair of the Labor and Employment group and Sheehan Phinney in Manchester and a frequent contributor on workplace legal issues. He can be reached at 603-627-8217 or firstname.lastname@example.org.