Follow by email

Wednesday, July 26, 2017

Employee implants



In 1985, Dr. Hannis Stoddard invented an injectable microchip based pet recovery system. In the last decade Hollywood picked up on the theme by injecting humans with microchips. Who knows what goes on in the secret world of the military and espionage? This week a Wisconsin company made the news when it announced that employees had been offered microchip implants to use as a method for building access and food purchases. This is something that’s happening and is going to change the workplace.

What are Microchips?

Microchips are rice-sized radio frequency identification devices that use passive Near Field Communication (NFC) technology to transmit data when held a few inches away from readers. Passive meaning that the microchips hold data that the reader recognizes but the devices cannot receive data. The devices were popularized in the 1990’s for recovery use in pets, being injected under the skin in the neck/shoulder area.

The technology was tested for office uses in 1998 when British scientist Kevin Warwick experimented with microchip implants to open doors, and switch on lights. The technology has been experimented with since that time for commercial and medical uses with little success or popularity.

In January 2015, the Swedish company Epicenter began offering voluntary implants to its employees. The chips are used as a replacement for magnetic key cards to access secure areas and for use as payment in company stores. For human use in this manner, the microchip is inserted in the fleshy area between the thumb and forefinger. Three Square Market, a Wisconsin technology company, have partnered with the same Swedish company who conducted the inserts for Epicenter and plans on using the technology in the same manner.  This is the first time the technology has been used in a broad setting tagging workers.

Microchipping issues

All new technology brings concerns of privacy and security, which begets legal debate and regulation. In this instance the technology also raises religious concerns.

According the National Conference of State Legislatures, nineteen states have some law referencing microchipping. Five of those states (California, Missouri, North Dakota, Oklahoma, Wisconsin) have specific laws prohibiting the mandatory implantation of microchips. Some states currently use tag/bracelet based RFID technology to track prisoners. After some recent high profile escapes there has been legislative debate to use tracking implants on prisoners.

Mark Gasson is a British scientist who is a proponent of enhancing humans through the use of implanted technology. In 2009, Gasson inserted a microchip into his own hand and went on to demonstrate that not only could the device be hacked but could receive a computer virus. This and other experiments raise security concerns. Implanted microchips have the potential to store personal and health data. As with any data storage device, the implants would have to be protected against hacking.

Wearable technology is not new to the workplace. Watch like and other devices are used to track employees throughout their day. The November 2016 post, Employee monitoring, gave an overview of wearable tech in the workplace. The concerns raised were legality of employer access to health data as well as monitoring outside of the workplace. With implanted devices the concerns are the same except in this instance the employee cannot be separated from the monitoring device.

Another issue is of a religious concern. Christians believing that this type of technology is another step closer to the writings in the book of Revelation. The EEOC has ruled in favor of Christian employees in past cases where a company has implemented fingerprint scanning.

The few people I've spoken to have said no way. The Swedish company, Epicenter, has parties celebrating an employee's decision to be implanted. The Wisconsin company, Three Square Market, already has fifty employees agreeing to the implants.

Employers considering this or any type of employee tracking devices should do considerable research. Definitely work with an attorney to develop policies and updates to employee handbooks.
Technology is ever changing our world. Whenever any new piece of technology or approach to employee monitoring is introduced there will be legal issues. How the devices are deployed, what they are used for, how data is collected and stored, and what the data is used for will all present legal challenges.

George Orwell is probably very happy.

Read other posts regarding employee monitoring and privacy. Please feel free to share and like.
Employee monitoring November 2016

Tuesday, July 18, 2017

Frequently Asked Questions



During my time providing investigative services to businesses the same questions regarding pre employment screenings and background checks were repeatedly asked. To address those questions, we developed a list of frequently asked questions, which are shared below. I hope this will help answer questions you may have and guide you through the hiring process.

·      What are an employer’s legal obligations?
  • Fair Credit Reporting Act (FCRA). As of October 1, 1997 the FCRA requires that all employers who request background checks for pre employment screening purposes have a written consent from the applicant. 
  • Civil Rights Act of 1964, Title VII. Employers cannot reject or fire qualified individuals who have criminal records when the criminal history has no bearing on the individual’s fitness or ability to perform the job.
  •  Equal Employment Opportunity Commission (EEOC. The EEOC is clear in its position on employers’ use of criminal background checks for employee hiring and retention: “Using such records as an absolute measure to prevent an individual from being hired could limit the employment opportunities of some protected groups and thus cannot be used in this way.”
  • National Labor Relations Act (NLRA) was enacted in 1935. The Act allows for the National labor Relations Board to enforce laws that give employees the right to act together for improved pay and working conditions, even if they are not part of a union. 
·      What is a “National” record check?
  • We were always asked to conduct national criminal record checks. This request is difficult to explain because most people’s perception of the criminal justice system is marred by television. Simply put, there is no “national” database that houses criminal records. Records of arrests and adjudications are kept at the local courthouses and county jurisdictions. Conducting a non-law enforcement national background check would be better said as a “nationwide” check. To obtain a thorough picture of a person’s criminal past, all levels of government entities maintaining criminal records should be searched. Read our post "National" record checks, which further explains the subject.
If there is no national database, how do you get the most detailed information?
  • Look for companies that search both public and commercial databases within the Federal, State, and County jurisdictions. Analyzing the information to ensure the utmost accuracy for your screenings.

·      What is “Ban the box”?
  • Ban the box is national grassroots movement to remove the question, “Have you ever been convicted of a crime” from employment applications. Many State and local jurisdictions have passed laws removing the question from government employment applications.

·      What is Bright line hiring?
  •  “Bright line” is a clearly defined rule or standard, generally used in law, composed of objective factors, which leaves little or no room for varying interpretation. The purpose of a bright-line rule is to produce predictable and consistent results in its application. 
  • A Bright line hiring example would be to not hire someone with a criminal record. Bright line hiring practices are dangerous for any business, as you may have violated the Civil Rights Act of 1964 or EEOC guidelines.
·      Can expunged records be located?
  • Sometimes. The legal term “expunged” has different definitions in different states. Some allow for the records to be sealed and treat the case as it never happened. Some change the conviction to “dismissed”, but the other details of the case are the same. In Maryland, it means to remove from public inspection. 
  • Although records are expunged, they are filed somewhere.  Third party vendors purchase data from government entities before records are expunged. They then resell that data. Although records get expunged, they remain active through third party vendors.
·      Why should I do pre employment checks?
  • Avoid the expense of making a bad hire. Bad hires can cost as much as three times the salary of the job in question
  •  Reduce liability: Putting current employees at risk by placing a violent person in the workplace.
  • Find those with a propensity for violence. Workplace violence has been found to make up 18% of all crime.
  •  Reduce of workplace accidents
  •  Reduce resume puffing. One-third of resumes have some degree of puffery
  •  Aid the applicant. During the process other names associated with the applicants’ social security number are regularly discovered. This information may help the applicant thwart identity theft.
·      Why can’t I just do checks myself?
  • You can and many do. The Internet is a very powerful tool. The questions are: Do you have time? Do you know where to look? Do you know how to decipher the information you do find? Are you sure you are looking at the correct person?
See our blog archive and topic categories for more on this topic.
FCRwhat? March 2015

Wednesday, July 5, 2017

Public Wi-Fi for dummies


Traveling and staying in a hotel I started to use the Internet via a Smartphone. I paused, thinking data usage might be tight so better use Wi-Fi. Logging into the hotel’s Wi-Fi I paused again, knowing better than to use unsecured public Wi-Fi. Thinking I was only checking the Internet for dining options, it was safe to use pubic Wi-Fi for that purpose. Then the browser failed to load, with a warning that the server was an unsecure network. Thank you Google or Apple or whomever installed a safety feature to moderate our temptations. The tricky thought occurred to turnoff the Wi-Fi, log into the account and then switch on the Wi-Fi. After some research it was revealed that this technique would still leave you vulnerable. After switching the connectivity your phone (the app or website) would renegotiate the connection, although seamless to the user, your login information would still be exchanged and visible.

Decided to look into the pitfalls and dangers of public Wi-Fi. A simple search returned many articles on public Wi-Fi risks. Lots of experts explaining how easy it is compromise networks and for unsuspecting users to fall victim. Smartphones, tablets, and laptops have become appendages to our busy Internet connected lifestyles. Data usage has become the new “minutes” and consumers are looking for ways to save on usage and ultimately money. Public Wi-Fi is a common way to cut back on data usage. However, there is risk to online security.

Risks

Norton reported in 2013 that 68% of people using public Wi-Fi were victims of cyber crime. The Norton Cyber Security Insights Report announced that in 2015 21% of Americans had their email hacked and 12% had their financial data stolen after shopping online. Millennials are a growing victim demographic with 40% falling prey to cyber crime in 2015. Although one of the more tech savvy age groups, Millennials are more open to sharing logons and passwords that compromise their online security.

When you leave the house you are still connected. Whether you login to your accounts via the cellular network or Wi-Fi, nothing is 100% secure. While 4G cellular networks are encrypted and are far, far better than an unsecured public Wi-Fi connection, there have been incidents of cellular networks being hacked. Although the effort is usually much greater than most cyber criminals are willing to make. Public Wi-Fi is a much easier target. Both due to security weaknesses and the plethora of devices being used on those networks.

Breaches

Most public Wi-Fi breaches are through man-in-the-middle attacks. Hackers place themselves either between two victims or between the user and the app and eavesdrop on the transmissions being sent back and forth. It is important when using apps and websites in public to ensure you are logging into the correct site or app as hackers can spoof those and trick users to logging into the hacker’s site.

Just because you need a password to login to public Wi-Fi doesn’t mean it is secure. It just means that there is an authentication step before you can access the router.  Additionally, the person setting up the Wi-Fi may not have installed all the available security features.  The hacker may be logging into the same network as you, giving them access to your transmissions.

When you are browsing, HTTPS is usually a good thing to look for. It means the data transfer between your device and the website is secure-on their end. There is still a possibility that you were hacked on your end. It’s like having a phone conversation but you have your phone on speaker.
The most secure networks offer end-to-end encryption. Financial apps usually are encrypted. Most big name apps/browsers/email/social media are probably secure from man in the middle attacks as the data being exchanged is encrypted, the session can be viewed but not the data. However, we’ve all read about the big guys getting hacked. Better safe than sorry later.

Reduce your risk

Some simple rules to live by while using your mobile devices in public.
When using any network that is not your own, consider it unsecure.
Never use public Wi-Fi to login to anything that requires a password. After using any network that is not your own it is wise to change passwords.
When you do use hotel or public Wi-Fi, make sure you are, in fact, connecting to the hotel's Wi-Fi and not hacker’s site. Look-alike Wi-Fi signals use names similar the hotel or business.  If you’re not comfortable, ask before logging on.
Keep your device OS up to date.
Use COMMON SENSE.

Review our blog archive for other articles cyber security: