“The Internet Of People? Reflections on the Future Regulation of Human-Implantable Radio Frequency Identification” in Privacy, Identity, and Anonymity: Lessons from the Identity Trail, eds. Ian Kerr, Valerie Steeves and Carole Lucock (Oxford University Press, 2009)
In 2004, twenty-five global law students and I listened to the proprietor of the Baja Beach Club in Barcelona pitch the idea of getting implanted with an RFID tag to allow easy access to the VIP lounge of the club and to act as an easy payment system for booze at the bar. Would my students seriously consider getting chipped?
The technological possibility of an RFID-enabled internet of things looms on the horizon. Companies like Applied Digital Solutions Inc., makers of the VeriChip, have been working hard to ensure this. In this chapter I argue that our privacy laws are not equipped to protect us in this fast-approaching new infrastructure.
Part I offers a brief account of RFID technologies. I define and explain the purpose and use of RFID tags. After describing various RFID applications, I suggest that if RFID becomes a mainstream technology, it could be truly transformative, enabling “the internet of things.” I then offer a brief overview of RFIDs in the realm of health care. This overview provides an example of the issues that can arise regarding the regulation of the many functions of human-implantable RFIDs.
In Part II I provide a brief explication of existing regulatory environment for RFID. I review existing laws applicable to RFID such as regulations regarding such things as (a) communications, (b) electronic waste, (c) healthy and safety, and (d) privacy. The purpose of this section is to set the stage for Part III, where I set out my belief that current approaches are too narrow and will fall short in protecting our privacy and autonomy interests if implantable RFID becomes part of the infrastructure of the so-called Internet of things.
In order to grasp the potential shortcomings of our current regulatory environment, in Part IV I aim to show that human-implantable RFIDs are just one of the many implantable devices being developed as part of a growing trend to merge human bodies with machine parts. In Part V, I conclude the chapter by suggesting that, rather than giving up core principles and values just because they are in tension with RFID and other emerging technologies, we must (i) rethink the appropriate application of these principles, and (ii) determine whether there is sufficient justification for moving forward with human-implantable RFID, ubiquitous computing, and the internet of things.