Skip to main content
SpringerLink
Log in

Human-Implantable Microchips: Location-Awareness and the Dawn of an “Internet of Persons”

  • Chapter
  • First Online:
Privacy-Invading Technologies and Privacy by Design

Part of the book series: Information Technology and Law Series ((ITLS,volume 25))

Abstract

This chapter explains the technology behind human-implantable microchips (RFID/GPS implants), describes the social and privacy implications of the identification and tracking capabilities of human-implantable microchips and other location-based services; explains how human-implantable microchips can change the nature of the public space and the way we view our bodies; outlines the security gains of human-implantable microchips; describes the scope of the actual and potential deployment of human-implantable microchips; provides an overview of the statutory law, case law, administrative decisions and soft regulations in the US of special relevance to human-implantable microchips; evaluates the relevant deficiencies and dilemmas of the US legal framework in terms of safeguarding privacy and civil liberties, with regard to the potential deployment and use of human-implantable microchips; and proposes some policy-relevant recommendations on how to enhance the US legal framework and address the issues identified.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 89.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    LBS and applications allow users to benefit from services that make use of their accurate physical location accessible via, for example, cell phones, smartphones or mobile computing devices (MCDs), and include services to locate in real-time another person or to locate a place or object, such as the whereabouts of the nearest automated teller machine (ATM). Other types of LBS include emergency services, real-time traffic information, route information, and tourist information.

  2. 2.

    The legislation and regulations that apply to credit and debit cards, such as the Truth in Lending Act and Regulation E, will likely apply, while consumer privacy will be protected to the extent that it is protected under existing laws, such as the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act. See Willingham 2007.

  3. 3.

    While to some extent medical privacy issues are touched upon, it is not the central issue that is addressed.

  4. 4.

    In a broader way, to describe human-implantable technology, HIMs could also be referred to as “ICT implants”. see Weber 2005, European Group on Ethics in Science and New Technologies to the European Commission, Opinion No. 20, Adopted on 16/03/2005.

  5. 5.

    For research and analysis of the legal, social and ethical implications of the greater development, deployment and application of ICT Implants in general, see Gasson et al. 2012.

  6. 6.

    Westin 1967, p. 86.

  7. 7.

    For further information, see the Eurostat news release at: http://epp.eurostat.ec.europa.eu/cache/ITY_PUBLIC/4-19012010-BP/EN/4-19012010-BP-EN.PDF. Accessed 21 February 2014.

  8. 8.

    Other types of AIDC technology or AIT include: bar codes, QR Codes, optical character recognition and biometric technology.

  9. 9.

    US Department of Homeland Security 2006.

  10. 10.

    Floerkemeier et al. 2005, p. 3.

  11. 11.

    See Thevissen et al. 2006.

  12. 12.

    OECD Policy Guidance on Radio Frequency Identification 2008, pp. 33–34.

  13. 13.

    In 2009, VeriChip Corporation changed its name to PositiveID Corporation after completing its acquisition of Steel Vault Corporation. Note: throughout this book, however, the company that created the first FDA approved RFID implant will still be referred to as VeriChip, in order to avoid confusion.

  14. 14.

    But, VeriChip certainly did not invent the concept of HIMs. See, e.g., U.S. Patent. No. 4,706,689, Issued to Daniel Man on 17 November 1987, which describes a device designed to be implantable behind the ear of a human. The device transmits a signal intended to enable tracking of the implantee. The device operates continuously and is designed to be recharged through external contacts.

  15. 15.

    As outlined later on, VeriChip has also marketed the use of its RFID implants for purposes beyond merely providing medical information when needed.

  16. 16.

    In June of 2007, the American Medical Association (AMA) concluded that implantable “[r]adio frequency identification (RFID) devices may help to identify patients, thereby improving the safety and efficiency of patient care, and may be used to enable secure access to patient clinical information”. American Medical Association, CEJA Report 5-A-07, p. 4.

  17. 17.

    VeriChip and Microsoft have also entered into an agreement, whereby users of the VeriMed Health Link System will now be able to export their information to Microsoft’s HealthVault. See Bacheldor B. “Microsoft Partners With Implantable RFID Chip Maker VeriChip”, RFID Journal, 2 December 2008, available at: http://www.rfidjournal.com/article/articleview/4477/1/1/. Accessed 21 February 2014.

  18. 18.

    See http://www.positiveidcorp.com/products_glucochip.html. Accessed 21 February 2014.

  19. 19.

    See the US Government’s website on GPS, available at: http://www.gps.gov.

  20. 20.

    See Murph D. “Underground/indoor GPS repeater maintains your position” (Engadget, 21 February 2007), available at: http://www.engadget.com/2007/02/21/underground-indoor-gps-repeater-maintains-your-position/. Accessed 21 February 2014.

  21. 21.

    Morris et al. 2004.

  22. 22.

    See the Guide to Geographic Information Systems, available at: http://www.gis.com.

  23. 23.

    See Johnson B. “GPS system ‘close to breakdown'” (The Guardian, 19 May 2009), available at: http://www.guardian.co.uk/technology/2009/may/19/gps-close-to-breakdown. Accessed 21 February 2014.

  24. 24.

    See Hennigan W.J. “GPS is getting an $8-billion upgrade” (Los Angeles Times, 23 May 2010), available at: http://articles.latimes.com/2010/may/23/business/la-fi-gps-20100523. Accessed 21 February 2014.

  25. 25.

    See U.S. Patent No. 5,629,678, Issued 13 May 1997, describes an apparatus for tracking and recovering humans utilizing an implantable transceiver powered electromechanically through the movement of body muscle.

  26. 26.

    See U.S. Patent No. 6,754,472, titled “Method and apparatus for transmitting power and data using the human body”, Issued to Microsoft Corporation on 22 June 2004. (Similarly, Xega, a security firm in Mexico, has also started offering HIMs that apparently send radio signals to a special GPS device carried by the implantee, which can then be used to determine the location of that person if he or she were to be kidnapped).

  27. 27.

    However, VeriChip has indeed promoted their RFID implant for other purposes.

  28. 28.

    RFID: Radio Frequency IDentification: Applications and Implications for Consumers: A Workshop Report From the Staff of the FTC [hereinafter called “FTC staff report on RFID”], FTC, March 2005, p. 3. Moreover, RFID technology and its applications do not always present threats to privacy and personal data protection. Examples of non-threatening RFID applications may include document management, supply chain management and other Business-to-Business services.

  29. 29.

    There is a real possibility that RFID readers will be integrated into most new cell phones within a couple years. see Lomas N. “RFID could be in all cell phones by 2010” (ZDNet News, 25 June 2009); Nokia and Samsung have already unveiled RFID mobile phone readers, and there were rumours that iPhone (v.4) was going to include a built-in RFID reader. These rumors were substantiated by the fact that Apple has applied for a patent for a touch screen RFID tag reader. However, as of June 2010, this has yet to manifest and the iPhone v.4 and v.5 do not have an RFID reader. Perhaps, the reasons for the delay could be the uncertainties of manufacturers due to the privacy concerns, the lack of adequate standards and the various relevant legal deficiencies.

  30. 30.

    See AeroScout, available at: http://www.aeroscout.com.

  31. 31.

    Van Kranenburg 2008, p. 18.

  32. 32.

    See Ubisense, available at: http://www.ubisense.net.

  33. 33.

    See Swedberg C. “RFID Works for Big Brother” (RFID Journal, 7 January 2009), available at: http://www.rfidjournal.com/article/articleview/4534/1/1. Accessed 21 February 2014.; Savvas, A. “Celebrity Big Brother uses RFID technology to track housemates” (Computer Weekly, 6 January 2009), available at: http://www.computerweekly.com/Articles/2009/01/06/234068/celebrity-big-brother-uses-rfid-technology-to-track.htm.

  34. 34.

    See OECD Policy Guidance on Radio Frequency Identification 2008.

  35. 35.

    Ibid., p. 31.

  36. 36.

    See Fischer-Hübner and Hedbom 2008, p. 69.

  37. 37.

    Ibid.

  38. 38.

    OECD Policy Guidance on Radio Frequency Identification 2008, p. 53.

  39. 39.

    see VeriChip Corp.’s 10-K Annual Report for the fiscal year ended 31 December 2007, p. 16, available at: http://www.sec.gov/Archives/edgar/data/1347022/000136231008001657/c72788e10vk.htm. Accessed 21 February 2014.

  40. 40.

    ADS revealed at the ID World 2003 International Congress in Paris, France, the company’s subdermal RFID solution called VeriPay, which allows the implant to be used to make payments. See McCullagh D. “Chip implant gets cash under your skin” (CNET News, 25 November 2003), available at: http://news.cnet.com/2100-1041-5111637.html. Accessed 21 February 2014.

  41. 41.

    He causes all, both small and great, rich and poor, free and slave, to receive a mark on their right hand or on their foreheads, and that no one may buy or sell except one who has the mark or the name of the beast, or the number of his name”. (Revelation 13:16).

  42. 42.

    VISA and MasterCard have already developed and deployed contactless smartcards, which make use of RFID, such as MasterCard’s PayPass card. Other examples include Exxon Mobil’s SpeedPass. In an article, published by TIME Magazine in 1998, titled “The Big Bank Theory”, Joshua Cooper Ramo et al., proclaimed, “Your daughter can store the money any way she wants—on her laptop, on a debit card, even (in the not too distant future) on a chip implanted under her skin”. The question is will this prove true within the next ten years?

  43. 43.

    The location of traditional cell phones can also be determined or “triangulated”, albeit less accurately.

  44. 44.

    The discontinued Cityware project tracked mobile phone users at various locations to study patterns of how people move around cities. The participating users required a Facebook account and the Cityware application and needed to register the Bluetooth ID of their mobile phone. The researchers had set up nodes around the UK and in the US, which constantly scanned for Bluetooth-enabled devices in a given area, and then relayed information to servers, which compared the IDs of the devices with the enabled Facebook profiles. See “Bluetooth helps Facebook friends” (BBC News, 16 August 2007), available at: http://news.bbc.co.uk/2/hi/6949473.stm. Accessed 21 February 2014.

  45. 45.

    See FTC staff report on RFID, p. 14.

  46. 46.

    Testimony Before the Subcommittee on Commercial and Administrative Law, Committee on the Judiciary, House of Representatives, PRIVACY: Key Challenges Facing Federal Agencies, Statement of Linda D. Koontz, Director of Information Management Issues, 17 May 2006, GAO-06-777T, p. 16.

  47. 47.

    The “ePrivacy Directive” explicitly regulates ‘location data’, requiring that the use of non-anonymous location data is particularly restricted to the extent necessary to provide the value added service, and clarifies the scope of the required informed consent (Article 9), and the scope of use without informed consent.

  48. 48.

    Masters and Michael 2007.

  49. 49.

    Karim 2004, p. 495.

  50. 50.

    See Clifford S. “Advertisers Get a Trove of Clues in Smartphones” (The New York Times, 11 March 2009), available at: http://www.nytimes.com/2009/03/11/business/media/11target.html. Accessed 21 February 2014.

  51. 51.

    Article 29 Working Party, WP 115, Opinion on the use of location data with a view to providing value-added services, November 2005.

  52. 52.

    See Romero S. “Location Devices’ Use Rises, Prompting Privacy Concerns” (New York Times, 4 March 2001), available at: http://query.nytimes.com/gst/fullpage.html?res=9E04E1DC123BF937A35750C0A9679C8B63&sec=&spon=&pagewanted=print. Accessed 21 February 2014.

  53. 53.

    Michael et al. 2006.

  54. 54.

    The whereabouts of more than 100,000 mobile phone users were tracked in an attempt to build a comprehensive picture of human movements. See Fildes J. “Mobile phones expose human habits” (BBC News, 4 June 2008), available at: http://news.bbc.co.uk/2/hi/science/nature/7433128.stm. Accessed 21 February 2014.

  55. 55.

    See Ibid.

  56. 56.

    Solove 2004.

  57. 57.

    There is little consensus over the overall definition of the term “digital divide”, but it essentially refers to the growing gap between those who have access to ICT and those who do not or the difference between the “haves” and the “have-nots” of ICT (see Hilbert 2011, p. 5). Hilbert (2011) argues that the “[d]ifferences in definitions arise because scholars distinguish between (1) the kinds of Information and Communication Technology (ICT) in question; (2) the choice of subject; (3) diverse attributes of the chosen subjects; and (4) levels of adoption, going from plain access to effective usage with real impact”. Hilbert 2011, p. 2.

  58. 58.

    European Group on Ethics in Science and New Technologies to the European Commission, Opinion No. 20, Adopted on 16/03/2005.

  59. 59.

    Gutterman 1988, p. 706.

  60. 60.

    Dobson and Fisher 2003.

  61. 61.

    In linking mandatory RFID/GPS implants to a form of slavery, Herbert 2006 also argues that the Thirteenth Amendment of the US Constitution could serve as a basis of prohibiting any mandatory implantation.

  62. 62.

    See, e.g., O’Harrow 2005.

  63. 63.

    See the First International Conference on the IoT, Adjunct Proceedings, available at: http://www.iot2008.org/adjunctproceedings.pdf. Accessed 21 February 2014.

  64. 64.

    COM(2009) 278 final, Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, IoT—An action plan for Europe, p. 2.

  65. 65.

    EPCs, first developed by MIT’s AutoID Center, are basically standardized codes for RFID tags. If RFID tags indeed eventually replace bar codes completely, as RFID technology advances and becomes cheaper to reproduce, then, as generally purported, EPCs could one day replace Universal Product Codes (UPCs). see Grossman L. “New RFID Tag Could Mean the End of Bar Codes” (Wired Magazine, 26 March 2010), available at: http://www.wired.com/wiredscience/2010/03/rfid/. Accessed 21 February 2014.

  66. 66.

    The assigning of IP addresses to objects has called into question the feasibility or rationale of considering IP addresses as personal data.

  67. 67.

    For further explanation, see “Object Name Service (ONS), Version 1.0”, EPCglobal Ratified Specification, 4 October 2005, available at: http://www.gs1.org/gsmp/kc/epcglobal/ons/ons_1_0-standard-20051004.pdf. Accessed 21 February 2014.

  68. 68.

    An “Internet of Places” is “where information specific to places can be readily picked up by devices and users in specific locations”. See Cooper and James 2009.

  69. 69.

    OECD 2006, p. 18.

  70. 70.

    Sterling 2005.

  71. 71.

    For further explanation see National Research Council 2001.

  72. 72.

    Greenfield 2006.

  73. 73.

    Similar to “spimes”, “smart objects” are essentially objects that are location-aware, possess processing capabilities and are able to “communicate” with other objects.

  74. 74.

    Ackerman S. “CIA Chief: We’ll Spy on You Through Your Dishwasher” (Wired blogs, Danger Room, 15 March 2012), available at: http://www.wired.com/dangerroom/page/2/. Accessed 21 February 2014.

  75. 75.

    For instance, according to a survey in 2009 conducted by Eurostat, only 3 % of enterprises in the EU27 use RFID technology. See the Eurostat news release at: http://epp.eurostat.ec.europa.eu/cache/ITY_PUBLIC/4-19012010-BP/EN/4-19012010-BP-EN.PDF. Accessed 21 February 2014.

  76. 76.

    See a special report on managing information from The Economist, titled “Data, data everywhere”, February 2010.

  77. 77.

    See, for further discussion, Weber 2009.

  78. 78.

    Already, in Japan, some cattle reportedly have their own IPv6 addresses, enabling farmers to identify and track the cattle throughout the entire production lifecycle.

  79. 79.

    Van Kranenburg 2008, p. 18.

  80. 80.

    Vinton Cerf, often called “the father of the Internet”, was instrumental in the creation of email, the development of TC/IP technology and the founding of the Internet Corporation for Assigned Names and Numbers (ICANN), which he chaired for seven years. At present, Cerf is Google’s Chief Internet Evangelist.

  81. 81.

    Cerf V. “What Will Replace The Internet?” (TIME Magazine, 19 June, 2000), available at: http://www.time.com/time/magazine/article/0,9171,997263,00.html. (In the same article, Cerf gives the following example of the conception of Internet-enabled people. “The speech processor used today in cochlear implants for the hearing impaired could easily be connected to the Internet; listening to Internet radio could soon be a direct computer-to-brain experience!”).

  82. 82.

    Kindberg et al. 2001.

  83. 83.

    Gruber B. “First Wi-Fi Pacemaker in the US gives patient freedom” (Reuters, 10 August 2009), available at: http://www.reuters.com/article/idUSTRE5790AK20090810. Accessed 21 February 2014.

    Such a move is yet another example of the trend of increasing convergence of ICT and life sciences. See Weber 2005.

  84. 84.

    The human enhancement abilities include, for example, the ability of implantees to automatically open doors and to pay for items using their physical body.

  85. 85.

    “Transhumanism” refers to the potential future merger of man and machine—what Ray Kurzweil terms as “singularity” and which Kurzweil also describes as the era when essentially artificial intelligence is equal to that of human intelligence. The “transhumanism” movement aims to augment human capabilities. HIMs are merely just the beginning.

  86. 86.

    Foursquare, a location-based social application, already enables users to automatically integrate their location “check-ins” with their tweets on Twitter.

  87. 87.

    Royal Academy of Engineering 2007.

  88. 88.

    Sterling 2005.

  89. 89.

    Already, the “Astonishing Tribe”, a Swedish mobile software developer, has developed software, which runs on camera-equipped smartphones that can recognize a person’s face and then launch links to that person’s social networking websites on a smartphone/mobile device. The system integrates facial recognition, augmented reality and social networking. This development has been dubbed “augmented ID”. For more info, see http://www.tat.se. Accessed 21 February 2014.

  90. 90.

    See Sect. 7.7 of the book for an outline of the multitude of GPS tracking devices and PLDs (and corresponding services), which have recently hit the market and may serve as an alternative to GPS implants.

  91. 91.

    Personal locating services include, for example, OnStar’s “Family Link” service, which allows for vehicles equipped with OnStar to be tracked and authorized individuals to monitor the vehicle movements via the OnStar’s website.

  92. 92.

    For instance, Broadcom has began to market the 4752 microchip for smartphones that can pinpoint the phone’s location with ultimate precision, potentially within a few centimetres both outdoors and indoors, by receiving GPS, cell-phone and Wi-Fi signals and also input from gyroscopes, altimeters, etc. For further information, see Mims C. “A new microchip knows just where you are, indoors and out” (MIT: Technology Review, 9 April 2012), available at: http://www.technologyreview.com/communications/40075/?p1=A1. Accessed 21 February 2014.

  93. 93.

    See Honan M. “I Am Here: One Man's Experiment With the Location-Aware Lifestyle” (Wired Magazine, 19 January 2008), available at: http://www.wired.com/gadgets/wireless/magazine/17-02/lp_guineapig. Accessed 21 February 2014.

  94. 94.

    The Garmin-Asus’ Nüvifone G60, for instance, had also planned to put location-awareness as an integral part of its capabilities, whereby location information provided by GPS is integrated into everything, from emails, text messages and photos to social networking and even gaming.

  95. 95.

    see Joey Hess’ explanation, available at: http://kitenet.net/~joey/blog/entry/Palm_Pre_privacy/. Accessed 21 February 2014.

  96. 96.

    The security analyst Samy Kamkar recently discovered that one of Google’s HTC Android smartphone collected its location every few seconds and directly transmitted the location data, including a unique phone identifier, to Google several times an hour. see Angwin J, Valentino-Devries J. “Apple, Google Collect User Data” (Wall Street Journal, Technology, 22 April 2011).

  97. 97.

    See Honan M. “I Am Here: One Man's Experiment With the Location-Aware Lifestyle” (Wired Magazine, 19 January 2008), available at: http://www.wired.com/gadgets/wireless/magazine/17-02/lp_guineapig. Accessed 21 February 2014.

  98. 98.

    See Biba E. “Inside the GPS Revolution: 10 Applications That Make the Most of Location” (Wired Magazine, 19 January 2008), available at: http://www.wired.com/gadgets/wireless/magazine/17-02/lp_10coolapps?currentPage=3. Accessed 14 February 2014.

  99. 99.

    LifeAware not only tracked you via your smartphone, it also allows you to connect with other people running the application on their smartphones, showing you their current location. Loopt provided a service, whereby users can discover where their friends are located and even what they are doing via detailed, interactive maps on their smartphones. Highlig.ht and Ban.jo alert users when their (Facebook) friends are nearby. Sonar also determines if any friends (or friends of friends) are close by based on a user’s Facebook networks. Sniff lets users instantly locate their friends anywhere in real-time using their smartphone. Glancee even lets you know when other people with similar interests are nearby. WhosHere also enables users to locate people in real-time that match their profile anywhere in the world. Other LBS include Foursquare and the location-based social network websites Whrrl and BrightKite. Another smartphone application called Glympse enables users to broadcast where they are in real-time. GTX Corp. has developed an iPhone application called LOCiMe, which converts the smartphone into a 2-way GPS receiver, allowing users to locate their friends and transmit their location to others. Since the time of writing, some of these companies or applications have terminated, while numerous other digital services that use location data have been launched.

  100. 100.

    Sprint, available at: http://www.sprint.com.

  101. 101.

    see Karni A. “GPS Concerns Taxi Drivers” (New York Sun, 5 January 2007), available at: http://www.nysun.com/new-york/gps-concerns-taxi-drivers/46133/. Accessed 21 February 2014.

  102. 102.

    On the other hand, Frank Furedi argues that the fear of parents over their child being kidnapped is not justified by the figures and that this fear is mostly hyped by the media (Furedi 2006, p. 32). However, according to a 2002 report by the US Department of Justice, in 1999 there were an estimated 33,000 nonfamily child abductions and 115 child abductions of the stereotypical type in the US. See Sedlak et al. 2002.

  103. 103.

    However, nearly a third of all missing children have benign explanations and account for many of the reported cases to the police. See Sedlak et al. 2002, p. 6.

  104. 104.

    Solusat, the Mexican distributor of the VeriChip, is marketing the device as an emergency ID tag called VeriKid. See Scheeres J. “Tracking Junior With a Microchip” (Wired News, 10 October 2003), available at: http://www.wired.com/science/discoveries/news/2003/10/60771. Accessed 21 February 2014.

  105. 105.

    Perhaps, even a child wearing something which states, “I have an implant” could have the similar deterrent effect that signs placed in homes stating “Beware of Dog” or other home security warning stickers may have.

  106. 106.

    See Sedlak et al. 2002.

  107. 107.

    Ju A. “Researchers raise uncomfortable questions by showing how GPS navigation devices can be duped” (Cornell Chronicle, 19 September 2008), available at: http://www.news.cornell.edu/stories/Sept08/GPSSpoofing.aj.html. Accessed 21 February 2014.

  108. 108.

    See No Chip in Arm, No Shot From Gun” (Associated Press, 14 April 2004), available at: http://www.wired.com/science/discoveries/news/2004/04/63066. Accessed 21 February 2014.

  109. 109.

    Megan’s Law is the name given to the laws in the US requiring law enforcement authorities to make information available to the public regarding registered sex offenders. At the Federal level, the Sexual Offender (Jacob Wetterling) Act of 1994 requires convicted child sex offenders or pedophiles to notify local law enforcement agencies of any change of address after released from prison. This information is publicly available.

  110. 110.

    The 9/11 Commission Act of 2007 established the Homeland Security Department’s fusion center program.

  111. 111.

    See O’Harrow 2005.

  112. 112.

    See Weinberger S. “What is Woodward’s Secret Weapon in Iraq?” (Wired, 9 September 2008), available at: http://www.wired.com/dangerroom/2008/09/whats-the-milit. Accessed 21 February 2014.

  113. 113.

    US Department of Homeland Security, The Use of RFID for Human Identification: A Draft Report from DHS Emerging Applications and Technology Subcommittee to the Full Data Privacy and Integrity Advisory Committee, Version 1.0, p. 3. (Note: this precise statement was removed from the final adopted version of the report).

  114. 114.

    United States Government Accounting Office 2005, p. 19.

  115. 115.

    FTC staff report on RFID, p. 16.

  116. 116.

    See The Hacker’s Choice explanation, available at: http://freeworld.thc.org/thc-epassport. Accessed 21 February 2014.

  117. 117.

    Identity theft is already the most significant consumer complaint. For instance, during 2009, identity theft was by far the number 1 consumer complaint, accounting for 21 % of all consumer complaints in the US. See the 2009 Consumer Sentinel Network Data Book, FTC, February 2010.

  118. 118.

    Fulton N. “High-tech cloning” (Reuters, 22 July 2006), available at: http://blogs.reuters.com/blog/2006/07/22/high-tech-cloning/. Accessed 21 February 2014.

  119. 119.

    The act of “cloning” an RFID tag, also known as “spoofing”, is similar to the way credit cards can be copied, known as “skimming”, whereby an account number and other data needed to clone a credit card is covertly copied. But, RFID tags do not need to be physically taken to be copied.

  120. 120.

    See Jonathan Westhues’ website, available at: http://cq.cx/verichip.pl. Accessed 21 February 2014.

  121. 121.

    Ibid.

  122. 122.

    See Halamka et al. 2006.

  123. 123.

    See Leyden J. “Mythbusters RFID episode axed after ‘pressure’ from credit card firms”, The Register, 3 September 2008, available at: http://www.theregister.co.uk/2008/09/03/mythbusters_gagged/. Accessed 21 February 2014.

  124. 124.

    Bono et al. 2005.

  125. 125.

    Rieback et al. 2006.

  126. 126.

    See Palmer M. “Scientist ‘infects himself’ with computer virus”, (Financial Times, 26 May, 2010), available at: http://www.ft.com/cms/s/0/2e2f5ea4-68b5-11df-96f1-00144feab49a.html. Accessed 21 February 2014.

  127. 127.

    Equally, any software-controlled, wireless medical device could be vulnerable.

    see, e.g., Darlene S. “Feds pressed to protect wireless medical devices from hackers” (ComputerWorld, 11 April 2012), available at: http://blogs.computerworld.com/20015/feds_pressed_to_protect_wireless_medical_devices_from_hackers?source=rss_blogs. Accessed 21 February 2014. Former US Vice-President Dick Cheney equally voiced his fears about the security of the wireless function of his heart device, expressing that it could be potentially targeted by terrorists. Indeed, a very similar notion was part of the story for the popular TV-series ‘Homeland’. See “Dick Cheney On ‘60 Minutes’ Says He Feared Heart Device In Assassination Effort” (Associated Press, 18 October 2013).

  128. 128.

    Federal Register, Volume 69, Number 237, 10 December 2004, pp. 71702–71704.

  129. 129.

    See US Department of Homeland Security 2006.

  130. 130.

    See McLaughlin E.C, Oppmann P. “Sex offender kills teen while under GPS monitoring, police say” (CNN, 12 March 2009) available at: http://edition.cnn.com/2009/CRIME/03/12/sex.offender.gps/index.html. Accessed 21 February 2014.

  131. 131.

    Ibid.

  132. 132.

    See VeriChip Corp.’s 10-K Annual Report for the fiscal year ended 31 December 2007, p. 13.

  133. 133.

    See VeriChip Corp., Press Release, 22 February 2003, “VeriChip Corporation Partners with Alzheimer’s Community Care to Conduct Study of VeriMed Patient Identification System”.

  134. 134.

    See VeriChip Corp.’s 10-K Annual Report for the fiscal year ended 31 December 2007, p. 13.

  135. 135.

    See Kanellos M. “RFID chips used to track dead after Katrina” (CNET News, 16 September 2005), available at: http://www.news.com/RFID-chips-used-to-track-dead-after-Katrina/2100-11390_3-5869708.html?tag=nw.2. Accessed 21 February 2014. RFID implants were also implanted in the bodies of victims of the tsunami in Thailand. see Meyer et al. 2006.

  136. 136.

    See VeriChip Corp., Press Release, available at: http://www.businesswire.com/news/google/20070509005155/en. Accessed 21 February 2014.

  137. 137.

    See “US group implants electronic tags in workers” (Financial Times, 12 February 2006), available at: http://www.ft.com/cms/s/ec414700-9bf4-11da-8baa-0000779e2340.html. Accessed 21 February 2014.

  138. 138.

    See Amal Graafstra’s website, available at: http://amal.net/rfid.html. Accessed 21 February 2014.

  139. 139.

    Warwick 2002.

  140. 140.

    See Applied Digital Solutions Inc., Press Release, 13 May 2003, “Applied Digital Solutions Announces Working Prototype of Subdermal GPS Personal Location Device”.

  141. 141.

    See Applied Digital Solutions, Inc., Press Release, 15 December 1999, “APPLIED DIGITAL SOLUTIONS ACQUIRES RIGHTS TO WORLD’S FIRST DIGITAL DEVICE—IMPLANTABLE IN HUMANS—WITH APPLICATIONS IN E-BUSINESS TO BUSINESS SECURITY, HEALTH CARE AND CRIMINAL JUSTICE” (retrieved through Internet Archive’s Wayback Machine).

  142. 142.

    This information, nonetheless, can also be retrieved through the use of Internet Archive’s Wayback Machine. see, for instance, Digital Angel’s website dated July 11, 2000, available at: http://web.archive.org/web/20000711033923/.http://www.digitalangel.net/

  143. 143.

    See U.S. Patent Application No. 20090009388, filed by Carole A. Wangrud on 8 January 2009, which claims to be a system for monitoring and tracking the location of animals comprising of a GPS implant designed to be transplanted subcutaneously.

  144. 144.

    Ibid., para 0025.

  145. 145.

    See VeriChip Corp.’s 10-K Annual Report for the fiscal year ended 31 December 2007, pp. 34–35.

  146. 146.

    Sollenberger M. “Chipping People” (Social Technologies, 12 November 2007).

  147. 147.

    The SWAMI (Safeguards in a World of Ambient Intelligence) project aimed to provide an overview of the key social, legal and ethical implications of ambient intelligence and highlight the privacy threats.

  148. 148.

    Friedewald et al. 2006, p. 37.

  149. 149.

    See Trends & Technology Timeline 2010+, available at: http://nowandnext.com/PDF/trends_and_technology_timeline_2010.pdf. Accessed 21 February 2014.

  150. 150.

    See Haggerty K. “One generation is all they need” (The Star, 10 December 2006).

  151. 151.

    Ibid.

  152. 152.

    Ibid.

  153. 153.

    Grossman L. “Meet the Chipsons” (TIME Magazine, 11 March 2002), available at: http://www.time.com/time/magazine/article/0,9171,1001972-2,00.html. Accessed 21 February 2014.

  154. 154.

    Positive ID Corporation, Form 10-Q for the quarterly period ended September 30, 2009.

  155. 155.

    See a KENS 5 Eyewitness News broadcast video from 14 May 2007 available on YouTube, at: http://www.youtube.com/watch?v=Keo2TR1Zouw. Accessed 21 February 2014.

  156. 156.

    Talley T. “House rejects microchip implants for violent criminals” (Associated Press, 25 May 2007).

  157. 157.

    See Hunt et al. 2007, p. 81.

  158. 158.

    Cozzens T. “Implant Issues More than Skin Deep” (GPS World, 1 June 2006).

  159. 159.

    “Verichip Injects Itself Into Immigration Debate” (Spy Chips, 18 May 2006), available at: http://www.spychips.com/press-releases/verichip-immigration.html. Accessed 21 February 2014.

  160. 160.

    See Francis D, Myers B. “Company trying to get under soldiers’ skin” (The Examiner, 21 August 2006).

  161. 161.

    Precision Dynamics Corp., Press Release, 20 May 2003, available at: http://www.pdcorp.com.

  162. 162.

    Leff L. “Students ordered to wear tracking tags” (Associated Press, 9 February 2005), available at: http://www.msnbc.msn.com/id/6942751/. Accessed 21 February 2014.

  163. 163.

    Gutierrez D. “U.S. School District to Begin Microchipping Students” (Natural News, 16 June 2008), available at: http://www.naturalnews.com/023445.html. Accessed 21 February 2014.

  164. 164.

    See O’Connor F. “RFID helps the Boston Marathon run” (PC World, 9 April 2007), available at: http://www.washingtonpost.com/wp-dyn/content/article/2007/04/09/AR2007040901011.html. Accessed 21 February 2014.

  165. 165.

    Spivey 2005.

  166. 166.

    See Goldman D. “Obama's big idea: Digital health records” (CNN, 12 January, 2009), available at: http://money.cnn.com/2009/01/12/technology/stimulus_health_care/index.htm. Accessed 21 February 2014.

  167. 167.

    Cannataci 2011.

  168. 168.

    see Spivey 2005.

  169. 169.

    Health Insurance Portability and Accountability Act of 1996, Public Law 104-191. However, as widely recognized among privacy law experts, the problem is that the Health Insurance Portability and Accountability Act 1996 (HIPAA)—the federal medical privacy bill—does not cover web-based medical records.

  170. 170.

    Incorporating new and unrelated legislation into spending bills is not unheard of. For example, the Real ID Act 2005 was astonishingly attached to a spending bill. See Division B of H.R.1268, An Act Making Emergency Supplemental Appropriations for Defense, the Global War on Terror, and Tsunami Relief, for the fiscal year ending September 30, 2005.

  171. 171.

    American Recovery and Reinvestment Act of 2009, Section 3001 (3)(A)(ii).

  172. 172.

    Ibid., Sect. 3000 (5).

  173. 173.

    See VeriChip Corp., Press Release, “American Medical Directors Association Foundation to Initiate Study of VeriMed Patient” 8 January 2008, available at: http://www.reuters.com/article/pressRelease/idUS137195+08-Jan-2008+BW20080108. Accessed 21 February 2014.

  174. 174.

    See Baker M.L. “Insurers Study Implanting RFID Chips in Patients” (eWeek.com, 19 July 2006), available at: http://www.eweek.com/c/a/Health-Care-IT/Insurers-Study-Implanting-RFID-Chips-in-Patients/. Accessed 21 February 2014.

  175. 175.

    The idea for personal “carbon allowances” for individuals was proposed by the Chairman of the UK’s Environment Agency, Lord Smith.

  176. 176.

    See Gumpert D.E. “Animal Tags for People?” (Business Week, 11 January 2007).

  177. 177.

    Ramesh 1997.

  178. 178.

    There are numerous examples in mainstream media and popular culture. For example, the relevant clips that depict HIMs can be found on YouTube. In the film, Casino Royal (2006), the British spy James Bond 007, and in the film, Demolition Man, the character John Spartan are both implanted with a microchip in order to track their movements. In the television series Heroes (Series 3, Episode 14), one of the characters is even implanted with a “GPS implant”. In the BBC drama The Last Enemy (2008), an incredible plot to implant everyone with an RFID tag is revealed—whereby RFID implants are remarkably described as an “ID that can’t be lost, forged or stolen…Its content and function can be adapted to suit my needs. It can be my credit card. It can be door key, my car keys. I’ll never lose them again. Eventually it will become universal. Starting at school age, a tag for life”. In CSI Miami (episode 305), a murdered teenager’s VeriChip is removed and scanned to reveal her associated information on a computer screen, which later helps in the investigation. In Mission: Impossible 2 (2000) a transponder chip is implanted into a main character. More recently, in the film Hunger Games, children and the “tributes” are implanted with microchips to track their movements, and in the TV-series Hostages the main characters are implanted with GPS chips. In an IBM televised commercial several years ago on e-Business of the future, a supermarket shopper is shown stuffing RFID-tagged items under his coat and then automatically paying for the items by simply walking through an RFID gateway and without using a credit/debit card or mobile phone, which likely implies he also had an RFID implant.

  179. 179.

    Aarts and de Ruyter 2009.

  180. 180.

    Ibid., p. 12.

  181. 181.

    Haggerty K. “One generation is all they need” (The Star, 10 December 2006).

  182. 182.

    See “Indonesian AIDS patients face microchip monitoring” (Associated Press, 24 November 2008), available at: http://www.guardian.co.uk/world/2008/nov/24/indonesia-aids. Accessed 21 February 2014.

  183. 183.

    Trip to Colombia, Peru, Brazil and Dominican Republic, U.S. Senate, 25 April 2006, p. S3495.

  184. 184.

    Wilson J. “Girl to get tracker implant to ease parents’ fears” (The Guardian, 3 September), available at: http://www.guardian.co.uk/uk/2002/sep/03/schools.childprotection2. Accessed 21 February 2014.

  185. 185.

    Midgley C. “Would an implanted chip help to keep my child safe?” (Times Online, 15 May 2007).

  186. 186.

    Jones G. “Microchips for mentally ill planned in shake-up” (The Telegraph, 18 January 2007), available at: http://www.telegraph.co.uk/news/uknews/1539716/Microchips-for-mentally-ill-planned-in-shake-up.html. Accessed 21 February 2014.

  187. 187.

    TSI Prism, at http://www.tsiprism.com. Accessed 21 February 2014; see Sofge E. “High-Tech Lockup: Inside 4 Next-Gen Prison Security Systems” (PopularMechanics, 12 February 2008), available at: http://www.popularmechanics.com/technology/military_law/4248844.html?page=2. Accessed 21 February 2014.

  188. 188.

    Collins J. “Lost and Found in Legoland” (RFID Journal, 28 April 2004), available at: http://www.rfidjournal.com/article/view/921/1/1. Accessed 21 February 2014.

  189. 189.

    Schmerber v. California, 384 U.S. 757, 765 (1966).

  190. 190.

    See Title 47 U.S.C. Chap. 5, Subchapter II, Part I, § 222.

  191. 191.

    See Title 47 C.F.R. Ch. I, § 20.18.

  192. 192.

    See Title 47 U.S.C. Chap. 5, Subchapter II, Part I, § 222 (h)(1)(A).

  193. 193.

    Public Law 106-81, 113 Stat. 1286 (1999).

  194. 194.

    Exceptions to this rule include, for example, when there is a need to provide the location information of the caller to a public safety answering point, emergency medical service provider, public safety, fire service, or law enforcement official, etc., in order to respond to the caller’s emergency. See Title 47 U.S.C. Chap. 5, Subchapter II, Part I, § 222(d)(4)(A).

  195. 195.

    Public Law No. 103-414, 108 Stat. 4279.

  196. 196.

    Title 47 U.S.C. Chap. 9, Subchapter I, § 1002 (a).

  197. 197.

    Ibid., § 1002 (2) (B).

  198. 198.

    Public Law No. 99-508, 100 Stat. 1848 (1986).

  199. 199.

    Title 18 U.S.C Part I, Chap. 121 § 2703(d).

  200. 200.

    See Real ID Act of 2005, Public Law No. 109-13, § 201-207.

  201. 201.

    Ibid. § 205(a).

  202. 202.

    RFID tags are also being embedded in passports around the world, notably in EU Member States, to comply with US demands and international standards.

  203. 203.

    See Public Law No. 105-318, 112 Stat. 3007, codified at Title 18, U.S.C. Part I, Chap. 47, § 1028 (d)(7).

  204. 204.

    Federal Rules of Legal Evidence, Article X, Rule 1001(3).

  205. 205.

    See Weeks v. United States, 232 U.S. 383 (1914); Mapp v. Ohio, 367 U.S. 643, 655 (1961).

  206. 206.

    McClurg 1995.

  207. 207.

    Restatement (Second) of Torts, § 652A (1977).

  208. 208.

    Ibid., § 652B.

  209. 209.

    For further discussion on the relevant and more recent case law in the US, please see Sects. 7.8 and 7.9.

  210. 210.

    United States v. Knotts, 460 U.S. 276, 281 (1983).

  211. 211.

    Ibid., at 282.

  212. 212.

    See United States v. Karo, 468 U.S. 705 (1984).

  213. 213.

    See Oliver v. United States, 466 U.S. 170 (1984).

  214. 214.

    See 468 U.S., at 714.

  215. 215.

    Katz v. United States, 389 U.S. 347, 351 (1967).

  216. 216.

    Ibid., at 361. Concurring opinion of Justice Harlan.

  217. 217.

    Kyllo v. United States, 533 U.S. 27, 34 (2001).

  218. 218.

    Schloendorff v. Society of the N.Y. Hosp., 211 N.Y. 125, 129 (1914).

  219. 219.

    Skinner v. Railway Labor Executives Association, 489 U.S. 602 (1989).

  220. 220.

    National Treasury Employees Union v. Von Raab, 489 U.S. 656 (1989).

  221. 221.

    Hiibel v. Sixth Judicial District Court of Nevada, Humboldt County, 542 U.S. 177 (2004).

  222. 222.

    See Wisconsin Statute 146.25.

  223. 223.

    See California Civil Code, Section 52.7 (a).

  224. 224.

    See Title 19, Chap. 19.300, § 19.300.020.

  225. 225.

    California Senate Bill 768.

  226. 226.

    The (former) Governor of California, Arnold Schwarzenegger, explained that he vetoed the legislation because it “may inhibit various state agencies from procuring technology that could enhance and streamline operations, reduce expenses and improve customer service to the public and may unnecessarily restrict state agencies” and “may unduly burden the numerous beneficial new applications of contactless technology”.

  227. 227.

    California Senate Bill 30 (Identity Information Protection Act of 2007).

  228. 228.

    Miller 2001, p. 36.

  229. 229.

    Title 18 U.S.C. Part I, Chap. 110A, § 2261A; see Miller 2001, p. 36.

  230. 230.

    Title 47 U.S.C. Chap. 5, Subchapter II, Part I, § 223.

  231. 231.

    Hinson 2008.

  232. 232.

    Ibid.

  233. 233.

    Federal Register, Volume 69, Number 237, 10 December 2004, pp. 71702–71704.

  234. 234.

    See the November 22, 2004 press release from Applied Digital. “Applied Digital Announces Six Point Privacy Statement at ID World Congress in Barcelona, Spain”, Business Wire, November 22, 2004, available at: http://www.tmcnet.com/usubmit/2004/Nov/1096005.htm. Accessed 11 February 2014.

  235. 235.

    Title 15 U.S.C. § 41–58, as amended, Section 5 of the FTC Act.

  236. 236.

    American Medical Association, Report of the Council on Ethical and Judicial Affairs, CEJA Report 5-A-07.

  237. 237.

    Ibid.

  238. 238.

    Katz v. United States, 389 U.S. 347 (1967).

  239. 239.

    Kearns 1998, p. 1005, Paton-Simpson 2000, p. 306.

  240. 240.

    US v. Kyllo. 190 F.3d 1041 (9th Circuit, 1999).

  241. 241.

    Paton-Simpson 2000, p. 306.

  242. 242.

    See Kyllo v. United States, 533 US 27, 34.

  243. 243.

    See Wood 2006, p. 80.

  244. 244.

    Gossett S. “Implantable-chip company in financial straits” (WorldNetDaily, 4 March 2003), available at: http://www.wnd.com/news/article.asp?ARTICLE_ID=31353. Accessed 24 February 2014.

  245. 245.

    Minert 2006, pp. 1653–1654.

  246. 246.

    Feldman N. “Strip-Search Case Reflects Death of American Privacy” (Bloomberg, 9 April 2012), available at: http://www.bloomberg.com/news/2012-04-08/strip-search-case-reflects-death-of-american-privacy.html. Accessed 24 February 2014.

  247. 247.

    Title 18 U.S.C. Part I, Chap. 119, § 2510(12)(c).

  248. 248.

    Title 18 U.S.C. Part II, Chap. 205, § 3117(b).

  249. 249.

    Clark 2006, p. 25.

  250. 250.

    As most recently revealed by the privacy activist Christopher Soghoian on his blog, Sprint Nextel provided law enforcement agencies with customer location data more than 8 million times between September 2008 and October 2009 made available through a web application developed by Sprint to handle the large volume of requests, according to a manager of the company, who disclosed the information at a non-public conference. The information is available at: http://paranoia.dubfire.net/2009/12/8-million-reasons-for-real-surveillance.html. Accessed 24 February 2014.

  251. 251.

    Clark 2006, p. 25.

  252. 252.

    Clark 2006.

  253. 253.

    Nakashima E. “Cell phone Tracking Powers on Request: Secret Warrants Granted Without Probable Cause” (Washington Post, 23 November 2007), available at: http://www.washingtonpost.com/wp-dyn/content/article/2007/11/22/AR2007112201444.html. Accessed 24 February 2014.

  254. 254.

    Clark 2006, p. 25.

  255. 255.

    See Lichtblau E. “Police Are Using Phone Tracking as a Routine Tool” (New York Times, 31 March 2012), available at: http://www.nytimes.com/2012/04/01/us/police-tracking-of-cellphones-raises-privacy-fears.html?_r=2&partner=MYWAY&ei=5065. Accessed 24 February 2014.

  256. 256.

    In the Matter of the Application of the United States of America for an Order Authorizing the Installation and Use of a Pen Register and a Caller Identification System on Telephone Numbers and the Production of Real Time Cell Site Information, United States District Court for the District of Maryland, Memorandum Opinion, 28 November 2005, p. 13.

  257. 257.

    See In Re Application of the United States of America for an Order for Disclosure of Telecommunications Records and Authorizing the Use of a Pen Register and Trap and Trace, United States District Court for the Southern District of New York, Opinion and Order, United States Magistrate Judge, Gabriel W. Gorenstein, 20 December 2005, p. 25. This opinion is consistent with Smith v. Maryland, 442 U.S. 735, 744 (1979).

  258. 258.

    Ganz 2005.

  259. 259.

    See, e.g., United States v. Moran, 349 F.Supp.2d 425 (NDNY, 2005).

  260. 260.

    United States v. Garcia, 474 F.3d 994 (7th Circuit, 2007).

  261. 261.

    Ibid., at 997.

  262. 262.

    United States v. Pineda-Moreno, 591 F.3d 1212 (9th Circuit, 2010).

  263. 263.

    State v. Michael A. Sveum, 769 N.W.2d 53, 59 (District IV Wisconsin Court of Appeals, 2009).

  264. 264.

    Turner v. American Car Rental, 884 A.2d 7 (Conn. App. Ct., 2005).

  265. 265.

    United States v. Maynard, 615 F.3d 544 (D.C. Circuit, 2010).

  266. 266.

    United States v. Jones, 625 F.3d 766 (D.C. Circuit, 2010).

  267. 267.

    This judgment from the 3rd Circuit Court of Appeals follows the US Supreme Court’s decision in 2012 in United States v. Jones, which ruled that the use of GPS tracking should be considered a search within the meaning of the Fourth Amendment, but stopped short of ruling that it required a warrant.

  268. 268.

    See, e.g., People v. Scott C. Weaver, 12 N.Y. 3d 433, 435 (New York Court of Appeals, 2009); Washington v. Jackson, 150 Wash. 2d 251, 76 P3d 217 (2003).

  269. 269.

    Petition for a Writ of Certiorari, United States v. Jones, No. 10-1259 (April 15, 2011).

  270. 270.

    US v. Jones, USSC No. 10-1259, certiorari granted 6/27/11.

  271. 271.

    Amicus curiae literally means “friend of the court”. According to Rule 37(1) of the Rules of the Supreme Court of the United States (adopted 17 July 2007), an amicus curiae brief “brings to the attention of the Court relevant matter not already brought to its attention by the parties may be of considerable help to the Court”.

  272. 272.

    See Brief of Amici Curiae Electronic Frontier Foundation and American Civil Liberties Union of the National Capital Area in Support of Appellant Jones, 3 March 2009.

  273. 273.

    United States v. Knotts, 460 U.S. 276, 283–284 (1983).

  274. 274.

    Dow Chem. Co. v. United States, 476 U.S. 227, 238–239 (1986).

  275. 275.

    United States v. Maynard, 615 F.3d 544 (D.C. Circuit, 2010).

  276. 276.

    Ibid., at 560.

  277. 277.

    Emmett 2011 eloquently argues: “Close consideration of both the duration of the electronic monitoring and the GPS technology that enabled the surveillance would have revealed that law enforcement obtained information of a type that was not available to the public through simple (or even technologically enhanced) visual surveillance”. Emmett 2011, p. 26.

  278. 278.

    Petition for a Writ of Certiorari, United States v. Jones, No. 10-1259 (U.S. Apr. 15, 2011), p. 14.

  279. 279.

    Ibid., p. 15.

  280. 280.

    US v. Jones, USSC No. 10-1259, certiorari granted 6/27/11.

  281. 281.

    See, e.g., Ganz 2005.

  282. 282.

    For further discussion and analysis on the increasingly conservative judgments of the US Supreme Court, see Chemerinsky 2010.

  283. 283.

    United States v. Karo, 468 U.S. 705 (1984).

  284. 284.

    See Kyllo v. United States, 533 U.S. 27, 34 (2001).

  285. 285.

    Herbert 2006.

  286. 286.

    Restatement (Second) of Torts, § 652D, comment b (1977). see, e.g., Hartman v. Meredith Corp., 638 F. Supp. 1015, 1018 (D. Kan. 1986) (“The plaintiffs must show that there has been some aspect of their private affairs which has been intruded upon and does not apply to matters which occur in a public place or place otherwise open to the public eye”).

  287. 287.

    McClurg 1995.

  288. 288.

    Restatement (Second) of Torts, § 652B.

  289. 289.

    Schwartz 2000, p. 778.

  290. 290.

    Reneger 2002, p. 562.

  291. 291.

    Herbert 2006, p. 445.

  292. 292.

    Title 47 U.S.C. Chap. 5, Subchapter II, Part I, § 222(f).

  293. 293.

    Title 47 U.S.C. Chap. 5, Subchapter I, § 153(44). “Telecommunications” are defined as the “transmission, between or among points specified by the use, of information of the user’s choosing without change in the form or content of the information sent and received”. Title 47 U.S.C. Chap. 5, Subchapter I, § 153(43).

  294. 294.

    Directive 95/46/EC of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

  295. 295.

    Reidenberg 2000.

  296. 296.

    The EU’s Article 29 Working Party on data protection has established that the Data Protection Directive strictly applies to the personal data collected through RFID and that the data protection principles should be implemented within RFID technology. see Article 29 Working Party, WP 105, Working document on data protection issues related to RFID technology, January 2005.

  297. 297.

    See COM(2007) 87 final, Communication from the Commission to the European Parliament and the Council on the follow-up of the Work Programme for better implementation of the Data Protection Directive.

  298. 298.

    See Commission Staff Working Document, Accompanying document to the Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Future networks and the Internet: Early Challenges regarding the “Internet of Things”, p. 8; COM(2007) 96 Final, Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on RFID in Europe: steps towards a policy Framework.

  299. 299.

    Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector.

  300. 300.

    See COM(2007) 698 final. Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on consumer protection cooperation, p. 19, para. 28; see Directive 2009/136/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 25 November 2009, recital 56. Accordingly, Article 3 of the “ePrivacy Directive”, which defines the scope of the directive, was revised to include “public communications networks supporting data collection and identification devices”. The amendments ensure that the EU’s data protection legal framework covers RFID. For further discussion, see Cannataci 2011.

  301. 301.

    C(2009) 3200 final, Commission Recommendation of 12.5.2009 on the implementation of privacy and data protection principles in applications supported by radio-frequency identification. The recommendation calls for a PIA framework for RFID. The European Commission will later analyze the impact of the recommendation on companies, public entities and citizens (Cannataci 2011). If the impact is adequate, then perhaps specific rule-making for RFID applications may be put aside (Cannataci 2011).

  302. 302.

    I attended on invitation the 3rd closed door meeting of the RFID Recommendation Implementation Informal Working Group at the EC. Present at the meeting were industry associations, standardization bodies, public authorities and a representative from the Article 29 Working Party. The first goal of the group was to establish an agreed upon generic pan-European PIA Framework for RFID applications (RFID PIA) with the endorsement of the Article 29 Working Party. This was accomplished in February 2011. The ultimate seal of approval came in April 2011, when the RFID PIA was officially signed by the European Commission Vice President (Neelie Kroes), the Chairman of the Article 29 Working Party (Jacob Kohnstamm), the Executive Director of the European Network and Information Security Agency (Udo Helmbrecht) and various retail and RFID industry representatives, including GS1 and the European Retail Round Table (For further information/explanation, see Cannataci 2011). The RFID PIA framework is the first of its kind in Europe, and supplementary templates and checklists are to be developed for specific RFID applications. It is important to point out that while the RFID PIA framework is a step in the right direction, the main problem is that it will only be applicable to RFID application service providers, and not to the developers of RFID infrastructures/systems. This is, unfortunately, consistent with the Data Protection Directive.

  303. 303.

    European Group on Ethics in Science and New Technologies to the European Commission 2005, Section 6.5.4.

  304. 304.

    Ibid.

  305. 305.

    See Title 19, Chap. 19.300, § 19.300.020.

  306. 306.

    Senator Patrick Leahy recently introduced S.1490, titled “the Personal Data Privacy and Security Act of 2009”, which could have provided for a national standard for data breach notification. More recently, the Secure and Fortify Electronic Data Act (the “SAFE Data Act”) was proposed in the US House of Representatives, which aimed to establish Federal (i.e. nationwide) breach notification requirements, overriding all existing state breach notification laws. With the recently adopted EU Telecom Package and revision of the “ePrivacy Directive”, the EU has already passed laws requiring communications service providers to notify consumers of security/data breaches. See Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector; Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009.

  307. 307.

    US Department of Homeland Security, The Use of RFID for Human Identification: A Draft Report from DHS Emerging Applications and Technology Subcommittee to the Full Data Privacy and Integrity Advisory Committee, Version 1.0, p. 4. This statement was partially amended in the final version. Instead of writing “when RFID is used for human tracking”, the final version writes “when an RFID-enabled system is used to collect data about individuals”. See US Department of Homeland Security 2006, p. 4.

  308. 308.

    Title 5 U.S.C. Part I, Chap. 5, Subchapter II, § 552(f).

  309. 309.

    In US law, a PIA is described as “an analysis of how information is handled: (i) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy, (ii) to determine the risks and effects of collecting, maintaining and disseminating information in identifiable form in an electronic information system, and (iii) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks” (E-Government Act of 2002, Section 208).

  310. 310.

    Cannataci 2011, p. 182.

  311. 311.

    The original design for Intel’s processor microchip had a serial number embedded within the hardware code that could enable online marketers to identify and track Internet users. Consumer boycott threats led to Intel removing the identification system. see Werner 2008; Clausing J. “Intel Alters Plan Said to Undermine PC User’s Privacy” (New York Times, 26 January 1999), p Al;

  312. 312.

    Schwartz 1999.

  313. 313.

    Jay Hoofnagle C. Privacy Self Regulation: A Decade of Disappointment, EPIC, 4 March 2005, available at: http://epic.org/reports/decadedisappoint.pdf. Accessed 24 February 2014.

  314. 314.

    See Bonneau and Preibusch 2009.

  315. 315.

    World Privacy Forum, “The Network Advertising Initiative: Failing at Consumer Protection and at Self-Regulation”, November 2007. But, this did not prevent the FTC from doubling down on its self-regulation policies and later publishing the FTC Staff Report, “Self-Regulatory Principles For Online Behavioural Advertising: Tracking, Targeting, and Technology” (February 2009). Hirsch 2011 has equally highlighted that the reliance on self-regulations and the Network Advertising Initiative to control the use of online targeted advertising has been largely unsuccessful or ineffective. See Hirsch 2011. The industry association, Digital Advertising Alliance, also adopted in 2010 a “Self-Regulatory Program for Online Behavioural Advertising”, but its success is equally questionable.

  316. 316.

    Jay Hoofnagle C. Privacy Self Regulation: A Decade of Disappointment, EPIC, 4 March 2005, available at: http://epic.org/reports/decadedisappoint.pdf. Accessed 24 February 2014.

  317. 317.

    FTC staff report on RFID, p. 20.

  318. 318.

    Edmundson 2005, pp. 215–216.

  319. 319.

    See a letter written by David E. Troy, Chief Counsel for the FDA, to Jeffrey N. Gibbs, a lawyer representing ADS, in 17 October 2002.

  320. 320.

    Ibid.

  321. 321.

    See Ramesh 1997.

  322. 322.

    Herbert 2006.

  323. 323.

    For further discussion, see, e.g., Whitman 2004.

  324. 324.

    See Public Law 107-296, Section 304.

  325. 325.

    Herbert 2006, pp. 442–443.

  326. 326.

    See Miller 2001, p. 36.

  327. 327.

    See N.C. Gen. Stat., § 14–277.3.

  328. 328.

    See Md. Code Ann., Article 27, § 124.

  329. 329.

    Miller 2001.

  330. 330.

    Ibid.

  331. 331.

    “Transcript: Day One of the Roberts Hearings” (Washington Post, 13 September 2005), available at: http://www.washingtonpost.com/wp-dyn/content/linkset/2005/09/14/LI2005091402149.html. Accessed 24 February 2014.

  332. 332.

    Herbert 2006, p. 443.

  333. 333.

    Herbert 2006, p. 413.

  334. 334.

    Herbert 2006.

  335. 335.

    H.R. 4673, 108th Congress (2004).

  336. 336.

    US Senator Patrick Leahy, a consistent defender of privacy, has persistently warned that RFID technology must be federally regulated and has called for congressional hearings on the technology. see Remarks of US Senator Leahy, “The Dawn of Micro Monitoring: Its Promise, and Its Challenges to Privacy and Security,” Conference On “Video Surveillance: Legal And Technological Challenges”, Georgetown University Law Center, 23 March 2004.

  337. 337.

    See S.1164, The Location Privacy Protection Act of 2001, Section 2, introduced unsuccessfully by former US Senator John Edwards during the 107th session of Congress.

  338. 338.

    I sent an email to VeriChip’s VP for Investor Relations along those lines and inquired about the company’s views and suggestions for potential legislation. Unfortunately, I never received a reply.

  339. 339.

    See Wilamovska et al. 2009, pp. 54–56.

  340. 340.

    SEC(2007)312, Results of the online consultation on future RFID technology policy.

  341. 341.

    Ramesh 1997.

  342. 342.

    See Katherine Albrecht’s Bodily Integrity Act, available at: http://www.antichips.com/anti-chipping-bill-v07-numbered.pdf. Accessed 24 February 2014.

  343. 343.

    Ibid.

  344. 344.

    see Spivey 2005, p. 1340.

  345. 345.

    see FTC staff report on RFID, p. 20.

  346. 346.

    Report and Order and Further Notice of Proposed Rulemaking, FCC 07-22, 13 March 2007, p. 26.

  347. 347.

    see Commission Staff Working Document, Impact Assessment, Accompanying document to the Commission Recommendation on the implementation of privacy and data protection principles in applications supported by radio-frequency identification “RFID Privacy, Data Protection and Security Recommendation”, C(2009)3200 final.

  348. 348.

    See Article 29 Working Party, WP 105, Working document on data protection issues related to RFID technology, 19 January 2005.

  349. 349.

    Ibid.

  350. 350.

    The “Law of Directed Identity” is law number four of the seven “Laws of Identity”, which were formulated by Kim Cameron, together with other experts online, in order to improve trust in the security and privacy of Internet use. “The Laws of Identity” are available at: http://www.identityblog.com. Accessed 24 February 2014.

  351. 351.

    See Article 29 Working Party, WP 105, Working document on data protection issues related to RFID technology, 19 January 2005.

  352. 352.

    Ibid., p. 6.

  353. 353.

    See Floerkemeier et al. 2005.

  354. 354.

    Ibid., p. 2.

  355. 355.

    Ibid.

  356. 356.

    The RFID Ecosystem is a building-wide RFID project at the University of Washington using thousands of tags and hundreds of readers. The purpose of the project is to demonstrate the risks, benefits, and challenges of user-centred RFID systems and to propose technological solutions to minimizing privacy loss. see RFID Ecosystem, available at: http://rfid.cs.washington.edu/index.html. Accessed 24 February 2014.

  357. 357.

    Rastogi et al. 2007.

  358. 358.

    Ibid.

  359. 359.

    Schulzrinne et al. 2009.

  360. 360.

    Ibid.

  361. 361.

    For further discussion, see, for example, Beslay and Hakala 2007.

  362. 362.

    Beslay and Hakala 2007.

  363. 363.

    Ibid.

  364. 364.

    see Commission Staff Working Document, Impact Assessment, Accompanying document to the Commission Recommendation on the implementation of privacy and data protection principles in applications supported by radio-frequency identification “RFID Privacy, Data Protection and Security Recommendation”, C(2009)3200 final.

  365. 365.

    The term “function creep” refers to any additional use of personal data beyond the specified purposes for which the personal data was permitted to be collected in the first place. Function creep occurs when “personal data collected for one specific purpose and in order to fulfil one function, are used for completely different purposes, which are totally unrelated to the ones for which they were initially collected” (Tzanou 2010, p. 421). Function creep “constitutes a breach to the purpose limitation principle” (Tzanou 2010).

  366. 366.

    US Department of Homeland Security 2006.

  367. 367.

    See H.R. 414, titled “Camera Phone Predator Alert Act”, introduced 9 January 2009. The text of this proposal, however, is already outdated since other devices, such as Apple’s iPods and iPads, now have integrated cameras. In Japan, camera phones are already required to make a shutter sound when used.

  368. 368.

    See Levary R.R, Thompson D, Kot K, Brothers J. “RFID, Electronic Eavesdropping and the Law” (RFID Journal, 14 February 2005), available at: http://www.rfidjournal.com/article/articleview/1401/1/128/. Accessed 24 February 2014.

  369. 369.

    Karim 2004.

  370. 370.

    See Hutchins 2007.

  371. 371.

    Ibid.

  372. 372.

    See S.1212, titled “Geolocation and Privacy Surveillance (GPS) Act”, introduced 15 June 2011 in Senate by Senator Ron Wyden (D-OR), Section 2602. The bill failed to become law.

  373. 373.

    See 18 USC § 2511; S.1212, titled “Geolocation and Privacy Surveillance (GPS) Act”.

  374. 374.

    See S.1212, titled “Geolocation and Privacy Surveillance (GPS) Act”, Section 2604.

  375. 375.

    See S.854, titled “The Electronic Rights for the 21st Century Act”, Section 102, introduced in the US Senate by Senator Patrick Leahy in 1999. The bill failed to become law.

  376. 376.

    See S.1212, titled “Geolocation and Privacy Surveillance (GPS) Act”.

  377. 377.

    McClurg 1995.

  378. 378.

    See Welbourne et al. 2007.

  379. 379.

    Schulzrinne et al. 2009.

  380. 380.

    Prasad Paturi proposed the on/off switch for RFID-enabled credit cards. See Paturi P. “Switching Off Credit Card Fraud” (RFID Journal, 12 September 2005), available at: http://www.rfidjournal.com/article/articleview/1843/1/82/. Accessed 24 February 2014.

  381. 381.

    For more information on the RFID Guardian project/device, see: http://www.rfidguardian.org. Accessed 24 February 2014.

  382. 382.

    Ibid.

  383. 383.

    US Department of Homeland Security 2006.

  384. 384.

    Ibid.

  385. 385.

    See Commission Staff Working Document, Impact Assessment, Accompanying document to the Commission Recommendation on the implementation of privacy and data protection principles in applications supported by radio-frequency identification “RFID Privacy, Data Protection and Security Recommendation”, C(2009)3200 final.

  386. 386.

    N.H. H.R. 203 (defining “universally accepted symbol” as “a graphical system designed to provide a standard way to show the presence of an RFID transponder, its frequency, and data structure”).

  387. 387.

    Europe, however, is in the process of creating its own RFID emblem.

  388. 388.

    US Senator Patrick Leahy introduced S.1490, titled “The Personal Data Privacy and Security Act of 2009”, which provided for a national standard for data breach notification.

  389. 389.

    FTC staff report on RFID, p. 20.

  390. 390.

    Feldhofer et al. 2004.

  391. 391.

    See Williams 2002, p. 3.

  392. 392.

    Nusca A. “Verayo claims its RFID chips are ‘unclonable’” (ZDNet, 15 March 2010), available at: http://www.zdnet.com/blog/btl/verayo-claims-its-rfid-chips-are-unclonable/31891. Accessed 24 February 2014; Verayo, available at: http://www.verayo.com. Accessed 24 February 2014.

  393. 393.

    See Commission Staff Working Document, Impact Assessment, Accompanying document to the Commission Recommendation on the implementation of privacy and data protection principles in applications supported by radio-frequency identification, “RFID Privacy, Data Protection and Security Recommendation”, C(2009)3200 final, 5.2.3., Option I.c.

  394. 394.

    The BSI presented this recommendation during the 3rd closed door meeting of the RFID Recommendation Implementation Informal Working Group at the EC. During the meeting, the establishment of the European RFID PIA was discussed. Industry associations, standardization bodies, public authorities and a representative from the Article 29 Working Party were present at the meeting.

  395. 395.

    In US law, a PIA is described as “an analysis of how information is handled: (i) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy, (ii) to determine the risks and effects of collecting, maintaining and disseminating information in identifiable form in an electronic information system, and (iii) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks” (E-Government Act of 2002, Section 208).

  396. 396.

    See Privacy and Data Protection Impact Assessment Framework for RFID Applications, 12 January 2011.

  397. 397.

    As a step further, PIAs should be mandatory before the deployment of any IT system which involves personal data, regardless of the sector (see Cannataci 2011). Cannataci also argues that this may be possible in the EU by 2015, as part of the EC’s wider review of data protection policy options (Cannataci 2011, p. 180).

  398. 398.

    For further discussion, see Cannataci 2011.

  399. 399.

    See Spiekermann 2012.

  400. 400.

    Article 2(c) of the “ePrivacy Directive” defines location data as “any data processed in an electronic communications network, indicating the geographic position of the terminal equipment of a user of a publicly available electronic communications service”.

  401. 401.

    See Katherine Albrecht’s AntiChips website, available at: http://www.antichips.com. Accessed 24 February 2014.

  402. 402.

    Somark, available at: http://www.somarkinnovations.com. Accessed 24 February 2014.

  403. 403.

    See Katherine Albrecht’s AntiChips website, available at: http://www.antichips.com. Accessed 24 February 2014.

  404. 404.

    Karim 2004.

  405. 405.

    Nissenbaum 2004, p. 106.

  406. 406.

    Gavison 1980.

  407. 407.

    See King and Hoofnagle 2008, p. 8.

  408. 408.

    McClurg 1995.

  409. 409.

    Ibid.

  410. 410.

    See Ramesh 1997.

  411. 411.

    A mixed system is a system that contains information on both US and non-US citizens.

  412. 412.

    See DHS Privacy Office memorandum, Privacy Policy Guidance Memorandum Number 2007-1 (“Mixed Use Policy”), issued on 19 January 2007.

References

  • Aarts E, de Ruyter B (2009) New research perspectives on ambient intelligence. J Ambient Intell Smart Environ I:5–14

    Google Scholar 

  • Albrecht K, McIntyre L (2005) Spychips: how major corporations and government plan to track your every move with RFID. Thomas Nelson, Nashville

    Google Scholar 

  • American Medical Association, Report of the Council on ethical and judicial affairs, CEJA Report 5-A-07

    Google Scholar 

  • Article 29 Data Protection Working Party, WP 115, Opinion on the use of location data with a view to providing value-added services, November 2005

    Google Scholar 

  • Article 29 Data Protection Working Party, WP 105, Working document on data protection issues related to RFID technology, January 2005

    Google Scholar 

  • Ayoade J (2007) Roadmap to solving security and privacy concerns in RFID systems. Comput Law Secur Rep 23(6):555–561

    Article  Google Scholar 

  • Beslay L, Hakala H (2007) Digital territory: bubbles. In: Kidd P.T (ed) European visions for the knowledge age: a quest for new horizons in the information society. Cheshire Henbury, Macclesfield, pp 69–78

    Google Scholar 

  • Bonneau J, Preibusch S (2009) The privacy jungle: on the market for data protection in social networks. WEISS

    Google Scholar 

  • Bono S, Green M, Stubblefield A, Juels A, Rubin A, Szydlo M (2005) Security analysis of a cryptographically enabled RFID device. In: 14th USENIX Security Symposium, pp 1-16. Baltimore, Maryland, USA, July—August 2005. USENIX

    Google Scholar 

  • Cannataci JA (2011) Recent developments in privacy and healthcare: Different paths for RFID in Europe and North America? Int J RF Technol 2:173–187

    Google Scholar 

  • Chemerinsky E (2010) The conservative assault on the constitution. Simon & Schuster, New York

    Google Scholar 

  • Clark W (2006) Cell phone tracking and physical surveillance. FBI Law Enforcement Bulletin

    Google Scholar 

  • Cooper J, James A (2009) Challenges for database management in the internet of things. IETE Tech Rev 26(5):320–328

    Google Scholar 

  • Dobson JE, Fisher PF (2003) Geoslavery. IEEE Technology and Society Magazine

    Google Scholar 

  • Edmundson KE (2005) Global positioning system implants: must consumer privacy be lost in order for people to be found. Indiana Law Rev 38:207–238

    Google Scholar 

  • Emmett C (2011) United States v. Pineda-Moreno, tracking down individuals’ reasonable expectation of privacy in the information age. Golden Gate Univ Law Rev 41(3):1–28

    Google Scholar 

  • European Group on Ethics in Science and New Technologies to the European Commission (2005) Opinion No. 20, Adopted on 16/03/2005

    Google Scholar 

  • Federal Trade Commission (2005) RFID: radio frequency identification: applications and implications for consumers: a workshop report from the staff of the federal trade commission, March 2005

    Google Scholar 

  • Feldhofer M, Dominikus S, Wolkerstorfer J (2004) Strong authentication for RFID systems using the AES algorithm. Proc CHES 2004 in Lect Notes Comput Sci 3156:357–370

    Google Scholar 

  • Fischer-Hübner S, Hedbom H (eds) (2008) A Holistic Privacy Framework for RFID Applications, Future of Identity in the Information Society, Deliverable D12.3

    Google Scholar 

  • Floerkemeier C, Schneider R, Langheinrich M (2005) Scanning with a Purpose—Supporting the Fair Information Principles in RFID Protocols. In: Murakami H, Nakashima H, Tokuda H, Yasumura M (eds) Ubiquitious computing systems, revised selected papers from the 2nd international symposium on ubiquitous computing systems (UCS 2004), vol 3598. Springer, Berlin, pp 214–231

    Google Scholar 

  • Friedewald M, Lindner R, Wright D (eds) (2006) Policy Options to Counteract Threats and Vulnerabilities in Ambient Intelligence, SWAMI Deliverable D3: A report of the SWAMI consortium to the European Commission—contract 006507 (Draft version)

    Google Scholar 

  • Furedi F (2006) Culture of fear revisited: risk-taking and the morality of low expectation. Continuum, London

    Google Scholar 

  • Ganz JS (2005) It’s already public: why federal officers should not need warrants to use GPS tracking devices. J Crim Law Criminol 95(4):1325–1361

    Google Scholar 

  • Garfinkel SL, Juels A, Pappu R (2005) RFID privacy: an overview of problems and proposed solutions. IEEE Secur Priv 3(3):34–43

    Article  Google Scholar 

  • Gasson MN, Kosta E, Bowman DM (eds) (2012) Human ICT implants: technical, legal and ethical considerations. Information Technology and Law Series. T.M.C. Asser Press, The Hague

    Google Scholar 

  • Gavison R (1980) Privacy and the limits of law. Yale Law J 89(3):421–471

    Article  Google Scholar 

  • Greenfield A (2006) Everyware: the dawning age of ubiquitous computing. New Riders Publishing, Berkeley

    Google Scholar 

  • Gutterman M (1988) A formulation of the value and means models of the fourth amendment in the age of technologically enhanced surveillance. Syracuse Law Rev 39(4):647–735

    Google Scholar 

  • Halamka J, Juels A, Stubblefield A, Westhues J (2006) The security implications of VeriChip cloning. J Am Med Inf Association 13(6):601–607

    Google Scholar 

  • Herbert WA (2006) No direction home: will the law keep pace with human tracking technology to protect individual privacy and stop geoslavery. I/S: J Law Policy Inf Soc 2(2):409–473

    Google Scholar 

  • Hilbert M (2011) The end justifies the definition: the manifold outlooks on the digital divide and their practical usefulness for policy-making. Telecommun Policy 35(8):715–736

    Article  Google Scholar 

  • Hinson Z (2008) GPS monitoring and constitutional rights. Har Civ Rights Civ Liberties Law Rev 43:285–288

    Google Scholar 

  • Hirsch D (2011) Law and policy of online privacy: regulation, self-regulation or co-regulation. Seattle Univ Law Rev 34(2):439–480

    Google Scholar 

  • Hunt VD, Puglia A, Puglia M (2007) RFID—a guideline to radio frequency identification. Wiley, Hoboken

    Google Scholar 

  • Hutchins R (2007) Tied Up in Knotts? GPS technology and the fourth amendment. UCLA Law Rev 55(1):409–465

    Google Scholar 

  • Juels A, Brainard J (2004) Soft blocking: flexible blocker tags on the cheap, Workshop on Privacy in the Electronic Society, WPES 04, ACM Press, pp 1–7

    Google Scholar 

  • Karim W (2004) The privacy implications of personal locators: why you should think twice before voluntarily availing yourself to GPS monitoring. Wash Univ J Law Policy 14:485–515

    Google Scholar 

  • Kearns TB (1998) Technology and the right to privacy: the convergence of surveillance and information privacy concerns. William Mary Bill Rights J 7:975–1011

    Google Scholar 

  • Kindberg T, Barton J, Morgan J, Becker G, Caswell D, Debaty P, Gopal G, Frid M, Krishnan V, Morris H, Schettino J, Serra B, Spasojevic M (2001) People, places, things: web presence for the real world. Internet and Mobile Systems Laboratory, HP Laboratories, Palo Alto, HPL-2001-27.9

    Google Scholar 

  • King J, Hoofnagle CJ (2008) Research report: a supermajority of Californians supports limits on law enforcement access to cell phone location information

    Google Scholar 

  • Masters A, Michael K (2007) Lend me your arms: the use and implications of humancentric RFID. Electron Commer Res Appl 6(1):29–39

    Article  Google Scholar 

  • McClurg AJ (1995) Bringing privacy law out of the closet: a tort theory of liability for intrusions in the public space. N C Law Rev 73(3):989–1088

    Google Scholar 

  • Meyer HJ, Chansue N, Monticelli F (2006) Implantation of radio frequency identification device (RFID) microchip in disaster victim identification (DVI). Forensic Sci Int 157(2):168–171

    Article  Google Scholar 

  • Michael K, McNamee A, Michael MG, Tootell H (2006) Location-based intelligence—modeling behaviour in humans using GPS. IEEE, New York

    Google Scholar 

  • Miller N (2001) Stalking laws and implementation practices: a national review for policymakers and practitioners. National Institute of Justice, Washington DC

    Google Scholar 

  • Minert SR (2006) Square pegs, round hole: the fourth amendment and preflight searches of airline passengers in a post-9/11 world. Brigham Young Univ Law Rev 2006(6):1631–1667

    Google Scholar 

  • Morris S, Morris A, Barnard K (2004) Digital trail libraries. Joint ACM/IEEE Conference on Digital Libraries, pp 63–71

    Google Scholar 

  • National Research Council (2001) Embedded, everywhere: a research agenda for network systems of embedded computers, report from the committee on networked systems of embedded computers, computer science and telecommunications board. National Academic Press, Washington DC

    Google Scholar 

  • Nissenbaum H (2004) Privacy as contextual integrity. Wash Law Rev 79(1):101–140

    Google Scholar 

  • OECD Policy Guidance on radio frequency identification (2008)

    Google Scholar 

  • OECD (2006) Radio-frequency identification (RFID): drivers, challenges and public policy considerations, OECD Digital Economy Papers, No. 110, OECD Publishing

    Google Scholar 

  • O’ Harrow R (2005) No place to hide. Free Press, New York

    Google Scholar 

  • Paton-Simpson E (2000) Privacy and the reasonable paranoid: the protection of privacy in public places. Univ Toronto Law J 50(3):305–346

    Article  Google Scholar 

  • Ramesh EM (1997) Time enough? consequences of human microchip implantation. Franklin Pierce Law Center, Concord

    Google Scholar 

  • Rastogi V, Welbourne E, Khoussainova N, Kriplean T, Balazinska M, Borriello G, Kohno T, Suciu D (2007) Expressing privacy policies using authorization views, 5th international workshop on privacy in UbiComp (UbiPriv’07)

    Google Scholar 

  • Reidenberg J (2000) Privacy protection and the interdependence of law, Technology and Self-Regulation

    Google Scholar 

  • Reneger A (2002) Satellite tracking and the right to privacy. Hastings Law J 53:549 et seq

    Google Scholar 

  • Rieback MR, Simpson PND, Crispo B, Tanenbaum AS (2006) RFID viruses and worms. Department of Computer Science. Vrije Universiteit Amsterdam

    Google Scholar 

  • Royal Academy of Engineering, London (2007) Dilemmas of privacy and surveillance: challenges of technological change

    Google Scholar 

  • Sandler K, Ohrstrom L, Moy L, McVay R (2010) Killed by code: software transparency in implantable medical devices. Software Freedom Law Center, New York

    Google Scholar 

  • Schulzrinne H, Tschofenig H, Cuellar J, Polk J, Morris J, Thomson M (2009) Geolocation policy: a document format for expressing privacy preferences for location information. The Internet Engineering Task Force, Internet Draft, February 2009

    Google Scholar 

  • Schwartz PM (2000) Beyond Lessig’s code for internet privacy: cyberspace filters, privacy-control, and fair information practices. Wis Law Rev 2000(4):743–787

    Google Scholar 

  • Schwartz PM (1999) Privacy and democracy in cyberspace. Vanderbilt Law Rev 52:1609–1701

    Google Scholar 

  • Sedlak AJ, Finkelhor D, Hammer H, Schultz DJ (2002) National estimates of missing children: an overview. In: National Incidence Studies of Missing, Abducted, Runaway, and Thrownaway Children. Office of Juvenile Justice and Delinquency Prevention, Office of Justice Programs, U.S. Department of Justice

    Google Scholar 

  • Solove D (2004) The digital person: technology and privacy in the information age. New York University Press, New York

    Google Scholar 

  • Spiekermann S (2012) The RFID PIA—developed by industry, agreed by regulators. In: Wright D, De Hert P (eds) Privacy impact assessment: engaging stakeholders in protecting privacy. Springer, Dordrecht, pp 323–346

    Google Scholar 

  • Spivey C (2005) Breathing new life into HIPAA’s UHID—Is the FDA’s green light to the VeriChip™ the prince charming sleeping beauty has been waiting for? DePaul J Health Care Law 9:1317–1342

    Google Scholar 

  • Sterling B (2005) Shaping things. MIT Press, Cambridge

    Google Scholar 

  • Thevissen PW, Poelman G, De Cooman M, Puers R, Willems G (2006) Implantation of an RFID-tag into human molars to reduce hard forensic identification labor, Part I: Working principle. Forensic Sci Int 159:33–39

    Article  Google Scholar 

  • Tzanou M (2010) The EU as an emerging surveillance society: the function creep case study and challenges to privacy and data protection. Vienna Online J Int Const Law 4:407–427

    Google Scholar 

  • US Department of Homeland Security (2006) The Use of RFID for Human Identity Verification, Data Privacy & Integrity Advisory Committee, Report No. 2006-02, Adopted 6 December 2006

    Google Scholar 

  • US Department of Homeland Security. The use of RFID for human identification: a draft report from dhs emerging applications and technology subcommittee to the full data privacy and integrity advisory committee, Version 1.0

    Google Scholar 

  • US Government Accounting Office (2005) Information security: radio frequency identification technology in the federal government

    Google Scholar 

  • van Kranenburg R (2008) The internet of things: a critique of ambient technology and the all-seeing network of RFID. Network Notebooks 02, Institute of Network Cultures

    Google Scholar 

  • Warwick K (2002) I Cyborg. Century

    Google Scholar 

  • Weber RH (2009) Internet of things—need for a new legal environment? Comput Law Secur Rev 25(6):522–527

    Article  Google Scholar 

  • Weber K (2005) The next step: privacy invasions by biometrics and ICT implants. ACM Ubiquity 7(45):1–18

    Google Scholar 

  • Welbourne E, Balazinska M, Borriello G, Brunette W (2007) Challenges for Pervasive RFID-based Infrastructure, PERTEC 2007, Workshop on pervasive RFID/NFC technology and applications. In: Fifth annual IEEE international conference on pervasive computing and communications—workshops (PerCom Workshops 2007), 19–23 March 2007, White Plains, New York, USA. IEEE Computer Society 2007, pp 388–394

    Google Scholar 

  • Werner M (2008) Google and ye shall be found: privacy, search queries, and the recognition of a qualified privilege. Rutgers Comput Technol Law J 34(1)

    Google Scholar 

  • Westin A (1967) Privacy and freedom. Atheneum, New York

    Google Scholar 

  • Whitman J (2004) Two western cultures of privacy: dignity versus liberty. Yale Law J. 113:1151–1221

    Article  Google Scholar 

  • Wilamovska A-M, Hatziandreu E, Schindler HR, van Oranje-Nassau C, de Vries H, Krapels J (2009) Study on the requirements and options for RFID application in healthcare, RAND Europe, Prepared for the Directorate General Information Society and Media of the European Commission

    Google Scholar 

  • Williams LC (2002) A discussion of the importance of key length in symmetric and asymmetric cryptography. SANS Institute, GIAC practical repository

    Google Scholar 

  • Willingham KM (2007) Scanning legislative efforts: current RFID legislation suffers from misguided fears. N C Bank Inst 11:313–341

    Google Scholar 

  • Wood DM (ed) (2006) A Report on the Surveillance Society

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Leiden University, Leiden, The Netherlands

    Demetrius Klitou

Authors
  1. Demetrius Klitou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Demetrius Klitou .

Rights and permissions

Reprints and permissions

Copyright information

© 2014 T.M.C. Asser Press and the author(s)

About this chapter

Cite this chapter

Klitou, D. (2014). Human-Implantable Microchips: Location-Awareness and the Dawn of an “Internet of Persons”. In: Privacy-Invading Technologies and Privacy by Design. Information Technology and Law Series, vol 25. T.M.C. Asser Press, The Hague. https://doi.org/10.1007/978-94-6265-026-8_7

Download citation

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation