Oh boy! The FDA has approved the same RFID technology that is used to identify pets for human implantation. This particular take on the technology over at Ars Technica is a bit off the mark, though… all an RFID does is broadcast an ID number. It’s up to whoever is doing the scanning to figure out what that ID number is for, and what database the ID number is a key to. It wouldn’t give someone a copy of your medical records unless they could look up any and all medical records in the first place. And if they can do that, they can probably look up your medical or financial records without the RFID ID number anyhow.
The real problem with RFID is the potential to assume that it alone will be proof of identity, as Social Security numbers and other “proof of identity” factoids are used today. Considering the boom in identity theft, it’s clear that simple measures of security such as a “secret” number (whether embedded in a microchip or not), is inadequate. Once that number is stored in multiple databases, it only takes one security slip-up for someone to rob your bank account, ruin your credit, or ransack your medical records.
RFIDs used to track inventory or even pets isn’t much of an issue. However, the use of RFIDs as any sort of ID, even some something as innocuous as a subway pass, is a bad idea. The ability for third parties to sniff out an RFID number from up to 20 meters away means that any of those numbers could be captured and duplicated in another RFID tag.
As always, security through obscurity (in the form of an implanted chip, in this case) is really no security at all.