General security

Human-implanted RFID chips

Daniel Dimov
April 17, 2014 by
Daniel Dimov

In 1945, Léon Theremin, a Russian inventor, invented one of the first covert listening devices, also known as "bugs." The device was a predecessor of the Radio-frequency identification (RFID) technology. RFID technology can be defined as the wireless non-contact use of radio-frequency electromagnetic fields to transfer data with the aim to automatically identify and track tags attached to objects.

At present, RFID technology is used in many industries. For example, identification badges containing RFID tags are used as anti-shoplifting technology. RFID tags attached to automobiles during the production process allow the auto producers to track the progress of the automobiles through the assembly line. RFID tags are placed on casino chips in order to detect counterfeit chips and mistakes of dealers. Cows and other livestock may carry injected RFID tags which allow the identification of the animals.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

This article describes RFID systems (Section 2). Afterwards, it discusses the application of human-implanted RFID chips (Section 3) as well as the security concerns related to such chips (Section 4). Next, the pros and cons of human-implanted RFID chips are examined (Section 5). Finally, a conclusion is drawn (Section 6).

RFID systems

The RFID systems consist of two parts, namely, transponder and detector. The transponder transfers data to the detector. The detector reads the data transferred by the transponder and/or modify the data in the transponder.

The transponder is located on the object to be identified. Depending on the design of the technology, the detector can be either read or write device. The transponder normally does not have its own battery. Therefore, if the transponder is not within the response range of a detector, the transponder is passive. The energy required for the activation of the transponder comes from the detector.

The size of the transponder can be the same as the size of a grain of rice. Human-implanted transponders are injected by using hypodermic injection apparatus. Despite its small size, the transponder can contain information, including, but not limited to, information about health, identity, nationality, and psychological characteristics of the person concerned.

The application of human-implanted RFID chips

On 31st of July 1997, the United States Patent and Trademark Office granted to four inventors a patent for "Personal tracking and recovery system." An excerpt of the abstract of the patent reads as follows.

"Apparatus for tracking and recovering humans utilizes an implantable transceiver incorporating a power supply and actuation system allowing the unit to remain implanted and functional for years without maintenance."

The patented device can be used as a safeguard against kidnapping and to facilitate prompt medical dispatch in the event of heart attack or similar medical emergency. The patent was an indicator for the approaching application of human-implanted RFID chips.

On 24th of August 1998, Professor Kevin Warwick became the first human being to be implanted with an RFID chip. The transponder implanted into the hands, allowed Professor Warwick to interact with "intelligent" buildings. For example, by using the transponder, he was able to open doors that previously required smart card access. He was also able to turn on lights simply by entering into the room. Professor Warwick carried the implanted device for nine days. He stated that in future experiments, the implants needs to be placed "nearer to the brain - into the spinal cord or onto the optic nerve, where there is a more powerful setup for transmitting and receiving specific complex sensory signals."

In 2002, Wired Magazine stated that Nancy Nisbet, a Canadian artist, implemented RFID chips into her hands. Ms. Nisbet purchased the chips from a veterinary clinic. The chips were normally used to identify livestock and pets. Nancy modified her computer mouse to incorporate a scanner to pick up the signals emitted by the transponder. Thus, she was able to monitor her Internet use. Nancy stated in relation to her implant, "It's a way of connecting physical and virtual space and tracking my relationship with my computer."

In 2004, the U.S. Food and Drug Administration (FDA) approved the use of VeriChip, a human-implantable microchip. VeriChip was normally implanted between the shoulder and elbow area of an individual's right arm. When scanned by a detector, VeriChip sends to the detector a unique 16-digit number. The number can be linked to information about a user stored in a database. The information in the database may include, for example, identity information and medical records. The insertion of the device is done by a physician who uses local anesthetic. The manufacture of VeriChip was stopped in 2010.

It should be noted that the FDA discussed the potential risks to health associated with VeriChip. In a document published in 2004, the FDA stated as follows.

"The potential risks to health associated with the device are: adverse tissue reaction; migration of implanted transponder; compromised information security; failure of implanted transponder; failure of inserter; failure of electronic scanner; electromagnetic interference; electrical hazards; magnetic resonance imaging incompatibility; and needle stick."

In 2004, the owner of a nightclub in Barcelona, Conrad Chase, started offering implanted chips in his nightclub. By using the implanted chips, the customers were able to pay for drinks. Simon Morton, BBC Science producer, implanted the transponder offered by the nightclub. In relation to the pain of the insertion, Mr. Morton said, "Having the chip inserted was a breeze, no real pain to report of."

Security concerns related to the use of human-implanted RFID chips

There are two main security concerns related to the use of RFID chips, namely, the infection with computer viruses (Section 4.1) and cloning (Section 4.2). These two security concerns are examined in more detail below.

4.1 Infection with computer viruses

If infected by computer viruses, implanted RFID transponders may affect the detectors who receive information from the infected transponders. In this regard, it is worth mentioning an experiment conducted by Dr. Mark Gasson, a senior research fellow at University of Reading.

Dr. Gasson inserted a RFID chip under the skin between his thumb and first finger. Then, he intentionally infected the implanted chip with a computer virus. When he used the transponder to gain access to secure building, the virus was transferred and corrupted the computer system of the secure building. Then, any other device trying to access the computer system of the secure building was potentially at risk of being infected with the virus.

It should be noted that transponders could be easily infected with computer viruses by detectors containing such viruses. For example, in one of his experiments, Dr. Gasson infected with a virus a computer system securing building access using smart card or RFID devices. Subsequently, the computer system was able to transfer the virus to transponders.

4.2 Cloning of RFID chips

In 2006, Jonathan Westhues published an article in which he explained how he cloned a VeriChip. In particular, Mr. Westhues used a hand-held device using batteries to clone the information stored on a VeriChip transponder. The device needs to be put close to the person with the implanted transponder. The cloning process lasts a couple of seconds.

Mr. Westhues stated that VeriChip is built with no attempt at security, and, therefore, is not very difficult to clone. Mr. Westhues further pointed out that the biggest security feature of VeriChip is the very short read range of the detector, which is restricted by the tiny antenna. The risk of cloning is very low as long as the user of VeriChip stays at least a foot away from unsecured person or objects.

The pros and cons of human-implanted RFID chips

The supporters of human-implanted RFID chips believe that such chips will allow the governments to locate fugitives, witnesses of crimes, and missing persons. The authorities of Indonesia's province Irian Jaya even discussed the use of implanted RFID chips for the monitoring of persons infected with HIV. Such a monitoring will allow the authorities to act in case that some of the monitored people conducts activities that may lead to infection of other people. Probably because the existing human-implanted RFID chips do not allow GPS tracking, the authorities of Irian Jaya did not adopt legal provisions concerning the use of RFID chips. However, in the future GPS implants can be created. The appearance of such implants may renew the discussions concerning tracking of HIV-infected people.

The opponents of human-implanted RFID chips argue that such chips are associated with security risks, cause health problems, contradict to religious doctrines, and may be forcefully implemented in employees. The security risks of such devices have been already discussed in this article. In relation to health problems, the aforementioned paragraph from a document of FDA clearly indicates the risks for the health caused by RFID chips. Moreover, the opponents state that the use of human-implanted RFID chips may lead to cancer. These allegations are based on scientific studies carried out from 1996 to 2006. The studies found that lab mice and rats injected with microchips sometimes developed cancerous tumors around the microchips.

In relation to the religious doctrines, many Christians believe that the implantation of chips may be fulfillment of the prophecy of the mark of the beast mentioned in the Book of Revelation of the New Testament. The Book of Revelation states that the devil will force "all people, great and small, rich and poor, free and slave, to receive a mark on their right hands or on their foreheads, so that they could not buy or sell unless they had the mark, which is the name of the beast or the number of its name." It is also worth mentioning that, according to the Islam, body modifications constitute "haram," an Arabic term meaning "forbidden." This is because such modifications involve changing the body, a creation of Allah.

Pertaining to the forceful implantation of RFID chips, it should be pointed out that, in June 2004, a former attorney general in Mexico required eighteen employees to implement chips allowing them to access a sensitive records room. In order to prevent employers from requiring their employees to implement RFID chips, several U.S. States adopted laws prohibiting forced microchip implants in humans. These states include Wisconsin, North Dakota, California, Georgia, and Virginia.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Conclusion

The convergence of various scientific fields, such as artificial intelligence, biotechnology, cognitive science, information technology, and robotics will probably increase the application of human-implanted microchips, including RFID chips. The new human-implanted microchips will provide people with opportunities for new business and social interactions. However, they will introduce challenging legal, security, medical, ethical, and religious questions. In order to avoid unexpected surprises, individuals wishing to implant RFID chips need to evaluate carefully the various implications of such chips.

Sources

  • The Spychips Threat: Why Christians Should Resist RFID and Electronic Surveillance
  • "Barcelona clubbers get chipped", BBC News, 29 September 2004
  • Human ICT Implants: Technical, Legal and Ethical Considerations
  • RFID in Logistics: A Practical Introduction
  • The convergence of biological and computer viruses
  • RFID Security: Techniques, Protocols and System-On-Chip Design
  • Implantable RFID Chips: Security versus Ethics", in: The Future of Identity in the Information Society: Proceedings of the Third IFIP WG
  • Humancentric applications of RFID implants: the usability contexts of control, convenience and care
  • Uberveillance and the Social Implications of Microchip Implants: Emerging Technologies
  • Privacy in the 21st Century," Martinus Nijhoff Publishers
  • This Pervasive Day: The Potential and Perils of Pervasive Computing", World Scientific, 2012.
  • Scheeres, J., "New Body Art: Chip Implants"
  • Warwick, K., "Cyborg 1.0," Wired, Issue 8.02, February 2000
  • Demo: Cloning a Verichip
Daniel Dimov
Daniel Dimov

Dr. Daniel Dimov is the founder of Dimov Internet Law Consulting (www.dimov.pro), a legal consultancy based in Belgium. Daniel is a fellow of the Internet Corporation for Assigned Names and Numbers (ICANN) and the Internet Society (ISOC). He did traineeships with the European Commission (Brussels), European Digital Rights (Brussels), and the Institute for EU and International law “T.M.C. Asser Institute” (The Hague). Daniel received a Ph.D. in law from the Center for Law in the Information Society at Leiden University, the Netherlands. He has a Master's Degree in European law (The Netherlands), a Master's Degree in Bulgarian Law (Bulgaria), and a certificate in Public International Law from The Hague Academy of International law.