Much has been written about wearable devices – from body cameras to bodily functions; however, a recent article about workers at Wisconsin-based Three Square Market who got tiny rice-sized microchips embedded in their hands to dispense with company badges and corporate logons (www.securityinfowatch.com/12354169), got me thinking.
Three Square Market – a vending machine company (also called 32M) – says it is the first U.S. company to provide the technology to its employees. Akin to a proximity card, the chip contains a unique serial number which associates the user with their software, which then performs the requested function. Those employees interested in the technology – but not the implant – can place the microchip in an RFID wristband or an RFID/Near-Field Communication Smart Ring.
32M says their chip will allow easy payment for vended products, door access, computer login and copy machine use. The supplier – Biohax International, a Swedish company founded in 2013 – is propagating the technology in its own country with several thousand implants, and has coined the term “The Internet of Us”.
Embedded Chips: A History
In 2004, the Food and Drug Administration (FDA) approved the use of embedded chips in humans as an identity credential for access to individual medical records. The chip company driving this move, Applied Digital Solutions (Delray Beach, Fla.), with its VeriChip, had its eyes on security access control applications.
The chip, about the size of a grain of rice, was a form of RFID tag, operating between 125 and 135 KHz and encapsulated in glass. The technology had been used for years in pet implants for ID purposes, but published papers regarding laboratory research on tumors in pets and state legislation curtailed the human market; in fact, VeriChip was shut down in 2008.
Although such devices are still widely used for pets, not all pet owners are happy. The website www.chipmenot.org encourages people to avoid the technology for their pets, saying the site “is dedicated to the brave animals who have passed away from microchip implants. The corporations that market these products know the risks, but have hidden them from the public.”
Still, an implant kit from Amazon, for use by a veterinarian, can be purchased for $13.99 plus registration fees. For adventurous human implant DIYers, Dangerous Things (www.dangerousthings.com) offers a $99 kit that includes its xNT implantable NFC tag, encased in a 2x12mm cylindrical sterile biocompatible implant package, with supporting medical and first aid supplies.
A number of issues arise with this technology:
Is it secure? Android apps such as the MIFARE Security Tool and others can read NFC tags, so they must rely on encryption and authentication. Suppliers say information is encrypted, but how strong is the encryption? If a chip is cloned, how does a system verify that the wearer is the original? Once you add another factor of authentication, such as a PIN, it immediately reduces the convenience of the implant.
User acceptance. If concerns persist about the safety of device in animals – valid or not – a percentage of people will want no part of it. Removal is said to be akin to removing a splinter, but you can see a splinter and can remove it with a sterilized needle and tweezers – I doubt an implant would be as easy, although it is probably easier than getting an ill-advised tattoo removed.
Religious overtones/objections. Believe it or not, some consider the chip implant a manifestation of the Mark of the Beast, mentioned in the Bible’s Book of Revelation: “If any man worship the beast and his image, and receive his mark…the same shall drink of the wine of the wrath of God…” (14:9-10).
Tracking and privacy. Some worry about privacy concerns, such as the devices becoming GPS trackers. 32M says in a video interview (http://youtu.be/foawinz40AI) that the chips are passive devices that are not powered, which is what GPS requires for tracking. On the flip side, if people who refuse to evacuate in an impending emergency are counselled to write their Social Security Numbers on their arms to aid in identification (as was the case in Texas in preparation for Hurricane Harvey), implanted ID chips would save them the trouble.
Editor’s Note: Read more debate from industry experts on why implantable RFID chips will not be the future of access control in this exclusive SecurityInfoWatch.com roundtable: www.securityinfowatch.com/12355500.
Odds of Deployment
This appears to be more smoke than fire – a sexy idea that the media has picked up and sensationalized. The sheer number of deployments appears modest, and the issues that persisted 10 years ago likely remain present today. Other biometric and wearable technologies pose fewer barriers.
That said, a game-changer that might bring this type of technology mainstream is the widespread adoption of biosensors that continually monitor parameters within the body, transmitting on demand. A 2015 article in EE Times (http://www.eetimes.com/document.asp?doc_id=1326697) discusses implanted biosensors that can be wirelessly charged, stating “the sensor can measure pH, temperature and amounts of metabolism-related molecules such as glucose, lactate and cholesterol, as well as drugs.”
Research continues on efforts to detect certain substances in biological liquids and bio-chemicals, and to transform biological information into an understandable digital signal for external transmission. This would add a second authentication factor – i.e., something you are (biometric) to the “something you have” chip. Such sensors could uniquely identify the person and the ID function could ride along. This would likely address the security issue, but would require cooperation between the medical and security communities.
Also, while people might desire the ability for their healthcare provider to access real-time body information, they may be quite hesitant to allow its use for anything else. In any event, I think that the discussion at this point is theoretical and those decisions are years away.
I’ll put my money on the biometric technologies – such as facial recognition – that have greatly advanced and are being deployed in the market today. Apple’s recent announcement of facial recognition in the new iPhone X is sure to speed things along, although we are likely in for a period of debugging by the mass market.
Ray Coulombe is Founder and Managing Director of SecuritySpecifiers and RepsForSecurity.com. Reach him at [email protected], through LinkedIn at www.linkedin.com/in/raycoulombe or follow him on Twitter, @RayCoulombe.