Microchips implanted into the human body are an interesting alternative to e-ID documents. However, this technology implies a great potential for abuse. This article explains how chip implants work and describes the current state of the technology. Both the benefits and risks of chip implants will be covered. The article is presented by Klaus Schmeh, a neutral expert with long-standing experience in identification technology, with neither a business interest in chip implant technology nor an aversion to it.
Technically speaking a chip implant is a contactless microchip, which usually communicates via radio-frequency identification (RFID) with a terminal device. The electric field set-up for communication is also used for power supply, which means that a chip designed this way does not require a battery and is considered relatively maintenance-free. Further interesting technical considerations are covered in The Security Implications of VeriChip Cloning1.
Similar contactless chip solutions are used in e-Passports, in car keys and in physical access cards.
A chip implant can therefore be regarded as a (contactless) chip form factor. As contactless chip cards do not require physical contact with a terminal, they can be realised in virtually any form, for example key-like tokens, and integrated in many devices, such as wristwatches and smartphones. Integrating a chip directly into the human body represents a fascinating evolution of the technology. Chip implants are non-transferable, which eliminates the need of a portrait image to visually identify the bearer and it guarantees that the owner neither loses nor forgets their chip implant.
Chip implants are not a new technology, as they have been in use for animals for over 20 years. In fact, millions of chips have been implanted into animals ranging from dogs to cattle and even bears (see figure 1). This technology has been standardised in ISO standards 11784 and 11785. There are also many proprietary solutions on the market. In many countries, pet owners can register their animals in national chip databases in order to enable identification of dead or lost animals. Inside the European Union, dogs must be chipped by law, prior to border crossing. However, animal chips are not necessarily implants as they can also be worn as a piercing (e.g. in the ear), a variant certainly less suited for humans.
In 2002 the US company VeriChip Corporation (later renamed PositiveID) launched an interesting product, the VeriChip: a microchip meant to be implanted into the human body. This idea was not new as previously some technology freaks were implanting themselves with self-made chip prototypes; but now, for the first time, a solution intended for large-scale use was commercially available. While some regarded chip implants as fancy identity devices, others considered them horror tools. The media coverage was tremendous.
The technical capabilities of the VeriChip, the only implantable identification chip for humans on the market, proved to be underwhelming. The only function this product supports is providing a 16-digit number on request. This number is unique and therefore allows unambiguous identification of a chip. Generally, a chip implant can be applied in the same way as a contactless smart card. Although a chip implant has many potential applications, such as storage of electronic health data and electronic payment, no product currently on the market supports all these applications. With limited functionality, the VeriChip is hardly more than an implanted RFID tag analogous to an enhanced 2D barcode. RFID tags are considered an interesting future technology, which might one day replace barcodes in supermarkets and other logistics facilities. According to PositiveID, the VeriChip has the size of a grain of rice, which some may consider an understatement considering its length of 12 millimetres (see figure 2). The chip has almost the same design as the ‘home-again-chip’ produced by the pharmaceutical company Merck, which is in widespread use for cats and dogs.
Placement procedure and range
The VeriChip is usually implanted into the upper arm in the triceps of the recipient (see figure 3). The chip is not externally visible, and the implantation procedure is said to be similar to an ear piercing. Apart from the triceps, the VeriChip can be placed in the biceps or in the hand between thumb and index finger. Placement in the hand has the advantage that the chip can be easily moved close to a door or a keyboard. This is important because the chip (depending on the reader) can only communicate over short distances. Different types of readers offer effective reading ranges between 30 and 90 centimetres. Longer distances would be possible if the chip had a battery included, but this is not desirable for obvious reasons. Because of the short effective range, the VeriChip has only limited value in locating missing children or escaped prisoners, as there is no direct way to use satellites or mobile phone infrastructure for such a task. Such a strategy would be forced to rely on terminals in public areas with the hope that the chipped person will pass by closely enough for the signal to be picked up. An additional extension to this approach could employ NFC-enabled smartphones with an appropriate app to aid in implanted chip readout.
Advantages and disadvantages
One drawback of the VeriChip is its lack of cryptography support. This means that virtually anyone can read the identification number of a chipped person using a commercially available terminal. In addition, it is not very difficult to emulate a chip and its respective chip number. The VeriChip is therefore not suitable to be used as a key replacement for physical access control. In addition, it is not possible to store any information other than a number on the chip. Information such as blood type or money balance therefore must be stored in background systems. In a sense, an implanted VeriChip resembles a biometric attribute. Reading the chip corresponds to scanning a fingerprint or photographing the iris. However, a VeriChip has advantages over ordinary biometry. A read-out from the implant is significantly faster than biometric modalities and can be done wirelessly from a distance. Many other typical biometry problems, like the sheep-goat issue or hygienic concerns, are not encountered with chip implants, either. Perhaps most significantly, it is even possible to replace or revoke a chip, which is not possible with fingerprints or iris recognition.
Future chip implants could be used in a number of ways, such as proof of identity, proximity-based physical access and as a storage device. The question “does anybody have a USB stick handy?” would be obsolete in such a case. Other potential application areas may include electronic payment, time recording, storage of electronic health data, and cash withdrawal at ATM machines. In addition, chip implants could store cryptographic keys with which to conduct computations. In this case a chip implant could be used for authentication, digital signatures and encryption, which means that it might represent a full-fledged substitute for a smart card.
Unsuitable for e-ID substitute
Future chip implants might support password protection of the identification number. This method would require the serial number to be tattooed onto the skin of the chipped person (see figure 4) and is therefore impractical. This disadvantage of chip implants means that they can only be read with appropriate terminals which do not require visual confirmation of any chip specific information. This makes chip implants hardly suitable as a substitute for identity cards3, as additional information to the chip number is required for existing e-ID validation schemes, such as name and date of birth.
Compared to the millions of chipped animals, the number of humans bearing a chip implant is still remarkably small. There are hardly more than a few thousands of them, despite the significant efforts the VeriChip producer has taken in marketing this product. The first public action took place in 2003, where the VeriChip was planned to be used for payment on the ID World conference in Paris, France. However, this did not occur. In 2004 there were press reports of Mexican General State Attorney Rafael Macedo, who allegedly chipped 160 of his employees. Later reports indicated that this number was highly exaggerated, and research of the chip opponent Katherine Albrecht showed there were no more than 16 chipped employees. Macedo resigned from his office in 2005 and since then nothing more on this issue was reported. Another chip infrastructure in Mexico with an aim to locate kidnapped children was never realized.
Another early VeriChip customer was the disco Baja Beach in Barcelona, Spain. This establishment introduced chip implants for their VIP customers. Despite the extensive media coverage, no other competing nightclubs introduced the same practice. Instead, a decidedly less glamorous new application for chip implants arose in South East Asia. Following the tsunami disaster in 2004, victims were chipped by the authorities to prevent the casualties from being buried with a wrong identity and avert the need to be exhumed afterward. Similarly, in 2005 a Californian commission recommended using chip implants for corpses and corpse parts to eliminate the grisly illegal trade of human remains on the black market.
Later, the VeriChip Corporation started the most important application of their chips so far. The project included a database of a chipped person’s health data stored together with the chip number. This is nothing unusual, as many health cards worldwide do the same. However, these projects involve chips located on a smart card, and not in the human body. The VeriChip Corporation convinced about half a dozen hospitals to take part in the project. However, the information policy of VeriChip Corporation became quite restrictive regarding this issue and as a result nothing more on this project has been heard of in recent years. In 2007 a pilot project started where Alzheimer patients were equipped with a chip. As Alzheimer patients sometime have difficulty remembering their own names, let alone the medication they take, the benefits of an implant are evident as medical information stored in a background system can be made easily available to medical staff.
It goes without saying that the versatility of chip implants comes with several trade-offs. The potential for abuse is obvious. For example, implanted chips and their owners could be remotely tracked and even the implanted chips themselves pose a potential medical risk to the host. While seemingly far-fetched, a dictator may employ mandatory citizen chipping regiments or draconian employers may require enforcing chip implants for employees. While PositivID declared that they would never chip any person against their will, many think that this might be possible to circumvent in the future. While current chip implant projects may be harmless, greater adoption of the technology poses a greater potential risk of abuse. Civil liberties advocates argue that secret services or organised crime syndicates could chip persons without their knowledge using narcotics. Already there are claims from conspiracy theorists who claim they have been unwillingly chipped.
While these claims should not be taken 100% seriously, they do pose an interesting philosophical disadvantage to chip implants. What happens in the future when a criminal might inflict grievous bodily harm in the attempt to forcibly remove the chip of an implanted person? While advances in biometrics have mitigated the risks of finger amputation with live finger detection, this is not possible with current implant technology.
It comes to no surprise that there is considerable opposition against chip implants. “This just simply goes way too far outside the realm of what we believe in as a society”, Randall Marshall of the American Civil Liberties Union was quoted4. One now defunct website ‘We the People Will Not Be Chipped’ opposed chip implants. The site was closed due to rather suspicious circumstances citing “intense pressure from the adversary”5. Another protest group, named AntiChips.com, is still active. AntiChips.com is a subsection of Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN), an organisation opposing abuse of RFID chips in general, not only implants. The most prominent member of this organisation is the aforementioned Katherine Albrecht, who has written the book Spychips, which is considered the foremost reference publication in this field6. Due to the strong opposition, chip vendor PositiveID adheres to a very restrictive press policy. Many details about the VeriChip have never been published. Repeated queries for information and comment from PositiveID by e-mail and phone were ignored. VeriChip also faces religious opposition from Christians.
Chip implants are surrounded by mounting health concerns. In 2007, clinical lab results indicated that a mock-up of a VeriChip had caused cancer in test animals. As a consequence, the share price of VeriChip Corporation dropped by 40 percent. However, it is unclear whether this result can be applied to humans, as a rice-grain-sized foreign object is certainly more invasive in a mouse than in the human body. The results of the study were ambiguous anyway as the tumours mainly appeared in mice suffering from a disease that predisposes a higher risk of cancer, while the risk for healthy animals was about one percent. This cancer risk was not attributed to the (very weak) electromagnetic radiation of the VeriChip, but to mechanical influences. The company reacted by saying that in 2004 the VeriChip had received approval for human use from the Food and Drug Administration authority in the USA and that chip implants have been used millions of times for animals without a higher risk of cancer ever having been empirically proven outside clinical tests.
The critique directed at the VeriChip certainly has shown consequences. As of now, not enough people have been chipped to consider the VeriChip a commercial success. No major politician or employer has ever supported the use of chip implants. Regardless, the VeriChip appears harmless when compared to another chip implant, described in US patent US 2004174258: Method and Apparatus for Locating and Tracking Persons. According to the patent specification the ‘problem’ to be solved is that a chip implant below the skin can be easily removed. As a solution, it is suggested that the chip is placed in parts of the body that are much more difficult to reach, for instance in the uterus, in the digestive tract, or in the head (see figure 5). The chip proposed in the patent is not an RFID chip. Instead, it uses GSM for communication, and it features a GPS receiver. The power supply comes from a rechargeable battery, which is charged inductively, i.e. contactless. A typical usage scenario is the following: when a chipped person leaves a certain area, an alarm is triggered. It is even possible to include a function that starts an electrical shock in such a case.
In 2009 VeriChip Corporation was acquired by credit agency Steel Vault Corporation, which poses an interesting joining of forces. The name of the corporation was then changed to PositiveID. In spring 2010 PositiveID removed all information about the VeriChip from their website without explanation. Already in 2008 the VeriChip Corporation had announced another chip implant, the so-called GlucoChip. The GlucoChip is an implantable RFID chip equipped with a chemical sensor. Meant to be used by diabetics, it allows for measuring the blood sugar without needing to prick the bearer for blood analysis. The GlucoChip is based on the VeriChip and has the same size. However, it has a rather short operational life as it must be replaced every six months. Almost five years after its announcement the GlucoChip is still in the development phase and it is unknown if or when it will come to the market. In February 2012 PositiveID announced positive preliminary results from a study with the Diabetes Research Institute (DRI) at the University of Miami7, but this has not resulted in a product launch yet.
Chip opponents so far have shown no public reaction to the GlucoChip. If this device will work as announced it may prove very useful for diabetics. However, the GlucoChip seems to lack access protection. This means that the blood sugar value of the bearer can be read by virtually everybody. All that is necessary is an appropriate terminal that needs to be brought close enough to the bearer. It is not known if the GlucoChip uses an identification number. If it does, it could potentially be abused to identify persons.
In January 2012 it became known that VeriTeQ, a company founded by former PositiveID CEO Scott Silverman, acquired the VeriChip assets8. As it seems, VeriTeQ plans to continue marketing the VeriChip with a focus on using it for health care. However, the implanted chips are only a mandatory part of the solutions; other form factors (e.g. smart cards) are accepted as well. Not much is known about the future plans of VeriTeQ concerning the VeriChip. As of this writing VeriTeQ has declined to comment.
1 Halamka, J., Juels, A., Stubblefield, A. & Westhues, J. (2006). The Security Implications of VeriChip Cloning. Article in Journal of the American Medical Informatics Association. Vol. 13(6): 601–607. Available online: http://www.ncbi.nlm.nih.gov/pmc/articles/PMC1656959.
2 Doddington, G.R. (1998). Sheep, Goats, Lambs and Wolves – An Analysis of Individual Differences in Speaker Recognition Performance. Proc. of the ICSLP 1998, Sidney, Australia.
3 Schmeh, K. (2009). Elektronische Ausweisdokumente: Grundlagen und Praxisbeispiele, Hanser Verlag, 2009.
4 Laytner, L. (2008). VeriChip to Implant Alzheimer’s Patients. Meritum Media. Available online: http://www.meritummedia.com/health/verichip-to-implant-alzheimers-patients.
5 We The People Will Not Be Chipped:http://www.wethepeoplewillnotbechipped.com.
6 Albrecht, K. & McIntyre, L. (2005). Spychips: How Major Corporations and Government Plan to Track Your Every Move with RFID. Nelson Current, Nashville.
7 PositiveID Achieves Positive Preliminary Results From Diabetes Research Institute Study at the University of Miami. Press Release, February 13, 2012. No longer available online.
8 VeriTeQ acquires PositiveID’s VeriChip and Health Link web-based PHR. News Medical January 18, 2012. Available online: http://www.news-medical.net/news/20120118/VeriTeQ-acquires-PositiveIDs-VeriChip-and-Health-Link-web-based-PHR.aspx.
Klaus Schmeh is a consultant at cryptovision, where he focuses on the cryptographical aspects of e ID documents. Klaus is the author of Elektronische Ausweisdokumente, currently the world’s only book on electronic identity documents. He has written 20 other books and 400 articles, mainly on IT security and cryptography.