To Chip or Not to Chip

With new technological advancement there is the opportunity for misuse. From nuclear fusion came the atomic bomb and from widespread internet access came the age of the online predator. Now thanks to the amazing breakthroughs in micro possessing there is the RFID or Radio Frequency Identification which is a microchip smaller than a grain of rice. It sends out a radio signal with anything from an account number to security clearance. The chip has no internal power supply and must receive power from a reader. A reader a device that sends out electrons to power the chip and then it receives the signal from the chip. It has recently been approved for use in humans by the FAA and is implanted just under the skin of the arm. The code on the chip can store anything from security clearance, bank accounts, and medical information. While this new technology seems to be comprehensive, it still has some major flaws and needs improving. The signal the chip sends out is not encrypted and there are not enough laws regulating their use or misuse in humans. As advanced as this technology is, it still has a lot of improvements before it should be approved for mass production.

The RFID makes it easier to enter a secure building by walking up to the reader and passing the arm with the implant in front of it, but it also makes it easier to copy. With a signal being sent out continuously, “…you are effectively broadcasting who you are to anyone within range” with a reader anyone can purchase online, states Bruce Schneier, a security expert with Counterpane Internet Security Inc in an interview with Daniel Sieberg from CNN(Sieberg). This broadcast can be copied and duplicated allowing access to anything that was stored on the RFID. Some companies have voluntarily began using the RFID’s to replace security officers and password systems; however, without these measures in place anyone can access restricted areas with duplicated codes. An example of how easy it is to record the information was addressed in a resent addition of Wired magazine by Annalee Newitz. During the interview Jonathan Westhues demonstrates how the process is completed after walking past someone with the chip.

"The coil in Westhues' hand is the antenna for the wallet-sized device he calls a cloner, which is currently shoved up his sleeve. The cloner can elicit, record, and mimic signals from smartcard RFID chips. Westhues takes out the device and, using a USB cable, connects it to his laptop and downloads the data from Van Bokkelen's card for processing. Then, satisfied that he has retrieved the code, Westhues switches the cloner from Record mode to Emit. We head to the locked door….He waves the cloner's antenna in front of a black box attached to the wall. The single red LED blinks green. The lock clicks. We walk in and find Van Bokkelen waiting." (Newitz)

RFID chips can store many different types of information, but with it all in one place it makes it easier for hacker to access it. While the ability of these chips to store passwords and bank accounts sounds convenient, it is a hacker's dream come true. In one simple step an unscrupulous person can access the account information and passwords just by walking past. Most RFID’s send out a signal and “…the data on the tags can be read by equipment from a few inches to several feet away -- and sometimes a bit farther.”(Sieberg) Only the most expensive RFID’s send an encrypted signal, so the majority of the chips send unsecured information.

A chip that continuously sends out a signal gives anyone with the ability to read the chip the opportunity to track people’s movements. With strategically placed readers in hallways and at each door, employers can know the location of any employee at all times. This is a major violation of privacy. Who wants their employer to know how much time they spent in the restroom or why the employee spent ten minutes talking to their friend over in accounting instead of working? Lukas Grunwald a German security expert created a program called RFDump that alters or recodes the chips. By adding software or cookies hackers and ever employers have the ability to track when the chip is used.

“He (Grunwald) programmed RFDump with the ability to place cookies on RFID tags the same way Web sites put cookies on browsers to track returning customers. With this, a stalker could, say, place a cookie on his target's E-ZPass, then return to it a few days later to see which toll plazas the car had crossed…”(Newitz)

One of the claimed benefits of the chip is the ability of hospitals and medical providers to use it when normal communication with a patience is unavailable like a car accident or a comma, but the process is complex and most healthcare providers do not know about the chip. The manufacture of the only manufacture of a chip that can be used in humans “VeriChip” claims that the implanted chip can store a personalized code to give hospitals a person’s medical information “Using a handheld reader, healthcare professionals are able to securely access a patient's unique VeriChip ID number which can be looked up in a designated secure healthcare information database, allowing them to immediately take the safest course of action.” ("VeriChip") Unfortunately, many hospitals are not equipped to scan the chip and many doctors do not think to look for the RFID chip.(Sieberg) The “VeriChip” site did not list any hospitals that currently use the database for its patents. This could be an excellent use of the chip; however, each hospital has to have access to the database of the issuing RFID chip company.

The operation to implant the chip is invasive and painful. Newitz voluntarily had the procedure done and talked about the experience, “Allan Pantuck, a young surgeon….is inspecting an anesthetized area on the back of my upper arm. He holds up something that looks like a toy gun with a fat silver needle instead of a barrel…. Pantuck pierces my skin with the gun, delivering a microchip and antenna combo the size of a grain of long rice.”(Newitz) The chip has to be inserted under the skin, yet with any implant there is the risk of infection and rejection by the body.

The RFID implant has amazing potential, yet it is still in its infancy. The security issues involving the chip are its biggest flaw. One day the chip will have the necessary security to enable it to have widespread applications. Until then I will not be laying my arm out to have the procedure. John Proctor, director of communications for VeriChip says it best in a quote from Wired Magazine when he downplayed the issue of copying the information from the chip. “‘VeriChip is an excellent security system, but it shouldn't be used as a stand-alone," he says. His recommendation: Have someone also check paper IDs.’”(Newitz) The FAA has approved the RFID chip for use in humans, yet it must be improved before it should be used in humans.

Websites
Newitz, Annalee. "The RFID Hacking Underground ." Wired. May/2006. 22 May 2007 .
Sieberg, Daniel . "Is RFID tracking you?." CNN. 23/Oct/2006. 22 May 2007 .
"VeriMed." VeriChip Corp.. 23 May 2007 .