Case Study: Chipped humans dismiss RFID privacy fears
Chip in dog is not news. Chip in human - that's news!
By Ellen Messmer, Network World, and Peter Judge, Techworld. | Network World US | Published: 01:00, 13 April 2005
Joseph Krull doesn't have a chip on his shoulder. But he has one in it.
The San Antonio security consultant is one of a small but growing number of people who have wireless chips implantedm to make personal information available to authorised parties with a radio frequency identification (RFID) scanner. In Krull's case, the chip was implanted two months ago so hospital staff could access his medical information quickly in emergency situations. Applied Digital and its subsidiary VeriChip got authorisation from the US Food and Drug Administration (FDA) last October to sell the chips for human implantation, and has put in about 1,000 chips so far.
Most of the publicised cases have the whiff of "publicity stunt" about them. This chipping technology is well proven on dogs, so it's no great technical breakthrough to use it on humans. It's tempting to speculate that this whole thing is a bid by the RFID industry to take attention from Criticisms of Wal-Mart's over-ambitions scheme, and the nascent state of management schemes to build RFID scanners into real IT systems.
However, some early adopters are considering the security issues seriously.
"I have a blown pupil, a detached retina, in my left eye from a skiing accident," says Krull, explaining his decision to have a physician with a syringe stick a chip in him under local anesthetic in what he described as a fairly simple procedure. "I'm supposed to wear a MedAlert bracelet because one of the indicators of a head injury is a blown pupil. One thing they might do in that kind of emergency is drill holes in your skull."
The thought of having holes unnecessarily drilled into his head, because of a misdiagnosis during a medical emergency, got Krull thinking about having a chip implanted after he heard about it during a conference in Spain. "I wanted to get chipped," he says. Krull can access his personal data stored online at VeriChip's portal and make any changes he wants by using a reader and a PIN code. Krull elected to store his medical information and address, phone numbers, fax and e-mail at the Web site.
His family - wife, sisters, nephews and nieces - was wary. "They said, 'Are you nuts?' They had a lot of questions, like will the chip be visible or is there a risk of rejection," Krull says.
The most obvious drawback is more simple: with so few humans chipped, it is extremely unlikely that emergency room staff will take the time to scan patients on the off-chance they may have RFID chips. If Krull finds himself in an accident, he's more likely to rely on staff reading his notes, or being conscious enough to tell them of his condition.
Security man dismisses privacy fears
While his family has grown relaxed about it all, "the biggest opposition is from people in my own field - security," Krull points out. Critics say the chip poses a huge privacy and security threat that will let the government and private-sector snoops get personal information.
Krull says he understands the point of view taken by some privacy advocates but contends there's little value in keeping information such as the condition of his eyeball a secret.
"It's entirely up to me what I put on my chip," he says. "I've been involved with authentication for 20 years, working with biometrics, and I was promoting the token. Now I am the token."
Fellow implantees include the attorney general of Mexico City and some of his staff, who were chipped to help identify them in the event that they become crime victims. Some are getting implants just for kicks - a nightclub in Glasgow, Scotland, called Bar Soba, offers to implant chips in its guests so the bar can prepare each patron's favorite drink the minute he walks in.
The doctor is chipped
Also getting a chip shot was John Halamka, the CIO at Beth Israel Deaconess Medical Center in Boston and Harvard Medical School and a practicing physician. Halamka got chipped last December in an experiment of his own making. The experiment is clearly designed for publicity, but publicity with the laudable aim of improving medical treatment by encouraging others to get chipped.
The outspoken CIO says he's had "no side effects, no pain, no change in muscle function and no migration of the chip" in the months it's been in him, despite rock and ice climbing where Halamka exposed himself to "extremes of temperature, wind, water."
Halamka decided to be a chip guinea pig as the result of experiences he had while working in emergency medicine at Harbor-UCLA Medical Center in Carson, California. Emergency care often put him in the situation of having to identify patients who were without ID documents and unconscious, non-verbal or mentally ill. That often involved picking out clues found in their belongings such as a clothing label.
"I would inevitably reunite the patients with their loved ones, but not before significant worry and possibly unwanted medical interventions had occurred," Halamka says.
In his CIO role Halamka is responsible for all clinical, financial, educational and research technologies for 3,000 doctors, 12,000 employees and 2 million patients. After the FDA approved the implantable chip, "I felt I was in a unique position to pilot the technology," Halamka says. "That means that when a scanner is passed within 6 inches of my arm, my medical identifier is displayed and can be used by authorised healthcare workers to retrieve information about my identity and medical history via a secure Web site."
Halamka emphasises his role at present is not that of chip advocate for hospitals but as a real-life test case. He says that Alzheimer's patients might benefit from RFID chips one day, as long as it's clear the patients gave informed consent to have a chip implanted.
The chip is expected to last at least 10 years based on pet experience. Halamka says it's safe for MRI scans, and he sees no evidence the chip can be deactivated through magnetic energy. "I have flown to several dozen cities since the implant and have not triggered any airline security systems," he notes. The chip is not a GPS.
The unique ID transmitted by the VeriChip human-implantable chip isn't encrypted, so it could be read by a compatible reader. But unauthorised reading of the chip doesn't disclose any specific health information, he adds, because that's on a closed Web site.
Privacy worries are real
However, Halamka says there are privacy concerns that should be addressed. He points out that an RFID scanner theoretically could record his presence while he was making a purchase, and on a repeat visit it would be possible to identify him and his previous purchases using that information for marketing purposes.
"Spam, generated by the presence of your body, is theoretically possible," he says. He says there's no legislation to preclude RFID scanning of an individual for anonymous tracking, which could be "analogous to the spyware and adware infecting our computers after surfing Internet sites." The potential for hacker abuse shouldn't be underestimated, he adds.
The security issue "must be understood as one of the risks of having an implanted identifier," Halamka says.
Nonetheless, he has listed his identifier as part of his medical record in the Beth Israel Deaconess medical record system, called CareWeb, so that a physician, with his consent, could enter the RFID tag information to retrieve his medical history.
"I have no regrets," Halamka says about the whole implant experience, even though removing the chip would require minor surgery. And he would consider upgrading himself with a new chip, too, should a better one come along.