FDA approves implanted RFID chip for
10/13/2004 12:24:47 PM, by Hannibal
In the category of unbelievably bad ideas that we all knew were
making their way toward reality whether we like it or not comes the news
the FDA has just approved VeriChip’s implantable RFID chips for use in
humans. These are the same chips that we’re currently using to identify
our pets. VeriChip is touting the chips’ medical applications, as a way
of potentially saving lives by storing medical data.
Silently and invisibly, the dormant chip stores a code — similar
the identifying UPC code on products sold in retail stores — that
releases patient-specific information when a scanner passes over the
chip. At the doctor’s office those codes stamped onto chips, once
scanned, would reveal such information as a patient’s allergies and
The FDA in October 2002 said that the agency would regulate health
care applications possible through VeriChip. Meanwhile, the chip has
been used for a number of security-related tasks as well as for pure
whimsy: Club hoppers in Barcelona, Spain, now use the microchip much
like a smartcard to speed drink orders and payment.
In case it’s not immediately obvious to you why you wouldn’t want to
walk around in public broadcasting your financial and/or medical
information to anyone with an RFID reader, Bruce Schneier spells it all
out for you in a
on the Bush administration’s plans to push for RFID-based passports.
Here’s a nice chunk of it, but you should read the whole thing.
These chips are like smart cards, but they can be read from a
distance. A receiving device can "talk" to the chip remotely, without
any need for physical contact, and get whatever information is on it.
Passport officials envision being able to download the information on
the chip simply by bringing it within a few centimeters of an
Unfortunately, RFID chips can be read by any reader, not just the
ones at passport control. The upshot of this is that travelers carrying
around RFID passports are broadcasting their identity.
Think about what that means for a minute. It means that passport
holders are continuously broadcasting their name, nationality, age,
address and whatever else is on the RFID chip. It means that anyone
with a reader can learn that information, without the passport holder’s
knowledge or consent. It means that pickpockets, kidnappers and
terrorists can easily–and surreptitiously–pick Americans or nationals
of other participating countries out of a crowd.
It is a clear threat to both privacy and personal safety, and
simply, that is why it is bad idea. Proponents of the system claim that
the chips can be read only from within a distance of a few centimeters,
so there is no potential for abuse. This is a spectacularly naive
claim. All wireless protocols can work at much longer ranges than
specified. In tests, RFID chips have been read by receivers 20 meters
away. Improvements in technology are inevitable.
Do you really want to walk in and apply for a job knowing that
you’re broadcasting details about a heart condition/HIV
infection/cancer history/etc. to everyone within 20 meters, including
the people who are considering whether or not to hire you and pay your
medical insurance and sick leave? Do you really want to walk down a
crowded street broadcasting financial data of any kind to God knows
who? Is it really a good idea to broadcast personal identification
information to anyone and everyone, when identity theft is one of the
country’s fastest growing crimes?
All "Mark of the Beast"-type stuff aside, this makes about zero sense
from a security and privacy perspective. You can make all the tinfoil
hat jokes you like, but I’m with Bruce Schneier in concluding that the
only use for this technology that makes real sense is what Wal-Mart
wants to use it for by putting it on their products, namely
surveillance and tracking. (Of course, in Wal-Mart’s case, they’re
obviously tracking inventory and not people… so far.)