The surprising truths and myths about microchip implants
Microchip implants, now being offered to workers by some companies, do come with risks, but not the ones you might imagine.
By Richard Gray
2 August 2017
The tiny bump on the back of Dave Williams’ hand is barely noticeable — most people would miss the rice-grain-sized lump between his thumb and forefinger at first. It is only when the 33-year-old opens his front door with a wave of his hand that it becomes clear something strange is going on.
Embedded under Williams’ skin is a microchip implant — an electronic circuit inside a pill-shaped glass capsule — that can be used much like a contactless credit card.
An x-ray image of Dr. Mark Gasson's left hand shows how small microchip implants can be (Credit: Mark Gasson)
Williams, a systems engineer at software firm Mozilla, is one of a growing number of so-called “biohackers” who are choosing to augment their bodies with technology. In Williams’ case, he chose to implant a radio frequency identification (RFID) chip into his hand out of curiosity.
The procedure has essentially turned him into a walking contactless smart card. By registering the tag with a variety of devices, he can use it to trigger certain functions, such as transferring his contact details to a friend’s mobile phone.
Another level of convenience
“I have the world's worst memory,” says Williams. The fact that he now has a gadget on him at all times that opens doors and unlocks his computer — one that he can’t leave at home or forget — is a huge advantage. “It's also fun to give someone my number and email address by touching their phone to my hand.”
Visitors discuss microchip implants at the June 2017 Wear-it wearables festival in Berlin (Credit: Adam Berry/Getty Images)
This new level of convenience is one of the biggest draws for those installing implantable RFID implants, and the number of people experimenting with the devices is growing. One manufacturer of the chips, Dangerous Things, told CNBC last year that it had sold more than 10,000 of them, along with the kits needed to install them under the skin. But as they become more widespread, concerns are growing about what the trend might mean for personal privacy and security.
This week, a vending machine company based in River Falls, Wisconsin, announced that it is offering to implant chips into its employees’ hands. Three Square Market says a $300 (£230) chip will allow workers to open doors, log in to computers and even purchase food in their canteen. Already 50 employees have signed up to have an implant.
Gasson's 12mm x 2mm implant, encased in glass, next to a match stick (Credit: Paul Hughes)
They’re not the only ones to do so. Cincinnati-based video surveillance firm CityWatcher embedded the gadgets under the skin of two employees in 2006, and technology incubator EpiCentre said it would be offering the chips to its members in Stockholm earlier this year.
BioHax International, which is supplying the chips to Three Square Market, says dozens of other firms around the world — including some multinationals — are looking to implement similar schemes in their workplaces.
The trend has sparked alarm over whether wireless implants could be used to keep tabs on employees by tracking their movements, and civil liberties groups warn they could be used intrude upon privacy in other ways. Many of those already working with the implants, however, are baffled by this concern.
The tech is nothing new
“It is pretty easy to pick up this kind of information on a person without an implant,” says Kevin Warwick, a professor of cybernetics and deputy vice-chancellor at Coventry University, who became one of the first people in the world to have an RFID chip surgically implanted into his forearm in 1998.
Many of those using implants shrug off concerns about surveillance (Credit: Paul Hughes)
RFID technology is already attached to cargo, aeroplane baggage and products in shops. It’s used to microchip pets. Many of us carry it around with us all day in our wallets: most modern mobile phones are equipped with RFID, as are contactless cards, many metropolitan travel cards, and e-passports.
Mobile phones are much more dangerous to our privacy
It’s not a huge leap from having this technology in our pockets to having it under our skin. “The key point is It should be a choice for each individual,” cautions Warwick. “If a company says we will only give you a job if you have such an implant, it raises ethical issues.”
It is also worth remembering almost all of us carry a device with us every day that sends far more information about our movements and daily behaviour to companies like Google, Apple and Facebook than a RFID implant ever could.
Microchip implants can be used for everyday tasks such as unlocking a phone or tapping into an office building (Credit: Adam Berry/Getty Images)
“Mobile phones are much more dangerous to our privacy,” says Pawel Rotter, a biomedical engineer at AGH University of Science and Technology in Kraków, Poland. “If hacked, phones can convert into the perfect spy with microphones, cameras and GPS. Compared to them, the privacy risks from RFID are really small.”
Surveillance concerns about the chip on the back of his hand don’t worry Dave Williams as it can only be activated if placed a few centimetres from a reader. “Fears of GPS-style tracking are strictly science fiction at this point,” he says. He is also keen to emphasise that the procedure to implant it isn’t as gruesome as some might imagine.
It was actually a surprisingly violating experience
Williams installed his chip himself, using plenty of iodine to keep everything sterile. “There was almost no pain at all,” he says. “Removing the tag will be a little harder, but with a scalpel and pair of tweezers it's not a huge job.”
Hacking and security concerns, however, are less easily hand-waved away. RFID chips can only carry a minuscule 1 kilobyte or so of data, but one researcher at Reading University’s School of Systems Engineering, Mark Gasson, demonstrated that they are vulnerable to malware.
A surgeon injects the glass encased implant into Gasson's left hand (Credit: Paul Hughes)
Gasson had an RFID tag implanted in his left hand in 2009, and tweaked it a year later so that it would pass on a computer virus. The experiment uploaded a web address to the computer connected to the reader, which would cause it to download some malware if it was online.
“It was actually a surprisingly violating experience,” says Gasson. “I became a danger to the building’s systems.”
While regular workplace entry cards can be hacked too, the very attribute of an RFID implant that makes it so convenient — the fact that it can't be forgotten or left at home — is also its biggest drawback. When a subcutaneous gadget goes wrong, the experience can be far more harrowing.
“Implantable technology can’t be easily removed or in this case even switched off,” Gasson says. “I felt like the implant was a part of my body, so there was a real feeling of helplessness when things aren’t right.”