RFID is really getting under people's skin

Joseph Krull doesn't have a chip on his shoulder. But he has one in it.

The San Antonio security consultant is one of a small but growing number of people who essentially turn themselves into wireless network nodes for the sake of making personal information available to authorized parties with the wave of a radio frequency identification (RFID) scanner.

In Krull's case, the chip was implanted two months ago so hospital staff could access his medical information quickly in emergency situations. Others are "getting chipped," as those in the know call it, for everything from entertainment to personal safety.

Krull's chip is basically the same kind of RFID-based technology that's been used for years to tag dogs so they can be identified if lost, except the human chip works on a different radio frequency.

Since Applied Digital, on behalf of its subsidiary VeriChip, got authorization from the U.S. Food and Drug Administration (FDA) last October to sell the chips for human implantation, about 1,000 chips have gone live.

"I have a blown pupil, a detached retina, in my left eye from a skiing accident," says Krull, explaining his decision to have a physician with a syringe stick a chip in him under local anesthetic in what he described as a fairly simple procedure. "I'm supposed to wear a MedAlert bracelet because one of the indicators of a head injury is a blown pupil. One thing they might do in that kind of emergency is drill holes in your skull."

The thought of having holes unnecessarily drilled into his head, because of a misdiagnosis during a medical emergency, got Krull thinking about having a chip implanted after he heard about it during a conference in Spain. "I wanted to get chipped," he says.

His family -- wife, sisters, nephews and nieces -- was wary.

"They said, 'Are you nuts?' They had a lot of questions, like will the chip be visible or is there a risk of rejection," Krull says.

Now officially human No. 1020000000, Krull can access his personal data stored online at VeriChip's portal and make any changes he wants by using a reader and a PIN code. Krull elected to store his medical information and address, phone numbers, fax and e-mail at the Web site.

While his family has grown relaxed about it all, "the biggest opposition is from people in my own field - security," Krull points out. Critics say the chip poses a huge privacy and security threat that will let the government and private-sector snoops get personal information.

Krull says he understands the point of view taken by some privacy advocates but contends there's little value in keeping information such as the condition of his eyeball a secret.

"It's entirely up to me what I put on my chip," he says. "I've been involved with authentication for 20 years, working with biometrics, and I was promoting the token. Now I am the token."

Fellow implantees include the attorney general of Mexico City and some of his staff, who were chipped to help identify them in the event that they become crime victims. Some are getting implants just for kicks - a nightclub in Glasgow, Scotland, called Bar Soba, offers to implant chips in its guests so the bar can prepare each patron's favorite drink the minute he walks in.

The doctor is in

Also getting a chip shot was John Halamka, the CIO at Beth Israel Deaconess Medical Center in Boston and Harvard Medical School and a practicing physician. Halamka got chipped last December in an experiment of his own making.

The outspoken CIO says he's had "no side effects, no pain, no change in muscle function and no migration of the chip" in the months it's been in him, despite rock and ice climbing where Halamka exposed himself to "extremes of temperature, wind, water."

Halamka decided to be a chip guinea pig as the result of experiences he had while working in emergency medicine at Harbor-UCLA Medical Center. Emergency care often put him in the situation of having to identify patients who were without ID documents and unconscious, non-verbal or mentally ill. That often involved picking out clues found in their belongings such as a clothing label.

"I would inevitably reunite the patients with their loved ones, but not before significant worry and possibly unwanted medical interventions had occurred," Halamka says.

In his CIO role Halamka is responsible for all clinical, financial, educational and research technologies for 3,000 doctors, 12,000 employees and 2 million patients. After the FDA approved the implantable chip, "I felt I was in a unique position to pilot the technology," Halamka says. "That means that when a scanner is passed within 6 inches of my arm, my medical identifier is displayed and can be used by authorized healthcare workers to retrieve information about my identity and medical history via a secure Web site."

Halamka emphasizes his role at present is not that of chip advocate for hospitals but as a real-life test case. Though he says that Alzheimer's patients might benefit from RFID chips one day, as long as it's clear the patients gave informed consent to have a chip implanted.

The chip is expected to last at least 10 years based on pet experience. Halamka says it's safe for MRI scans, and he sees no evidence the chip can be deactivated through magnetic energy. "I have flown to several dozen cities since the implant and have not triggered any airline security systems," he notes. The chip is not a GPS.

The unique ID transmitted by the VeriChip human-implantable chip isn't encrypted, so it could be read by a compatible reader. But unauthorized reading of the chip doesn't disclose any specific health information, he adds, because that's on a closed Web site.

However, Halamka says there are privacy concerns that should be addressed. He points out that an RFID scanner theoretically could record his presence while he was making a purchase, and on a repeat visit it would be possible to identify him and his previous purchases using that information for marketing purposes.

"Spam, generated by the presence of your body, is theoretically possible," he says. He says there's no legislation to preclude RFID scanning of an individual for anonymous tracking, which could be "analogous to the spyware and adware infecting our computers after surfing Internet sites." The potential for hacker abuse shouldn't be underestimated, he adds.

The security issue "must be understood as one of the risks of having an implanted identifier," Halamka says.

Nonetheless, he has listed his identifier as part of his medical record in the Beth Israel Deaconess medical record system, called CareWeb, so that a physician, with his consent, could enter the RFID tag information to retrieve his medical history.

"I have no regrets," Halamka says about the whole implant experience, even though removing the chip would require minor surgery. And he would consider upgrading himself with a new chip, too, should a better one come along.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about HISSecurity SystemsUCLAVIA

Show Comments