Documentaries seem take a long time to go from filming to release. I’ve helped film a couple of them, and I was up in Toronto a year or two ago (can’t remember exactly, it was that long ago) to be filmed assisting with a live implantation and typical door lock project. The trip was only a couple days, but I met some really dynamic guys and got to know a small slice of Toronto pretty well.
The documentary “Tagged“, set to debut in Canada October 23 2009 at 10:30 PM, is a 30 minute wade into issues surrounding RFID, implantation, privacy, and security. The documentary was great fun to be involved with, even if most of what I consider to be my “good stuff” ended up on the cutting room floor. The good stuff that didn’t make it into the film were my takes on the privacy and security issues surrounding implanted EM4102 tags, and how things like extremely limited range weigh on the argument for DIY projects like these in the context of global RFID policy. The way things were cut together really leads an average person to think there is no privacy or security differences between implanted EM4102 tags used in DIY projects which have no personally identifiable data attached to them, and things like US passports and enhanced drivers licenses designed to actually ID people from long distances.
There are a few clarifications I’d like to make regarding the documentary:
We don’t have VeriChips
At no time is there any distinction made between VeriChip and the tag Mark Stepanek (the subject of the documentary) receives. I don’t have a VeriChip implant, I have both a “generic” EM4102 style tag and a Philips HITAG S secure tag. In the documentary, Mark received an EM4102 implant. This is important for a few reasons.
First, the use of EM4102 tags means we are not documented in VeriChip’s database of VeriChip recipients, and no personal identifiable information is related to these tags outside of our own personal DIY projects.
The second reason relates to the anti-migration coating that VeriChip implants have… the EM4102s do not have this coating, which makes it trivial to remove the EM4102 tag. Removing a VeriChip is much more difficult because of this coating. Another reason I feel this is an important distinction has to do with the cancer issue raised in the documentary. Even though Scott Silverman, CEO of VeriChip, says both his company and the FDA have received no cases or complaints of cancerous tissue surrounding the VeriChip implants, I’m still glad I chose to go with an EM4102 that does not have this coating.
Lastly, the location of the implant is typically different. A VeriChip is mandated by the FDA to be implanted in the upper arm, while as a personal DIY project you can put whatever kind of glass tag you want, anywhere you want in your body. I chose to implant mine in my hands primarily because of the range issues, and others around the world have followed suit. So far I’ve not heard of one person having to remove a tag from their hand because of breakage or other complications. To read a VeriChip requires putting a reader up to the arm, while I can have my tag read by placing my hand next to the reader. That is a huge advantage in DIY projects, as stooping down to position your arm up against a hip-high door access reader might be a bit cumbersome. If it were possible to read an implant tag from several feet away, I might have put my tags somewhere else.
Tracking is not possible, only logging
Throughout the film the word “tracking” or “track” was used in conjunction with several technologies. Subsequently, RFID was tossed into the same mix as things like cell phone tracking… and the whole focus on implanted RFID made for a pretty blatant but inaccurate correlation between an implanted RFID tag and the ability to track people around by it. The word “track”, to me, means being able to call up a specific location at any time, with or without the knowledge of the person or object being tracked. On the other hand, the term logging or being able to trace someone is a much more accurate because it has to do with piecing together usage records in a connect-the-dots fashion. Typically, each of those dots would represent a known, consensual use of the tag or item (finger print, phone call, credit card purchase, etc.)
If I want to find a person by cell phone, as long as that cell phone is powered up, I can do that. I can get the location of that phone (and presumably you) from the cell phone carrier at any time, without your consent. Simply put, tracking means I or anyone else with access can make decisions based on your real time location with or without you knowing. The same thing applies to target tracking, missile tracking, eye tracking, etc. The idea is that an immediate aiming adjustment, course correction, or decision can be made based on the target’s current location or position at the moment of inquiry. This simply cannot be done with an implanted RFID tag.
The effective range of an implanted EM4102 is so short that placing the tag in the hand vs the upper arm is a big advantage because it becomes far easier to place the tag up to a reader to get a read. An implanted EM4102 tag simply cannot be read at a distance. In cases where you want to use your implant with a fixed reader like a building access or computer logon application, having an EM4102 in the hand makes that application practical. Using a VeriChip with these kinds of applications would require you to stoop down to get your upper arm right up against the reader.
This range limitation means that pretty much every interaction with the implant is consensual. It also means getting a real time location is impossible. The only data you could possibly extract would be a log of scans at specific readers… assuming all these readers somehow reported back to the same central database. With that in mind, using your credit card or debit card to purchase things (RFID enabled or not) gives a much more accurate log of where you’ve been and what you were doing simply because card usage is reported back to a central database as soon as you use it. Furthermore, that data is easily accessible to credit card companies, credit card and bank business affiliates, government, and law enforcement at any time.
Facial recognition works today, not 15 years from now
Surprisingly, Bruce Schneier of Wired Magazine said “facial recognition isn’t there yet, maybe in another 10-15 years”, which is obviously wrong. Perhaps his segments were filmed a couple years ago when face rec wasn’t up to par… but only a couple short years later, it’s already been deployed at airports and subway stations around the world to keep track of people and crowds. Back in the 2002 era, there were tons of articles about how face recognition wasn’t cutting the mustard, but things have changed today.
Not everyone will have an implant
Professor Kevin Haggerty, surveillance specialist, thinks we’ll all have implant chips in the near future. Of course, the documentary is about RFID implants, so that’s the quote that was used… but I still feel biometric systems are much more likely to rise through the rubble of the RFID debate to be the premiere technology used to keep tabs on the public. The main reason for this is that implant RFID tags very low range compared to other, external technologies. The other obvious reason is that, no matter how “quick and easy” the procedure is, getting an implant is a hassle compared to just using a biometric trait you already have to ID yourself (or others can use to ID you). Also, the fact that RFID is so easy to subvert makes implanted tags a poor choice for use in a large scale public identification technology. Lastly, the use of RFID to ID a person without their knowledge is both easy to block and easy to block without becoming a social outcast. When out in public, constantly covering your face to avoid the face rec systems and walking funny to throw off gait analysis systems might be a bit rough for the average person. Forget avoiding space satellites that can identify you by your shadow (2).
Ubiquitous RFID = The easy life for hackers?
However, external RFID systems like RFID enhanced drivers licenses exist today because its currently cheaper and more reliable than biometrics for small scale use. As things like RFID readers at clubs to validate enhanced drivers licenses become commonplace, bouncers will begin to lean more on the reader’s output than their own eyes when verifying age. A simple chip hack will become standard for fake IDs, while door checkers become less necessary and automated admittance systems take over the task of sorting under-age from of-age patrons. Life is bound to become a lot easier for RFID hackers if RFID does end up taking hold as the dominant personal ID technology of the next century. So, if RFID scares the crap out of you, try befriending an RFIDer instead of calling them satan’s mouthpiece.
Tags: biometrics, culture, implant, privacy, rfid
[…] documentary I’m in is airing tonight in Canada on TVO. Be sure to read my break-down after you see it! Share this on del.icio.usDigg this!Tweet This!Share this on FacebookShare this on […]
Some interesting and also scary stuff – I actually got a chance to check out a bit of it when it aired on TVO, is there anywhere else to see the full doc?
I have a DVD copy of it, but as of yet there is nowhere else you can see the whole thing. I’ll chat with the filmmakers and see if there are any plans to release it via any other sort of media.