Dangerous Things
Custom gadgetry for the discerning hacker

The Store is now open! Check out the gadgetry »
Like what you're reading?
Share It.

Interviews — They keep on comin

June 2005

– When did you first become aware of RFID-implant technology?

Some time ago…I’d say it’s been a four or five years now. The first time I heard about it, it was the chips dogs and cats get to ID them later. I started thinking at that time about how I might use that technology personally.

– What were your initial reactions to it?

I thought it was pretty amazing, since there was no battery required for power… the chip could remain functional indefinitely. At first I did have some concerns over the possibility that humans might be tagged in this fashion and the corresponding privacy implications.

– Has your position changed since then? How?

I soon realized a few key things that replaced my fear with excitement: First, RFID technology implanted in humans is a far more optional technology than biometric fingerprinting or other biometric identification systems… you can remove an implant, but you can’t remove your DNA, iris, or fingerprints. Second, I felt that if I could command the technology instead of wait around for it to command me, then I would have no reason to fear it.

– What do you see as the biggest potential benefits of RFID-implant technologies?

The biggest potential benefit of passive RFID technology like what I’ve implanted comes from the wireless transporation of power and data without an internal power source. This opens the door up for a multitude of implantable devices that do not require a breech of the skin to function. Imagine an implant for the hearing or seeing impared that does not require wires to come through the skin. How about a blood testing device for diabetics that rests comfortably under the skin that can output a real-time data stream to an external device, which can then alert you to dropping blood sugar levels instantly… all without wires poking through the skin.

– What do you see as the biggest problems/worries with the RFID-implant technologies?

As RFID technology forges ahead, I don’t see any major issues with RFID itself… the issues surrounding technology are always social and political. If the government mandates that everyone is tagged or they are deported, then that doesn’t really have anything to do with RFID… they could just as easily require the same of fingerprints or DNA samples.

– Why do you feel that some individuals, like yourself, have been so keen to embrace the technology while others are so resistant to it?

People resist what they fear. Usually that fear comes both from not knowing about the subject (fear of the unknown) as well as a feeling of helplessness. People who are in both situations… i.e. they don’t know about RFID and they also feel a lack of control when it comes to dealing with it (fears of mandated implants, unable to grasp the technology and hence have no ability to take control of it, etc.), those people are going to have the largest fear reaction… a reaction that is normal and built in to our survival instincts.

Others who understand the technology and have the ability to take control of it, such as myself, have no fear because they not only understand it but can control it themselves… hence there is no reason to fear it. What I do fear is people’s irrational reactions to RFID that could make them dangerous to me and my family, as well as authority’s possible abuses of it.

– What sort of regulations should be created around the use of RFID-implant technologies?

None. FCC regulations are already in place which regulate the radio energy and frequency aspect of the technology, but as far as regulating the technology itself… there should be no additional regulations. However, there should be privacy regulations mandating things like: stores which tag items with identifying RFID tags must deactivate or remove tags at the time of purchase, and at any time a tag is not deactivated or removed that store is open to lawsuit from the customer.

But, I digress… this is outside the implant scope of your question, so again, I must say that there is no requirement for regulation I can see surrounding RFID implants. At this time, implantation is a personal choice and the FCC has already secured its regulatory concerns… other than that, I don’t see a point or purpose for additional regulations aside from easing the unfounded and reactionary fears of the ignorant. If, however, you’re talking about regulating authority’s use of RFID implant technology, by all means, regulate the government, not the people and definitely not the technology.

January, 2006

– Welcome Amal, it is a pleasure to have you here in Pikiki, I am sure that you had a lot of media interview request, serious or sensationalist. Did you feel sometimes threat like a “freak guy” by them. Have you had some problem in this way?

I really haven’t had any negative media coverage. Some present a neutral, or perhaps cautious perspective regarding the implant procedure, but as far as I know, none of the media coverage has been acutely negative.

However, the media coverage I’ve received has generated a very negative response from certain members of the public, particularly highly religious Christian people. They are very excitable, with many fears and very unwilling to enter a civilized discussion about implant technology. Instead of learning more about the subject, they send me hate-mail and say very evil things about me without actually knowing what it is they are talking about. If someone learns about something before they decide to comment on it, then I respect that person no matter what their comments are. However, if they form opinions and ridicule someone while at the same time refusing to actually learn anything about what it is they are afraid of, I have no respect for those people, or what they are trying to say.

– To carry a chip inside and open locks with your hand, it is very unusual thing nowadays. What is the first impression or feeling of the people when they know you have implanted chips in your hand? What did your family and friends think about when they found out about your plans?

When people first hear that I have a chip, their reaction has more to do with their age than anything else. Young people think it’s interesting and want to touch the chip and hear all about it. Older people first have a lot of fear that comes up, and question my reasons for doing it. Ultimately though, most of the time a simple 5 minute discussion with them, where I answer their questions and clear up some of the misconceptions about the technology, and the older people start to become curious rather than fearful. While they still might think what I’ve done is “crazy”, they aren’t so fearful or judgmental of me after they learn more about it. One of the biggest misconceptions about the technology held by older people is the functional range of the implant chip. They are usually concerned that I can be tracked somehow. They are also concerned about the chip revealing my personal information somehow, which is just not possible.

My family and friends pretty much followed the same path that everyone else did. My mother, an older person, was at first a little upset about it. But over time she came to understand why I did it, and what the technology is capable of and what it isn’t capable of. My younger friends seem more disturbed by the physical aspect of having an implant, but aren’t so concerned about the technology’s capabilities. We usually discuss the differences between what I’ve had implanted and what people have implanted all the time, such as breast implants, cosmetic surgery, hip replacements, dental implants, etc. and they usually come to realize that the physical aspect of having an implant like mine is not unusual, it’s the social impact of having a functional RFID chip for an implant that really strikes up interesting conversations.

– One not very original question: Why did you do? What it was your idea or motivation? What they were your precedents or influences?

My only motivation from the very beginning was so I could have fun with the technology, and my ultimate goal at the time was to replace carrying my keys around. I looked at biometrics, but it was 1) too expensive. 2) too cumbersome to install and operate. 3) not reliable enough. With RFID, it’s 1) very cheap. 2) much easier to build projects that incorporate RFID technology and install them. 3) very reliable. Even though most people use RFID technology with access cards and things like that, my main goal was to make it so I didn’t have to carry keys around… the concept of a key became very important to me. If I replaced my keys with an access card, the concept remains the same… I have to carry an access card (key) around with me. So, I looked at the implants cats and dogs were getting to ID them to vets when they are lost and I figured this technology could be used instead of an access card.

As far as actually getting the implant procedure done, I took almost no time to consider the issue. I knew that these things have been used in cats and dogs for years, and that the danger to my health was very minimal. Once the chip I ordered had arrived, I took almost no time to approach a cosmetic surgeon and get it implanted. I didn’t really bother to tell anyone about it either… my main focus was just to get to work on the electronics projects that I could use my new implant with.

It was only afterward I told a friend about it and he asked for pictures. I put them up on Flickr for him to see and people started going nuts over it. I’d say right now, I’m in the last few minutes of my “15 minutes of fame”. People all over are getting implants now. I get emails from people all over the world, hearing about their implants and how they got them done and what chips they are using. It’s really amazing how quickly it’s being picked up by people everywhere, all over the world.

– It seems Verichip is looking like they want to “chip” all the humankind to replace the credit cards and identification cards in the near future. What is your opinion about the Verichips business model and about his proprietary system? Would you recommend the use of their services and implants?

I think the idea to link cash, bank accounts, credit cards, and things like that to RFID technology is pre-mature. The security of these systems is a huge issue, and once you make the possible gain worth taking the time and effort to crack the system’s security measures (by linking cash and payment to RFID), then people will crack it. I don’t like the proprietary approach either. Security through obscurity is not security at all… and by keeping the systems closed, security problems are always more difficult to detect before it has been mass marketed and deployed everywhere. Plus, if someone is going to go through getting an implant, I think it would be in their best interest to know they can use their implant the way they want to use it, and build their own projects and solutions if they want to. It’s not like getting an RFID card that goes in your wallet. To implant something in a customer’s body and then tell these customers that they can’t use that implant the way they want to, that it must be used in the way the company deems it should be used… that’s just kinda nuts I think.

But, to their credit, it’s not that VeriChip is really that bad… it’s just their technology is very expensive, and basically it’s overkill for most of the applications hobbyists and people like myself want to build. I’d rather pay $30 for a reader that can read my EM4102 tag and build an RFID project for under $100 that does exactly what I want, and how I want… than pay over $600 for a VeriChip reader just to take it apart and hack it up and try to link it to some kind of processing system (PC, microprocessor, etc) to make it do what I want. It’s just not practical for my purposes.

The fact that you also have to be registered with them to get chipped. As far as I know, here in the US the doctor doing the implant procedure must register your chip ID and your information with VeriChip when they do an implant. That bothers me quite a lot.

– Here in Spain the only experiences we have at the present, are the Verichip implants some clubs in Barcelona are doing for their Vips members to pay their drinks. What do you think about, do you think it is a responsible use of rfid technology? Just to have implants to pay cocktails in a pub?

I think that adults can make whatever decisions they want to make, and if they see getting an implant chip just to enter the VIP room of some club is worth it, then I see nothing wrong with their choice to “get chipped”. I for one would not choose to get chipped in that way. I would insist on them using a reader/access system with more options than VeriChip. Implementing an access system that can read my tag would cost next to nothing compared to what they would have paid for the VeriChip system… but something tells me that VeriChip provided all the tags and equipment for free, just for publicity and exposure.

– The security of the most implantable rfid chips is very low for security solutions, and the safe systems with encryption options are still a little expensive for home projects. The code clonning is a fact and commercial systems as SpeedPAss from ExxonMobil have been hacked. What do you think about these drawbacks for home applications, is it a reasonable fear or is it just a looking-for-total-security neurosis?

I think security is always an illusion. Total security is impossible, and it always comes down to the ratio between three things. Human beings always make decisions based on the ratio between effort/cost, potential gain, and potential consequences. For example, let’s look at breaking into my house to steal my computer and TV. The potential gain is my computer and TV. The potential consequences are fines and jail time and a criminal record. The effort required involves getting close enough to me to get my tag id and then putting together the software and hardware to emulate my tag. The effort required to emulate my tag, compared to the effort required to break my window or pick my door lock is quite high. I’d be more worried about a thug picking my lock or breaking my window than a person emulating my tag.

The reason why some random person stealing my tag ID and using it against me doesn’t bother be is that the tag I’m using works with my home only, and my car only. SpeedPass is different because any random attacker can sniff speedpass tags all day long, from random strangers, then go and use those tags at any gas station that supports speedpass. Stealing my tag ID does not mean the attacker can break into any house, the attack must be directed and personal. The attacker must be going after me specifically… and even still, in that case they would probably much rather pick my door lock or break my window than attempt to get close enough to me to scan my hand.

However, when systems are deployed in such a way that my tag ID could be used by random people to access, say, my bank account or some service or make payments, then the security issues that exist become much more important.

There are ways to minimize the security issues however. My right hand has a Philips HiTag 2048 S chip. The chip does support crypto-security features. Not strong ones, but they are there. Combine those features with the 255 bytes of data storage the tag supports and you could easily implement a rotating key system, where keys have a one-time use and are updated every time you use the tag to enter your home. An attacker that could break the crypto-security features of the tag, then read the one-time key would have a very small window of opportunity in which to use that key, and eventually the attack will be detected. If the attacker is too late and I get home and use the key, when the attacker tries to use the key they stole, the system will alert me of the attempt. Or, if they succeed and use the key without my knowledge, I will find out about it when I try to gain entry with my tag.

There are also other ways to minimize security issues, such as requiring a PIN number to be entered when the tag is read. By combining a simple 4 digit PIN code, the system now includes something very hard to steal.. something the user knows.

– You are a well known person in the community. Have you thought about the real possibility of some activist against the use of rfid implants would try to clone your codes, and access to your property or systems just to try to show something?

I’ve thought about it… but the systems I’ve built, particularly at my home, involve some additional security measures which I never disclose to anyone. That’s also one other way to increase security. Because everyone is building their own systems, there is no standard mass market system for an attacker to study. Each system is custom built and different… which means an attacker would have to target a specific person (like me) and spend the time and energy required to find all the security weaknesses in my particular system before they could launch a successful attack. Again, my point is, if the goal of someone is to actually steal something or break in, there are much easier ways. If their goal is just to show up the security issues involved with my RFID implant, then they will succeed for sure… but for all their hard work, they will have proven nothing that isn’t already known… they will have just wasted a lot of their valuable time for very little gain.

– How it happens that you wanted to get your second chip in your right hand? Didn’t have you enough with the first one? Would you get more?

I wanted to get my right hand chipped with an implant that had more capabilities. Particularly I liked the crypto-security features of the Philips HITAG, and the data storage capabilities. With those features, much more elaborate and secure systems can be built. The only reason I would upgrade again would be for better crypto-security features, more data storage capacity, or more features such as temperature reporting. Some passive RFID implants are in the works that can report back current body temp, which I think is really cool. There are also others working on blood testing features for diabetics and such.

– In few weeks your book, rfidtoys, will be available. From where did you get the idea to write a book about rfid hobbits projects? Which part of the book would you like to highlight? Whats is your favourite part?

Well, actually during the first media storm surrounding my implants, I got a call from a person who wanted to interview me. We talked for a bit, and then half-way through the interview he stopped and said “I’m not really interviewing you.” When I asked what he was really doing, he told me he worked for Wiley publishing and they wanted me to write a book about how to build the projects I’d been implementing in my daily life. I agreed and the book was in the works.

My favorite part of the book actually is the hardware appendix. It shows what hardware is used in the book, where I got it, how much it costs, and some of the features (pros/cons) of the hardware being used. I tried to write the book so it covered the concepts involved with RFID, while at the same time give step-by-step instructions. I hope that people who already have some electronics experience will be able to pick up this book and learn enough of the concepts and figure out where to get hardware from that they can think up and build their own projects and solutions, not just copy what was in the book.

– Many people have seen your implanting process pictures from the Wikipedia. But does it hurt? I mean, is it a complicate process which you need cold blood and a specialist to perform it? Where did you found a doctor to accomplish the implant?

The process is amazingly simple. My left hand was done with a scalpel and was over in a few minutes. Simply cleaning the chip and the implant site was the only preparation needed. A small cut was made and the 3mm by 13mm implant was pushed under my skin. A whole lot of bandaging (way too much I think) was applied and the next day I was using my hand. It never hurt, and after the small amount of swelling went down, I couldn’t feel it in my hand at all.

The cosmetic surgeon doing the procedure was one of my clients at the time. I still run Morpheus Inc., which provides managed computing services to the medical industry (www.morpheusinc.com), but my main focus is now txtGroups (www.txtgroups.com). At the time of my implant though, I had many doctors as clients and several were willing to assist me in the procedure.

My right hand was done by my family doctor using an implant SUD (single use disposable) needle kit from Avid. I threw the Avid RFID chip away and replaced it with a 2mm by 12mm Philips HITAG 2048 S chip. The chip was cleaned and then placed in the sterile needle tip. The implant process took only a few seconds. I left the office with very minimal swelling and a bandaid to cover the implant site. I was using my hand the next day without any swelling or pain at all.

I would like to say something about the risks involved whenever a person has a surgical procedure done. There are minimal risks involved, but there are risks. As with any wound, there is a chance of infection. Until the wound heals, germs will get into your body. A person with a weak immune system or who is already sick (cold, flu, etc.) has an elevated risk of infection. Because an object is being inserted into the body, there is a risk of nerve damage. Any time a cut is made in the body or flesh must be separated to make way for any object (ear rings included), there is a chance nerves could be severed. The effects of this nerve damage might not even be noticed, but it more widespread effects could be felt if a larger nerve were to sustain damage. Another possible risk involves the glass tag itself. It will always be possible during daily life for a tag to be damaged, crushed, or otherwise broken, increasing the risk of infection or nerve damage until the glass and metal pieces can be removed. The chances of a tag breaking depend on where its implanted and what kinds of activities that area of the body are engaged in on a daily basis.

– What are your short-term plans? Are you going to attend some events to speak about your rfid implants? What it is your next project? What would you like to achieve?

My short term plans revolve around the release of my book and my mobile messaging company txtGroups. The txtGroups service is about to launch in Canada in the next 30 days and across the US within the next few months.

As far as my RFID plans go, I’ve been contacted by professors and a few different organizations who want me to speak to their classes or their people about the process and my experience. I enjoy talking with people about my experience and answer their questions. It’s a lot of fun, but also I think my experience with RFID has brought me into direct contact with important issues such as security and privacy, and has shown me some of the social aspects of the technology, expanding my understanding past the simple technical aspects.

– Image yourself that some guy after reading this interview thoughts: “hey it looks cool! I want to get also some implants to open my home door!”. What would you say/recommend him? It is a thing you should meditate with some time before do it? In which place should he start looking for?

I would say that anyone wanting to get an implant for any reason should always research as much as they can, consider the risks involved, the security issues involved, and if you decide to get an implant, accept full responsibility for your decisions. Talk with others who have gotten an implant, and talk with people who work with RFID technology. The type of RFID chip you get implanted will govern the cost and types of projects you can build yourself. RFID is a broad range of technologies, with little or no standards yet, so think carefully and choose your implants with care.

I would suggest building some projects first, and use an RFID card or keytag before getting an implant.

February 2006

1) How did you get involved with RFID technology? Did you use to work with it?

I’ve been interested in RFID ever since I saw it being used in stores to protect merchandise and being used in pets to identify them to vets. I then came across an article showing some people using a Phidgets RFID reader in some basic RFID projects and I went looking around to buy a Phidgets RFID reader online. That’s when I came across the EM4102 glass tag and the thought of implantation, which I had been thinking about since seeing pets getting “chipped”, became a major focus of my interest in RFID.

2) What are the main advantages offered by this kind of chip? What do they allow us to do?

RFID is a broad range of technologies across several frequency spectrums. Their technical capabilities range all over the map, but one thing is common with all RFID technologies… identification. RFID stands for Radio Frequency Identification, and the purpose of this technology is to identify objects using radio transmissions. Most of the time, RFID is used in access control situations, like the access key cards you see for buildings and doorways. But it can also be used for other types of applications like pet identification, where lost pets are scanned at the animal shelter or veterinary office and the pet’s unique ID (stored on the chip) is checked against a database of pets to find the owner.

3) Why did you decide to implant one? Did you do it by some sort of necessity or mainly for the experience?

At first, my only interest in RFID was for access control. I wanted to get into my car, my house, and log into my computer using RFID. I just didn’t like the fact I had to remember to grab my keys when I went out for a walk… I wanted my house to know it was me at the door and let me in. RFID is a simple, cheap, and effective way to do that, but if I were to use an RFID access card, I would still be stuck in the same situation… I would need to remember to bring my access card.

I considered using biometrics, but there are major problems with biometric systems. First of all, they are not as reliable as RFID. Also, they are very expensive to implement when compared to RFID. I had been trying to find a cheap and easy biometric solution for several years, so when I came across an implantable glass RFID tag, I knew I had found the answer.

4) Who did the implant? What did she/he said about it? Did you find any resistence?

My left hand has a 3mm by 13mm EM4102 tag. It is too large to use a standard injection needle kit, so a client of mine, a cosmetic surgeon, did the procedure using a scalpel. A small cut was made and the implant was placed under my skin by pressing it through the incision. It took 5 minutes to complete. Some skin glue and a bandage was used to keep the implant site clean until it was healed.

My right hand has a 2mm by 12mm Philips HITAG 2048 S chip, which was implanted by my family doctor. He used an Avid SUD (single use disposable) injector kit to implant the tag. These kits are the same ones used on pets here in the US. The procedure took about 30 seconds to complete, and a simple bandage was used to keep the site clean until it could heal.

5) How did you feel after the surgery? Did you have colateral effects?

In both cases, I was using my hand the same day. I had no ill effect from the procedure, and I do not even notice I have chips in my hands until I go to use them. I cannot feel them at all… even when I type or ride my motorcycle or do any kind of daily activity.

6) How did you convince your girlfriend to impant one RFID chip?

She was hesitant at first, but after watching me use my implants and seeing there was no pain or ill effects, she gradually came to want one so she could access her front door in the same way I could get into my house. Both our front doors are programmed to let each other in now, so we both have the keys to each other’s homes.

7) Besides her, do you know anyone who did this implant?

There is a growing global community of people following in my footsteps. They can all be found here: http://tagged.kaos.gen.nz/

8) Do you think there is a tendency for the human kind to merge with machines?

I think there is a constant need for human beings to expand their capabilities. People always want to do more. Until the airplane was invented, people dreamed of flying. Until the space program, people dreamed of walking on the moon. I think it’s natural for people to want to do the things they can’t currently do, and experience the things they can’t currently experience. Until recently, machines were used externally to expand human capability and human experience… but now technology is at a point where human merger with machines is the next natural step. Kevin Warwick is one of the pioneers in this field, and has already done amazing things: http://www.kevinwarwick.com/Cyborg2.htm

As long as people want to do the impossible, you will always find people who are trying.

9) Which other applications should we expect to see in the future?

If I look a few years into the future, I see the possibility of RFID implants being used by a small percentage of people on the planet. However, when I look many years in the future, I doubt implantable RFID will have a place in society. I believe other technologies like biometrics will take it’s place, and require no implants at all. I believe DNA analysis, iris scanning, fingerprint scanning, and chemical analysis (smelling a person) will be all the rage within 10 years.

The only problem I see with that is, there is no option to leave a system based on your biological identity. With RFID implants, you can take them out if you don’t want to participate anymore… but with biometrics, there is no way to opt-out. Babies that are born today in the US are fingerprinted and blood is drawn for testing. Parents think it’s cute to have their baby’s fingerprints, but it’s also disturbing to think babies could be biometrically profiled before they even make it out of the hospital. Iris scans, DNA sequences, and fingerprints could all be taken down and recorded even before the mother has a chance to hold her new baby… and once that data is taken, there is no way for the adult that child will become to get their data removed from whatever systems might have copies of it. That is a frightening thought indeed.

10) Have you heard of a book called “Spychips: How Major Corporations and Government Plan to Track Your Every Move with RFID”?
Did you read it? What´s your opinion about it?

I’ve not read it, but I’ve heard of it and read the synopsis.

I think the book is probably 50% hype and paranoia, and the other 50% is legitimate concern. The title says it all… “corporations and government”.. the truth is, the government can easily track you based on credit/debit card purchases and mobile phone triangulation. Governments don’t need RFID to know where you are.

Corporations on the other hand, could benefit from RFID-based tracking because these are systems that could be setup by the companies themselves, rather than needing to subpoena (or in this day and age, just plunder under the patriot act) the relevant data from various service providers like mobile phone carriers and credit card processors.

Ultimately though, I think their book is good because it keeps people aware of the issues… which is probably why RFID tags found in clothes today are designed to be removed before the person wears the clothing. It even says right on it, remove before wearing or washing. But that’s the other thing… for a clothing manufacturer to create an RFID tag durable enough to stand up to a washing, it would cost more to produce the tag than it would benefit them by enabling easy inventory tracking. I just don’t think people tracking based on RFID tags in clothes will become a reality. Biometric tracking is a much greater threat to personal privacy than RFID could ever hope to be. You can loan your RFID tagged sweater to someone else, but you can’t change your DNA, fingerprints, or chemical scent. You can undergo some painful surgery to alter your facial structure, which is what many biometric systems use today to track and ID individuals, but that’s not realistically an option… meaning biometric tracking is a much more frightening reality… and it’s hear today… as we speak.

Leave a Reply

Get Adobe Flash player