Biochips Are Here to Stay, but Caveat Emptor – Know the Security Risks and Rewards
If you own a dog or cat and love them like family, odds are your vet may have already recommended injecting a biochip transponder into Fido or Fluffy. The device basically serves as an RFID tag so if your pet runs away, you can track their whereabouts and hopefully recover your dog or cat.
Now the ante is being raised as microchip implants are starting to be used in humans more frequently not only as a health tool, but in the business environment as well.
The NYU Tandon School of Engineering, which hosted the nation’s first ever conference on biochip security in September 2018, says that biochips — devices combining biochemistry and electrical/computer processing to run chemical reactions — could revolutionize remote sensors, environmental sampling procedures and medical tests. But these devices may be vulnerable and rife with opportunities to “fake results, or hack, steal corrupt and counterfeit components, more so because many of these systems are connected to other devices via the web.”
“Attackers can come from anywhere,” notes Ramesh Karri, professor of electrical/computer engineering at NYU and one of the conference’s organizers. “The chemistry, the sample, the biology, the protocol, the surface, the network hardware and software. And if the chip is implanted in a patient or part of a wearable system, the stakes are life and death.”
The market potential, nonetheless, is enormous. In November 2017, a report by India-based MarketsandMarkets Research estimates that by next year, the global biochip market will reach almost $18 billion.
A Gothenburg, Sweden company, Biohax, has already chipped more than 4,000 people in Sweden and throughout Europe. According to the company’s founder, Jowan Osterlund, applications range from making purchases to opening locks to passing through security barriers – anything already being done with chips on plastic cards.
“Tech will move into the body – I’m sure of that,” says Osterlund.
In fact, Fortune reports that Sweden’s national rail network is now biochip-capable; if you have a Biohax chip implanted, for instance, you just hold out our hand and the conductor swipes it (the ticket’s embedded on the biochip). Fortune says that most of the gyms run by Nordic Wellness in Sweden are also biochip-capable – gym members and staffers open secure turnstiles and lockers with their hands and can see their exercise profiles on monitors.
And as reported in The Atlantic, there are now chips capable of tracking a wearer’s live vital signs; coming soon – people will be able to store their medical information on encrypted RFID chips and expect to see GPS-enabled chips that families can use to track relatives suffering from dementia.
“There’s an interest but also a controversy with actual GPS tracking,” notes Luis Martinez, a preventative-medicine specialist in San Juan, Puerto Rico. “A lot of parents will feel safe if they can track real-time where their children are. But other populations are being looked at for different reasons: law enforcement, or you could use a GPS chip to identify registered sex offenders. I think it’ll be a case-by-case basis where different countries or different societies will decide.”
Dr. Stephen Bryen, a technologist policy expert and strategist who founded the Defense Technology Security Administration and served as Deputy Undersecretary of Defense for Trade Security Policy, wrote in his Bryen’s Blog that as biochips evolve, they’ll probably have additional sensors integrated into them and more data that may include medical information, digital photos or other biometrics.
“This makes them even more privacy invasive and jacks up the risk commensurately,” says Bryen.
And he cautions that stealing an implanted chip may also be possible.
“Consider the theft of kidneys and other body parts,” he notes. “The fact that there have been convictions says it’s a real problem. Compared to organ theft, the theft of an implanted RFID is rapid and easy.”
Despite the digital convenience, acceptance of biochips is still a long way off. Five states – California, Missouri, North Dakota, Oklahoma and Wisconsin have passed laws prohibiting mandatory implantation of biochips. Richard Oglesby, president of AZ Payments Group, a Mesa, AZ consulting firm, adds that “implanting chips is invasive, unnecessary, and not particularly useful. There are wearable solutions that can accomplish the same things.”
So, will biochips herald the end of our personal privacy?
Haley Weiss, writing in The Atlantic, offered this caveat:
“Sooner or later the laws will change, and the frightening will become familiar…implantable RFID will bring us the next iteration of the yin-and-yang symptoms of technology we’ve seen time and time again. We will likely be healthier, safer, more informed, and more connected, and we will continue to disagree over whether it matters if our privacy and autonomy were the corresponding costs.”
Comments