Chips implanted under people's skin raise privacy issues

2,000 people use devices laden with information

December 25, 2004|By Vincent J. Schodolski | Vincent J. Schodolski,CHICAGO TRIBUNE

LOS ANGELES - As many as 2,000 people worldwide are walking around with rice-sized chips under their skin that can allow others to find out a great deal of information about them.

Among the things that can be learned are whether the person has had his gall bladder removed or has a pacemaker, or whether the person using a credit card is who he says he is.

The person's employer could find out where she is during the workday?

That might sound like 1984 and raise alarms about privacy, but some experts are confident that there are ways to prevent unwanted snooping in chip users' personal affairs. And they contend that existing laws are sufficient to catch and punish anybody who tries.

In October, the Food and Drug Administration approved the chip for medical use, which is why many of those with such chips say they want them.

One intended use is to allow emergency room doctors access to the medical records of someone unable to communicate.

"Say you live in L.A. but get hit by a car in New York," said Scott Silverman, chairman and chief executive officer of Applied Digital, the Delray Beach, Fla., manufacturer of VeriChip, an embedded device.

VeriChip is one of several devices that use radio frequency identification, or RFID, technology to accomplish rapid and remote transmission of information.

Each VeriChip, the only RFID device being implanted in users' bodies, contains a 16-digit identification number than can be read by a person using a scanner that activates the chip and tells it to transmit the number.

In a phone interview, Silverman said each person with a VeriChip implant has designated people, typically family members, who are permitted access to information from the chip.

User IDs needed

Each VeriChip user carries a card explaining how to use the technology, Silverman said. And those designated for access must submit their ID numbers to Applied Digital before they can obtain the user data from a company database.

Silverman said he is confident that the system is secure. He said that even if someone stole one of the scanners, the thief would need a user ID to access the data.

In other uses, such as validating the identity of a credit card user, the VeriChip technology makes identity theft more difficult, Silverman said.

"We think VeriChip can be used to enhance your privacy," he said.

Experts say the same chip that can identify people also can be activated by scanners to allow authorized people to open doors by approaching them. It is the equivalent of swiping an ID card across a reader next to the door.

Similarly, scanners can be positioned throughout a building to track people as they move about.

Some are skeptical of the technology used by Applied Digital.

"The VeriChip is neither as good as its marketing nor as bad as its critics suggest," said Jean Camp, an associate professor of informatics - the study of data processing and transmission - at Indiana University in Bloomington.

"The VeriChip gives each implanted individual a number that, in turn, links to a database of information," Camp, who studies privacy issues, said in an e-mail exchange.

"Like a biometric [a physical identifier, such as a fingerprint or iris pattern) it is a data element that cannot be changed and that you cannot forget. Like a biometric, you go around sharing that data just by existing.

`Security problems'

"The privacy problems in this system are the security problems. The security problem is that you have one number, that number provides access to all your personal information and you walk around broadcasting that number."

She disagreed with Silverman, saying it would be easy to gain access to the chip ID number.

"If I wanted to steal your identity under this model it appears all I would have to do is get an RFID reader for a few hundred dollars. I could then read your VeriChip ID as you walk past.

Identity theft

"Then I would write an RFID with the same number, and implant it in my own arm. Voila, identity theft made wireless."

Some think any new technology can be hacked or protected by newer technology.

"At this stage it does not seem to be much of a problem," said David MacDonald, an attorney who practices privacy law.

MacDonald suggested in a phone interview that in the case of any RFID device, a person could vanish by wearing a transmitter with a stronger signal than the device in question.

He said potential uses of RFID devices could cause privacy concerns.

Kidnapping deterrent

He suggested a politician might be able to make a case for embedding all children with chips to deter kidnapping. "It might even be a good idea," he said.

The Orwellian aspects of that are plain. Once scanners are widely used to track children, the government would obtain mountains of private information.

MacDonald suggested that the use of a VeriChip to back up confirmation of a credit card's valid use is a good idea.

"Two factors are always more secure than one," he said. "The chip would be hard to replicate. You might not notice that someone took your credit card, but you would notice if someone took a chip embedded in your arm."

MacDonald said existing laws could protect users of RFID technology against fraud. If anyone got access to data - just as when a credit card is stolen - the unauthorized use of that information would be a crime.

"Generally, existing laws will protect because of the consent issue," he said.

The Chicago Tribune is a Tribune Publishing newspaper.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.