Implanted Microchips: a Bridge too far

September 27, 2017

Blog

David Pollington, Technical Director, GSMA

Among the more striking items in technology news last month was the announcement by Three Square Market, a company in Wisconsin that is preparing to install RFID microchips into its employees. The firm expects to place devices about the size of a grain of rice into over 50 employees. These can then be used to access buildings, rooms, and computers, as well as to pay for items in company facilities.

As you might expect, concerns have been raised over privacy and if the whereabouts of an employee could be tracked remotely, or whether information on their activities could be stolen.  The CEO, Todd Westby, insists that this is impossible, stating: “This device is only readable if you’re within six inches of a proximity reader, the chances of the chip being hacked is nil to none.”

However, these assurances over security are overconfident. Hacking RFID devices is much easier than is often thought possible. While the move to higher-frequency RFID devices over the last three years has improved their security potential, the risks have not been eliminated. Successful identity theft from RFID chips is still possible by using covert readers, which can then be used to clone devices or steal identities.

There is also an unavoidable ethical element to consider here. Concerns over the social and psychological significance of allowing an employer literally to enter one’s body cannot easily be dismissed as Luddite.  As discussions continue in the tech world and beyond about the ‘always on’ work culture of modern society, might body modifications of this kind not prove a bridge too far?

The prospect of leaving the office, but taking a crucial part of it home with you in your own body, may remind some of the unnerving line from the Eagles’ song Hotel California, which warned that “you can check out any time you like, but you can never leave.” The bearer may find, still more if such devices can be tracked or compromised, that they are unable to truly escape their professional environment – even while on holiday.

These concerns can be addressed while retaining the benefits of the technology.  By relying on a device everyone already has with them anyway: their mobile phone. New mobile technologies offer a convenient and secure way for a person to authenticate themselves without the need for additional physical implants. For example, Mobile Connect can be set up to authenticate an individual in a number of ways: from behavioural information such as location and usage history, to the use of simple PINs, and, crucially, biometric information. If the RFID chip’s strongest claim is that it cannot be lost, we can be assured that we are also unlikely to lose our fingertips or retinas.

In addition, with the consensus that biometric solutions will be ubiquitous in the years to come, the huge amount of investment going into them now will strengthen both their affordability and effectiveness. We should not forget that biometrics were designed in response to concerns over the adequacy of chips to adequately verify identity.

Finally, and perhaps most simply, there is the bottom line. When asked about the cost of such implants, Mr Westby considered them highly economical at $300 per piece. For companies seeking to minimise the costs of their security arrangements, this may not seem a modest sum. However, by using the phone employees already have, the cost base is much lower.

Maintenance costs are minimised too: where there is an issue to be resolved in mobile technology, a simple update will typically suffice. For chips implanted into the body, a physical recall process will need to be undertaken, to the greater cost and inconvenience of all concerned.  In any case, as with any technology, the degree of standardisation dictates much of the practicability – and thereby cost-effectiveness – of the solution in question.

There is simply no universally-agreed chipset to make such solutions workable on a mass scale. With the privacy concerns of human microchips along with the ease of access of mobile, there is no question: use mobile networks to put services securely in people’s hands, just not literally.

Back

Presentations from M360 Series – Russia & CIS The 2018 GSMA Mobile 360 Series – Russia & CIS was a regionally-focused event drawing on global case studies for senior-level leaders from government & regulatory bodi...

Read more | See all Identity Resources

Presentations: Delivering Commercial Success Through Identity Services The GSMA Identity recently partnered with Turkcell to co-host an event in Istanbul which explored Turkey’s journey towards becoming the first Mobile Connect commercially su...

Read more | See all Identity Resources

Mobile Connect Workshop Presentations at MWCA Identity Seminar The seminar Mobile Connect Seminar: Reducing Fraud through Secure Authentication and ID Verification Services, brought together h wider mobile ecosystem aiming to prevent fraud b...

Read more | See all Identity Resources

Mobile Connect Workshop Presentation at Mobile 360 Digital Societies i The Mobile Connect workshop: Delivering commercial success through identity services attendees had the opportunity to learn the value and commercial scalability of mobile-based ...

Read more | See all Identity Resources

Distributed Ledger Technology, Blockchains and Identity: A Regulatory This paper provides an overview of the relevant regulations for the use of distributed ledger technologies (DLT) and blockchains for digital identity. Digital identity is the bas...

Read more | See all Identity Resources

Digital Identity: Global Trends and Highlights from the United States Mobile internet traffic now accounts for more than half of all global online traffic, reaching 51.2% of the world’s total this year. There are now 8.8 billion mobile connection...

Read more | See all Identity Resources

Flash News: Internet Accounts Sell For a Few Dollars Cybersecurity firm outlines widespread availability of compromised usernames and passwords Stolen account details for online entertainment services, such as Netflix and Spotify, ...

Read more | Visit Identity Blog

eIDAS: a Tool for Liberation which Opens up the future of Global Trade Andrea Servida Head of eGovernment and Trust, European Commission When I think of mobile communications – in particular, of the smartphone – I see a token of freedom.  Havin...

Read more | Visit Identity Blog

Flash News: Brexit Smartphone App Hits Snag Report says UK app for checking the identity of EU citizens won’t work on iPhones The UK government plans to launch a smartphone app to enable the 3.5 million EU citizens livin...

Read more | Visit Identity Blog

News Flash: IPification Becomes Mobile Connect Compliant Leading company in Asia for providing Security and Data Backup solutions, Benefit Vantage Limited (BVL), with its mobile authentication solution called IPification, announced tha...

Read more | Visit Identity Blog

News Flash: Singapore Mobilises Government Transactions The Singapore government has launched the SingPass Mobile app to make it easier for citizens to conduct government transactions, such as applying for HDB (Housing and Development...

Read more | Visit Identity Blog

Is the Trend for Social Media Website Logins Coming to a Close? Most of us have opened a webpage at some point or another and been confronted – perhaps with a degree of surprise – with a picture of our own face, and an option to log in to...

Read more | Visit Identity Blog

Identity Hangout: Monetising Identity Services December 05, 2018 The GSMA Identity team will be organising an online Identity Hangout which will explore value and commercial scalability of mobile-based identity services. The online event is t...

Read more | See all Identity Events

Identity at MWC19 Barcelona February 25, 2019 Discover the latest innovations, market developments and business strategies in digital identity at MWC19 Barcelona. More details to follow. Register for MWC19 Barcelona...

Read more | See all Identity Events

Contact GSMA Legal Email Preference Centre Copyright © 2018 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.