Implanted Microchips: a Bridge too far

September 27, 2017

Blog

David Pollington, Technical Director, GSMA

Among the more striking items in technology news last month was the announcement by Three Square Market, a company in Wisconsin that is preparing to install RFID microchips into its employees. The firm expects to place devices about the size of a grain of rice into over 50 employees. These can then be used to access buildings, rooms, and computers, as well as to pay for items in company facilities.

As you might expect, concerns have been raised over privacy and if the whereabouts of an employee could be tracked remotely, or whether information on their activities could be stolen.  The CEO, Todd Westby, insists that this is impossible, stating: “This device is only readable if you’re within six inches of a proximity reader, the chances of the chip being hacked is nil to none.”

However, these assurances over security are overconfident. Hacking RFID devices is much easier than is often thought possible. While the move to higher-frequency RFID devices over the last three years has improved their security potential, the risks have not been eliminated. Successful identity theft from RFID chips is still possible by using covert readers, which can then be used to clone devices or steal identities.

There is also an unavoidable ethical element to consider here. Concerns over the social and psychological significance of allowing an employer literally to enter one’s body cannot easily be dismissed as Luddite.  As discussions continue in the tech world and beyond about the ‘always on’ work culture of modern society, might body modifications of this kind not prove a bridge too far?

The prospect of leaving the office, but taking a crucial part of it home with you in your own body, may remind some of the unnerving line from the Eagles’ song Hotel California, which warned that “you can check out any time you like, but you can never leave.” The bearer may find, still more if such devices can be tracked or compromised, that they are unable to truly escape their professional environment – even while on holiday.

These concerns can be addressed while retaining the benefits of the technology.  By relying on a device everyone already has with them anyway: their mobile phone. New mobile technologies offer a convenient and secure way for a person to authenticate themselves without the need for additional physical implants. For example, Mobile Connect can be set up to authenticate an individual in a number of ways: from behavioural information such as location and usage history, to the use of simple PINs, and, crucially, biometric information. If the RFID chip’s strongest claim is that it cannot be lost, we can be assured that we are also unlikely to lose our fingertips or retinas.

In addition, with the consensus that biometric solutions will be ubiquitous in the years to come, the huge amount of investment going into them now will strengthen both their affordability and effectiveness. We should not forget that biometrics were designed in response to concerns over the adequacy of chips to adequately verify identity.

Finally, and perhaps most simply, there is the bottom line. When asked about the cost of such implants, Mr Westby considered them highly economical at $300 per piece. For companies seeking to minimise the costs of their security arrangements, this may not seem a modest sum. However, by using the phone employees already have, the cost base is much lower.

Maintenance costs are minimised too: where there is an issue to be resolved in mobile technology, a simple update will typically suffice. For chips implanted into the body, a physical recall process will need to be undertaken, to the greater cost and inconvenience of all concerned.  In any case, as with any technology, the degree of standardisation dictates much of the practicability – and thereby cost-effectiveness – of the solution in question.

There is simply no universally-agreed chipset to make such solutions workable on a mass scale. With the privacy concerns of human microchips along with the ease of access of mobile, there is no question: use mobile networks to put services securely in people’s hands, just not literally.

Back

MWCA Mobile Connect Seminar Presentations The Mobile Connect Seminar at the 2017 Mobile World Congress Americas was designed for operators and digital service providers looking to offer secure identity services to their...

Read more | See all Identity Resources

Operator cooperation in South Korea has created a successful identity To ensure broad service provider adoption, SKT and the other Korean operators realised that they needed to offer a single identity solution with full market coverage, and subsequ...

Read more | See all Identity Resources

Driving Mobile Connect Usage – Turkcell Looking to improve its customers’ experience and further differentiate its proposition, Turkcell launched Mobile Connect initially on its self-care mobile application and websi...

Read more | See all Identity Resources

Mobile Connect London Summit: Presentations Taking place on the 25th and 26th April, the Mobile Connect London Summit was a forum for leading figures in the wider mobile industry to debate the most pressing issues in the...

Read more | See all Identity Resources

The PSD2 Opportunity: Mobile Operators and Fintech This paper discusses the opportunities relating to the partnership between mobile network operators and fintech companies, and how both parties can benefit from each others&#...

Read more | See all Identity Resources

SK Telecom: Integrating Existing Identity Solutions into Mobile Connec In December 2016, SKT adapted both T-Auth and T-ID to comply with the Mobile Connect specifications. The goal was to make it easier for international customers to use SKT’s app...

Read more | See all Identity Resources

Operators Taking the Lead in Digital Identity Consumers are increasingly tired of usernames and passwords. As the variety of online purchases made by the average person has increased, so has the number of different login det...

Read more | Visit Identity Blog

Implanted Microchips: a Bridge too far David Pollington, Technical Director, GSMA Among the more striking items in technology news last month was the announcement by Three Square Market, a company in Wisconsin that i...

Read more | Visit Identity Blog

US Operators Join Forces on Authentication Mobile network operators are taking the lead in identity authentication.  It was announced last week that the four largest operators in the United States – AT&T, Sprint, T...

Read more | Visit Identity Blog

3 Reasons to Attend MWCA’s Identity Seminar Whilst digital technology has stimulated the growth of new and innovative services across practically every sector in the, service providers have yet to fully capitalise on this ...

Read more | Visit Identity Blog

Could UK’s Planned GDPR Implementation Signal Global Trend? Earlier this week, the UK Government announced its plans to introduce new legislation that will give citizens greater control of their personal data. The legislation will expand ...

Read more | Visit Identity Blog

MWCA: Digital Identity in the Innovation City See below for a list of digital identity demonstrations in the GSMA Innovation City As the Americas experiences explosive growth in its digital economy, businesses across the...

Read more | Visit Identity Blog

Money 2020 October 22, 2017 Join expert biometrics vendors and mobile security experts at Mobile Money 2020 as they discuss real deployments of biometrics in commerce, and the opportunities, challenges and ...

Read more | See all Identity Events

Total Telecom Roundtable October 31, 2017 Can the EU’s GDPR level the playing field with the OTTs and allow telcos to stake a claim in the personal data economy? Marie Austenaa, VP and Head of Identity Business Dev...

Read more | See all Identity Events

Smartex – Smart Payments Forum October 31, 2017 PSD2 requires many payment and banking transactions to be protected with strong customer authentication. While these new requirements challenge many existing authentication solut...

Read more | See all Identity Events

WSCO2Con Europe November 08, 2017 WSO2Con EU will help you identify the right technology that meets today’s demand for an agile approach to integration, API management, identity & access management, sma...

Read more | See all Identity Events

Mobile Connect Summit – Singapore November 21, 2017 Following April’s successful Mobile Connect Summit in London, we are pleased to confirm that we will soon be hosting another regional Summit – this time in Singapore...

Read more | See all Identity Events

Contact GSMA Legal Email Preference Centre Copyright © 2017 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.