After call to implant microchips in people awaiting trial, are they about to become the next threat to our privacy?

Last year, Privacy News Online wrote about the Swedish SJ Railways allowing customers to use under-the-skin microchip implants for “easy” ticket purchases. That might have seemed a one-off bad idea, but such implants have a surprisingly long history. More worryingly, they seem to be gaining in popularity, and cropping up increasingly in everyday situations, with evident privacy implications.

One of the pioneers of this area is Kevin Warwick, formerly Professor of Cybernetics at The University of Reading, England. In 1998, Warwick had a small microchip transponder surgically implanted into his forearm, under local anaesthetic:

This experiment allowed a computer to monitor Kevin Warwick as he moved through halls and offices of the Department of Cybernetics at the University of Reading, using a unique identifying signal emitted by the implanted chip. He could operate doors, lights, heaters and other computers without lifting a finger.

Warwick’s “Project Cyborg 1.0” concentrated on his ability to act on objects by moving his arm closer to them, something he explored further in his 2002 “Project Cyborg 2.0“. But it’s telling that the description above notes that he could also be monitored as he moved around.

After Warwick’s trailblazing research, people continued to experiment with microchip implants. Some, like Lepht Anonym, inserted the devices themselves, using “needles, scalpels, vegetable peelers” – plus vodka to numb the pain. Others started to coalesce into semi-organized communities of “biohackers“, also known as “grinders”. A 2017 article in Wired claimed there were already some 5000 grinders in the US.

One phenomenon driving the wider uptake of implanted microchips is the “implant party”. Anyone can attend to have chips inserted – usually beneath the skin between the thumb and forefinger – by people with experience of doing so safely. For example, the BBC reported on a Swedish implant party back in 2014. A 2017 article in Business Insider reported that Hannes Sjöblad, founder of a Swedish biohacking group, had helped to host implant parties in Mexico, France, Greece, Germany, England, Denmark, and in the US.

Sjöblad has also started working with companies. In 2015, the Swedish startup hub Epicenter began offering its employees the option of implanting a microchip to open doors, operate printers, or buy drinks using a wave of their hand. By 2017, 150 people had done so.

Epicenter’s implants come from the Swedish company Biohax. Its Web site claims “more than 1000 professionals in the financial, healthcare, government, science, and technology sectors are using their Biohax install to live a seamless experience with their connected surroundings.” Biohax implants use the Near-Field Communication (NFC) standard, which is already common around the world, and is supported by most modern mobile phones. It’s also widely used for contactless transit systems, which is why Swedish SJ Railways was able to accept it as a means of payment. Android apps allow data to be written to the microchip. NFC chips offer more advanced capabilities than the earlier implants, which were simple radio-frequency identification (RFID) tags.

Another company offering RFID and NFC transponders is Dangerous Things, which says that it has sold its products to Google, Samsung, and Apple among others. True to its name, Dangerous Things likes to emphasize how dangerous its products are:

WARNING: This kit definitely contains dangerous things. While the xNT transponder device has undergone several quality checks during manufacture and has been put through a battery of tests with various private labs, it has not been tested or certified by any government regulatory agency for implantation or use inside the human body. Use of this device is strictly at your own risk.

The US Food and Drug Administration approved RFID tags for human implants in 2004, but there are still some minor safety concerns, Business Insider wrote in 2015. Despite that, in 2017 a Wisconsin vending machine company became the first US company to offer its employees the option to buy snacks, log in to computers or use the copy machine via an implanted Biohax microchip.

These kinds of uses are clearly fairly innocuous. But as more people embrace implanted microchips – a recent article claimed that around 3000 people in Sweden alone now have them – there is a danger that they will become normalized and extended to uses that are less benign. For example, it is easy to imagine companies putting pressure on staff to adopt the technology in the same way they can require them to allow all their workplace activities – even down to each keystroke – to be constantly monitored, as this blog reported last year. A 2018 video report about the increasing use of implanted devices was headed “Microchipping staff: A matter of when, not if“. That may be premature, but there are already signs that people are starting to consider implanted chips for other purposes too.

Just recently, in Ohio, Toledo City Councilman Rob Ludeman suggested microchipping criminal offenders as an alternative to using electronic monitoring ankle bracelets. He justified the idea on the basis that this would prevent the tracking devices being removed when committing additional crimes. The Toledo Blade reported Ludeman as saying:

“I’ve seen enough shows on TV where the individual has slipped it off and they’ll go commit a crime and slip it back on,” he said. “I can’t believe it’s an inhumane thing and I’ve got to believe the technology is there. We microchip our dogs, cats, there’s got to be a way that you can put a microchip in and it can’t be removed until their sentence is served or probation is over.”

Other council members rejected the idea, and experts pointed out that the implanted chips used for animals would not work in the way Ludeman wanted, since they do not function like a GPS tracker that can be monitored from afar, but are scanned once a lost animal is located.

Nonetheless, the incident is significant, because it indicates that implanted microchips are starting to enter the political mainstream. And even if they can’t be used as GPS trackers, there are plenty of other applications that have troubling privacy implications. For example, a common suggestion is that a person’s medical history could be stored in such chips to aid medics in an emergency. In fact, an implanted product of this kind was launched back in 2002, but it never caught on. Indeed, the company’s own research indicated that nine out of 10 people were uncomfortable with this kind of application. But it is easy to imagine new entrants to the sector arguing that technology has moved on now, and that strong encryption could handle concerns about unauthorized access to data.

The greatly increased capacity of even the smallest memory devices means that large amounts of personal data could be stored on such devices. It would be straightforward to create a multi-purpose implanted microchip system that would store many different kinds of authorizations and associated data. Biometrics such as fingerprints, iris scans and even DNA sequences could be added to create a kind of implanted passport. The system might allow routine data updates and uploads to provide a complete, portable record of how it was used. However, for all its undoubted benefits, it is important to remember that such a device would also create the perfect surveillance system.

After a slow start, the technology is beginning to move ahead more rapidly. As implanted microchips become increasingly common and accepted, it’s vital for those imagining new ways of using them, and those drawing up new laws to regulate those uses, to start thinking hard about the best way to do both. If they don’t, we may soon be facing yet another threat to our privacy, already under attack from multiple quarters – but this time, from within our own bodies.

Featured image by SJ Railways.