Mr Amal Graafstra, Bellingham, United States of America
Interview conducted by Katina Michael on 25 May 2007.
Amal Graafstra is the Director of Information Technology for OutBack Power Systems. He is also the author of RFID Toys, and one of the most prominent ‘do-it-yourselfer’ chip implantees in the world. He is the owner of several technology and mobile communications companies. Amal loves thinking up interesting ways to combine and apply various technologies in his daily life. A self-starter, Amal dropped out of community college and started his first company at the age of seventeen. The company was called The Guild, and it provided dial-up access to customers, while small set-ups were still feasible. Some years later, Amal started his second company Morpheus, which specialized in web hosting and web development. For some time the company did well, but as cheaper hosting services became available, it became more and more difficult to compete in the market. Amal then decided to rebuild Morpheus by supplying managed computing services to the medical industry. In parallel, Amal did some work for WireCutter, a wireless mobile messaging company that were involved in creating mobile marketing campaigns for various radio stations, sending SMS text messages to mobile phones. Graafstra decided to pour his heart and soul into the company he called txtGroups but this too was unable to make ends meet, although he hasn’t given up hope on the company’s future. His most recent IT adventure is as the head of an IT department where he enjoys fighting typical support fires and watching the business grow.
Katina Michael: Amal, firstly I wanted to begin with asking you about your background- your qualifications, your nationality and your place of residence?
Amal Graafstra: Ok. Well, I am a US citizen. I am currently living in Bellingham, Washington. As for qualifications I really do not have any pieces of paper from any School. I am someone who has followed various technologies since my teens and has built projects and things like that. I had a little bit of College but I actually dropped out to start an Internet access company way back when ISPs were a Mom and Pop type of business. So, I’m just a High School graduate...
Katina Michael: I notice you are the director of a number of mobile companies and was wondering if you were one of these students that may not have been challenged by College perhaps and were more entrepreneurial?
Amal Graafstra: I think that there were plenty of challenging things about College. But a lot of the technical aspects in College were not challenging; basically, they were just so far behind. I did not have the time and finances to be able to go through larger or better schools that were on top of the technology curve. I found the technical parts kind of boring and outdated. So, while I was there I learned as much as I could, but when my friend called me up and said, "Let's start an internet access company," I was like "alright". I left that same day. So that is pretty much me.
Katina Michael: How did you actually get involved with computers and technology?
Amal Graafstra: Ah, that is a fun story. I delved into electronics and wanted to know how they worked. So as a kid I would like to take things apart and put them back together. So, technology and how things work I was interested in at a young age. When I was in third grade actually, I had the privilege of going to a country school which was way out in the sticks. It was a great school because you could stay with the same classmates through each of the grades. It was very small, but oddly enough, it was one of the only schools that had a PET computer. I forget what the acronym stands for, but it was a simple computer with no drives or storage of any kind. You could just turn it on, and type, and that was it.
We actually had a program called R.I.F. which stood for Reading is Fundamental. You could go and get a free book, like a “choose your own adventure” book where you would turn the page, read the story and then you would make a selection at the bottom of the page about what you wanted to do next (like, if you want to jump the chasm, turn to page 10). And all of a sudden I found one that was a computer programming “choose-your-own-adventure,” you had to type in some IBM BASIC code or Apple 2 code and write programs to move on in the story. So the problem was the only computer I had access to was the PET, and then PET was slightly different so the code did not work as it was written in the book. I had to figure out how to make the code work and what the differences were. There was no manual so it was just me poking at buttons first, but eventually I figured it out. That shocked me that I could take this thing that was useless, like this thing in the corner that nobody touched, and I could enter information and it would do something useful. That was amazing to me. So my first experience with computers was programming, and things took off from there.
Katina Michael: Wow! Usually we are all introduced to computers through playing computer games, but you had a different venture into this space. So, can I ask, are you in your early 30's?
Amal Graafstra: I'm actually 30.
Katina Michael: Ok. I’m 31 so I kind of can relate to what you are saying. I had a similar experience but with the Amiga 500.
Amal Graafstra: Oh yeah, yeah. All that early stuff was great.
Katina Michael: Do you consider yourself an early adopter of technology?
Amal Graafstra: You know it depends on what type of technology it is. Some things do not interest me at first. When a technology that I think is kind of interesting comes along, I learn about it. Then someone comes up with another piece of technology, and I think hey, if we could marry these two technologies together it would be great and we could solve this problem and do this other thing too. So, I love to do that, find out about technologies and then put them together in a way that solves a different problem or helps someone or is a solution to something.
Katina Michael: For you, is the value proposition the most important factor in the adoption of technology?
Amal Graafstra: Basically it really depends, for me, if it is going to be any fun. There are a lot of things that could be put together but it takes a lot of work and it is not all really fun in the end.
Katina Michael: So for you, it is the novelty that is the most important and best part.
Amal Graafstra: Yes, just being able to look at something and adapt a solution that is not really available. I get really frustrated with the lack of open featured end-user commercial products. For example, there are commercial RFID door readers out there, but none are adapted or marketed to be used with implants. Also, I cannot connect these products with to a microcontroller or my PC unless I am willing to buy some hugely expensive commercial system where these kinds of options are available. Regardless, I have been able to adapt technologies to create a solution that connects these features and technologies together. For example, my RFID door reader is connected to my PC so in addition to a standard RFID reader, I can schedule access only for certain times, or even open the door by sending a text message to the system from my cell phone. This kind of easy integration is what I look forward to when I am doing these projects (figure 1).
Katina Michael: Are you interested in patents at all or that does not really interest you?
Amal Graafstra: I looked into that, the patent stuff. The patent process is really interesting, but certain aspects of it are very frustrating of course. That is probably another reason that I'm not super rich, because I have not looked into it as much as I should have. I am coming to realize more and more as I get older that is really what the game is about at this point. To engage in the patent process it has to be really worth it. But for the most part, I am only interested in my own personal use anyway when it comes to building these solutions.
Katina Michael: Do you consider yourself a hobbyist or entrepreneur?
Amal Graafstra: I think on one hand I am an entrepreneur and one the other a hobbyist. There are a lot of times that I look at a problem and say, “I can put a solution together for that and build it for you,” and I’m paid to do that. So, that is kind of entrepreneurial. At other times, I’m only interested in creating a solution for my own purposes, and that is the hobbyist in me. A lot of times what I create just isn’t marketable, or not worth trying to market. I like to keep things on the hobby side. Any time you turn a hobby into a job, it usually stops being fun. For example, I like photography a lot, and I take quite a few pictures and I even have got a few magazine covers doing it, but the second that someone says "why don't you do this for a job?" Well, then it would become more stress than fun, and I don't want it to be like that.
Katina Michael: I wanted to ask you how old you were when you first conceived of getting an RFID implant?
Amal Graafstra: When I think back, the reality of it is that I was very young, if I remember correctly only 7 or 8 years old… I was walking around the backyard when I heard my mother, who is very religious, saying that putting a chip into an animal or human aggravated her and disturbed her. So when the pet chip first came out a long time ago, I remember hearing about it and being convinced that the inventor of this chip would introduce it for pets then move onto babies and tagging babies in hospitals. The people around me thought it was ominous. I never doubted that point of view because that is what you do when you are a kid. But I thought about it, and considered what would be the purpose of the chip? I thought it could be used by other people to control me, and I believed other common misconceptions of technologies at the time. But there was another part of me that thought “how else could I use that?”
Katina Michael: And later on, what then?
Amal Graafstra: Later in life, around March 2005 to be exact, I found myself moving heavy equipment in and out of my office door almost every day. My office door was one of those latches that locked every time it closed, and I really hated having to carry around and fish for my keys all the time. I started looking at the fact that I had so many keys and what the job of a key was… to identify me as an authorized person and admit access. So, I started looking for a solution and decided to try and come up with an automated access control system that recognized me rather than a key I had to carry around. I started looking into biometrics, things like face recognition cameras and fingerprint readers. The problem I ran into was the fact that these solutions, when done the right way, were very expensive and clunky to implement. There were also concerns over the security and reliability of biometric solutions. Also, because I would need to put the camera or fingerprint reader outside, I was also concerned about vandalism. There weren’t many options rated for outdoor use that were available for someone on a budget. On the other hand, I found tons of RFID readers for cheap, and writing my own software to work with them was a no-brainer. The only down side to RFID was the fact I had to carry around an access card. That got me thinking about the pet implants again, and I realized those were a perfect fit! With RFID, I could create a cheap solution with the best of both worlds… all the benefits of RFID without the need to carry an access keycard!
Katina Michael: So you felt it was a good cheap solution but were there any problems with the pet tags?
Amal Graafstra: There were a few problems with the pet tags. Primarily, I couldn’t find any cheap readers that read the pet chips. It turned out there were many different kinds of RFID and they all didn’t play well with each other. Another issue was that pet tags had a special anti-migration coating on them that was designed to lock the implant in place, which would make removal or replacement nearly impossible. There was also another option for an RFID implant… VeriChip. I’d already heard of the FDA approving the VeriChip for implantation into humans, but the VeriChip had the same issues that the pet tags had… they also had an anti-migration coating and there were very limited hardware options available. I also found out that you must be entered into the VeriChip database when you receive one of their implants.
So, I figured I would just start with a basic keycard system and find some cheap RFID readers that were easy to hack or designed as OEM hardware I could easily integrate into my project. I found several reader options that read EM4102 based RFID tags, so I started looking around for RFID tags based on the EM4102 chip. What I found just about made me jump out of my seat… I found this one site that sold EM4102 based RFID tags that came in a glass ampoule form factor just like the pet tags! Plus, it didn’t have any coating on it. I immediately ordered the reader hardware and a few glass tags (figure 2).
While I waited for them to arrive, I started calling around to find out what all the differences were between the glass tags I ordered and pet and human implantable glass tags. It turns out there were only a few insignificant differences, the first of which was that the tags did not have the anti-migration coating. They also were not sterile. After several difficult conversations with various manufacturers, I found out the glass used in these industrial glass tags I ordered and medical implant type glass tags was the same stuff. That was good enough for me, so as soon as the tags came in I was already setting up my first implant procedure with a cosmetic surgeon who was a client of mine at the time. Once I confirmed the glass tags worked, I scheduled the implant and started building projects. I was so busy creating an access control project I didn’t really tell anyone I was scheduled to get an RFID tag implanted in my left hand. A couple days and a 5 minute procedure later my left hand was RFID enabled and I had a basic access control system built.
Katina Michael: How did it make you feel? Different in any way?
Amal Graafstra: Now, of course, I do not feel any different. I even forget they are there until I have to use them. But at first it was kind of weird and when I was bored I would kind of poke at them and feel the implants under the skin. There is kind of this cool factor to it too. I put my hand to the front door and unlock it and people are like "What! Hold on, what just happened?” So that is all kind of fun. But really over time, I've had it for 3 years or so now, the novelty has kind of worn off, and now it’s just the useful tool I always wanted it to be. But I really get into interesting conversations with people about implants and the issues surrounding them like privacy concerns, security issues, and the technology in general… even religious aspects like the “mark of the beast” are interesting to me. The conversation starter aspect of it is much more valuable to me at this point than just being able to open my front door or start my motorcycle.
Katina Michael: Did you ever consider going wearable and perhaps using an RFID watch device?
Amal Graafstra: You know, I did not even consider it because I don’t even wear a watch. I am one of those people who is bothered by wearing something on their wrist. If I did wear a watch or wristband with an RFID tag in it, I know I would just take it off and leave it in the shower, or go out for a walk and leave my wallet in the house. I knew that I wanted it to always be available and really hard to lose. So the implants made perfect sense.
Katina Michael: Could I ask you, Amal, had you heard of Professor Kevin Warwick at the time when you got the implant or was it much more of a self discovery?
Amal Graafstra: I remember hearing about it because again, I worked in the medical field doing server management for medical clients. So in ‘98 or ‘99 I just started my other company doing that and I heard about the “crazy cyborg guy”. But at the time I did not know that it was an RFID implant. I just knew that there was some guy, a professor, who was somehow talking to computers with his body. In that way, I guess that it was kind of a self-discovery thing. Once I got the implants and started using them, I let my friends know what I did. They all wanted to know more, so I put the pictures of the process on flickr for a couple of friends. Other people viewed the pictures and spread the word, then some blogs got wind of it and things just exploded. Then a lot of people wanted to get in touch with me and some actually referenced Kevin Warwick as well. So I thought oh yeah, I remember that guy and I looked him up and was like "Oh, look at that, he did it as well". By that time I think he'd already done the Cyborg 2.0 project where he uses a nervous system interface and I found that really interesting. I considered looking into that but realized it would take a lot more resources and medical contacts to pull that off, plus I wasn’t as comfortable actually messing with the nerves in my arm as a DIY type experiment. I figured the RFID implant had been tested on pets for years, so I had no concerns about it.
Katina Michael: A couple of weeks ago, we gave a public talk here and I was just going over some of the Cyborg 2.0 pictures and the background to that project and I thought he was very brave to actually do that experiment. He looked quite weary in the photographs but I am sure it was also because of all the press release commitments that he had.
Amal Graafstra: And that was the other issue, a lot of people had health concerns about this implant, which they called "Cyborg". I really had to remind them that the implant I had, was really not a cybernetic device because it did not interact with my body at all. Both pacemakers and cochlear implants are types of cybernetic devices, but making a skin pocket for an RFID tag is not. That whole process (the nervous system interface), he must’ve been concerned about it because he did not know at the time if there would be nerve damage. Those kinds of concerns, for me, well... I value my nerves. That was really brave of him and I do not know if I would be able to do that myself.
Katina Michael: In fact, you touch on something interesting; we definitely do not call people with RFID implants "Cyborgs". We have coined a new term “Electrophorus”. Electrophorus is a Greek compound word bringing together the word “electro” meaning “amber” and the word “phorus” meaning to “wear, to put on, to get into”. Basically, “Electrophorus” means “a bearer of electric technology.” We asked Professor Warwick and Professor Toumazou, what they thought about “Electrophorus” as an idea, in place of the commonly used term “Cyborg” and they liked it. What do you think about "Electrophorus"?
Amal Graafstra: Yes, I think that is a really good idea to have a term that separates us. What I am finding is that it really comes down to marketability. Just like people use Kleenex and Xerox as generic terms, people are calling RFID tags RFIDs, which if you expand the acronym to Radio Frequency Identifications, it sounds kinda silly. So, I think it is good to have a term to separate cyborgs and RFID implantees. And of course other things like hip replacements, where it does physically enhance your life, but it is a mechanical device, not an electronic device, so what do you call it? Is it a cybernetic device? It’s useful to have better terms that describe what we are doing.
Katina Michael: Thanks Amal. All this is very helpful. When you called the doctors and they opted to perform the implant process, were you faced with any barriers or limitations? Did you consider what the Food and Drug Administration would think of it? Or did you think it was your inherent right to do as you chose?
Amal Graafstra: It always comes down to personal responsibility. The problem with some doctors in the medical industry at this point is that when they are dealing with someone who wants to take responsibility for their own actions with their own body, of course they are worried about liability issues; people who say they are going to take responsibility for their own decisions and their own body, and then come back and blame the doctors if things go wrong because of their own decisions.
For me it was not really an issue because I knew the doctors personally, both of them, and they knew me. We had a brief discussion about it, very brief in fact, which was something like "Is it safe?" “Well”, I said, "as far as I know, we have 10 or so years of animal testing, so I would assume so." And then she asked "What is it?" So then I started going into the technical details and she was like "I don't care, if you want to put it in, that’s fine". So, we did it. Then the second implant was actually done by my family doctor which was done with an injector similar to the ones used on pets (figure 3). He is really interested in technology as well, so he asked me "What is it?" and we chatted about that for a while. He had his own concerns about it but they were not health concerns, but other concerns outside the realm of health issues. He asked me about any ethical or moral issues that I might have about it, which I had none. Then he asked me to sign a waiver, a release, and that was it. The injector came with an animal tag, which I threw away. The doctor put my HITAG in there after disinfecting it with a solution of some kind. I am not sure if it was alcohol or something else, but he was satisfied it was clean enough to be injected. Then it was over in a matter of seconds.
Katina Michael: Amal, did you feel any discomfort during or after the procedure, particularly with the RFID pet implant injector?
Amal Graafstra: No, actually I did not. I think the reason is that I specifically requested on both instances to put the implants just below the skin layer. By doing that, you're not diving into more serious flesh- you’re not diving into tissue or nerve endings and that kind of thing. The pet implant injector when it is injected into the skin creates a bump, so that bump is a pretty good pocket to put the implant into (figure 4). In both instances it was a very simple procedure to do and there was very little bruising- actually there was no bruising on either hand and very little bleeding. It was just a very simple procedure to have done. Afterwards, I was told not to use my hand for 24 hours and the other stuff, but being me, I was out there doing things I should not have been doing, but in terms of bruising there was nothing.
Katina Michael: Can you remove the implant by yourself?
Amal Graafstra: Oh yes! Basically because it is just under the skin, I could use an ExactoKnife if I absolutely needed to. I could simply make a small cut and force them out. So you know, in an emergency situation or something like that, because they are not deeply embedded I could probably remove them myself. A lot of people say, “Well, what if someone cuts off your hand so they can get into your house?” I say, first of all I would hand them the keycard in my wallet. Secondly, if they just were not listening to me and coming at me to cut off my hand, I would just bite it out of my hand myself because it is right there. I'd rather do that than lose my hand.
Katina Michael: I actually read the account of your car window being broken into in Vancouver and you commented something similar like "I would have just gave them the keycard, it was more trouble to get the window replaced".
Amal Graafstra: Yes, and that comes up as a security aspect of RFID as well. The issue that always comes up security wise is people wondering "well what about security", "what about people cloning the tag?" I have two tags, one is the EM4102 which is a read-only tag, and the other one is the HITAG (figure 5). It has 40 bit encryption, it’s not much but it is just enough to protect me against a basic passer-by type of attack. But the bottom line is that for a personal use scenario, where these tags are used by individuals, a person is going to have to know you and want to attack you personally. An RFID attack is going to be much more complicated to perform than breaking a window, and unfortunately that is what happened with my car. I would much rather have them use an RFID attack so they could get in there and rummage around because they did not really take much, they just took some change, but they knocked the window out which cost me a lot more in the end.
My point about the RFID security issue is that my usage is much different than business usage. In my case, I've got a system that is a custom built system which was built specifically for my own needs. Someone would have to know me personally and target me specifically to carry out a successful attack. When a business uses RFID, like the Exxon SpeedPass “pay at the pump” keyfob, there is no need to know who you are attacking because the system is common to everyone using it. I do not know if you have seen rfidanalysis.org but that site shows a couple guys hacking the Texas Instrument DST tag, which is used in many vehicles and the Exxon SpeedPass. In that case, once they hacked the tag’s encryption algorithm, they do not need to know the person they are attacking, and they do not need to know where the person lives. All they have to do is attack any random person with a SpeedPass and use their account to go steal gas at any Exxon gas pump. And that really is the difference, the type of scenario and the context that this technology is used in.
Katina Michael: Tell me about the HITAG?
Amal Graafstra: The HITAG is a passive tag. It has 40 bit encryption and 2048 bits of read/write memory.
Katina Michael: Would you ever use an active tag as an implant?
Amal Graafstra: I do not think so, just because I do not like the idea of having to replace them when the battery dies.
Katina Michael: Every two years, is it?
Amal Graafstra: Smaller active tags can last up to two years, larger ISO style tags between three to five years. You can adjust the transmission rate so you can get eight to ten years out of some tags. Basically, I do not like the concept of something that wears out going into my body. I like the fact that these passive tags do not wear out. In terms of memory space on the HITAG though, I do have a limit of 100,000 writes on each bit in the memory block, but I can read those memory bits an infinite number of times without wearing them out. So the chance of something going wrong with either of my RFID tags within my lifetime is very remote.
Katina Michael: If we were to change the scenario a little bit, could I ask you if you would subscribe to any commercial applications, where someone else has the control, and you do not?
Amal Graafstra: That has really been the issue with both RFID and biometrics. The answer to both is really "no". I had an interesting experience at Disney World where they were tying ticket sales to fingerprint biometrics. In this instance, I had already bought the ticket and at the fingerprint gate, either I could choose to accept it and be granted entry or decline it and be declined entry, wasting the money for the tickets and the hotel and all that. It bothered me that when I purchased the tickets there was nothing to alert me that I would be required to give up my biometric information to Disney in order to use the tickets. It really concerned me that I had to trust Disney to not abuse my biometric information once I surrendered it. It’s a lot harder to change your fingerprints than remote an RFID tag.
Actually I am sitting at a data centre right now that used to have an iris scanning system and really the issue comes down to who is controlling the data, who is safeguarding the data? The datacenter recently replaced the legacy iris scanning system with a new fingerprint scanner, and I asked someone “so what happens to the old scanner, what happens to my biometric data?” And they're like, “oh well, we don't know exactly, maybe we threw it out"... So, it really concerns me how this data is tossed around, and not really considered to be that important. Like I said before, my concern with biometric systems is that once you opt-in, you cannot really opt-out because you cannot change your biometric data.
But even with implantable RFID, you can opt-out somehow. In some cases it might be painful to do, but you can do it. In my case though, it would be rather easy. Comparatively, once someone has your biometric data, you’ve lost all control over what’s done with it. The biometric systems being developed now are even more concerning because many of them are passive, which require no action on the part of the user except walking by… there is no consent necessary. There are systems with scent detection that can sniff your unique biochemical mixture. There are systems that analyze gait and how people walk, and facial recognition systems that can tell you which cameras a specific person has shown up on for the last day or month or year depending on how much video footage the system has access to. There are even iris scanners used in airports that do not require you to press your eye up to anything, you simply look into them… kinda like in the movie, Minority Report. I was even reading in a recent medical journal about a researcher who is working on a microchip that has polymer on it with charged ions, and the idea is that you can drop a DNA strand onto it and it would rip apart the strand and identify the person instantly. All of those types of advancements are fascinating and very concerning
Katina Michael: What do you think about the current state of technology?
Amal Graafstra: My concern is not about the actual technology. I love the technology. I think it is great. I hope it is developed and used for good. My concerns are about the people. A nuclear bomb is no worse than a flower if no one presses the button. You know what I mean? So I have serious doubts about the people that will yield the power of the technology, but as far as the technology goes, I like it and I think that it is fine.
Katina Michael: There is a big debate in the academic space, the question being "is technology neutral or is it not?” There are those that say it is not neutral, and although I believe that technology has inherent functionality and capabilities, it is about how you apply it. Like you said, anything can be harmful. A knife we use to spread butter with can be used to kill someone too. That is the point you are trying to make here, that technology itself is not bad; it is potentially how it is used or misused. I think when people like yourself demonstrate the different type of uses of a given technology, basically we can see potential consequences in other areas as well. You have done well, for example, to show in the personal space, how RFID transponder implants can work. Then, you have also, without even realizing I think, opened up this whole new debate about how they may be used if placed in the wrong hands.
Amal Graafstra: Yes, no pun intended, I am sure! One of the concerns I have about the VeriChip implantation program, the reason I did not get a VeriChip, is that it is a corporate product. It is not designed to be used by hobbyists. To that point, if I implanted a VeriChip, my personal information would have to be enrolled in a VeriChip recipient database, and I did not want that. I also did not like the fact that their implants had an anti-migration coating on them. By all accounts, their implant is designed to be permanent. I did not like the depth that the implant was put into the arm, which makes removal very very difficult. I also did not like the placement in the arm, which for me would make the implant very difficult to use - I did not want to have to kneel down next to my door to get into my house or office. Putting it in my hand where I did means I can place the implant, which has a very short read range, next to an RFID reader very easily. And the whole point is that this kind of implementation is that it is a consent based system. I pretty much have to put my hand right on the reader to get a read, and that is a consensual process. Being in the hand, I can put it where I need to put it to get a read. All these things are reasons why I did not go with VeriChip, which I had considered for about ten minutes before ordering the other ones. So, there are issues with it.
The major issue I have with VeriChip is that Verichip has built no security into its devices, yet they are tying it to serious information like medical records and payment information. Being a permanent implantable device designed for permanent implantation, you can’t easily replace or reprogram it if your ID number is compromised. For example, if you lose a credit card number, you call the issuer and get a new one. If someone scans your arm and gets your unique ID, what are you going to do then? I do not know how they going to secure this piece of technology now? It is obvious they did not take into consideration any of that. I do not know what their plan is, but for business applications, there are serious issues. While this issue was known to many in the RFID community, this was all brought to light when AnnaLee Newitz of Wired Magazine got a VeriChip implant, and had that implant cloned successfully by Jonathan Westhues who developed an analog cloning device for basic read-only type RFID transponders.
Katina Michael: Following on from these thoughts, I would like to ask you what your feelings are about microchip implants potentially being used by government to fulfill a mandatory national ID scheme?
Amal Graafstra: I do not think it is going to be the case. I know there are a lot of people pushing for a national ID system and basically we have already got it, it is the social security number in the U.S. And I think in all states now, you cannot get a driver's license without a social security number. In particular this was a problem for my new Canadian wife who is currently going through the immigration process. I am actually urging her not to get a social security number just because she does not really need one right now, so why enroll in the Social Security system when there is no benefit for her to do so. The issue is, if you do not get one, you are pretty much not a member of American society. If there ever was a mark of the beast, I think the Social Security number is probably it. But to answer your question, I do not see RFID as the technology behind that drive. I definitely see the drive is there to be able to identify everyone nationally, but it will probably utilize something like biometrics.
The concern I have about biometrics is simply, sometimes you do not even know you are opting in to the system as you walk by a camera. I do not see that with RFID because you have to force a foreign object into someone's body to opt them in. It is also so easy to opt-out just by removing the tag. Also, it is very easy to interfere with or confuse the system using typical devices that generate interference. There is also the problem of cloned or emulated tags. All these kind of things do not really provide a good platform for a secure RFID implant based national ID system.
Katina Michael: Since about 2002, I have read a lot of credible accounts, mostly by government officials who have been quoted encouraging the use of RFID devices for immigration control and potential disaster recovery and response. For example in Asia, when SARS hit, business and economics was severely affected in some countries, such as Singapore. Just before SARS was contained, there were proposals to tag everyone that traveled on an airplane between SARS-affected zones. It was going to be a wearable device that would keep track of an individual’s location history. I do agree with you, that in the interim, we are not going to have people implanted for national security purposes. But if there is ever a pandemic outbreak like the Spanish Influenza, and there are millions of casualties, ironically there may be a business case for it.
Amal Graafstra: Yes, well it is like any kind of situation where there is something that induces fear in a populace, they will just about give up anything for the sense of security. It could be real security or the illusion of security, but it is quite often the illusion of security. Fear and hunger are the two great motivators for everyone, so I too really hope that is not what it comes down to. But I think honestly, in the very near future as biometrics advances there will probably be a system in place where you probably will not even have to wear a device, it will be like real-time face matching as you are walking. It is kind of a scary proposition, but I do not know what to do about it. I know what to do with respect to RFID I know how to handle that, but biometrics, especially passive biometrics, such as gate analysis, facial recognition and chemical scent and those kinds of things where you just walk through some checkpoint. I just don’t know. Especially in the U.K., where it has become kind of a camera society, the cameras already track individuals without them having to actually opt-in. Just being in a public space is opting in and that is something that is really hard to fight. Even though the monitored society set up in the UK has yet to prove that putting cameras on every corner improves safety and security.
Katina Michael: I think what you are referring to here is the unobtrusive nature of emerging surveillance technologies. It may be okay if the user has opted-in to being tracked for instance, such as in their place of work, but the problems arise when they have not given their consent to be tracked and their location can be revealed in real-time.
Amal Graafstra: Yes.
Katina Michael: I want us now to talk a little about ethical dilemmas, even if in a broad sense. I have studied different types of dependencies and relationships between a parent and a child, a carer and a patient, a parolee officer and a parolee. Can we talk about the different relationships and different ethical dilemmas in these commercial or non-commercial contexts?
Amal Graafstra: I think the parent-child thing, boils down to a basic misconception of how the technology actually works. I am constantly asked, so now that you have RFID, we can track your every move and know where you are. Obviously, they do not understand how it works with a two inch read range, or even with a twenty-four foot read range, you are not going to get much out of that. The parent-child scenario does not make any sense to me because the only thing that really would be able to be identified is a body part, or something that has been tagged. But a lot of parents are scrambling, they want to be able to track their children to know where they are during the day. A lot of companies are now rushing to fill the void with solutions. For instance, some parents are giving their children cell phones which can actually track their location. So there is kind of an interesting dynamic there. I think anything to do with parents and children is always interesting because the parents want to do the best thing by their child, but the child is its own person. Parents may start to impose things that are irreversible. This sort of goes way off RFID. But things like circumcision, implanting them, tattooing them, enrolling their biometric data in a national ID system, these are things that are pretty much irreversible, with exception of an RFID implant for the most part. So there is always an issue where that fine line is, and whether it is really in the child’s best interest to do this or that. Let them make their own decisions as an adult.
Katina Michael: What about medical applications?
Amal Graafstra: In terms of patient care applications, RFID has a lot of commercial potential, especially when it comes to things like operations where you could use RFID labels for identification purposes. Just to double check that the right drugs are being delivered to the right patient, and to fill in the paper work and things like that. I know there are labels that come off and that is fine but as to implanting, it would be someone who wanted it like someone who wanders. I met a guy who has recurrent bouts of amnesia and he wakes up and he does not know where he is. A wearable device in his case would not help him because it could be removed. So he was very interested in implants to solve his dilemma. It is a very niche market, if you are looking at it for a business case. But it is something that he wanted for himself. And that is great. It is like here are your options, and how they are going to know if you have an implant, they will check it in the Verichip systems, what hospitals have it and which do not.
Katina Michael: Do you foresee any ethical issues even for medical applications of RFID implants?
Amal Graafstra: The ethical issues are always coming back. Do the patients really want to adopt the technology, and do they fully understand the ramifications? Whenever you are dealing with a company like Verichip or lobbying a government who wants to use the technology for immigration purposes the issue that comes back to me is much like my Disney Land example. I bought the ticket, I heard nothing about biometric, I get to the gate and after I have spent my money, planned my trip and got all of my stuff... well, now it is like you either do it or you go home. So that I see as a real problem because I did not really have a choice and I had spent a considerable amount of money before I was presented with a choice. So, we all have to deal with that when it is a private industry because people like me, actually there are a lot of us now, Do-It-Yourselfers (DIYers), do understand what is going on.
If we have been caught off guard on occasion, we only have ourselves to blame because we probably did not do the required research beforehand. I know a guy that thought the whole implant thing was cool, went out and got a pet chip and put it in his shoulder and quickly realized, "I cannot really get it out now without doing a lot of cutting," and the only person he could blame was himself. When you have a marketing strategy saying, "Here's all the great things you can do with it", the negative things are not likely to be raised due to the fact that it is a commercial endeavor. Again, it is the consumer’s responsibility and they need to their research carefully. And to a degree, the commercialization of these services and technologies will always try and suppress as much of the negative aspects as possible and that does not do service to the consumers.
Katina Michael: Amal, you mentioned the limitations of RFID to track, for example, you mentioned that if a parent believes they can track their child using an RFID implant, then they are mistaken. Could you comment on the possibilities of convergence with various location tracking devices, not just identification devices, for example, the potential for a GPS-enabled smart phone to work together with an in-built RFID reader?
Amal Graafstra: Sure, actually the term "tracking" is very sensitive to me also. A lot of people use it in a broad way, so tracking to me, says real time, GPS style, you are here right now, we are tracking you, like radars tracking planes as they are flying. Quite often "tracking" is used in place of a logging system. There was actually a system I was reading about recently where kids were wearing an RFID badge and they had readers in different locations, and they had readers set up in various locations in the playgrounds and recess areas. So, the parent could see their kid was here at this time and there at that time and they are at this location right now. It is a limited technology as far as tracking is concerned. RFID is primarily an identification technology not a tracking technology. I guess convergence is going to play a huge role in being able to do that, but then again for RFID technology to be the main tracking technology, it is going to require a large grid of readers throughout an area. Some suggest that the grid already exists to an extent.
All it takes is an agreement to share data between retailers, basically having readers at the front door, which a lot of shops already have that. Already there is this ominous grid. As you mention the GPS use of RFID, I think that that might be possible to have a GPS receiver receive location data but a lot of people do not realize that it does not work the other way around. The data comes from satellites down to the receiver, there is no way to get that location data out to the rest of the world, unless you have a cellular technology to relay it. Then you have the convergence of three technologies. I guess, yes you could converge these technologies in some way. A GPS device could track where you have been, then log that information, store it, and as soon as you come in the range of an RFID reader the transponder transmits that data to an outsource. That is a possibility but there are other technologies out there that are more suitable for doing that than RFID.
Katina Michael: Yet RFID has the proximity to the individual, for example, who is wearing the clothing or wearing a device. I think there are lots of people toying with the idea. We are doing some collaborative work with an international company, who primarily deal with location-based services, but they have moved to the IP space now. So they do not really care what device you have, it just has to be IP-enabled.
Amal Graafstra: There are actually some interesting things happening with networking technologies relating to finding and tracking. Microsoft has an IP locator service, meant to be used in place of GPS, in things like mobile devices and laptops as they roam from wi-fi point to wi-fi point. They want to be able to provide mapping services where they do not have access to GPS, but they do have access to hotspots in the city or whatever. So they are creating quite a large database so that they are able to track geographic location to a pretty precise point, given nothing other than an IP address or MAC address. Another interesting innovation is where companies are turning wifi access points into something like an active RFID system, where these hybrid readers work with middleware to be able to track people and things using nothing but the wi-fi system. A lot of scenarios have the wi-fi network laid out and then right along side it, have the RFID system laid out, whether it is active or passive, it depends on the application. So this company uses wi-fi and RFID in tandem to get a more precise location.
Katina Michael: Yes, I think the next 10 years for wireless networking is going to surprise even some technology experts in the field. And much of it will revolve around location sensitive applications and social networking.
Amal Graafstra: Yes. And you will not even necessarily need an IP address, even a wi-fi device which does not bother with the IP layer is fine, so long as it is attached to a wireless network itself and then it can provide useful information.
Katina Michael: Amal, I want us to return to some ethical issues again. What should younger people consider before going ahead and getting a microchip implant?
Amal Graafstra: Well, actually, there have been quite a number of younger people that have asked about implants. I see a reaction which kind of is the basis for age related interest. Usually people are fearful or doubtful of technology and resist it, whereas young people sort of jump in. The older a person the more they will resist, and the younger they are the more likely they will jump in without carefully researching. So, I would say before getting an implant, seriously consider the health issues, seriously consider the social issues. There are a lot of people who say that implants might pose a danger physically, or consider how people might outwardly disagree with the fact that you have an implant. Be aware of the ethical issues, it is kind of like driving on the road, you might be an excellent driver but you still have to trust that the other person is not going to come over the line and kill you. The same is true with this type of scenario where you are getting an implant to opt into some system. You have to basically trust the system; that they are not going to abuse that power. It is difficult now if you just want to be a member of society. Look at social security cards, for example. Today, the U.S. government even has access to your library records, because of the Patriot Act legislation…
Katina Michael: Yes, they do have the power to do this but then it can be defined as function creep in action.
Amal Graafstra: And that is the thing. I got my library record when all that was not a problem but now things are different. It is not just an issue of trusting now, it is an issue of trusting now and into the future. Another issue is that still a lot of people get the EZPass, they get an active type transponder in their car, to be able to just speed through a toll. The issue is that when they got the transponder, and signed the original agreement, the understanding was that the transponder would be solely used for payment. But of course, now people think of additional uses like being able to track traffic and congestion and even speeding. They can now measure how long it takes for an individual car to get from point A to point B? That was a use that people did not sign up for when agreeing to place the transponder on their vehicle. Then the next thing might be where did they get this guest and for how long did they have access to him, and then someone gets a ticket in the mail for speeding, then what if somebody else is cloning your transponder and you get booked for speeding 200 kilometers per hour. There are a lot of issues and a lot of people are entering the system without seriously thinking about all the issues. They should be and I cannot believe that people are seriously considering implants for payment without having any security features in the technology. It is kind of surprising but I guess it should not be.
Katina Michael: I can see, Amal, that the choice aspect is very important to you. You see a need to be able to opt in to an application. You also see a need for an alternative option if you do not want to have your hand scanned. There are clubs now in Spain, which offer their patrons RFID implants so they do not have to carry cash and for access to VIP lounges. There are companies now which are requesting that their employees be implanted. This is very different from the hobbyist or the personal space. Can you prejudge ethics in that you can think about the consequences before actually rolling out and innovating?
Amal Graafstra: The opt-in and opt-out ethical issues are always at the forefront of my mind and what really brought that to a head for me, was when I really started to realize that I was losing control of my own identity as it relates to society. One big issue for me is what am I going to do about it, and how am I going to deal with it? For example, I bank at a local bank that has recently been bought out by a national bank chain. When I opened the account, I signed my account card with my signature so they could keep it on file and compare it to checks that I wrote. Later on, I wanted to move my home branch to another branch and move the card as well. So I asked them, “can I go back to the other branch and bring back my signed card?” They said, "No". So I asked them, "why not?" and they replied, "Well, it's because of security... You don't want to let it out of the bank”. So I insisted, "Well it's my signature, I signed it. It's my data it’s my identifier and now it’s in your files, and you are saying now you won't let me take it. What if I just close my account? Can I get my card then?" They are like, "No." So then I said, "So what are you going to do with my card if I close my account and you no longer need it. It's my data, what are you going to do with it?" They did not have an answer for me at the time because I was at the front desk. Ultimately what happened in this example is that I submitted my signature, they put it on file, and then I lost total control of it. So, that has really raised an issue with me about trusting my bank to release my own identifier to me personally, while the signature continues to be used everywhere, it is universal, it is a global identifier now. That was a major concern to me and has really opened my eyes to the ethical issues as it relates to identification.
So pre-judging things like, how do we make the technology evolve and continue to be developed without getting it shut down based on ethics. I think the issue is always going to be when it comes down to identifying a person there needs to be alternatives to a biometric or implantation system. I think anything that you can opt-out of easily, for example, taking the badge off after work or having a pin code or something that you know, versus something that is more or less permanent, whether that is giving up biometric data or getting an implant that is rather difficult to remove. Having an alternative is always going to be necessary. I do not want to sound like an old-fashioned kind of guy, but there are constant encroaches on my identity in the name of security, in the name of identity theft, and that is a big concern to me because I truly do not have total control over my identity.
Katina Michael: Amal, you mention personal responsibility being very important to you. I want to ask you, whose responsibility is privacy?
Amal Graafstra: That is a good question. I think it is paramount that an individual realizes that it is their own responsibility, and primarily their own. People have to be aware of these things. Secondly, it is the responsibility of proprietors in society at large to enable that individual to make informed decisions about their privacy. For instance, in the United Kingdom they put up cameras to prevent crime and we are told by authorities that they are going to track faces and use certain kinds of analytical methods and yet we are not told what will be done with that data in the long term. So without a certain amount of information, the public cannot make an informed decision about it whether or not they want to be recorded in a public space. Public space is a really big issue because there is no expectation of privacy.
Then we can get into a debate about expectations of privacy in the workplace. I am of the opinion that if you go to work for an employer who says, "We want to have you wear this RFID badge so we can know where you are in the building and at work," I think the employer has the right to do that. I do not think the employer has the right to say, "We want you to implant this thing so we can track you at work" because the implants cannot be removed at the end of the day, that is the bottom line I think. I believe a person in the workplace has the choice of saying, "I do not want to participate in tracking within the workplace" and then they can get a different job. This might be difficult in the future when all employers may require implants. The labor contract is tied to human resources within the company, and if they are going to treat you as a resource, then they kind of have the right to do that. They sign a contract, "I agree to be your resource from 9 till 5" and if that means using them to get a hold of me, and to track me around the building, or whatever the purpose is, that has to be worked out between the employer and employee. Implantation devices or biometric systems where the data and device resides outside the workplace, are usually not opt-out able.
Katina Michael: A question now about the media hype over RFID. We have a lot of people talking about privacy and the Electronic Product Code global standard, Wal-Mart and Benetton etc. I have a research student looking at the journey of barcode in the 60's and the journey of RFID from the late 90's and beyond. What do you think it is about RFID, apart from the line-of-sight capability that evokes such a public response? Is it lack of public education about the technology or is it something else? What do you put it down to? What is the major issue with RFID?
Amal Graafstra: I think the issue of RFID boils down to two essential things. First, when we are conducting a purchase using the bar code, things might take three or more reads to register. That is a pretty conceptual process; I do not see random laser scanners shooting out into the general public. Really it comes down to consent again. RFID is scary because the public is not educated about the technology. But also there is a level of consent that needs to go along with it. The issue with Benetton was that they were embedding these devices into the clothing, and not telling the consumer, and not deactivating the devices when leaving the store. Sure, RFID has its uses within the store and that is the company’s right, of course they can manage their own inventory but when the consumer buys an item, it is no longer the store’s inventory and they have no right to track that piece of clothing anymore. So there has to be this debate, and I am glad that it has come to the fore, because it has raised an issue of privacy and RFID. All these growing pains that RFID is going through right now, it is all good. We have people on both sides of the extremes but it means the technology will continue to be developed and the issues will continue to be talked about and hopefully resolved. So extreme arguments on both sides are good, and people like me in the middle are going to benefit from the debate.
Katina Michael: And the second issue?
Amal Graafstra: The other issue to me is the basic serialization of everything. A barcode does not identify an item- it identifies a class of item. While you could have a serial barcode, that is not how the UPC standard works, it involves a class of items. It could be a particular brand of cereal or a type of watch. It is not like the exact watch or exact type of serial. People are concerned about the memberization and serialization of everything, of objects, but they are more concerned of the serialization and numberization of life in general, e.g. children, and pets, and living things. There are scary things going on like DNA sequences being patented and life forms being patented, and corn and grains and things that we eat... you can hardly go to a store nowadays and buy anything that has seeds in it anymore, and if you do find something with seeds in it, it is usually not fertile. To get to the point, eventually everything is going to be numbered and tracked, particularly when it comes to compulsory things like food, you are going to have to pay a patent fee when you want to grow your own corn. You know that kind of stuff scares people, it scares me. I think in the general public's mind, RFID serializing every individual object on the face of the earth is a stepping-stone to that horrible nightmare.
Katina Michael: So what is it Amal about RFID when we compare it to say biometrics?
Amal Graafstra: The public have raised issues about biometrics before but nothing like what they are currently saying about RFID technology. I think it is because with RFID people have an object to place their fears on, whereas with biometric data it is just walking by a camera or just kind of casually putting things on a sensor, and then they forget about it. A lot of it is intangible and so while there is fear surrounding it, there is nothing to focus on or point the finger at and say, “this is the devil, this is the enemy". Whereas RFID you've got a tag, for example if you buy a piece of clothing and you find the tag that is meant to identify you and track you in and out of the store, you look at that and associate your fear and anger with that object. So RFID is really taking a battering because people have something tangible in their hand. Like you said, Benetton is crossing the line with their products. Like "okay we are going to sell these items but then we are going to get the added benefits of tracking people in and out of the store." And of course they are not thinking ahead or having any concerns about other retailers starting to read the data from Benetton. What happens if other retailers start sharing data like "Oh this person was in this store, then they went here, and then there".
Let me give you another example that is also relevant here. My sister actually got a loyalty card for a supermarket which for a long time used an individual’s phone number as their identifier. The phone number is not used anymore but I still remember it. They have gas stations now linked to the loyalty scheme, so that when I am driving all over the country I will head for that brand, and I will use the number, and get a message saying “Hello Ms Graafstra, thank you for buying the gas”. Now, anyone in the country could be that person buying the gas and there are certain cases where police have used loyalty card transaction histories to track down individuals suspected of committing a crime. So I always wondered if something happened in the vicinity, would my sister be blamed for that because I used her phone number to make that purchase. Likewise, if somebody borrows my sweater with an RFID tag in it and murders someone, am I going to get the blame for that? So there are all these issues kind of swimming around but I think there is animosity towards the RFID because there is tangible evidence there.
Katina Michael: You mentioned that your Mother is very spiritual. Also that young people should consider the social consequences of RFID. For some people transponders are considered the mark of the beast and many people refer to the Book of Revelation, and they will mention Chapter 13 as the fulfillment of prophecy or looking towards fulfillment. I have downloaded quite a few YouTube clips from particular church organizations and I am interested to hear what you make of it all, i.e. the religious aspect?
Amal Graafstra: It is actually really interesting. If you believe the Book of Revelation as foretelling the future then that is one thing; that gets one into the realm of "Okay, now let us talk about this seriously- what could constitute the mark of the beast?" I think what people are missing is that RFID has not been the first technology that has been referred to as the "Mark of the Beast". Credit cards and social security numbers all have to do with that issue, the things that we take for granted today have all come under this sort of trial of fire. I think RFID, particularly RFID implants, are a huge issue because the device does actually deal with the body, which is mentioned in the Revelation. A lot of people thought that it could be tattoos from "1984" or tattoos on the neck, that sort of scenario. I think that is really what people are missing, they are minimalizing the passage.
The real message is that people will submit to a system and worship that system rather than God and that system will become more important- so much so, that it will defile the temple of God, which is supposed to be the body, in order to subscribe to that system and worship to its processes. To physically take a “mark” on your body, whether it is an implant or a tattoo, solely for the purposes of trade and to be a member of the system has nothing to do with God. In U.S. it is specifically stated that there is a separation between Church and faith, if it is a National I.D. system that is meant for bartering and trade and security, those things are a matter for the state, that by design have nothing to do with the Church and God. So, it kind of comes full circle to submitting and subscribing to the point of defiling God's temple is to become a member of this other system and eventually worship it. I think that is really the message and to a degree a lot of people are already doing that… I do not want to get into too much trouble but, you know, whole businesses go around religious aspects and it really becomes about the money.
So it is all kind of an interesting thing and I had to talk about this to my Mom at length because she had her concerns. At the time I only had the left hand done, but if I had spoken about the right hand, then it would have been a very literal thing. And she was like “you know, it is a stepping stone…” We talked for a while and I do not really think my use of this technology has necessarily sold my soul, in the way Revelation is warning us, i.e., I do not use it for buying and selling. The important thing for me is that if the technology became oppressive, where the government was using it to oppress people and to control people’s buying behavior, I would remove them and I would be the first to opt out. I think it is just the option of me using it for my own purposes and not having to deal with those things kind of brings to light a point that the Bible is making, it is not the specific mark that matters, whatever that might turn out to be; it is the act of being involved in that system and worshipping it.
Katina Michael: I have done a lot of research on this topic and found that Christians are not the only ones who have this kind of end-time belief, but a vast range of diverse religious groups, even though they may not articulate it using the same words, also hold to an eschatological view. And there does seem to be an incremental development in thought that the mark has evolved from a bar code, to a mag-stripe, to smart card, to biometrics and now RFID. I am wondering what the religious will now make of nanotechnology, which is like a dot in comparison to silicon; the prospect of us being covered with dots- perhaps not one single mark, but many marks. How will that change the fulfillment of that prophecy, will people then go to nanotechnology and say “that is the mark of the beast”?
Amal Graafstra: Yes, I think anything that is used to identify us will undergo the same fire that RFID tags have undergone. I think what is kind of bizarre, is that nothing much has been said about straight-out biometrics. Instead of a mark, you just use your hand. Hand and forehead: there are devices where you stick your hand in and it analyses your hand's bone structure and veins for identification purposes. Forehead could easily be looking at a camera or an iris scanner. But for some reason because it is not a mark, it is just a bodily characteristic used to identify you the community has been relatively silent about it. I do not understand why, but I find it is interesting. Again, I think it comes down to symbology and having an actual physical thing and having a tangible thing. So that is the problem with the mark as I see it.
Katina Michael: Amal, were you raised a Christian?
Amal Graafstra: Yes, I was actually.
Katina Michael: And your current philosophical or spiritual orientation is still that?
Amal Graafstra: The more I learn about the universe, the more amazing it is, and the more you learn about everything the more it fascinates. I guess the hardest thing for me is the transition from a rigid spirituality- “this is the way it is and everyone else is wrong”- to more of, “I'm going to have my own relationship with God and that's going to be open and free flowing as I run my life through the course of this amazing universe.”
Katina Michael: Amal, how does it make you feel that your wife also opted to have a chip implant in her hand? And how does that make you feel? When I got married, my husband gave me an engraved key-ring with the keys to our home and it has remained a special memory. How do the implants make you feel, that both of you are sharing the same space?
Amal Graafstra: I think that is very interesting- the fact that the keys were so significant to you, not because they were keys, but because they were a symbol of something that was very important to you. The implants for us are not necessarily symbols so it really did not matter too much. My wife asked me about it and I thought, that was kind of interesting, “if you want it, then sure”. I had been using mine and she had been watching and asking questions about health issues and things like that and watching me build the projects for the book and saw the excitement that I had. She said, "Well, that might be kind of interesting" so she started using the keycard. And she was always digging in her handbag and looking for it and it became annoying; all the reasons why I did not want to use the card. So eventually she just said, "Well, what is involved in getting this implant done?" and I said, "not a whole lot." And we basically called the doctor that night and he said, "yeah, bring her down." So, we did it.
It was kind of insignificant at the time but other people thought it was very significant. She actually did have some issues with it at first because to her not being able to directly develop and realize the technology, she had major concerns about the permanence of it. A lot of people had said to her, "what if you break up? Would you have to get it removed?" You know even if she does not remove it, I could easily remove her identifier from my authorized list and she could remove my identifier from her front door, without having to take out the chip. But for her obviously not being able to leverage that technology personally it would be more significant and she would probably want to get it removed. So, that for her was a bigger choice "Do I really want to do this? What if I want to take it out later?" So for her it was a little bit more of a symbol than it was for me. For her it became a level of commitment, "did I really believe that my relationship was going somewhere? And am I going to be able to use this technology because Amal is in my life?" So when she did get it, there was a whole lot of reaction from her immediate friends; they thought she was crazy or whatever. It was a general reaction that people have like an ongoing joke, "you're crazy". So, she could feel herself that it was a step in the relationship. Whereas, I thought, "cool, just another reason that I really love her because she is into this technology" and that she was willing to do it. She joked that it was the "engagement chip". It actually became true because I proposed afterward and we got married on April 7th.
Katina Michael: Congratulations. I have two more questions, Amal. One is how big is the hobbyist community? How many implantees do you think there are in the RFID space?
Amal Graafstra: Everybody asks me that. Of course, there are the two schools. One is the Verichip people who have been marketed to a degree and they've got more implants and use it for whatever they use it for, like VIP rooms. Then there is kind of the Do-it-yourselfers (DIYers) who use glass RFID tags for non-commercial purposes. I think that community is probably around 200 to 1000 people. It is really hard to track. Once word got out, I started talking to a guy in Australia actually, his name is Chris. He started a tag forum and he and I were the first two posts. Just from there, it exploded.
A lot of people wanted to know about the tags and how to do it and what to use it for. The hobby has grown rapidly and now a lot of people are doing it on their own and unaccounted for. The more people that I run into these days, and it has been a little over two years since the first implant, they'll say "yeah, you've got implants" or they might just say "oh, you're one of those people”. I have met some other people that have had it done. I thought "well, that is strange", then I would ask them if it was in their hand or their arm or their wrist. There are definitely people getting these implants put in that are not FDA approved and definitely do-it-yourselfers- there is just no way to count them all. Actually I went to a place in Alberta, Canada that is doing RFID implants but they are just a tattoo and piercing shop, I thought that is just wild. These are totally non-FDA approved places that are doing these implantations.
Katina Michael: What about suspected health issues related to implants?
Amal Graafstra: Today I got an email from somebody who had cited a few reports of cancerous cells forming around RFID implant sites in pets. They just have different severe issues around the implant sites. So they asked, "what about cancer?" I said, "well, it is definitely not the RFID function, it is not the radiation because it is very minute and temporary, you get more radiation from your house wiring than the RFID tag. So, it is not that. It cannot be the glass wall because it is virtually immersed. The only difference between animal implants and the glass tags that I have is the anti-migration coating, which I suspect will break down chemically and will react chemically in the body. As well as the fact that your skin is perfectly porous and your flesh will grow into those porous areas and pull the implant into place. I think both those factors contribute heavily to the mutated cancerous cells that are forming. Some of them are soft tissue tumors that do not go into full throttle, they form around these implant sites. That is very interesting because we do not know if these pets had strong immune systems or had other possible problems.
I was amazed to find out earlier, that cancer cells form in the body every single day and that is just normal and your body fights them off. Really the only thing that can fight off cancer is the immune system until it becomes malignant and gets out of control, which is when you get “cancer”. It is not an abnormal occurrence in the body, it is a daily thing. So if something is wrong in the body, something is helping the cancer mutate much quicker than your immune system can handle or your immune system is really compromised and then you get cancer. So I thought that was very interesting because the FDA approved Verichip does have this coating, so I am interested to see now what happens long term, with patients who have the Verichip. These pets are very old, they have made it through their lifespan term but in another case with lab rats and mice being implanted and they lived their lifespan and suffered complications right at the end. I am wondering the older these people get, who are now getting these implants very young to get into clubs, I am wondering when they get older if there is going to be issues like these, surrounding implants.
Katina Michael: Do you have any concerns about your own chip?
Amal Graafstra: For myself, not having these chips with coating, I am not experiencing any migration, but my skin is very young. These chips might move around later on in life. Will I have these health issues surrounding my implants? I seriously doubt it. A lot of people have actually brought up the need for anti-migration coating and asked, "do we need this coating at all?" I think that the placement of the chip has a lot to do with it. My chip is just under the skin in that area of the body where the skin is very elastic and can kind of hold onto the chip and not let it move around. From what I understand the Verichip actually is intended for arm tissue, under muscle, under that whole musculatory area. So, there is a concern of migration because there are moving body parts and muscles contract and expand all the time as people move around. I guess time will tell.
Katina Michael: Could I ask you about bodily infections related to implants?
Amal Graafstra: Yes. It is interesting about the infection because a lot of people ask me about the potential of having an infection. Again, for me, just having a smooth glass tag with no coating, it is difficult for an infectious disease to kind of ride along with that tag. But with a coarse material around it, certainly, there could be all kinds of things "hiding" within that material. Personally, I always reference the fact that when you are a kid and you fall over and scrape the ground and you get rocks embedded in your skin and you think it is so cool because you have rocks in your skin. That is definitely a buried process and if you have a healthy immune system you will fight infection just like you should.
My question is, if you are embedding these deep tissue implants with this coarse material that is harboring viruses or bacteria what then? There's no circulation through this material and can the immune system fight these infected areas if the tissue is not that deep into the body. These are things I do not know as I am not a medical doctor, but my suspicion is that if you do have infected material in that porous coating it might be much more prone to infection than just a glass tag. Also, a lot of people ask “what if you get an infection later?” In general, people do not have a lot of understanding of how the immune system and the body work. Again, with the sealed glass tags, I just say, "no" because once your skin is healed up, there is no way for bacteria and viruses to get in. I do not know if the coating material serves as kind of a harboring ground for new bacteria to be produced later. These are things I do not know, but they are very interesting questions.
Katina Michael: Finally, because we're actually coming up to the 2 hour mark and you have been very generous with your time- do you have any final comments or anything else that you would like to cover today?
Amal Graafstra: You know, as I think back now, we have covered a lot of stuff. There is security, there is privacy, what else is there... a lot of people ask me as well if I am ever going to get my tags removed and I do not really see a reason to do that- unless of course they become oppressive in some way and my particular brand of tags can be used in that system then I would remove them. People also ask me if I'd ever upgrade my tags. I think so, I think I would. I'd be interested in upgrading my tags but not getting more tags. I'd be interested in getting tags that actually do interact with my body. “Get-well” tags for example, I do not have any health issues that would require, but if I did, biomedics would make my life better. An RFID tag that would allow me to test my blood without having to poke my skin everyday, I'd be into that. Or if they had a temperature sensor in them as well, for animals basically that is how they take their temperature. Being placed into my hand is not going to give me an accurate core temperature. So there is interesting technology that would involve actual interaction with my body and things like that. Depending on what comes out in the future I might do an upgrade. I might do an upgrade if there is better security- that would be interesting to do.
Katina Michael: Do you think people will consider new types of viruses to give implantees? Electronic viruses that may render their transponder useless? Do you think there is a community out there that might be interested in hacking away at the implantee?
Amal Graafstra: There was an article about RFID "viruses" and it had to do with tags that had memory space that you could write to. It made a big splash because it said "RFID tags contain viruses". The concept was that you could put something into a tag, replace the memory block that could overwrite a database or be able to replicate itself on new tags by corrupting the database. But I do not see it happening that way. One thing that could happen potentially is an implant that uses passive technology to transmit data and power, put next to a much more complex computer like a smart card. The issue of course is data transfer rate and power transfer. These implants as they are now barely have enough power to do what they do. But someday in the future you've got something that has actual microprocessor, like a smart card then yes hacking will become an issue. But right now I do not think it is much of an issue.
I think what is more of an issue for implantees would be a high powered EMP pulse (electromagnetic pulse) that would essentially burn out the transponder. The transponders do have an over-voltage protection mechanism built in but there is only so much voltage you can protect against. If you come up against a large enough pulse then, yes, it is going to fry your tag. I was actually just down at the second annual Maker Fair down in San Jose, California and there were a lot of electricals around and I was very tempted to go up and touch one with my left hand because of the EM pulses. I was very tempted to touch it because there were signs that say "Pacemaker wearers stay away! People with hearing aids stay away because it will burn them out". I really wanted to go up and touch one to see what would happen but of course Jenny convinced me that it would be a bad idea. But I think that those types of attacks could happen potentially.
Katina Michael: I guess we can leave it at that Amal, for now at least, and I would just like to thank you again for the giving of your time. It has been a pleasure talking to you and getting to know you through these questions. I think you have quite a balanced perspective based on real-life experience, and I look forward with interest to see where things will go next for you. Good luck with another book perhaps, not just RFID Toys. I know many people will be very interested to read what we have spoken about today.
Amal Graafstra: Okay. Thank you very much also.
Key Terms & Definitions
Anti-Migration Coating: A substance, for example parylene, that encourages tissue growth around an RFID implant in a human or animal so that it does not move around the body and make reading the device difficult.
BASIC: A simple interpreted programming language designed for teaching beginners, and the first language made available for personal computers. It was originally designed in 1964.
Biometrics: The measurement of parts of a person’s body, for example fingerprints, voice timbre or unique patterns in the iris of the eye, to identify the person for security purposes.
Choice: The act or power of choosing; selection.
Cloned Tags: The theft of an RFID tag identity, commonly referred to as tag cloning. The Electronic Product Code (EPC) tag does not possess any explicit anti-cloning features and as a result is vulnerable to elementary cloning attacks. If the unique IDs in a manufacturer’s EPCs are not random, then an attacker can guess or fabricate other valid EPC entries.
Consent: To give assent; agree; comply or yield.
Do-It-Yourself (DIY): The process of doing any project by oneself, as an amateur or as a hobbyist. In the context of RFID implants, it is the act of requesting that the chip implant process be performed by a local medical doctor so that application development is customizable.
Electronic Product Code (EPC): The Electronic Product Code (EPC) is a family of coding schemes created as an eventual successor to the bar code. The EPC was created as a low-cost method of tracking goods using RFID technology. It is designed to meet the needs of various industries, while guaranteeing uniqueness for all EPC-compliant tags.
Eschatology: The doctrines of the last or final things, as death, judgment, heaven and hell.
HITAG: Manufactured by Philips. A remote keyless system (RKE) designed to remotely permit or deny access to premises or automobiles. There are several RKE systems on the market.
Hobbyist: Someone who is engaged in a spare-time activity or pastime, pursued for pleasure or recreation.
International Standards Organisation (ISO): An international, non-governmental organisation founded in 1947 and based in Geneva, Switzerland, which is responsible for creating and promulgating many of the world’s most important technical standards. The Greek prefix iso- means ‘the same.’
Internet Service Provider (ISP): A company that provides internet services, such as hosting web sites, and usually also sells access to the Internet.
Original Equipment Manufacturer (OEM): A maker of computer-related products, normally software companies, which use the term to label versions of their products that are for sale directly to computer manufacturers only.
Patent: A government grant to an inventor, for a stated period of time, conferring a monopoly of the exclusive right to make, use, and vend an invention or discovery.
Public Space: Refers to an area or place that is open and accessible to all citizens, regardless of gender, race, ethnicity, age or socio-economic level.
Radio Frequency Identification (RFID): A technology that incorporates the use of electromagnetic coupling in the radio frequency (RF) portion of the electromagnetic spectrum to uniquely identify an object, animal, or person.
RFID Implantees: A person who has been implanted with one or more RFID devices.
Severe Acute Respiratory Syndrome (SARS): A respiratory disease in humans which is caused by the SARS coronavirus (SARS-CoV). There has been one near pandemic to date, between November 2002 and July 2003, with 8,096 known infected cases and 774 deaths.
Serialization: Implies something that has to be done linearly, one at a time, like people being served in a single check-out line.
Transponder: A combined receiver and transmitter of radio or radar signals that sends an automatic reply upon receiving certain predetermined signals.
VeriChip: VeriChip is the first Food and Drug Administration (FDA) approved human-implantable radio-frequency identification (RFID) microchip. It is marketed by VeriChip Corporation, a subsidiary of Applied Digital Solutions, and it received United States FDA approval in 2004.
Virus: A small computer program, almost always written with malicious intent that is capable of copying itself from one computer to another, thus emulating a biological virus that infects new hosts.
Wi-Fi: Short for either wireless-fidelity or wide-fidelity; the brand name given to the IEEE 802.11b standard for wireless networking.