Part B-Socio-Technical Issues
In Part B, Michael and Michael relate events about Graafstra, and Graafstra relates events about others. The whole Part is written in the third person voice. Where direct quotes are used, Graafstra's sentiments and interview responses are captured verbatim. In this part the main socio-technical issues facing RFID implantees is discussed, including security, privacy, data ownership (personal versus commercial), social issues (e.g. religious responses and socio-political concerns), law and policy. Due to space limitations the authors do not go into great detail in each of the socio-technical issues addressed, rather, this remains the aim of a future work-in-progress. Part B concludes by acknowledging the role of all the stakeholders in the feedback mechanism towards social innovation.
Section 7. RFID, Implantees and Security
RFID is a very broad term that encompasses a plethora of technologies that are all designed differently but do one thing; identify something via radio frequency (RF) communication. That includes everything from the World War II identification friend or foe (IFF) systems to implantable tags to RFID enabled credit cards. As recent as 2006, the United States Department of Homeland Security (DHS) was debating the use of RFID for humans. In reports  and , it is clear that while one DHS full committee found that deployment of RFID for human identification should be done with caution, the second report by a subcommittee ruled that the practice was inappropriate . The recommendation by the DHS subcommittee read :
“[t]here appear to be specific, narrowly defined situations in which RFID is appropriate for human identification. Miners or firefighters might be appropriately identified using RFID because speed of identification is at a premium in dangerous situations and the need to verify the connection between a card and bearer is low. But for other applications related to human beings, RFID appears to offer little benefit when compared to the consequences it brings for privacy and data integrity. Instead, it increases risks to personal privacy and security, with no commensurate benefit for performance or national security. Most difficult and troubling is the situation in which RFID is ostensibly used for tracking objects (medicine containers, for example), but can in fact be used for monitoring human behavior “For these reasons, we recommend that RFID be disfavored for identifying and tracking human beings. When DHS does choose to use RFID to identify and track individuals, we recommend the implementation of the specific security and privacy safeguards …”
Many RFID technologies are insecure by design, or employ weak or flawed encryption methods. However, that is not to say that an RFID system using an insecure RFID technology is itself insecure by default. Despite the early 2006 findings of the DHS reports, there are U.S. RFID-based schemes which are now in widespread use. Graafstra points to the “trusted traveler” RFID-enabled NEXUS card as an example . The NEXUS card is a U.S. government issued travel card that has an ultra high frequency (UHF) RFID tag inside, which does not employ any encryption technology. Any Generation 2 (Gen 2) UHF reader can read the unique code stored in the tag. The RF technology used by the NEXUS system is insecure, but the NEXUS system that allows one to travel across various borders is not inherently insecure, so one's identity is theoretically not at risk. Graafstra elaborates: “[t]he Gen 2 ID stored in my card is a unique number, but that number in no way gives up any information about me to an attacker who may be able to read it-it is just a number. The systems that link that ID number to actual important information about me are secured in far superior ways than the systems that store your library card account, or in some states, even your dri ver license information.”
Like NEXUS travel cards, the VeriChip medical implant does not employ encryption in any way. Any passive 134 kHz reader capable of understanding the VeriChip data protocol can read the ID of any VeriChip implant. Even though these IDs are tied to medical records, the ID itself is useless to a random attacker because access to those records also requires both access to a medical network and a health professional's account password. Systems that employ encrypted RFID tags have, in the past, relied heavily on the crypto algorithms in the RFID tags themselves to secure the system in which RFID technology was integrated into.
Graafstra uses the example of ExxonMobil's pay-at-the-pump SpeedPass system and the many vehicle immobilizer systems that make use of the 134 kHz TI DST tag, which secures communication through a challenge/response mechanism. The problem with these systems Graafstra outlines is that because they do not possess any other security mechanisms outside of the RFID tag's encryption, the systems are vulnerable to fraud by cracking the encryption algorithm used by tags to generate proper responses to the challenges issued by commercial readers. Once the DST tag crypto had been cracked , ExxonMobil had to redesign their SpeedPass payment system to implement credit card style fraud detection to detect and prevent fraudulent transactions. Other tag chipsets that employ encryption mechanisms like MiFare and HIT AG S have also been compromised, leading systems designers to rethink security and start balancing RFID encryption with other security mechanisms.
Graafstra points to the fact that his left hand contains an EM4102 tag, which by design does not utilize any security measures. The tag ID is readable by any 125 kHz reader able to understand EM4102 tags and get close enough to read the tag. He comments, “[e]ven so, I use that tag to unlock my back door when I get home from work. Many would argue that my home is completely insecure because my implanted tag is not secure. I do not disagree, but I also do not believe that I am at any greater risk of home invasion as a result.”
7.1. Security Context
Quite often people think security is a pass/fail scenario. Either something is secure or it is not. In reality, a security policy is a collection of systems, methods, and procedures that protect an asset by removing enough value and/or applying enough deterrence that a potential attacker will not even bother or quit trying. To get to the heart of the matter, you have to start with the premise that nothing is truly secure. If there is enough desire, determination, and resources available to an attacker, they will eventually succeed.
The inherent lack of encryption in many RFID tags impacts DIY taggers building personal use applications differently than it does commercial enterprises like Veri Chip, ExxonMobil, and VISA/MasterCard with their public use applications. Graafstra argues that despite the fact that he uses an insecure RFID tag to unlock the back door of his house, if a random attacker were to get close enough to read the ID of the EM4102 tag implanted in his left hand, they would not have any way to derive his identity (e.g. name), his home location (e.g. where he lives), or his phone number. This is however discounting the simple fact that one can be covertly followed in a public space. Graafstra believes an attacker intent on entering his home would generally use more mundane approaches such as breaking a window, than going to the effort of a technical approach. Graafstra's observations are quite correct, for the time being, until more and more DIY taggers start to rig up their personal living spaces with readers.
7.2. Designing with Security in Mind
7.2.1 RFID Cards in the Corporation
Assuming the encryption algorithms used by “secure tags” today have been or will soon be cracked, system designers need to shift from exclusive reliance on tag encryption and incorporate other features to make their systems more secure. Starting with the RFID tag itself, several businesses integrate RFID access control tags with their employee name badges. These can be constructed with a simple push button membrane or switch that connects the RFID antenna to the tag IC. Graafstra recommends that given the user already has to handle their name badge in order to place it close enough to a reader to get a valid read, why not require a simultaneous press of a switch while doing so? For Graafstra, such a simple design change would eliminate almost every possibility for a non-consensual read by malicious users.
Access control systems can also be designed with more intelligence than they currently possess. Graafstra relates the following scenario with respect to physical access control to a corporation. Assume Dave of XYZ Corp has been the victim of a malicious card scan. The attacker intends to emulate Dave's card ID to gain access to the building by mixing in with the morning rush of people. Dave enters the building first, and then the attacker enters five minutes later. Dave goes to his desk by way of the elevator and a couple of other security doors where his badge is used. The attacker takes a different route to his target, using his emulated Dave badge. The system should be able to recognize the odd access pattern through validation and alert security, possibly offering up an employee photo along side a time stamped video of the various RFID access events. Security personnel could then quickly determine if there was an attempted security breach they needed to address. If so, they could lock down Dave's badge so it no longer functioned, and even set up real-time mobile alerts to tell roving security guards if and where the badge was trying to be used. In theory, Graafstra is correct, system designers for the greater part are not thinking foolproof security blueprints but the reality is that budgeting and security staff resourcing would possibly not allow for such sophisticated security interventions; detection is one thing, acting on an email or mobile alert is another.
7.2.2. RFID Implants and Diy Tagger Protection
Graafstra has spent a great deal of time thinking how DIY taggers could protect themselves from what he terms “casual” security attacks. He has documented his solution as follows. Using the read/write memory blocks that many types of tags have is a good way to increase both the risk and the amount of effort an attacker would have to exert in order to successfully execute an attack. For example, the HIT AG S 2048 tag in his right hand uses 40 bit encryption to protect the contents of its 255 byte read/write memory blocks. The 40 bit encryption will not stop a serious attacker but it will diminish the casual attacker's ability.
Graafstra elaborates in detail: to enhance the security of a system, the memory space can contain a pseudo-random rotating hash which is used in conjunction with the tag's read onl y unique serial number to confirm authorized entry. The hash is generated based on a secret key that only your system knows, coupled with an incrementing counter used to salt the hash. When the hash is read, the system uses much more powerful encryption algorithms to calculate and match the hash stored on the tag than the tag itself is capable of utilizing. The counter value is derived and checked against the system counter to ensure the encrypted hash is correct for the tag IDand to ensure the counter value is moving forward and not staying still or moving backward. Upon successful authentication, the counter is updated and a new hash is written to the memory blocks. If an attacker were able to break the 40 bit encryption to gain access to the memory contents, a successful attack is still orders of magnitude more difficult to pull off than plainly emulating an unencrypted tag. Also, a successful attack would provide a very small window of opportunity as any use of the original card would invalidate the cloned tag's counter/hash combination.
Section 8. RFID Implantees and Privacy
8.1. Misconceptions About RFID Technology
There are a lot of misconceptions in the general community about how various RFID technologies work, prompting unfounded fears of global positioning system (GPS) satellites tracking embedded tags and implants. This is not to say that in the future RFID tags will not be able to interface with a number of different mobile technologies but for now this kind of global tracking is unavailable. And this not because it is not technically feasible to do so, but rather because large-scale agreements have not yet been entered into between a variety of stakeholders.
Active RFID tags can transmit data very long distances, anywhere from a few feet to 10 miles or more, but they use battery power to do so and are bigger and bulkier than passive RFID tags. Inversely, passive tags like those used in retail inventory applications and glass encased implants are typically smaller. They do not have internal power sources, and can generally communicate with readers from only a few inches to a few feet away depending on chipset, size, and frequency used. Certain experiments have shown, under ideal conditions, that passive UHF tags can be read from several hundred feet, but those are special test cases not practical real-world scenarios. Even so, the prevalent fear amongst every day consumers is that, somehow, carrying an RFID tag of any kind will allow “them” (e.g. government agencies) to track your every move.
Today, people's activities are logged constantly. From every non-cash purchase you make to every RFID “fast pay” toll booth archway driven under to every phone call made, something somewhere is logging that activity. Graafstra points out the potential for data mining through a variety of sources, emphasizing that “[n]obody is upset about this type of information gathering as they are about RFID technology … [and that] the backlash from specific segments of the public seems to center on embedded tags, whether they are embedded in clothes, in driver license cards, or people's bodies.” For Graafstra, the stated concerns indicate people believe RFID is capable of more than it really is, and that those perceived capabilities culminate as fear of massive privacy invasion on an unprecedented scale.
8.2. Some Consumer Concerns Warranted
Although Graafstra does acknowledge that some consumer concerns with respect to RFID are valid, he believes the concern is misdirected at the technology itself rather than on human factor issues, e.g. consent. He emphasizes that unobtrusive reads amount to privacy problems, and that to some extent history has already proven that this is a valid concern. Clothing manufacturer Benetton, for example, was found to be embedding RFID tags into women's garments in an effort to quickly identify past customers as they walked into their storefronts . Graafstra also singles out the idea of function creep, inferring that consent given for one use may be extended at a later date as the application grows. People who have to travel over toll roads and bridges may opt to use an RFID tag permanently affixed to their windscreen for automatic payment may find that the terms and conditions they originally signed up for have changed, and in some instances without warning. For example, some state governments collect data from RFID tollway tags to monitor traffic patterns on their roadways without notifying users. Furthermore, logs of which tags passed what checkpoint at what time are kept for undisclosed periods of time and log data could potentially be shared with an unknown number of requestors. Graafstra questions whether the next step will indeed be to issue speeding fines based on how fast people have traveled from checkpoint A to B.
8.3. RFID Tags: Personal Versus Commercial Use
Now let us take a hypothetical look at RFID privacy in a hostile environment, and the differences between personal use and commercial use contexts. When you sign up for a commercial service that utilizes RFID in some way, you surrender your personal information which is tied to that unique tag ID. Assuming the company does not share your tag ID or your information with any other person or company, your information is still associated with that tag ID and could be used to violate your privacy through nonconsensual reading of the tag. The problem gets worse if that company sells or shares that data with other companies or people.
In a personal use context, you never surrender your personal information to anyone, and your tag ID is in no way associated with you. The best any snoopy corporation or government could do would be to aggregate non-identifiable data together to determine patterns of anonymous tag IDs. Of course, there is always the concern that associations could be made through other means. For example, suppose a checkpoint was set up that could read a large cross-section of tags from RFID enabled credit cards, access cards, various tag types in UHF, high frequency (HF), and low frequency (LF) frequency ranges, etc. A properly read and decrypted RFID credit card will reveal the cardholder's name, and if other tag IDs always showed up in logs when “Dave's” unprotected RFID-enabled credit card did, then one could assume that all those RFID tags resided in Dave's wallet with his credit card. While this fact may be disconcerting, Dave can still take measures to protect himself, by choosing to shield his tags and cards , or even leave them at home. But what about implanted RFID tags? Leaving those at home is not possible and shielding them could be socially awkward (always explaining why you're wearing tin foil gloves), even though increasingly sentinel jackets are coming onto the market.
Implantable tags like VeriChip which are sold to the public for use within commercial systems do present different privacy challenges than the glass tags implanted by DIY taggers. A commercial system means uniformity when it comes to things like implant location, type of chip, data protocol, and frequency. Since the implant location is common to all users (e.g. in the case of the VeriChip it is the triceps muscle of the right arm), Graafstra believes that a simple reader can be set up at typical arm height in a doorway to casually capture tag IDs from passers-by. With enough people using a common system and enough readers placed in enough doorways, unique traffic profiles could be created for each tag ID much more easily.
Section 9. RFID Implantees and Society
9.1. PET and Animal Identification Systems
Whether people like to admit to it or not, society today is full of RFID tag and transponder technologies embedded in buildings, in vehicles, in packages, in clothing, in animals, and in people's wallets. This diffusion will continue to grow annually with predictions that 26.1 billion units will be sold in 2011 alone . Passive RFID tags designed to be implanted into animals have been around since the early 1980s. After being widely tested by several companies in the early 1990s (such as Destron's LifeChip ), the number of pets with implanted RFID tags has skyrocketed as local councils and state governments move to make the chipping of domesticated animals compulsory . To date this practice, above all else, has done more to raise public awareness of the positive applications of implantables than any other use of implantable RFID tags.
Today RFID tags, both passive and active, are used to keep tabs on everything from pets to livestock to wild animals on land, in the air, and in the sea. Graafstra notes, that the U.S. Fish and Wildlife Service uses “microchipping” in its research of wild bison, black-footed ferrets, grizzly bears, elk, white-tailed deer, giant land tortoises and armadillos. New developments in sensors, RF, and power harvesting technologies are also leading the way to “implantable” RF enabled sensors embedded into trees (e.g. orchards). These “tree tags” relay information about the health of the tree, the surrounding forest environment, and raise an alarm in the event of a forest fire .
9.2. Is it Hip to Get the Chip?
Since Michael and Michael began their research into non-medical ICT implantables in the mid-1990s, they were preoccupied by the question of diffusion, and predominantly the notion of who influenced whom within the context of an actor network. For example, who was the first DIY tagger implantee? What inspired them to get an implant? How did they come to know of other implantees? When Graafstra received his first implant, he knew he was not the first. Professor Kevin Warwick had long since completed his Cyborg 1.0 project, and VeriChip had received FDA approval and was already implanting customers. Graafstra believes what he embarked on in early 2005 created such a media interest because he got the implant on his own accord, and he self-reported it all using photographs and video via the web. He also was comprehensive in his documentation of what he planned to do with his implant, and quickly demonstrated its functionality. Finally, he also believes implanting a RFID device in the hand, and not in the upper arm, sparked more intrigue and inquiry.
Since that time Veri Chip (now PositivelD ) have been marketing their products, and to date allegedly have between 1000 and 2000 people registered in their medical implant database, although some estimates are much lower and some much higher. The size of the DIY community is, by its very nature, unknown. Yet shortly after news of Graafstra's implant became public, he was contacted by lots of members from the general community who wanted to know how to obtain an implant themselves. Graafstra is frank, when he states: “today, anyone can buy glass encased RFID tags and watch self-implantation procedures online, and then go to their local piercing shop to get it done”. One is left pondering, however, whether DIYers are engaged in the act of blueprint copying or idea diffusion, and the repercussions that this might have on how RFID implants are utilized in the future. Jared Diamond describes blueprint copying as the act of copying or modifying an available detailed blueprint. At the opposite end of the spectrum lies idea diffusion, which is when one receives little more than the basic idea and has to reinvent the fine details .
Graafstra estimates there could be roughly 200 or 300 DIY taggers around the world who have opted to get a non-commercial RFID implant. Graafstra is reflective, that while he does not know the exact number of DIYers, he does know (or at least understands) the inner motivations of some DIYers to get an implant is less than technical. He said:
“I've been contacted by 16 year old kids who have had to wait until they are 18 to get this done due to - what I think are - valid parental concerns. On my RFID forum, I have repeatedly suggested that it is not worth taking even a minor health risk to get this done if you do not really know why you want it and what your goals are once you have it. Even so, when I asked a couple of these kids why they wanted to get an implant and what they were going to do with it, in both cases their responses were something along the lines of “because it's cool” and “I'm not sure what I'm going to do with it”. I have also been contacted by body-madders who, after getting their fifteenth cosmetic subcutaneous silicone implant, wanted something different … something that was actually functional in some way, even if they did not have any plans to actually use it.”
However most DIY taggers tend to view their implant as a utilitarian tool to be used in daily life with projects they have built themselves. In this loose-knit community  of practical DIY taggers, one could argue it is actually “hip to get the chip,” even though the best place for it is unanimously the hand!
9.3. RFID Implants for Families: Peace of Mind?
When considering the applications that Applied Digital Solutions were marketing in 2003, and those that were subsequently marketed by the VeriChip Corporation, Graafstra circumspectly calls the “brochureware” confusing from a marketing perspective at least. For Graafstra, any sort of communication that misleads the public about pinpoint location positioning via the RFID chip is widely fantastical and utterly disappointing. He does not understand, how on the basis of a commercial vision, the Mexican Attorney General allowed himself and some of his staff to be Veri Chipped with an “anti-kidnapping chip”. Parents, like that of Jeffrey and Leslie Jacobs were also lead to believe, probably through mainstream public misconceptions about the function of RFID, that getting a Veri Chip implant would provide their whole family with security and “piece of mind” .
The fact is, no RFID implant can provide that kind of security and “traceability” that certain members of society are looking for or are afraid of. The best an RFID implant can do today, is identify the person sitting two inches away from the scanner. That may help identify a corpse, but it will not help find missing persons. This is not to say that in the not-to-distant future, technological convergence might enable very sophisticated applications to be built. The idea of implanting prisoners, persons on parole or persons on extended supervision orders (ESOs), or military service-people with digital implantable dog tags has been considered but has yet to take place. Again, Graafstra points to public polls where consumers believe that implanting prisoners or parolees would make society “safer” because it would make implantees easier to track down and keep in confined zones if required, but he is adamant that these kinds of solutions are not yet possible using implanted RFID tags. The permanency of FDA approved implantables is especially disconcerting as they possibly do not give one-time offenders, or once military service personnel, an opportunity to rehabilitate or move onto other professions . For Graafstra this is a violation of service terms, since imposed subcutaneous FDA approved commercial implants are long lasting physical remnant of requirements that have long since expired, and no longer valid.
9.4. RFID Implants for Employees and the Law
To date, no employer has required an employee or potential employee to obtain an RFID implant in order to become or remain employed. Critics jumped on inaccurate media reports that CityWatcher.com, a now defunct municipal surveillance company, had required employees to get implants to access sensitive datacenters. The fact is three employees did receive VeriChip implants and the company paid for their procedures . However, five employees opted to simply carry around an access card to access those same areas. Implantation was optional, not compulsory. There was a similar optional implantation of employees at the Baja Beach Club in Barcelona, Spain but this was not really publicized.
As a preemptive measure several states in the U.S.A passed laws that banned enforced implantation by employers . For Graafstra the problem has more to do with laws and regulations which target a technology than the very ‘act’ of surveillance. Graafstra notes the law passed in California (Senate Bill 362) that banned employers from mandating that employees or potential employees must get an identifying implant in order to perform their work . The law is written with a heavy slant toward a “radio frequency device”, but an argument could be made that this law also covers biometric technologies and other location based mobile technologies. Intentional or not, the definitions section states;
“Identification device” means any item, application, or product that is passively or actively capable of transmitting personal information, including, but not limited to, devices using radio frequency technology.
“Subcutaneous” means existing, performed, or introduced under or on the skin.
For Graafstra such laws do not do anything for employee workplace rights as a plethora of other technologies exist to determine the whereabouts of workers within campus-based facilities like manufacturing plants. For Graafstra, it has less to do with implantables, and more to do with employee privacy.
9.5. Is Getting an RFID Implant Evil?
Many people believe that RFID implants will harm society and/or humanity in some way. The two most vocal groups are people expressing their religious views, and people expressing their socio-political fears ‥
9.5.1. Religious Concerns-“Mark of the Beast”
The interpretation of the Book of Revelation, the last book of the New Testament, by some Christians has caused Graafstra to be the target of backlash by some members of the believing community. Graafstra points to the following verses that RFID critics with a religious orientation invariably point to (Revelation 13: 16–18):
“Also it causes all, both small and great, both rich and poor, both free and slave, to be marked on the right hand or the forehead, so that no one can buy or sell unless he has the mark, that is, the name of the beast or the number of its name. This calls for wisdom: let him who has understanding reckon the number of the beast, for it is a human number, its number is six hundred and sixty-six.”
From the correspondence that Graafstra has received, he has deduced that some Christians believe that “the devil” will require all of humanity to receive a mark of some kind in order to be able to participate in day-to-day societal transactions. And that furthermore, wise people will recognize that mark and attempt to refuse it. Those who are most vocal about such beliefs have gone so far as to insult and threaten Graafstra, and other DIY taggers about their involvement in ICT implants. Graafstra has spent some time reviewing the passages himself countering:
“[s]ince so many people seem to take the Bible so very literally, in my opinion there are a few things they are either ignoring or do not realize. In verse 16, it says “he causeth all” which means everyone will receive “the mark” regardless of whether they want it or not. In verse 17 it says “no man might buy or sell [without the mark]”, meaning absolutely nobody will be able to do this, even if you are living in an igloo on the North Pole trying to do it illegally. In verse 18 it says nothing about wise people refusing the mark or even being able to, it only discusses how to recognize it.”
There are, however, a number of places in Revelation (16:2, 19:20, 20:10) where it seems evident enough that people will indeed have to make a choice, viz., “the mark”. This was certainly the interpretation of all the early church exegetes who dealt with the prophecy . For Graafstra, however, the mark and the beast are potent warnings about willing subscription to oppressive systems, and how using the tools of those systems will only strengthen such systems. It is very important to distinguish between oppressive systems that use technologies to subjugate a people, and technologies that liberate them, or those being used in a private, personal context.
9.5.2. Socio-Political Fears
Some people believe that RFID implants may one day be mandated on the general populace, instituted by totalitarian governments and other authoritarian regimes . Such persons, firmly believe that RFID technology, particularly implant technology, will in some way enslave humanity and cause a major digital divide. These groups generally point to the involvement of large-scale corporations in the conception, development and implementation of RFID implant technology, and to some extent generate conspiracy theory-like scenarios about the future.
Graafstra also notes that he has been threatened both directly and indirectly by some people harboring sociopolitical fears. He elaborates:
“I have been accused of aiding the government and private corporations in their efforts to deploy RFID implants on a wide scale. I very strongly feel it is a priority to attempt to engage these accusers in civil discussion and attempt, however futile, to impart a bit of knowledge so they might understand how these implants function and ultimately the difference between and separation of DIY taggers from commercial solutions by corporations like VeriChip.”
Simply put, some advocacy groups are not helping the debate and whatever valuable insights they might have is lost in a host of “background noise”. The practice of
‘attracting’ hate mail is common among implantees (both in academia and DIYers), and as Graafstra emphasizes, it often does not encourage a healthy exchange of ideas, although it does alert developers to the social realities that may be stifling adoption and potential ethical liabilities development make need to address.
Section 10. RFID Versus Other Technologies
In Graafstra's opinion it is not so much that consumers should be wary of what RFID can do, but of the widespread diffusion of powerful biometrics and pinpoint positioning technologies. Despite that biometric identification is used extensively all over the world to identify and log all kinds of things, Graafstra notes that it does not receive the same amount of attention that RFID does from advocacy groups. Graafstra sums it up very well when he reflects:
“I think the reason for this is that RFID requires a tangible object carried by or implanted in the object to be identified. Biometric identification does not require this because the identifier is your own body. As biometric monitoring devices get more and more unobtrusive and fade further into the urban landscape, I fear lack of motivation will continue to get worse until a series of very serious civil rights violations occur, but by then we might have a social environment so riddled with circumstances where privacy and basic rights have been traded away for the illusion of security that the general public may actually be afraid to turn off and live without these systems.”
Today's biometric technology can identify you by your full body , face, voice, fingerprints, chemical scent, gait mechanics, emotional expressions, your DNA, and even your own shadow . Video cameras are very cheap and easy to deploy, and developments in video processing enable face recognition systems to accurately identify entire crowds of people much faster and more accurately than ever before. If your face is not visible, gait analysis systems can still tell it is “you”, based on the way you walk or your body language. The U.S. military, among others, have been working with satellite imaging to successfully identify key targets based on the shadow they cast on the ground .
But beyond biometrics, there is now a plethora of positioning technologies entering the market at different levels of precision , . Even the mobile phone (whether 3G-enabled or not) has become a potential privacy-invasive tool. In the U.S., President Barrack Obama recently suggested that U.S. citizens have “no expectation of privacy” with respect to their mobile phones, even when not making a call . Graafstra is not alone in his belief that the idea that anyone from local police to government agencies should be allowed to request-without a warrant-your phone's location at any time (even if it is sitting idle in your home) “is a very scary step that moves the U.S. further toward a surveillance state”. The question as Graafstra has rightly put it is why are these issues not receiving the same attention as RFID tags and implantables? There is an obvious mismatch between perceived encroachments in privacy and actual encroachments in privacy. Advocacy groups might be lobbying for “no RFID implants” but what is here “now” is far worse.
10.1. Opting Out of Commercial ID Systems
If one wishes to opt out of an RFID-based system, users can issue requests to any third parties they enrolled with to have their account information destroyed. While this process and its full compliance is entirely in the hands of those third parties, destruction of the RFID tag is within the control of the users themselves. Tags can be returned to vendors, left at home, thrown out, physically destroyed, or in the case of implants physically removed from the body. However, removal of some RFID implants is more difficult than others. According to the company's product documentation, the FDA approved VeriChip is designed for permanent human implantation. Its Bio-Bond® anti-migration coating and the implantation procedure which seats the tag very deep into muscle tissue create a painful and expensive removal experience. The lack of anti-migration coating on the glass tags used by DIY taggers and their typically shallow implant locations allow easy removal that, in an emergency, could even be done with a sharp knife by the taggers themselves. With biometric systems however, the process of opting out is entirely handled by the third parties whose systems you have been enrolled in. Identifying all of these parties can be impossible if you have passively been enrolled in one or more systems without your knowledge. Furthermore, changing or destroying your biological identifiers can be extremely difficult, expensive, painful, or just plain impossible with today's technology.
Section 11. Conclusion
There is some truth in the belief that technology can be used for well intentioned purposes and not-so-well intentioned purposes alike; see for example the differences between two opposing schools of thought-technological determinism and the social shaping of technology. Graafstra believes that most, if not all technologies are neutral: “[i]t is the people who implement and use a particular technology that determine its effect on humanity.” In that regard, Graafstra is one of the first to acknowledge why some people might have a fear of the potential for wide-scale use of RFID implants, especially when claims are made by persons with limited knowledge of what the technology is capable of, or in other circumstances persons who are completely ignorant of technological capabilities.
In reality, people who rise up so fervently to speak out against RFID do provide valuable feedback to the social innovation process. Graafstra knows too well that there will always be people who can and will build and/or use technology in a way that may be or become oppressive to end-users. The role of the critic is to help in the provision of a balanced view and to ask the very questions that may have been ignored during the development process. Perhaps, in the end, it is even quite irrelevant that some of these opponents understand the technology's true capabilities or limitations. The challenge rather to technologists is to usefully harness the criticism, the feedback, in order to build into their products and solutions design safeguards that mean that identified “potential” threats or harms are minimized or eradicated. Religious advocates against RFID, or those that have socio-political fears about the potential uses of RFID, should attempt to enter into intelligent dialogue rather than burn energy in campaigning against global computer giants or writing disrespectful messages to individual persons who are said to be aiding in the fulfillment of prophecy. The same can be said for law and policymakers, who must be open to discussion and who must arrive at intelligent legislation and industry regulation that targets behavior and the misconduct a technology might enable, not the technology itself. For example, some anti-chipping laws in the U.S. only refer to “injectable” RFID implants but we already have swallowable sensor technologies being patented, and what of the future of nanotechnology for healthcare? Policy that singles out technology as the problem, only limits the scope and effectiveness of the policy per se, while not addressing the real issues lurking beneath the surface.
1. C. Grognard, The Tattoo: graffiti for the soul, Spain:The Promotional Reprint Company, 1994.
2. K. MacKendrick, "Technoflesh or “Didn't That Hurt?”", Fashion Theory: The Journal of Dress Body & Culture, vol. 2, pp. 3-24, 1998.
3. C. R. Sanders, Customising the Body: the art and culture of tattooing, Philadelphia:Temple University Press, 1989.
4. A. Graafstra, "One small step for hand: My first RFID implant", Blog, March 2005, [online] Available: http://blog.amal.net/?p=8.
5. A. Graafstra, RFID Toys: 11 Cool Projects for Home Office and Entertainment (Extreme'Tech], New York:John Wiley and Sons, 2006.
6. "10 People or Groups Who Have Been Microchipped", RFID Gazette, September 2006, [online] Available: http://www.rfidgazette.org/2006/09/10_people_or_gr.html.
7. K. Warwick, Professor Kevin Warwick, University of Reading, 2010.
8. J. C. Havens, "Hear and Know” –– Scott Silverman and VeriChip –– (RFID) Security Under The Skin", Association for Automatic Identification and Mobility, June 2006, [online] Available: http://www.aimglobal.org/members/news/templates/template.aspx?articleid=1279&zoneid=45.
9. W. D. Gardner, RFID Chips Implanted In Mexican Law-Enforcement Workers, July 2004, [online] Available: http://www.informationweek.com/news/global-cio/showArticle.jhtml?articleID=23901004.
10. J. Halarnka, A. Juels, A. Stubblefield, J. Westhues, "The Security Implications of VeriChip Cloning", The Journal of the American Medical Informatics Association, vol. 13, pp. 601-607, 2006.
11. T. Lewan, Chips: High tech aids or tracking tools?, July 2007, [online] Available: http://www.usatoday.comltech/products/2007-07-21-928096800_x.htm.
12. A. Leo, "RFID Tags: Convenient Technology or Path to Government Monitoring?", Users of RFID Technology Grapple With Concerns, May 2006, [online] Available: http://abcnews.go.com/Technology/story?id=1913574&page=1.
13. J. Oxer, Blog, 2010, [online] Available: http://jon.oxer.com.au/.
14. M. Trainor, RFID Art, 2010, [online] Available: http://meghantrainor.com/index.html.
15. E. Kac, Time Capsule, November 1997, [online] Available: http://www.ekac.org/figs.html.
16. A. Graafstra, "Hands On: How radio-frequency identification and I got personal", IEEE Spectrum, March 2007, [online] Available: http://spectrum.ieee.org/computing/hardware/hands-on.
17. R. Ip, K. Michael, M. G. Michael, "Amal Graafstra The Do-It-Yourselfer RFID Implantee: The culture values and ethics of hobbyist implantees", Cultural Attitudes Towards Technology and Communication (CATAC08), 2008.
18. K. Michael, M. G. Michael, Innovative Automatic Identification and Location Based Services: From Bar Codes to Chip Implants, Hershey, PA:IGI Global, 2009.
19. K. Heim, "Man grips future with microchip implants in hands", Seattle Times, March 2006, [online] Available: http://seattletimes.nwsource.com/html/localnews/2002835871_chipimplant01.html.
20. Staff Sun, "Implants turn humans into cyborgs", Vancouver Sun, January 2006, [online] Available: http://www.canada.com/vancouversun/news/story.html?id=d4f47afb-6ee3-460d-b4e3-834770fa886b&k=85038.
21. Reuters Staff, "Computer chips get under skin of US enthusiasts", ABC News Online, January 2006, [online] Available: http://www.abc.net.au/cgi-bin/common/printfriendly.pl?http://www.abc.net.au/news/newsitems/200601/s1542754.htm.
22. A. Bahney, "High Tech Under the Skin", New York Times, February 2006, [online] Available: http://query.nytimes.com/gst/fullpage.html?res=9F05E0DB1F3FF931A35751C0A9609C8B63&sec=&spon=&pagewanted=2.
23. G. J. Koprowski, "Where's Jimmy? Just Google His Bar Code", FOXNews.com, May 2010, [online] Available: http://www.foxnews.com/scitech12010/05/14/radio-frequency-rfid-implant/.
24. A. Graafstra, "Interview with Katina Michael…", Blog, May 2007, [online] Available: http://blog.amal.net/?p=36.
25. K. Michael, A. Graafstra, K. Michael, M. G. Michael, "Interview 14.2: The Do-It-Yourselfer RFID Implantee" in Innovative Automatic Identification and Location Based Services: from Bar Codes to Chip Implants, Hershey, PA:Information Science Reference, pp. 427-449, 2009.
26. C. D. Martin, "The myth of the awesome thinking machine", Communications of the ACM, vol. 36, pp. 120-133, 1993.
27. P. Atkinson, M. Hammersley, Ethnography: principles in practice, Abingdon, Oxon: Routledge, 1995.
28. K. Michael, M. G. Michael, M. Quigley, "Homo Electricus and the Continued Speciation of Humans" in The Encyclopedia of Information Ethics and Security, IGI Global, pp. 312-318, 2007.
29. A. Graafstra, "I take credit for that one …", Blog, March 2009, [online] Available: http://blog.amal.net/?p=516.
30. M. Vascellari, E. Melchiotti, F. Mutinelli, "Fibrosarcoma with Typical Features of Postinjection Sarcoma at Site of Microchip Implant in a Dog: Histologic and Immunohistochemical Study", Veterinary Pathology, vol. 43, pp. 545-548, 2006.
31. Cyborg 1.0 Wired, no. 8.02, 2000.
32. "Guidance for Industry and FDA Staff (Class II Special Controls Guidance Document: Implantable Radiofrequency Transponder System for Patient Identification and Health Information)", U.S. Department of Health and Human Services Food and Drug Administration Center for Devices and Radiological Health General Hospital Devices Branch Division of Anesthesiology General Hospital Infection Control and Dental Devices Office of Device Evaluation, December 2004, [online] Available: http://www.fda.gov/downloads/MedicaIDevices/DeviceRegulationandGuidance/GuidanceDocuments/ucm072191.pdf.
33. US Department of Health and Human Services, vol. K033440, October 2004.
34. Google Search “K033440”, 2010, [online] Available: http://google2.fda.gov/search?q=K033440.
35. K. Albrecht, AntiChips.com, November 2007, [online] Available: http://www.antichips.com/cancer.
36. A. Graafstra, "Release form for RFID implantation", Blog, December 2009, [online] Available: http://blog.amal.net/?p=2108.
37. The Use of RFID for Human Identity Verification, December 2006, [online] Available: http://www.dhs.gov/xlibrary/assets/privacy/privacy_advcom_12-2006_rpt_RFID.pdf.
38. The use of RFID for Human Identification. A draft report from DHS Emerging Applications and Technology subcommittee to the Full Data Privacy and Integrity Advisory Committee Version 1.0 Department of Homeland Security, 2006.
39. G. M. Koien, "RFID and Privacy", Telenor R&I (Network Technologies Group), February 2007, [online] Available: http://www.telenor.comlen/resources/images/077-083_RFID-Privacy_tcm28-36799.pdf.
40. "Trusted Traveler Programs", US Department of Homeland Security: U.S. Customs and Border Protection, December 2009, [online] Available: http://www.cbp.gov/xp/cgov/travel/trusted_traveler/.
41. S. Bono, M. Green, A. Stubblefield, A. Rubin, A. Juels, M. Szydlo, Analysis of the Texas Instruments DST RFID, May 2007, [online] Available: http://rfidtoys.net/downloads/rfidanalysis.org/rfidanalysis.pdf.
42. "Benetton to Tag 15 Million Items", RFID Journal, March 2003, [online] Available: http://www.rfidjournal.comlarticle/view/344/1/1.
43. "RFID blocking sleeves and holders", Smart Card Focus, 2010, [online] Available: http://www.smartcardfocus.comlshop/ilp/se~102/p/index.shtml?gclid=CLWixrPx36ECFQcupAodL1BuKA.
44. "RFID Chip Market to Grow 63% Annually Through 2011", RFID Update, February 2008, [online] Available: http://www.rfidupdate.comlarticles/index.php?id=1538.
45. "Welcome to LifeChip", Destron LifeChip, 2010, [online] Available: http://www.lifechip.com.au/index.php.
46. "Companion Animals Act 1998", Compulsory microchipping in NSW, 1998, [online] Available: http://www.dlg.nsw.gov.au/dlg/dlghome/dlg_InformationIndex.asp?areaindex=CA&index=311.
47. J. Siden, A. Koptyug, M. Gulliksson, H.-E. Nilsson, "An Action Activated and Self Powered Wireless Forest Fire Detector" in Wireless Sensor and Actor Networks, Boston: Springer, pp. 1571-5736, December 2007.
48. Positive ID, 2010, [online] Available: http://positiveidcorp.comlabout-us.html.
49. J. Diamond, Guns Germs and Steel: A Short History of Everybody for the Last 13000 Years, London: Vintage, 1997.
50. "Social Consequences and Effects of RFID Implants?", SlashDot, May 2006, [online] Available: http://ask.slashdot.org/article.pI?sid=06/05/04/0030212.
51. J. Scheeres, "They Want Their ID Chips Now", Wired, June 2002, [online] Available: http://www.wired.comlpolitics/security/news/2002/02/50187.
52. K. Michael, M. G. Michael, R. Abbas, "The Dilemmas of Using Wearable Computing to Monitor People: An Extended Metaphor on the Tracking of Prison Inmates and Parolees", Australia and New Zealand Society of Criminology Conference: Crime and Justice Challenges in the 21 st Century, 2009.
53. M. C. O'Connor, "Tag Implants May Be Dangerous for Security Apps Says Group", RFID Journal, August 2006, [online] Available: http://www.rfidjournal.comlarticle/articleview/2607/2/1/.
54. A. Friggieri, K. Michael, M. G. Michael, "The Legal Ramifications of Microchipping People in the United States of America-a State Legislative Comparison", International Symposium on Technology and Society, 2009.
55. Simitian. Identification devices: subcutaneous implanting", Filed with Secretary of State, vol. SB 362, October 2007.
56. K. Michael, M. G. Michael, "The social cultural religious and ethical implications of automatic identification", Proceedings of the Seventh International Conference in Electronic Commerce Research, 2004.
57. M. G. Michael, "The Canonical Adventure of the Apocalypse of John: An Eastern Orthodox Perspective" in Faculty of Theology and Philosophy vol. Doctor of Philosophy, Brisbane, Queensland:, 2002.
58. G. Nikolettos, We the People Will Not Be Chipped, 2010, [online] Available: http://www.wethepeoplewillnotbechipped.comlmain/news.php.
59. D. Welch, "US raises full body scanners in fly-by visit over terrorism", Sydney Morning Herald, January 2010, [online] Available: http://www.smh.com.au/national/us-raises-full-body-scanners-in-flyby-visit-over-terrorism-20100110-mOu6.html.
60. A. Graafstra, "I'm in “Tagged” a New Canadian Documentary", Blog, September 2009, [online] Available: http://blog.amal.net/?p=1476.
61. A. Stoica, "Towards Recognition of Humans and their Behaviors from Space and Airborne Platforms: Extracting the Information in the Dynamics of Human Shadows", ECSIS Symposium on Bioinspired Learning and Intelligent Systems for Security, 2008.
62. K. Michael, A. Masters, "Realised Applications of Positioning Technologies in Defense Intelligence" in H. Abbass, D. Essam, Applications of Information Systems to Homeland Security and Defense, Hershey, USA:Idea Group Publishing Press, pp. 167-195, 2006.
63. K. Michael, A. Masters, "The Advancement of Positioning Technologies in Defense Intelligence" in H. Abbass, D. Essam Applications of Information Systems to Homeland Security and Defense, Hershey, USA:Idea Group Publishing, pp. 196-220, 2006.
64. D. McCullagh, "Feds push for tracking cell phones", cnet news, February 2010, [online] Available: http://news.cnet.com/8301-13578_3-10451518-38.html.
Radiofrequency identification, Eyes, RFID tags, Transponders, Implants, Radio frequency, Animals,Supply chains, Mobile handsets, Health and safety, social sciences, radiofrequency identification, chip implant, sociotechnical issues, humancentric RFID implantee subculture, Amal Graafstra,radiofrequency identification tags
Citation: Amal Graafstra, Katina Michael, M.G. Michael, 2010, "Social-technical issues facing the humancentric RFID implantee sub-culture through the eyes of Amal Graafstra", International Symposium on Technology and Society, 7-10 June, 2010, pp. 498 - 516 , Wollongong, Australia.