Monday, Dec 17, 2018 | Last Update : 10:57 PM IST

Behold the microchip in your body

The author is General Manager, Kaspersky Lab, South Asia
Published : Dec 2, 2018, 5:44 am IST
Updated : Dec 2, 2018, 5:44 am IST

Opening doors, logging into computers, storing medical data et al seem to be healthy advances in life, courtesy implantable microchips.

 It is important for companies to make their employees understand the benefits, and the potential of these microchips in their day-to-day lives and also ensure that the data stored in the chips are secure.
  It is important for companies to make their employees understand the benefits, and the potential of these microchips in their day-to-day lives and also ensure that the data stored in the chips are secure.

Implanting microchips in employees is proving to be more convenient for both employers and employees. Data can be stored in chips that are readable by near field communication technology. But the jury is still out, whether this wouldn’t invade individual privacy.

Mid-November, the world woke up to news of microchips to be embedded in employees in the UK. It brings to mind the Artificial Intelligence seen in sci-fi movies. This is the next phase in the development of technology to better human lives.

We are used to biometric scanners, heart transplants, cosmetic implants and other scientific, medical and technological advances. For years we have tagged migratory birds and pet animals. A microchip implanted in the body ensures that it is a technological advance that makes life faster, easier and simpler. Opening front doors, car doors, logging into computers, answering phones, making payments, diagnosing medical information, all these seem to be healthy advances to life and living.

Microchip implant technology or bio-hacking has been around for less than a decade. British cybernetics professor Kevin Warwick, in 1998, was one of the first to undergo a surgical procedure to get a silicon chip implanted in his body. These have been implanted in humans in quite a few companies. In the US, Three Square Market, a technology company in River Falls, Wisconsin, has it embedded in their employees. Company president Patrick McMullan waves his hands to make payments! Sweden has been at the forefront of microchipping. Around 3,000 Swedes have had microchips inserted into their hands that can hold entry codes, buy train tickets and access certain vending machines or printers.

Implanted microchips auto charge when reading the values. Sweden was one of the foremost with active use of this technology when some people were implanted in 2015.  Usually inserted in the fingers, or in the area of the palm, this is the size of a grain of rice. It does not contain elaborate information and is limited in what it can hold, hence the safety of data. The technology in use is Near Field Communication (NFC) technology, (used in credit cards too), and are “passive”, which means they hold data that can be read by other devices, but cannot read information themselves. The chip needs to be in close proximity to a reader and hence you cannot skim data from it from afar. These microchips are for employees to make a difference in the way that it will enhance performance. Right now, it is for use as an access card, a log-in for your computers, or a mini payment card.

The life of these chips is around 20 years, but with rapid changes in technology, it will be upgraded. It is just an extension of smart wearables, or fitness trackers, or a medical device or hearing aid. It is just a new aspect, something that is not “on” the body, but “in” the body which makes people anxious. And while a lot of products were not built keeping security in mind, a microchip implant has been thought of with the security aspect at prime importance. The security embedded in the microchip is encrypted to only a near reader. It is not a banking and credit card substitute; it can only make small payments. Data is encrypted and does not use GPS. An RFID reader cannot skim data from your chip. The chips are not really powerful so not much data can be stored in them.

There is a possibility where not everyone who shall come across this advancement of technology will be willing to accept it or understand its potential completely. However, it is important for companies to make their employees understand the benefits, and the potential of these microchips in their day-to-day lives and also ensure that the data stored in the chips are secure.

This will help the employees to take a clear decision and also help reduce their technophobia.

For now, microchipping has been in use in a few companies, with a few people, or rather in a few people. The technology presents opportunities and has interested many companies across the world to consider its use. It will be interesting to see how the development of this technology helps the employees to increase their productivity and widens the growth of technological advancement through Artificial Intelligence globally.

Dr Constanze KurZ Q&A

There’s a growing trend of introducing microchips/implants into human bodies for making life easy, for medical reasons or to accommodate or enhance human physical and mental capabilities. This throws up ethical issues regarding the use of human data. The world is yet to evolve a comprehensive law to govern this esoteric sector.

What are recent developments in implanting chips?
At CeBit 2016 (Europe’s leading IT event), it was possible to implant RFID chips, or their specialisation near-field communication chips, into human arms. And in Sweden there are parties that resemble ‘Tupperware parties’ and where you can get chips implanted. The RFID chip is well on its way to becoming a part of our everyday lives and our bodies and, for example, replacing our front door key or our purchase with cash.

Does it make a difference when an electronic implant is placed in a human body for medical reasons, as opposed to a voluntarily built-in IT system, for convenience, curiosity or profit?
I can imagine that out of curiosity people would use an implant to see infrared rays or to hear new frequencies. In addition, there should be a great deal of interest in implants that enhance performance. An example is the “brain pacemaker”. So it is conceivable that people can use an implant to improve themselves and their body in order to be able to keep up or to be superior to others in certain situations. In this context one also speaks of “enhancement”.
For example, brain pacemakers cannot only improve performance, they are also risky. It has been proven that brain pacemakers can change personality and trigger kleptomania, suicidal tendency and aggressiveness. Of course, it would be interesting for the patient whether the health insurances would cover the costs of a non-medically indicated “enhancement”. It is also interesting who carries the costs if something goes wrong when using the implant or during operation. This is comparable with the case that results in cosmetic surgery, tattoos or piercing follow-up costs. For such cases, there is a regulation on the costs, according to which the patient is involved in the costs; on the other hand, there is currently no corresponding regulation for the enhancement use of body implants.

What are the typical technologies today that record data about the human in his/her own body?
Classic examples of implants include pacemakers and implantable mini-ECG devices, which can record, for example, cardiac arrhythmia. But there is also the diabetes chip, which measures the glucose concentration in diabetics. The measured values are stored and can then be read out with a reader. Also, relatively new are “tongue implants”, which are used in sleep apnoea and also record usage data. RFID chips that are implanted under the skin could soon also belong to the daily routine of the clinic. Although health data is already stored on the electronic health card, it might be more practical to be able to read the data rightaway. They could be life-saving, if the patient is not addressable and the emergency doctor on the implanted chip would have access to the entire medical history and thus could help optimally.

More than 10 years ago, Siemens started a pilot project in a New York hospital, where patients with bracelets were provided with RFID chips as soon as they arrived at the hospital. On the chip was the web address for the electronic medical record, which the doctor could then access and edit.

What about checking the implant carrier for their data?
If one considers that the human being, directly from his body, for example from the brain, reveals his data, then it would be difficult for him to control which data and to what extent data is taken. Perhaps this data also allows conclusions to be drawn as to whether the user is lying in a certain context, for example. Law, however, knows situations in which person may remain silent or say untruth. For example, he does not have to burden himself and he does not have to respond to illegal questions in the interview.

Depending on how the use of implants evolves, these rights could be in danger. You can already measure the neurotransmitter concentration in the brain. Neurotransmitters, however, allow conclusions to be drawn on emotions. This results in completely new applications, but also dangers.

Thoughts and feelings are both related to human dignity and belong to an area that is inviolable. In addition, it should be remembered that the data from the brain may reveal certain predispositions, which may not develop completely. Then it would be questionable how to deal with such information.

A major difference, regardless of data protection law, is that implants naturally involve completely different risks. So the deep brain stimulation carries the risk to change the personality. This causes explosive questions: is this still “the same person” who acts? Can he be held responsible for his actions? May I change man for any purpose in this way, for example soldiers for combat?

These are very elementary questions that concern human dignity and that naturally do not arise with only data-recording external fitness wristbands and the like.

With mixed feelings, one can also see in this context, projects of large corporations whose handling of data is already being discussed controversially. For example, Alphabet (Google) plans to launch a contact lens for diabetics that measures glucose levels and can warn the user. It should therefore be closely monitored where the sensitive data ultimately reach and what it is used for.

In addition to the questions of the protection of human dignity and data protection issues: Can you give an assessment of the IT security of today’s IT enhancements for people?
Hacker attacks on implants such as cardiac pacemakers have actually been made for demonstration purposes. Accordingly, there are already research projects that have set themselves the goal of improving IT security. For example, Kaspersky cooperates with the Swedish bio-hacker collective Bionyfiken to close security gaps. It is not only important to protect the implants themselves against unauthorised access. The data is also stored in clouds or by external service providers. It is becoming increasingly clear that there are no universal technical standards in the industry. The area of telemonitoring is also critical for implants. In some telemonitoring systems, data is transmitted via Bluetooth or the data is transmitted to the server over the cellular network or a standard telephone line. To ensure security, end-to-end encryption should be used. In addition, few people know where the servers are, to which the data is sent. It becomes even more critical when telemonitoring uses the patient’s own smartphone. Then it is important that the patient himself has sufficiently secured his smartphone. But he has to be aware of the dangers and risks.

It is doubtful that the average implant wearer has any idea of the functionality and equipment of his implant, let alone knows whether his implant is sufficiently protected against access and manipulation.

It is equally unclear to the user what data is transmitted and where it is ultimately stored and processed. Even the attending physicians will probably not even have this knowledge in full. To date, the public has been under-sensitised to these dangers and risks in the area of implants and enhancements.

(This Q&A is excerpted from an interview Dr Constanze Kur, netzpolitik.org researcher, author and activist and volunteer spokeswoman for the Chaos Computer Club, had with lawyer Manuela Sixt , who researches at the Graduate Centre of the University of Passau in Germany)

Tags: artificial intelligence, microchip