- Will Security Problems Quash IPO Plans for Controversial
- The VeriChip can be hacked! This revelation along with
other worrisome details could put a crimp in VeriChip Corporation's planned
initial public offering (IPO) of its common stock, say Katherine Albrecht
and Liz McIntyre.
- The anti-RFID activists and authors of "Spychips:
How Major Corporations and Government Plan to Track Your Every Move with
RFID" make no bones about their objection to VeriChip's plans to inject
glass encapsulated RFID tags into people. But now they've discovered information
that could call VeriChip's entire business model into question.
- "If you look at the VeriChip purely from the business
angle, it's a ridiculously flawed product," says McIntyre. She notes
that security researcher Jonathan Westhues has shown how easy it is to
clone a VeriChip implanted in a person's arm and program a new chip with
the same number.
- Westhues, known for his prior work cloning RFID-based
proximity cards, has posted his VeriChip cloning demo online at http://cq.cx/verichip.pl.
- The VeriChip "is not good for anything," says
Westhues, has absolutely no security and "solves a number of different
- The chip's security issues may spell trouble for those
who have had one of the microchips embedded in their flesh. These include
eighteen employees in the Mexican Attorney General's office who use an
implanted chip to enter a sensitive records room, and a handful bar patrons
in Europe who use the injected chips to pay for drinks. "What are
these people going to do now that their chips can be cloned?" says
McIntyre. "Wear tinfoil shirts or keep everyone at arm's length?"
- Albrecht quips, "A man with a chip in his arm may
soon find himself wondering whether that cute gal on the next bar stool
likes his smile or wants to clone his VeriChip. It gives new meaning to
the burning question, 'Does she want my number?'"
- But the VeriChip's problems don't stop there, says McInytre,
who is also a former bank examiner and financial writer. She has carefully
analyzed the company's SEC registration statement and associated chipping
information and discovered serious flaws. It turns out the company's own
literature indicates that chipped patients cannot undergo an MRI if they're
unconscious. What's more, the company admits that critical medical information
linked to the chip could be unavailable in a real emergency. "These
issues call VeriChip's promotional campaigns and business plan into question,"
- The instructions provided to medical personnel warn that
chipped patients should not undergo an MRI unless they are fully alert
and able to communicate any "unusual sensations or problems,"
like movement or heating of the implant. This conflicts with company's
efforts to promote people who cannot speak for themselves, such as Alzheimer's
patients, those with dementia, the mentally disabled, and people concerned
about entering an emergency room unconscious.
- "The irony is that implantees will have to wear
a Medic Alert bracelet or bear some obvious marking so they aren't mistakenly
put in an MRI machine," Albrecht says.
- Chipped patients might also have to wear a Medic Alert
bracelet as a back-up in case the VeriChip database containing their critical
medical information is unavailable. The fine print on the back of the VeriChip
Patient Registration Form warns implantees that "the Company does
not warrant...that the website will be available at any particular time,"
and physicians are told the product might not function in places where
there are ambient radio transmissions--like ambulances. In addition, patients
are required to waive any claims related to the product's "merchantability
and fitness." The waiver paragraph as it appears on the form is reprinted
- "Patient...is fully aware of any risks, complications,
risks of loss, damage of any nature, and injury that may be associated
with this registration. Patient waives all claims and releases any liability
arising from this registration and acknowledges that no warranties of any
kind have been made or will be made with respect to this registration.
ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, HOWEVER ARISING, WHETHER BY
OPERATION OF LAW OR OTHERWISE, INCLUDING BUT NOT LIMITED TO ANY IMPLIED
WARRANTIES OF MECHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE EXCLUDED
AND WAIVED. IN NO EVENT SHALL THE COMPANY BE LIABLE TO PATIENT FOR ANY
INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES (INCLUDING LOST INCOME OR
SAVINGS) ARISING FROM ANY CAUSE WHATSOEVER, EVEN IF ADVISED OF THEIR POSSIBILITY,
REGARDLESS OF WHETHER SUCH DAMAGES ARE SOUGHT BASED ON BREACH OF CONTRACT,
NEGLIGENCE, OR ANY OTHER LEGAL THEORY." [Emphasis in the original.]
- "For a life or death medical device, that's unbelievable,"
says McIntyre. "I wouldn't buy toilet paper that required that kind
of a disclaimer, never mind a product that's supposed to serve as a lifeline
in an emergency."
- McIntyre contacted the VeriChip Corporation for comments
on these issues and was initially promised a response. When the company
failed to get to get back to her, McIntyre followed up and was told that
the employee had been instructed not to answer her questions. The unanswered
questions, along with photos of the VeriChip and associated literature,
are available at
- ABOUT THE BOOK
- "Spychips: How Major Corporations and Government
Plan to Track your Every Move with RFID" was released in October 2005.
Already in its fifth printing, "Spychips" is the winner of the
Lysander Spooner Award for Advancing the Literature of Liberty and has
received wide critical acclaim. Authored by Harvard doctoral researcher
Katherine Albrecht and former bank examiner Liz McIntyre, the book is meticulously
researched, drawing on patent documents, corporate source materials, conference
proceedings, and firsthand interviews to paint a compelling -- and frightening
-- picture of the threat posed by RFID.
- Despite its hundreds of footnotes and academic-level
accuracy, the book remains lively and readable according to critics, who
have called it a "techno-thriller" and "a masterpiece of
- CASPIAN: Consumers Against Supermarket Privacy Invasion
- Opposing retail surveillance schemes since 1999.