Although this weblog concentrates on UK issues, there are times when something in a foreign country, with no UK dimension as yet, is so jaw droppingly stupid that it is appropriate to comment on it.
This AP report is one of the more detailed ones describing the latest VeriChip marketing hype in Mexico: insecure electronic implants in the Attorney General and federal prosecutors and investigators !
We sincerely hope that neither the UK Home Office nor the Department for Constitutional Affairs dares to even contemplate such a thing in the United Kingdom.
"Mexico tagging federal crime fighters with RFID chips
MEXICO CITY (AP) - Security has reached the subcutaneous level for Mexico's attorney general and at least 160 people in his office -- they have been implanted with microchips that get them access to secure areas of their headquarters.
It's a pioneering application of a technology that is widely used in animals but not in humans."
Because it is a degrading invasion of privacy to use an electronic branding iron on human beings, like with cattle or pet cats or dogs.
"Mexico's top federal prosecutors and investigators began receiving chip implants in their arms in November in order to get access to restricted areas inside the attorney general's headquarters, said Antonio Aceves, general director of Solusat, the company that distributes the microchips in Mexico.
Attorney General Rafael Macedo de la Concha and 160 of his employees were implanted at a cost to taxpayers of $150 for each rice grain-sized chip.
More are scheduled to get ``tagged'' in coming months, and key members of the Mexican military, the police and the office of President Vicente Fox might follow suit, Aceves said. Fox's office did not immediately return a call seeking comment."
So the only people currently implanted with these chips in Mexico City are either rich potential kidnap victims, or federal prosecuters and investigators, or, in the future, other prime assassination targets ?
Why are they compromising their security in this way ? You have no way of knowing if your chip implant has been secretly detected or scanned and read by radio.
How many undercover police operations will be compromised when the criminals remotely detect the presence of the VeriChips either in the undercover investigators themselves, or in people that they meet ?
What happens when the implanted chip is used to personalise the detonation mechanism of a bomb ?
"A spokeswoman for Macedo de la Concha's office said she could not comment on Aceves' statements, citing security concerns. But Macedo himself mentioned the chip program to reporters Monday, saying he had received an implant in his arm. He said the chips were required to enter a new federal anti-crime information center."
The wording of this implies more of a door entry control than a computer terminal access control mechanism.
The chips also could provide more certainty about who accessed sensitive data at any given time. In the past, the biggest security problem for Mexican law enforcement has been corruption by officials themselves.
Aceves said his company eventually hopes to provide Mexican officials with implantable devices that can track their physical location at any given time, but that technology is still under development."
We are not great fans of Biometric technology such as iris scans or fingerprint scans when applied to the general population, but for a small group of individuals, these would be far superior for limiting access to a supposedly secure database.
"The chips that have been implanted are manufactured by VeriChip Corp., a subsidiary of Applied Digital Solutions Inc. of Palm Beach, Fla.
They lie dormant under the skin until read by an electromagnetic scanner, which uses a technology known as radio frequency identification, or RFID, that's now getting hot in the inventory and supply chain businesses.
Scott Silverman, Applied Digital Solutions' chief executive, said each of his company's implantable chips has a special identification number that would foil an impostor.
``The technology is out there to duplicate (a chip),'' he said. ``What can't be stolen is the unique identification number and the information that is tied to that number.''"
Utter rubbish c.f. below.
"Erik Michielsen, director of RFID analysis at ABI Research Inc., said that in theory the chips could be as secure as existing RFID-based access control systems such as the contactless employee badges widely used in corporate and government facilities."
These are not secure enough for sensitive criminal databases, and the VeriChip is not even as secure as they are.
"However, while those systems often employ encryption, Applied Digital's implantable chips do not as yet. Silverman said his company's system is nevertheless save because its chips can only be read by the company's proprietary scanners."
It is not possible to claim that the chips can only be read by the company's proprietry scanners, since, as they admit, they do not use encryption!
Why would getting hold of such a scanner, either by simply buying one or stealing one, be a problem for organised criminals involved in drug or people smuggling or kidnapping ?
"In addition to the chips sold to the Mexican government, more than 1,000 Mexicans have implanted them for medical reasons, Aceves said. Hospital officials can use a scanning device to download a chip's serial number, which they then use to access a patient's blood type, name and other information on a computer."
Guess what, Solustat Medica SA, are still running an insecure web site which allows users of this system to betray to any attacker on the internet, the user accounts and passwords which allow access to their medical records.
The security problems we tried to highlight in November 2003 are still there. If they cannot secure medical records from the internet, then what chance have they got against corrupt or coerced employees ?
Because the Applied Digital chips cannot be easily removed -- and are housed in glass capsules designed to break and be unusable if taken out -- they could be even more popular someday if they eventually can incorporate locator capabilities. Already, global positioning system chips have become common accouterments on jewelry or clothing in Mexico."
There is no way that 125 KHz chips, a radio frequency that is chosen because it does not get absorbed so readily by electrically conductive body fluids, can be made to be tracked by a Global Positioning Satellite etc., without the use of an external device like a tag or token or mobile phone, the use of which obviates the need for the VeriChip implant in the first place.
In fact, in March, Mexican authorities broke up a ring of used-car salesmen turned kidnappers who were known as ``Los Chips'' because they searched their victims to detect whether they were carrying the chips to help them be located."
Even if the VeriChips did use encryption, there is no way that their presence could be hidden from a 125KHz radio scan. The chips operate in the licence free Industrial Scientific Medical frequency band, for which there is plenty of off-the-shelf or easily constructed equipment. Even if this was rare and expensive, this would not be a problem for organised drug. kidnap or people smuggling gangs in Mexico, who have the use of vast amounts of money and violence.
Visual inspection of a kidnap victim will easily reveal the scars where such a chip is implanted, and this could easily become the first part of the body which the kidnappers chop off to enforce their ransom demands.
This crude electronic branding technolgy was never designed for high security applications, like those described above, and it should not be allowed to be used on humans at all.
Utter madness.
CASPIAN seem to have debunked the "160 employees" figure, it looks to b closer to 20, and perhaps these were all a promotional "free offer".
"VeriChip RFID Implants in Mexican Attorney General's Office Overstated"
November 29, 2004
http://www.spychips.com/press-releases/mexican-implant-correction.html