FOR IMMEDIATE RELEASE
January 27, 2006
VERICHIP RFID IMPLANT HACKED!
Will Security Problems Quash IPO Plans for Controversial Company?
The VeriChip can be hacked! This revelation along with other worrisome
details could put a crimp in VeriChip Corporation's planned initial
public offering (IPO) of its common stock, say Katherine Albrecht and
The anti-RFID activists and authors of "Spychips: How Major Corporations
and Government Plan to Track Your Every Move with RFID" make no bones
about their objection to VeriChip's plans to inject glass encapsulated
RFID tags into people. But now they've discovered information that could
call VeriChip's entire business model into question.
"If you look at the VeriChip purely from the business angle, it's a
ridiculously flawed product," says McIntyre. She notes that security
researcher Jonathan Westhues has shown how easy it is to clone a
VeriChip implanted in a person's arm and program a new chip with the
Westhues, known for his prior work cloning RFID-based proximity cards,
has posted his VeriChip cloning demo online at http://cq.cx/verichip.pl.
The VeriChip "is not good for anything," says Westhues, has absolutely
no security and "solves a number of different non-problems badly."
The chip's security issues may spell trouble for those who have had one
of the microchips embedded in their flesh. These include eighteen
employees in the Mexican Attorney General's office who use an implanted
chip to enter a sensitive records room, and a handful bar patrons in
Europe who use the injected chips to pay for drinks. "What are these
people going to do now that their chips can be cloned?" says McIntyre.
"Wear tinfoil shirts or keep everyone at arm's length?"
Albrecht quips, "A man with a chip in his arm may soon find himself
wondering whether that cute gal on the next bar stool likes his smile or
wants to clone his VeriChip. It gives new meaning to the burning
question, 'Does she want my number?'"
But the VeriChip's problems don't stop there, says McInytre, who is also
a former bank examiner and financial writer. She has carefully analyzed
the company's SEC registration statement and associated chipping
information and discovered serious flaws. It turns out the company's own
literature indicates that chipped patients cannot undergo an MRI if
they're unconscious. What's more, the company admits that critical
medical information linked to the chip could be unavailable in a real
emergency. "These issues call VeriChip's promotional campaigns and
business plan into question," McIntyre says.
The instructions provided to medical personnel warn that chipped
patients should not undergo an MRI unless they are fully alert and able
to communicate any "unusual sensations or problems," like movement or
heating of the implant. This conflicts with company's efforts to promote
people who cannot speak for themselves, such as Alzheimer's patients,
those with dementia, the mentally disabled, and people concerned about
entering an emergency room unconscious.
"The irony is that implantees will have to wear a Medic Alert bracelet
or bear some obvious marking so they aren't mistakenly put in an MRI
machine," Albrecht says.
Chipped patients might also have to wear a Medic Alert bracelet as a
back-up in case the VeriChip database containing their critical medical
information is unavailable. The fine print on the back of the VeriChip
Patient Registration Form warns implantees that "the Company does not
warrant...that the website will be available at any particular time,"
and physicians are told the product might not function in places where
there are ambient radio transmissions--like ambulances. In addition,
patients are required to waive any claims related to the product's
"merchantability and fitness." The waiver paragraph as it appears on the
form is reprinted below:
"Patient...is fully aware of any risks, complications, risks of
loss, damage of any nature, and injury that may be associated
with this registration. Patient waives all claims and releases
any liability arising from this registration and acknowledges
that no warranties of any kind have been made or will be made
with respect to this registration. ALL WARRANTIES, WHETHER
EXPRESS OR IMPLIED, HOWEVER ARISING, WHETHER BY OPERATION OF LAW
OR OTHERWISE, INCLUDING BUT NOT LIMITED TO ANY IMPLIED
WARRANTIES OF MECHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE EXCLUDED AND WAIVED. IN NO EVENT SHALL THE COMPANY
BE LIABLE TO PATIENT FOR ANY INCIDENTAL, SPECIAL OR
CONSEQUENTIAL DAMAGES (INCLUDING LOST INCOME OR SAVINGS) ARISING
FROM ANY CAUSE WHATSOEVER, EVEN IF ADVISED OF THEIR POSSIBILITY,
REGARDLESS OF WHETHER SUCH DAMAGES ARE SOUGHT BASED ON BREACH OF
CONTRACT, NEGLIGENCE, OR ANY OTHER LEGAL THEORY." [Emphasis in
"For a life or death medical device, that's unbelievable," says
McIntyre. "I wouldn't buy toilet paper that required that kind of a
disclaimer, never mind a product that's supposed to serve as a lifeline
in an emergency."
McIntyre contacted the VeriChip Corporation for comments on these issues
and was initially promised a response. When the company failed to get to
get back to her, McIntyre followed up and was told that the employee had
been instructed not to answer her questions. The unanswered questions,
along with photos of the VeriChip and associated literature, are
available at www.spychips.com/verichip/unanswered-questions.html.
ABOUT THE BOOK
"Spychips: How Major Corporations and Government Plan to Track your
Every Move with RFID" was released in October 2005. Already in its fifth
printing, "Spychips" is the winner of the Lysander Spooner Award for
Advancing the Literature of Liberty and has received wide critical
acclaim. Authored by Harvard doctoral researcher Katherine Albrecht and
former bank examiner Liz McIntyre, the book is meticulously researched,
drawing on patent documents, corporate source materials, conference
proceedings, and firsthand interviews to paint a compelling -- and
frightening -- picture of the threat posed by RFID.
Despite its hundreds of footnotes and academic-level accuracy, the book
remains lively and readable according to critics, who have called it a
"techno-thriller" and "a masterpiece of technocriticism."
CASPIAN: Consumers Against Supermarket Privacy Invasion and Numbering
Opposing retail surveillance schemes since 1999.