I’d love if I could have an implantable RFID or NFC device. But one problem. I want to know that it never works, unless I want it to work.
I need to know before I implant something that it can not be used against me or without my consent.
So is there any chip that gets put in muscle or by a nerve, so that it is only operable while clinching two specific fingers or making some motion?
Nothing like that at the moment. Technically it could be possible to make a flex device with a push membrane switch that would connect the antenna to the chip and requires external force to make that connection, but practically it would be very difficult to actuate it while positioning a typical reader device.
The operational range of these devices is quite small so most people rely on the practical difficulty of getting a read in the first place as a pseudo-security measure against involuntary or unsolicited reads. Basically an attacker would need to be extremely close, within inches at the very most, to get a read from one of your implants.
A membrane switch really doesn’t achieve what I’m hoping for. Because if I can press that membrane switch, so can someone else.
Where I live, the government, certain people in the government, could get away with putting their hands on me or others, and pressing that membrane, or applying my finger tip to a reader against my will, or leaning my skull into a retinal scanner. So biometrics and physical tokens alone are useless.
What the government can’t do is make me recite a password or prove I even remember it. So with a password, we can retain control.
We can hypothesize about torture and deception, of course. but the fundamental principal is it’s held in your mind, not any physical place where it could be taken.
With biometrics, and even implantable rfid transponders, we really don’t have that control from someone who can use physical force upon us.
And I suppose an attacker could get out a knife and remove it and apply whatever nerve stimulus wakes it up from an external source or by implanting it in someone else. But at least that would require them to commit their own act of aggression breaking my skin, which may be a sufficient legal barrier to the attacker.
Even better would be if the RFID could convey to me a physical sensation (pain probably). and I could respond to it by moving the appropriate finger or twitching the correct muscle to authenticate myself to the implant. Only then would it respond to the reading hardware. Surely someone can put tiny electrodes through the glass ampule these things are made in.
There have been biomedical devices for decades that do similar (monitor the body and provide stimulus) for arrythmias and seizure patients.
Actually yes you can have this control. The common misunderstanding about RFID is that it is not secure because they mistake RFID for the application layer, but it is simply a communication layer. It’s totally possible to make secure applications that communicate over RFID / NFC.
One of those applications is FIDO2, which requires entry of a PIN code per session. Failure to enter the PIN too many times will result in the requirement to enter a much longer and more difficult administrative PIN to unlock the token. After too many failures of administrative PIN entry, the token bricks itself.
Even our OTP application can be configured to require a passphrase to generate authentication codes. The applet could be updated to also enable some sort of tar-pitting or complete bricking after too many failed attempts.