…which is to say I don’t.
In the realm of contemporary touch-free interface, RFID and NFC are probably 95% of the pie. They are widely adopted in building access control, contactless payments, mobile-to-mobile sharing, supply chain management, and even hospital patient tracking. For these purposes they are remarkably inexpensive to install and maintain, and the technology is mature. Given these benefits, it is not unreasonable that one should want the convenience of contactless access control without the key fob, chip, or smartphone, and so a small community of DIY RFID-implanters has come into existence.
The notion of implanting an RFID tag is not wholly unreasonable (no so different than many other types of mainstream (implants) and alternative (piercings, tattoos, etc.) invasive body modifications). After all, my two dogs have painlessly carried an RFID chip in the skin between their shoulder blades for years now (for non-pet owners: this is a common practice to allow identification of lost pets). Such purpose-build tags are biologically inert and as RFID does not require a local power source, they do not contain any harmful chemicals and do not radiate unless scanned — they are just a little glass, plastic, metal, and silicon in a package about the size of a large grain of rice. In humans, the recommended implantation site is under the facia of the top of the fleshy part of your hand between the thumb and pointer finger. This is done with a large bore needle that’s like a terrifying surgical turkey baster.
Much of what is driving this community is a will toward experimentation, a spirit of transhumanism, and the desire to be on the bleeding edge (literally in this case), rather than on the merits of its functionality. Although I am interested in the idea of device-less, secure, and convenient access control, implanted RFID simply does not deliver, particularly versus much less invasive alternatives.
Within one minute of watching videos of people showing off their new implanted RFID tags, you realize how awkward and inconvenient it is. 125 kHz RFID cards or fobs you can be read up to a meter away. Videos of implanted RFID, however, show users awkwardly flexing their wrists to try and press the back side of their thumbs directly against a reader, sometimes for several seconds to get a reading.
Poor signal strength and thus reading distance is a function of the frequency of the RFID protocol and the fact that skin is relatively opaque to radio waves in that range. So you either need a different protocol, or thinner skin.
One Key, Many Locks
An individual is reasonably limited to two implanted RFID tags — one per hand However, in daily life most of us have many more keys, and those keys change over time. I have a home key, a car key, a mailbox key, and an office key.
Proponents are quick to list the many ways they might use their new RFID tag — for their home door lock, to turn on a computer, to unlock their car, etc. However, do you really want the same key doing all of these things? It also presumes that all of these locks are equally trustworthy. There was a news story a few years ago about a bar that gave regular patrons the option to pay with an implanted RFID tag, which is fun and good press, but would you give your bar a copy of your house key?
Skimming and Spoofing
The range issue ameliorates this issue somewhat, but fundamentally, RFID is not intended to be a secure medium. RFID is the yellow tag you see on the ear of a cow — a publicly readable method of identification, rather than a secret codeword. RFID is passive and does not have the capability to encrypt its own communications or change the content of that communication over time or based on external inputs.
The capsules can rupture or migrate, and the first doctor that did Amal Graafstra’s (amal.net) first implant did later lose her medical license (an unrelated episode but perhaps not uncorrelated to her judgment).
Alternative 1: Put a Ring on It
If you want an RFID attached to your hand, bake one into a ring. Sadly even half of U.S. marriages don’t end eventually and those people are probably glad to be able to take their rings off — will an RFID tag or protocol last any longer? (update: found this on Pinterest)
Alternative 2: Biometrics
Biometric identification technologies leverage the many secure keys that are already effectively implanted in your body — your eyes, your fingerprints, your facial structure, your voice, etc. These technologies are unquestionably more expensive than an RFID tag and reader, but you carry them everywhere, and they are much more difficult to spoof.
Alternative 3: Capacitative Sensing
A new class of coded capacitative sensing access control does not allow users to ditch the fob, but it does allow them to keep it in their pocket while making brief contact with a reader with their hand to authenticate. One provider of such technology is Microchip Technology with their BodyCom product (site).