Interview to Amal Graafstra, Founder of Dangerous Things, the Company that Wants to Implants a Smart Card in Your Hand

By | March 20, 2017

Today interview is with Amal Graafstra, founder of the biohacking company Dangerous Things.

Q: Hi Amal, can you share with us how and why did you get into electronic implants business?

A: Back in 2005, I had an office where the only door leading outside was an emergency exit style door with a crash bar but no alarm. My parking space happened to be located just outside that door, so I ended up using it exclusively. The only problem was, the door was configured to remain locked every time it closed. I often worked late, and if I ended up forgetting my keys after hours, it would result in a 2 hour wait for maintenance to arrive and unlock the door to let me in. It happened frequently. So, I started thinking about how old key and lock technology actually was. I wanted something newer than something out of 700BC. I wanted the door to just know it was me and let me in. So I looked into biometric systems like fingerprint readers and iris scanners. Back then, and still today, those systems are a bit clunky, expensive, and not well suited for outdoors where they face harsh weather or are easily vandalized. The easier, cheaper, more robust solution was RFID – the technology where you just swipe a badge or card over an unassuming solid block of plastic near the door and it opens. The only problem was, I didn’t want to simply trade my metal keys for plastic cards… that was not solving my problem.

So, I thought about the RFID implants dogs and cats were getting. I made some calls and did some research and decided to not go with a pet chip, but I did find a manufacturer who made other types of chips with implant grade materials. I ordered some samples of an EM4102 based chip, had a chat with my doctor, and in a few days I had a working access control system built and an RFID implant in my left hand. A few months later I put another different type of chip into my right hand, and that’s where it all started.

Q: VivoKey is one of your latest project and it looks like to be using smart card technologies, can you tell us more about it?

A: The problem with traditional RFID is that it is designed for simple, easy to access identification applications. That works fine for certain low risk, personal use applications… but it is not secure or robust enough to develop or deploy business applications or empower public use cases like payment, transit, ticketing, or cryptography. For that, a smart card is necessary. VivoKey is the worlds only implantable 13.56MHz ISO14443A smart card capable of running java card applets.

Q: From what I understood the VivoKey is using a contactless smart card chip, can you disclose a bit more tech info about it?

A: VivoKey will be based on the SmartMX2 P60 by NXP. It will allow users to deploy applets from partners, published on an open applet store. Users can even develop and deploy their own applets, making VivoKey a truly “personal” smart card designed to keep you and your data secure.

Q: So you are using one of the four avaialble SmartMX2 chip with the JCOP masked into the chip ROM?

A: Yes, we are using a version of SmartMX2 with JCOP 3.0 with SECID features.

Q: How much of the EEPROM is available for user applets in the current VivoKey?

A: We are still working on exact chip selection, but we are planning to launch the beta using the 144k version, and expecting to have at least 100k available for user applications.

NXP SmartMX2 P60 family key features. Amal choose the 144kB version for its VivoKey.

Q: I made a quick survey among my peers about the possibility to get an implants and looks like most of the people are a bit afraid for reasons not really clear. What would you tell to this people to let them better understand what implants are?

A: The first questions surrounding implants are typically safety related. Our implants are non-medical devices and thus do not need FDA approval, just like body jewelry used by professional piercers is not FDA certified. However, we are following FDA guidelines and building case studies all the same. Outside of those efforts, we take comfort in the fact that these style implant devices have been used in pets, livestock, and laboratory animals for many decades without issue.

The next set of questions usually has to do with various fears like “gps tracking” or “covert surveillance”, but anybody familiar with the technology knows those are Hollywood plot devices and nothing more.

The primary hurdle people seem to have is a lack of applications. Many of our potential customers are interested in getting an implant, but don’t have much they can do with it “out of the box”. That’s because most of the time our products require the user to also upgrade locks in their homes, or hack solutions together to make things like starting their car with an implant a possibility. With VivoKey, the power of the smart card platform, the deployable applets, and strong partner participation will ensure most customers will be able to find and leverage useful applications “out of the box”.

Q: When new technologies will be available, such as smaller chips, newest version of masked Card Operating System, larger EEPROM or even Flash memory, I would expect to get a new chip. It would be thinkable to get the “old” capsule out and replaced with a new one? Also thinking about the current implementation of the contactless payment schemes, all of them do have an expiry date for the device.

A: We try to design our products for a minimum of a 30 year life. When it comes to specifics such as EEPROM data retention and write cycle count, all of our products support very long lifespans. However, in essence this question is about obsolescence. To that I say yes, technology moves very quickly. There are faster, better, smaller chips coming out all the time. What doesn’t move quickly are people and standards and applications. For example, I installed the xEM implant in my left hand back in 2005, which is based on the 125khz EM4102 chip. Even in 2005, the chip was decades old. Yet still today I can purcase a reader on eBay for $15 that can read it, and millions of deployed readers all over the world can too. Early adopters who get the first released VivoKey may not have the latest in 10 years, but by no means will it be incapable of performing secure cryptography or loading new relevant applications. Even in the current smart card market, Java Card 2.2.2 is over 10 years old, yet I can still buy and successfully use cards that run it. Pacemakers don’t last longer than 10 years, so if we can achieve at least the lifespan of a pacemaker, I’d say that’s a success.

When it comes to contactless payment, that’s a totally different problem. The entire payment industry is built around the concept of transition as a form of security. Like forcing a user to change their password every few months, payment accounts are forced to expire, technology certifications go end of life, the cards themselves are thrown away and are replaced in constant rotation. The idea of an implantable device that remains with the user for long periods of time, possibly for the rest of their life, is seemingly incompatible with how the payment industry works. Even the recent idea of wearable payment-enabled objects like wristwatch bands, sunglasses, and gloves… these objects are also expected to have a limited lifespan in today’s consumer culture, destined to serve only a short while, then tossed out in favor of the new model or next fashion trend. This is fundamentally opposite of what we’re doing, and it has created challenges for us when it comes to integrating contactless payment applications.

Q: How durable is the VivoKey glass capsule? There will be any practical life limitation once you get it implanted?

A: Unlike our x-series devices, VivoKey will not likely be a glass encapsulated device. It will be built using a thin, flexible biopolymer that allows for a more efficient inductive antenna design. To answer your question though, both the glass capsules and our biopolymer should expect to survive just fine inside the body for an entire human lifespan. There are no practial limitations since both materials are inert and do not erode, corrode, dissolve, or saturate while inside the body.

A VivoKey prototype compared to a quarter dollar coin.

Q: Which is the maximum operating distance of an implanted VivoKey with the contactless reader?

A: We are aiming for a 2cm – 4cm opreational range, but as anyone in the industry knows, range is dependant on how well the VivoKey and reader are coupled, which means the design of both devices will determine range and performance metrics. It is not possible to claim with any certanty the range and operating performance of any RFID or NFC tag without knowing the exact specifications of the exact reader you are using.

Q: I am a keen user of all kind of technologies that can help us to live better and to do things better. In the context of payments I do think contacless smart cards already offer convenience and ease of use; I indeed believe that a payment implant will be revolutionary. I wouldn’t hesitate to get one into myself. What’s your take on this?

A: I think payment is a perfect example of a ubiquitous application that could drive adoption of implantable technology. The appeal of an implant is more than just convenience. Every key on your keychain and card in your wallet is an identity token that identifies you to some kind of system, be it a door, a car, or a payment account. When you can securely consolidate those identity tokens into a single implantable device, in a way those things are no longer tokens. You are simply you, upgraded with smart card technology. Your digital identity and biological identity now coexist together in the same body. There is a fundamental freedom you feel when walking out of your house with no keys and no wallet, yet still able to ride transit, access your workplace, buy lunch, and decrypt your email… all with the swipe of your hand.

Amal Graafstra, founder of Dangerous Things.

Q: Yes, fully agree with your vision, however, coming back to the payment case, without a bank or an authorized financial entity issuing the “virtual card” it will be hard to have anything standard like MasterCard M/Chip or Visa qVDSC to be deployed in the field. It will probably make sense to partnership with a smart card vendor, isn’t it?

A: In essence, we are exploring all avenues. Because our device is so novel, it is getting certain attention from banks and network providers. However, practically speaking, to move beyond a simple pilot or proof of concept project and get into building a functional business model, I think it makes sense to explore partnerships with players at various levels. The key for us though is that we don’t want to simply create an implantable payment card. We want to be able to deploy payment applications alongside 3rd party applets on the same device, and let the user manage those applications (perhaps through a secure, managed framework). That’s where we want to go.

Q: Anything else in store for the future?

A: At the moment we have ideas, but nothing is in motion yet. I think we’ve bitten off a pretty big bite as it is… now it’s time to chew into the market.

Thank you Amal for your time and let me wish you all the best for your really exciting projects!

Amal contacts: