Apple recent filed a broad patent which revealed that a wearable cuff, presumably the Apple Watch, would include a touchscreen, Bluetooth capabilities, and an “actuator” to accurately gauge blood pressure. This wearable blood pressure monitor would require FDA approval and represent Apple’s first foray into medical devices.
Thought the first of it’s kind, Apple’s proposed cuff is certainly not the first instance of wearable technology collecting information about its user. Fitness trackers, such as the Fitbit, have gained popularity in recent years as consumers seek to better understand their bodies–from heart rates and daily steps to sleep patterns across time.
Privacy concerns have been cropping up since the initial release of Fitbit as consumers question what information will be collected, how it will be stored, and who it will be shared with. In November 2017, a fitness tracking company inadvertently released sensitive information about the location and staffing of military bases and spy outposts around the world.
So, you’re not a spy working at some remote outpost? Well, you may still have reason to proceed with caution.
“The information that’s contained on your wearable … is worth ten times that of a credit card on a black market.”
— Gary Davis
Last year, a coworker declared that her unborn child was the size of an eggplant as she held up her phone, displaying an app used to her to track her pregnancy and predict milestones. Similar apps track body temperature, sleep habits, heart rate, and steps taken. It’s easy to see the value in tracking one’s health. Setting a baseline temperature will help identify fever and anticipate menstrual cycles. Measuring one’s quality and quantity of sleep will invite the opportunity to attempt improving these numbers. Wearable health trackers serve as a constant reminder of our physical movement, or lack thereof.
We’ve entered an age of data-driven fitness. Health tech is revolutionary in the sense that wearers now have a level of body awareness that was not possible ten years ago. The data collected and shared by these innovative wearable devices coaches the user to make more health-conscious decisions.
Yet, privacy concerns are emerging as people begin to question what data is being collected, where it’s being stored, how securely data is, and who has access to it. Personally, I would not feel comfortable openly sharing where I run at night, how far along I am in a pregnancy, nor that I have high blood pressure. All of this data, if in the wrong hands, could be used against me.
If you knew someone was tracking your every move, you’d be on high alert, call the authorities, and try to remove yourself from the situation. Health tracking devices do just that and yet millions of people dedicate their day to feeding it more information. In 2016, there were 325 million wearable devices connected in 2016, and this trend is only expected to rise.
Personal data is extremely valuable, and wearables are particularly vulnerable to exploitation. As more consumers purchase wearable tech, they unknowingly expose themselves to both potential security breaches and ways that their data may be legally used by companies without the consumer ever knowing. Often, they do not have the option to delete their data.
Further, just because you agree to share your data with one entity, that doesn’t mean that the company will be in business next year, or that new laws could be passed that change access to the data that you willingly gave up your privacy rights to share. Consider the litigation involving RadioShack, in which they tried to sell all of the customer information as part of their bankruptcy, or the use of 23andMe genetic results being handed over to police for criminal investigations.
Implanted and Ingested Trackers
Doctors now have the tools to remotely monitor your health through use of wireless digital sensors–some implanted on the body, some ingested, and some woven into clothing. In 2017, the FDA cleared dozens of devices for continuous health monitoring–devices to support the early identification of high blood sugar or heart arrhythmia, as well as the stimulation of the vagus nerve to promote nerve growth post-stoke.
Some people are opting to have microchips implanted in their hands, which are used to unlock phones, open doors, and verify inter-office permissions. Such microchips use radio frequency identification tags, similar to those found in key cards. It may make life convenient, but each interaction leaves behind a digital footprint which could compromise one’s privacy. Unlike wearable technology, these trackers are attached to our bodies 24/7 and we don’t have the option to take it off or shut it down.
The FDA recently approved pills that signal consumption and, while these may help doctors tack whether patients have taken their medication, one’s pharmaceutical history is one more data point that could potentially be sold to advertisers, insurance companies, or other interested third parties.
Is Your Health Data Safe?
In 2016, Federal Trade Commission chair Edith Ramirez said she uses a pedometer because she doesn’t want her “sensitive health information” being shared. No one can argue that the existing and emerging wearable tech isn’t impressive, but we need to be more cautious about “ubiquitous collection” as every part of our lives is posted online, either voluntarily or automatically.
Data brokers have collected an average of 3,000 data segments on nearly every US consumer, not including the data being collected by wearable devices. The fact that so much data is collected through an activity tracker, a smartwatch, or a pulse tracker means that there are tangible risks involved.
“If you want to be considered an individual and not just a data point, then it’s in your interest to protect your privacy.”
— Josh Lifton
Consider this scenario: Your health data is carelessly stored, stolen by a malicious third party, and then sold to organizations that will use that data to assess your health risks. If an algorithm determines your habits represent an unhealthy lifestyle, you may one day face steep increases in health insurance costs, or even a policy cancellation. The risk of this is so real that many companies are buying data breach insurance to protect themselves in the case of consumer information getting into the wrong hands.
Hacks, Leaks, and Lacking Security
In 2015, the US Office of Personnel Management was hacked and my name, address, and social security number were compromised. That experience forced me to face the reality: no one cares about my privacy more than I do. Since then, I have become increasingly aware of what permissions apps request and continuously ask myself: Would I care if this picture/text/contact was posted publicly?
By the end of 2018, there will be an estimated 780 million wearable devices on the market. This gives hackers plenty of opportunities to identify security loopholes, steal sensitive data, and benefit financially from it. Since the technology is still relatively new, there aren’t any legal ramifications protecting us from such cyber crimes. As awareness around privacy concerns grows, this is likely to change.
“If you build privacy and security as part of your development process you’re actually long term saving money because when something happens with your technology, which is inevitable, fixing those errors and dealing with the investigation and dealing with regulators is significantly more costly than compared if you had done it right the first time.”
— Tatiana Melnik, Data Security Attorney
This newness also means that wearable technology is still in early stages of development. The information collected and stored by your fitness tracker is not encrypted, meaning that hackers could intercept that data as your device syncs to the cloud. Unlike computers, which can track breaches through user activity logs, wearables devices have no way of capturing or communicating that data has been compromised. When we link a jeopardized wearable to our phone, computer and email, each of these becomes an easy target for the covert hacker. Since these devices do not use authentication, data security is based solely on the trustworthiness of your Bluetooth or Wi-Fi connection.
I love to follow emerging technology and trace the development of new ideas. However, the events of recent history have convinced me that privacy and security are not at the forefront of developers’ minds. The primary problem with the security of these wearable devices is that the makers are rushing to bring their product to market first and beat out their competition. The focus is, thus, on aesthetics, convenience and community–the areas that the average consumer is most concerned with.
If I were to purchase a fitness tracker, I would opt for an open-source option, which would allow me to review the code, alter the software and store all data locally. Though it may remove some of the convenience of mainstream models, it mitigates nearly every risk associated with data privacy and security.
Yet, in modern times, we are so obsessed with performance, progress and achievement that I worry the constant tracking is transforming our healthy activities from intuitive actions to closely controlled decisions. I’ve seen young children as young as seven with Fitbits running in circles because they “need to reach 10,000 steps.” I’ve also seen friends skip meals because they hit their daily caloric target before noon.
Just as I research what information my phone apps collect and how the information is shared, I’ve come to ask myself similar questions. Hypothetically, if I wore a fitness tracker, how would I use that information? As a relatively healthy person, do I need a device ensure that I eat well and exercise regularly? Despite my love for charts, graphs and statistics, I’m almost certain that a daily analysis of my lifestyle would simply add extra expectations–and, thus, stress–to my already “always on” life. So, at least for now, I’m choosing to bypass the wearables and practice simply listening to my body.
What Are Your Thoughts?
Do you wear a fitness tracker? If so, what has been your experience? Do you have any concerns about privacy and security?