Wearables open new avenues for security and privacy invasions

Wearables are less secure than some other forms of technology, with users giving away data oftentimes without even realizing the breadth of the security and privacy invasion.
Written by Teena Maddox, Contributor

Wearable tech creates a new opportunity for private data to be collected, whether with or without the user's knowledge. And oftentimes, the user might have granted permission, without realizing quite what they were giving up.

As previously reported on TechRepublic, the amount of data being collected on each user is astounding. The article quoted Damien Mehers, a wearables developer who built the Evernote app for Pebble and the Samsung Galaxy Gear, who said, "Especially with the fitness [devices], if you read the license agreements, if people really realized what they are signing up for, they might be horrified at what they're allowing the companies to do with the data. I think there needs to be more clarity and perspective from the user."

This mass collection of data spurred the Federal Trade Commission to send a report on data brokers to Congress last spring, asking for legislation to allow people to know what data is being collected about them and who is collecting it. Data brokers collect an average of 3,000 data segments on nearly every US consumer, according to the FTC report.

As wearable devices make their way into the workplace and onto corporate networks, they bring a host of security and privacy challenges for IT.

Jeff Jenkins, chief operating officer and co-founder of APX Labs, talked about the security and privacy of wearables during a panel interview at CES 2015. Because wearable devices are designed to be small and portable, Jenkins said, "you have to make sure you're thinking security first and you're thinking about the information that's being generated by them. You have situations were it's no longer just personal data that may be exposed or compromised, but also potentially operational data, that could be sensitive in nature."

Watch the entire CES panel discussion about wearables on Tech Pro Research.

To address these security concerns, Jenkins said a lot of companies have decided not to build their wearable apps completely on their own, but instead rely on software platforms that already have enterprise-grade security built in.

When it comes to the vast amount of data wearables can collect about their owners, and the privacy concerns this creates, Jenkins believes that privacy depends heavily on the value proposition people get from those devices.

"We've seen with fitness wearables and fitness trackers that people are willing to give up a little bit of that potential privacy and expose aspects of their daily lives in the consumer market when they see value from what they get from that exposure," he said.

The same can't be said for smart glasses. Jenkins doesn't believe there's a killer app in the consumer market that would make people overcome their privacy concerns. In the enterprise market however, Jenkins said there are killer use cases that "make the workforce more efficient." He also pointed out that within the enterprise, workers have a lower expectation of privacy compared than in their personal lives.

Acknowledging the concerns

The manufacturers of wearable devices acknowledge the concerns and risks. Sonny Vu, founder of Misfit Wearables, which makes the popular Misfit Shine device, among other products, said, "If people really want to steal data, it's actually not that hard to do it. A lot of stuff goes through DTE [Data Terminal Equipment], which is imminently hackable. Things aren't insecure, they're reasonably secure. But if people want to set out a bunch of ... Bluetooth sniffers, they can do that. They just need the will to do that."

Giving up a degree of privacy is a price to be paid for using a wearable device, Vu said.

"I feel that ... social norms will change and people will pay for services in the form of giving up their data. Some of the most valuable products in the world are free because they come with the cost of giving up your privacy. For example, Google Maps. You can literally see anything in the world at any time. It's unbelievable and it's free. But not really, because by using it, Google generates all sorts of data on us. What we're looking up, where we're at, and they can deliver other services to us," Vu said.

The details are often contained in the license agreement, but most people don't read it, Vu said. "I think people are way, way, way too lazy to do that. The product maker is almost counting on people being too lazy. If Gmail changed their terms and conditions, to like, 'we're going to read your email and short of publicly quoting your emails,' are you going to stop using Gmail? You're not. Not unless it's incredibly egregious. It's almost too late. It's like the license agreement you click 'agree' to whenever you install Microsoft Word or whatever. Are you going to stop using Microsoft? Of course not."

To use or not to use wearables

The alternative to avoiding the data collection and inherent security and privacy issues would be to not use a wearable device. Which is what Tatiana Melnik, an attorney who works in the healthcare IT, data security and security realm, said she does. She avoids using wearable devices because she's not willing to give up that degree of privacy. "I don't wear wearables because I understand what companies are doing with that information. Do I want to? Sure. But I'm making an active decision not to participate in that marketplace because I know how that information is being used."

Editorial standards