Smartwatches and fitness tracking devices are attractive purchases for those of us trying to improve our health, but how many of us consider the associated risk to our security and privacy when using these devices?
From TechRepublic - The seductive lure of activity and health wearables make it easy to forget, or ignore, the inherent security and privacy risks involved:
Wearable devices will continue to grow in popularity, as consumers appreciate the immediate access to fitness tracking, health tracking and other convenient measurements. As of yet, there have been no well-publicized data breaches involving the data collected by health and fitness wearables and smartwatches, so there hasn't been a public outcry about the privacy and security risks.
But numerous experts say that will eventually happen, because the value of the data is worth much more than that of, say, stolen credit card numbers (My emphasis). Security options are being offered through some resources, such as Freescale, but they are few and far between at this point.
Until solid regulations are in place, either through the government or private industry, or a combination of both, there will be inherent security and privacy risks involved with wearable devices. Meanwhile, it will remain up to the consumer to determine if the risks of wearing that trendy Apple Watch or Misfit Shine are worth the gain.
Some further quotes from the article:
'The fact that so much data is collected through a wearable device, such as an activity tracker, a smartwatch, or a pulse tracker, means that there are tangible risks involved, according to Conan Dooley, a senior security engineer with Box, and previously a senior security analyst with Bishop Fox.
If that data was carelessly stored, and then stolen through a data breach by a malicious third party and sold to unscrupulous organizations that want to use that data to assess your health risks, you could one day face steep increases in health insurance, or even a policy cancellation. The risk of this is so real that some companies are buying data breach insurance to protect themselves in the case of consumer information getting into the wrong hands.
If you've willingly shared this data with your health insurer, through discount options at work, you may already be facing rising insurance costs without any data breach necessary, since many employers offer "good health" discounts to employees who stay within regulation weight and exercise parameters to receive a significant savings on health insurance.
Just because you agree to share your data with one company, or the government, doesn't mean that that company will be in business next year, or new laws could be passed that change access to the data that you willingly gave up your privacy rights to share.
"Really we're entering this world where everything is cataloged and everything is documented and companies and governments will be making decisions about you as an individual based on your data trail. If you want to be considered an individual and not just a data point, then it's in your interest to protect your privacy," said Josh Lifton, MIT Media Lab Ph.D. and CEO of Crowd Supply.
And if a company files for bankruptcy, what does that mean for the data they've collected?
The reason behind the security breaches is because personal data is extremely valuable. Gary Davis, chief consumer security evangelist at Intel Security, said, "The information that's contained on your wearable that's stored either on your smartphone or stored downstream on a cloud [service] is worth ten times that of a credit card on a black market."
"Companies give you a discount on health insurance if you wear a device. Then you look at the data the wearable is giving you. Is it fair if they say if you don't go to the doctor in the next three months your insurance will go up? What if they can mine the data and find out you're an aggressive driver and raise your insurance rate?" Ian Chen, marketing manager for Freescale Semiconductor's sensor solution division said.
Crowd Supply's Josh Lifton said, "Regulation can work, it can also be a complete failure so I wouldn't put all my eggs in that basket. Regulation is a reflection of public sentiment, or it should be. I think it may be effective without regulation. I would welcome regulation. I think privacy and security of data is a fundamental right. I think this is one of the most important topics to be discussed right now."
Too many people are willing to give up their data without measuring the cost.
For more on what you can do to improve your on-line security, read On-line security starts with You!