They track our movements, monitor our health, and record where we’ve been and what we’ve seen. They’re wearable computing devices – one of the hottest trends in tech today. According to a 2013 Nielsen survey, 15% of U.S. consumers already own and use some form of wearables – everything from smart watches and fitness bands to glasses that record video.
But there’s a dark side to those hi-tech gadgets. Consumer advocates and government officials are warning that wearable tech comes with serious privacy and security risks. That’s because wearables capture and collect detailed information about our health, our lifestyle, and our daily routines, as well as our location.
Yet we have little or no ability to secure the devices or control what they do. Consider the following:
If wearable devices are hacked, users could become victims of crimes such as stalking, robbery, and identity fraud. So before you don that smart watch or health monitor, stop and think about where your data could end up and how it could be exploited.
Who owns the sensitive information your wearable device collects? You or the business compiling it? Can it be shared with third parties? You wouldn’t think of allowing strangers to view your medical information. But unless you reside in a state that treats medical data like heartbeats as Protected Health Information (PHI), HIPAA’s privacy regulations won’t protect it.
Are you are unknowingly sharing other kinds of personal information collected by your wearable device with others? You might be if the default privacy setting is on “public” which could allow your profile to be found in online search results. That’s exactly what happened in 2011 when a company that makes fitness trackers was criticized because sexual activity it tracked on users’ accelerometers appeared in Google search results.
An even more serious concern is that wearable medical devices such as pacemakers and insulin pumps are vulnerable to cyber attacks. In 2012, that threat led a physician treating former Vice President Dick Cheney to disable the wireless capability of his heart pump for fear that it could be hacked in an assassination attempt.
Was the risk exaggerated? Not really. A year earlier, a security researcher demonstrated how he could take control of an insulin pump from 300 feet away to deliver a potentially lethal dose of the drug.
While cyber threats like that are shocking, it’s the surveillance capabilities of wearable tech that worry most Americans. According to a recent survey conducted by the Pew Research Center and Smithsonian magazine, 53% of respondents think it would be a change for the worse if most people wear implants or other devices that constantly show them information about the world around them.
That sounds a lot like Google Glass, which can record everything we see before uploading it to the cloud. Consumer groups have expressed concerns about the privacy implications of wearable devices with videotaping features. Of concern is whether it could secretly capture the sensitive information of those around them – everything from ATM information to confidential company data.
Meanwhile, Google Glass is already being used by surgeons so they can view patients’ vital signs without taking their eyes off the operating table. But it’s worth noting that hospitals have reconfigured the device to only run on their secure networks to protect confidential patient information.
Wearable tech can improve our health and even save lives. And there’s no doubt it can boost workplace productivity by making hands-free multitasking possible. But companies aren’t designing wearables with security in mind. And history has shown that every time a new kind of device is connected to the Internet, cyber thieves figure out a way to compromise it. That means every time we put on a wearable device, we’re responsible for your own wireless security.