The SANS Institute’s Securing the Human blog has a nice, contributed article by Kelli Tarala of Enclave Security on the security and privacy implications of wearable technology.
Among Tarala’s conclusions: health and so-called “quantified self” products do much more than gather health data like pulse and blood pressure. Rather: they are omnivores, gobbling up all manner of metadata from users that can be used to buttress health data. That includes who you exercise with, favorite walking- and jogging routes and the times you prefer to work out. Of course, social media activity is also subject to monitoring by these health apps, which often integrate with platforms like Facebook, Twitter and Pinterest to share workout information.
[Read more Security Ledger coverage of wearable technology here.]
All of this could spell trouble for consumers. To quote Tarala: “there are companies interested in your Quantified Self, but their goals may not be to health related.”
The list of third party firms interested in the kind of granular data that connected health applications collect is long, but includes clothing companies, retailers – even insurers.
Her point: wellness apps and wearables should be clear about the kinds of data they collect and how that data should be used. They should also disclosure any arrangements to sell that data to third parties.