OTPs as Second Factor
Wearables record a lot of personal data: pulse, sleep patterns, heartrate, number of steps taken and a lot more. Manufacturers face new challenges when it comes to data security and privacy. Research shows: Many a manufacturer allows themselves to do a lot and protect little when it comes down to it.
By accepting the EULA, users agree to – among other things – not do anything illegal with the software, that the manufacturer is not to blame in case of accidental or deliberate misuse and that all liability of any kind is being denied by the manufacturer. Often, the vendors of a product protect themselves against loss or theft of the user’s data or – as seen in cases like Facebook’s – they claim rights to user data. Similar EULAs are being accepted with the purchase of Wearables and the installation of the software that comes with it. That probably also only takes six seconds.
Before the purchase of a Wearable, customers need to ask themselves this question, assuming they’re interested: Who do I give my data to? Because the transfer of data brings many a risk in terms of privacy. If a Wearable displays and processes all the data in one device, there still is the risk that someone glances over the user’s shoulder and gains the data by these means. Also, the user agreed to one EULA before using the device. If the data is being transmitted from Wearable to smartphone, the user has to agree to two EULAs after having read and understood them. If the data is being forwarded to server, then it’s more than two EULAs, read and understood. Every transfer carries the risk of data leakage.
However, we cannot guarantee the security of your data, which may be compromised by unauthorized entry or use, hardware or software failure, and other factors.
Moves isn’t alone with these sentences that, legally speaking, are some sort of Get out of Jail Free_-card to mistreat the user data and are against national and international data privacy laws anyways. Other vendors try to stay vague as well. The privacy statement of “Body Media”: http://www.bodymedia.com that got bought up by Jawbone Up promises that the vendor aheres to all _Best Practises of Data Security. FuelBand’s manufacturer Nike gets more precise:
All credit card information you supply is transmitted via Secure Socket Layer (SSL) technology and then encrypted within our databases.
The most negligent, but also the most honest, company that appeared during research is OMSignal, the manufacturer of a shirt with integrated sensors.
OMsignal does not consider your biometric data to be personal information and this data may be used as de-identified data for any lawful purpose as detailed below [on the website].
Among the details listed are the export of the data to third parties, which requires reading and understanding yet another EULA. The reading and understanding of the EULA is up to the users themselves and is not getting checked by OMSignal.
Nike also takes liberties with user data. On its website, the manufacturer of sporting goods advertises that the wearers of the FuelBand have collectively taken 85 billion steps and thus burned 12 billion calories. The website is counting automatically.
After filling out his profile of his new Wearable, a 50 year old man from Switzerland gets up at least twice every night. The Wearable on his wrist records the following:
Experts know what this means: The man gets up, goes to the toilet and goes back to bed again. But that’s not where the data correlation stops. With some certainty, the following things can be stated with some certainty:
If the vendor sells the data to third parties, it’s suddenly entirely possible that a user gets mails with content like:
Hi, we’ve found out that you get up several times every night and go to the toilet. Do you have prostate issues? Here’s a list of the best products that could interest you.
A case like this actually happened, where supermarket chain “Target”: http://www.nytimes.com/2012/02/19/magazine/shopping-habits.html?pagewanted=1&_r=2&hp& figured out a teenage girl was pregnant before the father of said girl knew.
The crux of Wearables is this: They don’t sleep and they’re recording 24 hours a day. If the wearer takes them off, the data is being falsified and thus becomes useless.
This situation raises questions, for customers, developers and manufacturers alike.
Leaving pondering these questions and answering them up to the customer doesn’t make a lot of sense, from neither the perspective of the customer nor that of the developer. A decision made from a point of expertise can’t be left to a consumer. Besides, careful handling data creates a lot of advantages for a business. Most importantly: The user’s trust is far more likely to be gotten and thus they are far more likely to buy more products.
Our experts will get in contact with you!
Our experts will get in contact with you!
Further articles available here