Smart Wearable: Are they safe to use?

These days it has become a trend to collect one’s health and fitness data. This can be done with the help of various technologies. Examples include micro electro-mechanical systems sensors that convert physical movements, pressure,temperature, or location into digital information. Different sensors such as accelerometers, gyroscopes etc. are embedded into devices that are Bluetooth enabled and can connect to a mobile phone. These smartphones are often equipped with Global Positioning Systems(GPS) capabilities and WI-Fi connectivity and thus are able to access and process data in the cloud. 100 There, data-sets can be easily merged and analyzed at a high speed . These technologies can be partitioned into a spectrum ranging from least to most invasive technologies least being devices that fulfill a specific task for a defined and timed activity for example tracking people during a marathon, measuring weight, temperature and respiratory rate. More invasive technologies include wearable sensors such as bracelets, clothes, or helmets, which, depending on the individual’s preferences, measure health-related data throughout the day and night. Such devices still provide the individual with control over when data e.g athletic activity, stress level, or sleeping patterns, is being collected. The most invasive are intimate, indigestible, or implantable sensors. These no longer provide control as to when data is being collected, but merely if data is being collected.

Privacy concerns

Lately we have heard of stories of someone killed because someone hacked into their heart pacemakers or stalkers accessing fit-bit data. This has brought high suspicion of whether we can trust these technologies. Wearable devices can track fitness data such as how many steps a user made in a day, where a user walked, how many calories were burned during this journey, quantity and quality of sleep, other individual’s heart rate at given times. More intimate sensors, such as electronic patches worn on the skin, smart pills, and implants, monitor the pressure or pH level inside an individual. A microscopic camera can detect internal bleeding and a “smart tooth” can communicate unhealthy eating, drinking, or smoking habits to the user or medic. The intentions are usually noble and include helping monitor an individual’s well-being but this sensitive data should not at any time find its way into the hands of the wrong people. Individuals are often concerned whether the manufacturers could get access to this data and sell it to third parties. Users should always have control as to who has access to their data and what they do with it.

Some legislation and standards

There are strict legislative requirements on this data especially the notion of being informed about data collection is very important. The data subject “must be in a position to learn of the existence of processing operations” in order to be empowered to take corrective actions (such as demand rectifying and erasing of personal data, or objecting to the data processing). Applied to wearable health trackers, the recommendations of the policy translate into provisions which require individuals to have tools in order to access the collected data ( e.g., through an app on a smartphone, or a website). This health-related data should be prepared in a way that is user-friendly ( e.g., information on what data is analyzed and the processing methods could be presented via dashboards. The user should always be able to withdraw consent and/or delete his or her account, and both actions should be straightforward and unburden some processes. The provider should lists multiple security measures for various parties involved in data processing, such as developers, manufacturers, and third parties. Such measures include deciding on the most adept and secure data storage architecture, developing clear-cut security policies combined with independent security audits, designing services with the data minimization principle in mind, and reminding users to update software or change passwords. ISO 27799: 2008 on health informatics implements ISO/IEC 27002 and provides best practice guidelines for health information security.

Some security tools

Tools such as a cloaking agent, which can be implemented directly on the client side, can be introduced. The cloaking agent knows the precise location data and privacy preferences of a user. Before communicating with the service provider, the cloaking agent “introduces uncertainty into the user’s locations according to the privacy preferences, and reports the uncertain locations to the database at the service provider.” Thus, when the user requests the service, the request first “passes through” the cloaking agent, yielding an imprecise service request and leading to a quantifiable imprecise service result.

Other location anonymity tools employ so-called dummy-based techniques which “generate dummies at the client and then send them together with the exact user location to the service provider.” This dummy information hides the exact location of the actual user. In other words, a total of k different locations is sent to the service provider, which is, in turn, unable to identify the user’s real location with a probability higher than 1/k

cloud-based evaluation of big data must be secured from unauthorized access especially to sensitive health data, e.g by establishing secure channels protects the communication from the device to the cloud. Yet secure communication alone is not enough if the data is stored in the cloud unprotected, and vulnerable to data breaches. Therefore, cloud servers ideally store and process the data in an encrypted format.

References

Gollakota, S., Hassanieh, H., Ransford, B., Katabi, D. & Fu, K. (2011). They can hear your

heartbeats: non-invasive security for implantable medical devices. Proceedings of the ACM

SIGCOMM, Toronto, Ontario, Canada. Printed in ACM Computer Communication Review

Misra, S., Maheswaran, M. & Hashmi, S. (2017). Security Challenges and Approaches in Internet

of Things, Briefs in Electrical and Computer Engineering. Heidelberg: Springer.

Park, S., Chung, K. & Jayaraman, S. (2014). Wearables: Fundamentals, Advancements, and a

Roadmap for the Future. In E. Sazonov & M. Neuman (Eds.), Wearable Sensors, Fundamentals,

Implementation and Applications (pp. 1–23). Amsterdam: Elsevier.

Popa, R.A., Redfield, C., Zeldovich, N. & Balakrishnan, H. (2011). CryptDB: protecting confidenti-

ality with encrypted query processing. Proceedings of the 23rd ACM Symposium on Operating