Privacy issues in wearable technologies like smart bands and smart watches

Smart watches, smart bands, and wearable are becoming very common these days. With every other device trying to connect with IOT systems. According to Business Insider, which quotes one of Morgan Stanley`s predictions (Danova, 2013), more than 75 billion of objects will be connected to the Internet of Things by 2020. There were around 26.6 billion active IOT devices as of August 2019, with around 127 new devices connecting to the web every second globally. With a surge in such usage of IOT devices, around 84% companies have complained about security breach with IOT systems. With a lot privacy issues still IOT systems seem to be growing because of its endless possibilities and non-stop connectivity between other devices and information sharing.

The privacy, security and ethical issues are caused by the expansion on a very large scale of the IoT specific technologies and characteristics. IoT is based on a global infrastructure network which connects physical and virtual objects in a unique way, by exploiting the data captured by the sensors, the equipment used for communication and localization. According to authors Valacich and Schneider an ethical behaviour requires:

enforce the property rights on information;
ensure the access to information;
ensure the integrity of the information;
enforce the right to private life.

This article is based on an attempt to find out privacy issues in wearable tech like smart bands and smart watches. As of India The MI band is widely used for real time activity tracking, sleep monitoring, controlling applications and getting data about health vitals. The research method included three major parts, first was the literature study filled by observational study and last but not the least personal interviews.

Literature review was done to study the progress and research of other people in the same field and to analyse their findings. Based on numerous articles (references mentioned below) the following parameters were narrowed down for this research

Privacy concerns in data illustrating behaviors of users
Requirements for remote communication may result in loss of privacy
Perceptions to identify location-based privacy concerns
Privacy and surveillance factors of connected systems

Based on literature study and the parameters for governing issues of IOT systems the following major concerns could be arrived at.

The deductions from secondary researched helped me to phrase the tasks and questions needed to be performed for user research. The user research was performed by a qualitative analysis, a set of users ranging from age 22 to 40 was chosen and a set of task-based actions were given to conduct on their smart band / watch.

For performing the user research, ten users were selected ranging within two extremes, one who has all access to these smart technologies and has been using for a long period of time and one who was a newcomer to these smart bands and devices. Two tasks were given and their steps were recorded and taken into note.

These are a compilation of the tasks performed by the users and their checkpoints , pain points and ease of use pointers.

After the observational pointers were taken into the process and having a conversation with the user , the following inferences could be drawn from this activity.

While pairing the device asks for one-time access to health data.
Doesn’t provide any privacy notification after on boarding
Data used, accessed and stored not much known
Data cleared on device doesn’t imply data clear on app.
Notifications accessed on messages on pairing of device and its storage / access not clear

Based on inferences from observational study and pointers arrived from secondary study the following questionnaire was framed for personal interviews, where the participants were asked the following set of questions and personas were worked out.

What type of smart band do you use?
Purpose of availing a smart band?
How is the device helping you to improve your daily routine?
Any concerns about who and how your health data is being accessed?
Would you like your device to notify you about your data and its usage and access?
Would you like to have full control of your data and what happens to it?

The personal interviews paved the way for the development of two major personas that were using the devices.

The personas were mapped on their activity and scenarios were chalked out for each persona while using the device. This helped in understanding the pain points and aspirations of the user set.

This activity led to the development of taking a persona and mapping outs its pain points while using the device with regards to privacy issues and security. The scenarios revealed what issues the users faced and their aspirations arising from these issues.

On mapping out the scenarios along with major pain points and check points while using the device, the following inferences could be drawn from the study.

A better system to access data of the user on the wish of the user and not under the control of the app.

Since data is the new oil, might be a gamified credit sharing system for usage of data from user to developer end

IOT device, informing the user how the data is used and not just asking for one-way permission for its usage.

Data storage, privacy security terms should be informed to user not only during on boarding process but in between device usage, but much more subtly.

“IOT is the future of every major systems, but if we are

reluctant of privacy breach from the smallest of devices,

soon our data and information will be packets by which

we can be tracked, monitored and hacked along with

major other numerous possibilities”

Based on outcomes of the research, iceberg model was conducted to understand the events, patterns, structures and mental model of the users. This was done to get a in-depth understanding of the stakeholders and cheek-ins playing a role in such privacy, security and ethical issues. The first event that was taken for studying the iceberg model was restoring a wearable smart band as its out of sync with the application on the mobile.

Followed by restoring of an out of sync smart band, iceberg model analysis was performed on another event of preparing a smart band for the first time use by a user. This led to the finding of more issues that play a governing role in smart band related privacy concerns.

Insights from the Ice-berg model are as follows:

Permissions should be accessible both way and not a single channel for data take-away.
Developing trust in the device and system by giving them controls to data storage and its accessibility.
Developing a specific work oriented device , prevents the users from knowing underlying systems that help forming packet data per individual that may be a risk concern for each individual.
Users are reluctant to know about singular value of data specially data set that are health related , so gives access easily, but when these data set are combined and individually mapped out , it becomes hyper personalized data set and can be used to lure users according to theirs usage patterns.

Comparison

While conducting the research and the iceberg model , the insights and analysis came out to be quite similar . While the research was a step by step process both quantitative and qualitative analysis of data, the iceberg seemed to be confined to in-depth interpretation of users while using a system. The ice berg does help to organize our findings and analysis in a definite structured formed based on analysis at each check points. Thus, an iceberg not only tells about the user’s perspective of a system, but the hidden layers are revealed that play an important role in functioning or dis-functioning of a system.

References
1.https://leftronic.com/internet-of-things-statistics/
2.https://www.researchgate.net/publication/260290933_Internet_Of_Things-Some_Ethical_Issues
3 Internet of Things program of TiViT ( Finnish Strategic Centre for Science Technology in the field of ICT ) funded by Tekes.
4.Internet society policy brief: IoT privacy for policymakers ( September 2019)
5. https://iopscience.iop.org/article/10.1088/1755-1315/322/1/01201