{"id":1545,"date":"2014-02-25T11:30:25","date_gmt":"2014-02-25T00:30:25","guid":{"rendered":"http:\/\/blog.panicola.com\/?p=1545"},"modified":"2014-02-25T11:35:09","modified_gmt":"2014-02-25T00:35:09","slug":"1545","status":"publish","type":"post","link":"https:\/\/blog.panicola.com\/?p=1545","title":{"rendered":"CIA on FitBit &#8211; wearable data security"},"content":{"rendered":"<p>Awesome quote from th CIA re. gait identification:<\/p>\n<div id=\"node-body-bottom\">\n<p>If there&#8217;s one entity that knows the value of the health data uploaded to these devices, it&#8217;s the CIA. Last year, at a data conference in New York, the CIA&#8217;s chief technology officer, Ira Hunt, gave a talk on big data. During the discussion, he\u00a0<a href=\"http:\/\/gigaom.com\/2013\/03\/20\/even-the-cia-is-struggling-to-deal-with-the-volume-of-real-time-social-data\/2\/\" target=\"_blank\">told the crowd that he carries a Fitbit<\/a>. <strong>&#8220;We like these things,&#8221; he said. &#8220;What\u2019s really most intriguing is that you can be 100% guaranteed to be identified by simply your gait\u2014how you walk.&#8221;<\/strong><\/p>\n<p>&nbsp;<\/p>\n<\/div>\n<div id=\"node-footer\"><\/div>\n<blockquote class=\"wp-embedded-content\" data-secret=\"DX0i4Zfxan\"><p><a href=\"https:\/\/www.motherjones.com\/politics\/2014\/01\/are-fitbit-nike-and-garmin-selling-your-personal-fitness-data\/\">Are Fitbit, Nike, and Garmin Planning to Sell Your Personal Fitness Data?<\/a><\/p><\/blockquote>\n<p><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;Are Fitbit, Nike, and Garmin Planning to Sell Your Personal Fitness Data?&#8221; &#8212; Mother Jones\" src=\"https:\/\/www.motherjones.com\/politics\/2014\/01\/are-fitbit-nike-and-garmin-selling-your-personal-fitness-data\/embed\/#?secret=Ka1EBw1zmM#?secret=DX0i4Zfxan\" data-secret=\"DX0i4Zfxan\" width=\"474\" height=\"267\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<div id=\"content-header\">\n<h1>Are Fitbit, Nike, and Garmin Planning to Sell Your Personal Fitness Data?<\/h1>\n<\/div>\n<div id=\"content-area\">\n<div id=\"node-244616\">\n<div id=\"node-header\">\n<div id=\"node-header-data\">\n<p>These popular fitness companies say they aren&#8217;t selling your info, but privacy advocates and the FTC worry that might change.<\/p>\n<p>\u2014By\u00a0<a href=\"http:\/\/www.motherjones.com\/authors\/dana-liebelson\" rel=\"author\">Dana Liebelson<\/a>\u00a0| Fri Jan. 31, 2014 3:00 AM GMT<\/p>\n<\/div>\n<div>\n<div><a title=\"Jump to the comments of this posting.\" href=\"http:\/\/www.motherjones.com\/politics\/2014\/01\/are-fitbit-nike-and-garmin-selling-your-personal-fitness-data#disqus_thread\"><img loading=\"lazy\" decoding=\"async\" style=\"color: #2b2b2b; line-height: 1.5;\" title=\"\" alt=\"\" src=\"http:\/\/www.motherjones.com\/files\/imagecache\/top-of-content-main\/screen_shot_2014-01-30_at_5.13.50_pm.png\" width=\"629\" height=\"420\" \/><\/a><a style=\"line-height: 1.5;\" href=\"http:\/\/www.flickr.com\/photos\/64876287@N05\/9024726633\/in\/photolist-eKu5P4-bdhLQt-gweiJh-gwdzvN-gwdqMh-gwev2z-gwer1P-gwegCU-gwdvsY-gwdoBW-gwdVP4-gwetq8-enSnKZ-eose1h-enSbe4-enS8ir-enSDJR-eorXZu-drDS76-7ZYoV2-iwte2K-acvEG1-a7mVD7-iwsCrK-fJE12M-fmcDcd-fbvhSw-fbg1Sz-fbg38X-eKFu6y-eKu5wc-9BiSqj-dnBRGe-gwcJaJ-gwdrqj-gwehkq-gwdpxw-gwdu6t-gwdoGz-gwdys7-gwdkUa-gwdmD7-gwdRKa-gwdsrg-gwedLS-gwe2Pa-eorL7u-enSd4e-enSeW2-bxsJpR-bxsJq8\">Insert Magazine<\/a><span style=\"color: #2b2b2b; line-height: 1.5;\">\/Flickr<\/span><\/div>\n<\/div>\n<\/div>\n<div id=\"node-body-top\">\n<p>&nbsp;<\/p>\n<p>Lately,\u00a0fitness-minded\u00a0Americans have started wearing sporty wrist-band devices\u00a0that track\u00a0tons of data: Weight, mile splits, steps taken\u00a0per day, sleep quality,\u00a0<a href=\"http:\/\/techcrunch.com\/2011\/07\/03\/sexual-activity-tracked-by-fitbit-shows-up-in-google-search-results\/\" target=\"_blank\">sexual activity<\/a>, calories burned\u2014sometimes, even\u00a0<a href=\"http:\/\/www.polar.com\/us-en\/products\/improve_fitness\/running_multisport\/RC3_GPS\" target=\"_blank\">GPS location<\/a>. People use this data to keep track of their health, and are able send\u00a0the information to various websites and apps. But this sensitive, personal data could\u00a0end up in the hands of corporations\u00a0looking to target these users with advertising, get credit ratings, or determine insurance rates. In other words, that device could start spying on you\u2014and the\u00a0<a href=\"http:\/\/www.ftc.gov\/news-events\/events-calendar\/2014\/05\/spring-privacy-series-consumer-generated-controlled-health-data\" target=\"_blank\">Federal Trade Commission is worried.\u00a0<\/a><\/p>\n<p>&#8220;Health data from [a woman&#8217;s] connected device, may be collected and then sold to data brokers and other companies she does not know exist,&#8221; Jessica Rich, director of the Bureau for Consumer Protection at the Federal Trade Commission, said in a speech on Tuesday for\u00a0<a href=\"http:\/\/www.eventbrite.com\/e\/data-privacy-day-kick-off-tickets-9478712083\" target=\"_blank\">Data Privacy Day<\/a>.\u00a0&#8220;These companies could use her information to market other products and services to her; make decisions about her eligibility for credit, employment, or insurance; and share with yet other companies. And many of these companies may not maintain reasonable safeguards to protect the data they maintain about her.&#8221;<\/p>\n<p>Several major US-based fitness device companies contacted by\u00a0<em>Mother Jones<\/em>\u2014Fitbit, Garmin, and Nike\u2014say they don&#8217;t sell personally identifiable information collected from fitness devices. But\u00a0privacy advocates warn that the policies of these firms could allow them to sell data, if they ever choose to do so.<\/p>\n<\/div>\n<div id=\"node-body-break\">\n<div>\n<div><span style=\"line-height: 1.5;\">Let&#8217;s start with the popular Fitbit. When you buy one of these bracelets or clip-on devices, you have the option of\u00a0<\/span><a style=\"line-height: 1.5;\" href=\"https:\/\/help.fitbit.com\/customer\/portal\/articles\/896922-how-do-i-get-data-from-my-tracker-to-the-website-\" target=\"_blank\">automatically sending fitness data<\/a><span style=\"line-height: 1.5;\">\u00a0to the Fitbit website. And the site encourages you to also submit other medical information, such as\u00a0<\/span><a style=\"line-height: 1.5;\" href=\"http:\/\/blog.fitbit.com\/watching-your-blood-pressure\/\" target=\"_blank\">blood pressure<\/a><span style=\"line-height: 1.5;\">\u00a0and\u00a0<\/span><a style=\"line-height: 1.5;\" href=\"https:\/\/help.fitbit.com\/customer\/portal\/articles\/176105-what-else-can-i-track-on-my-fitbit-dashboard-\" target=\"_blank\">glucose levels<\/a><span style=\"line-height: 1.5;\">. According to Fitbit&#8217;s\u00a0<\/span><a style=\"line-height: 1.5;\" href=\"http:\/\/www.fitbit.com\/privacy\" target=\"_blank\">privacy policy<\/a><span style=\"line-height: 1.5;\">,\u00a0&#8220;At times Fitbit may make certain personal information available to strategic partners that work with Fitbit to provide services to you.&#8221;\u00a0Stephna May, a Fitbit\u00a0spokesperson, says that the company\u00a0&#8220;does not sell information collected from the device that can identify individual users, period.&#8221; However, she says that the company would consider marketing &#8220;aggregate information&#8221; that cannot be linked back to an individual user\u2014which is outlined in the privacy policy as\u00a0<\/span><a style=\"line-height: 1.5;\" href=\"http:\/\/www.fitbit.com\/privacy\" target=\"_blank\">aggregated gender, age, height, weight, and usage data.<\/a><span style=\"line-height: 1.5;\">\u00a0(This is similar to what<\/span><a style=\"line-height: 1.5;\" href=\"http:\/\/www.nytimes.com\/2012\/02\/05\/opinion\/sunday\/facebook-is-using-you.html?pagewanted=all\" target=\"_blank\">Facebook does.<\/a><span style=\"line-height: 1.5;\">)<\/span><\/div>\n<\/div>\n<\/div>\n<div id=\"node-body-bottom\">\n<p>Nike, which makes the\u00a0<a href=\"http:\/\/www.nike.com\/us\/en_us\/c\/nikeplus-fuelband\" target=\"_blank\">Nike + Fuel Band<\/a>, says in its privacy policy that the company may collect a\u00a0<a href=\"http:\/\/help-en-us.nike.com\/app\/answers\/detail\/a_id\/16378\/p\/3897\" target=\"_blank\">host of personal information<\/a>, but doesn&#8217;t say that it can be shared with\u00a0advertising companies. Joy Davis Fair, a Nike spokesperson, says that the company, &#8220;does not share consumer data&#8221; with outside advertisers, but selectively shares it with other companies under the\u00a0<a href=\"http:\/\/nikeinc.com\/pages\/our-portfolio-of-brands\" target=\"_blank\">Nike&#8217;s corporate umbrella<\/a>, including Converse and Hurley.\u00a0Garmin&#8217;s\u00a0<a href=\"http:\/\/www.garmin.com\/en-US\/legal\/privacy-statement\" target=\"_blank\">policy<\/a>\u00a0says that users have to consent\u00a0in order for the company to sell personal information.\u00a0A\u00a0Garmin spokesman says the company doesn&#8217;t sell personal or aggregated information to advertisers, and doing so isn&#8217;t part of the company&#8217;s business model.\u00a0(Polar Flow, which makes the Polar Loop band, is the only company with a privacy policy that\u00a0<a href=\"https:\/\/flow.polar.com\/privacyPolicy\" target=\"_blank\">explicitly says it won&#8217;t sell personally identifiable data for advertising<\/a>. It is based in Finland and subject to stringent European Union privacy laws.)<\/p>\n<p>Jeffrey Chester, executive director for the Center for Digital Democracy, says that these privacy policies are so broad that\u00a0they could allow the companies to sell health data\u2014even if they aren&#8217;t doing so now. &#8220;When companies promise that they aren&#8217;t selling your data, that&#8217;s because they haven&#8217;t developed a business model to do so yet,&#8221; Chester says.<\/p>\n<p>Scott Peppet, a University of Colorado law school professor, agrees that companies like Fitbit will eventually move toward\u00a0sharing this data. &#8220;I can paint an incredibly detailed and rich picture of who you are based on your Fitbit data,&#8221; he said at a\u00a0<a href=\"http:\/\/www.ftc.gov\/news-events\/events-calendar\/2013\/11\/internet-things-privacy-and-security-connected-world\" target=\"_blank\">FTC conference last year.<\/a>&#8220;That data is so high quality that I can do things like price insurance premiums or I could probably evaluate your credit score incredibly accurately.&#8221;<\/p>\n<p>Even if the companies that make these devices aren&#8217;t\u00a0selling the data, there is another potential privacy concern.\u00a0Users can send their data to dozens of third-party fitness apps on their phone. Once users do that, the data becomes subject to the privacy policies of the app companies, and these policies do not afford much protection, according to the\u00a0<a href=\"http:\/\/gigaom.com\/2013\/03\/20\/even-the-cia-is-struggling-to-deal-with-the-volume-of-real-time-social-data\/2\/\" target=\"_blank\">Privacy Rights Clearinghouse<\/a>. The group examined\u00a043 popular health and fitness apps last year, and found that, &#8220;there are considerable privacy risks for users.&#8221; A spokesperson for the FTC told\u00a0<em>Mother Jones<\/em>\u00a0that &#8220;fitness devices often work by having apps associated, and [Privacy Rights Clearinghouse&#8217;s] analysis here may be relevant.&#8221;<\/p>\n<p>If there&#8217;s one entity that knows the value of the health data uploaded to these devices, it&#8217;s the CIA. Last year, at a data conference in New York, the CIA&#8217;s chief technology officer, Ira Hunt, gave a talk on big data. During the discussion, he\u00a0<a href=\"http:\/\/gigaom.com\/2013\/03\/20\/even-the-cia-is-struggling-to-deal-with-the-volume-of-real-time-social-data\/2\/\" target=\"_blank\">told the crowd that he carries a Fitbit<\/a>. &#8220;We like these things,&#8221; he said. &#8220;What\u2019s really most intriguing is that you can be 100% guaranteed to be identified by simply your gait\u2014how you walk.&#8221;<\/p>\n<\/div>\n<div id=\"node-footer\">\n<div><a style=\"line-height: 1.5;\" href=\"http:\/\/www.motherjones.com\/authors\/dana-liebelson\"><img loading=\"lazy\" decoding=\"async\" title=\"\" alt=\"\" src=\"http:\/\/www.motherjones.com\/files\/imagecache\/author-thumb-small\/photo\/31ff32b.jpeg\" width=\"60\" height=\"70\" \/><\/a><\/div>\n<div>\n<h3>DANA LIEBELSON<\/h3>\n<p>ReporterDana Liebelson is a reporter in\u00a0<em>Mother Jones&#8217;<\/em>\u00a0Washington bureau. Her work has also appeared in<em>The Week<\/em>,\u00a0<em>TIME<\/em>&#8216;s\u00a0<em>Battleland<\/em>,\u00a0<em>Truthout<\/em>,\u00a0<em>OtherWords<\/em>\u00a0and\u00a0<em>Yahoo! News<\/em>.\u00a0<a title=\"RSS\" href=\"http:\/\/www.motherjones.com\/rss\/authors\/190471\">RSS<\/a>\u00a0|\u00a0<a href=\"http:\/\/twitter.com\/dliebelson\" target=\"_blank\">TWITTER<\/a><\/p>\n<p>&nbsp;<\/p>\n<p>http:\/\/gigaom.com\/2013\/03\/20\/even-the-cia-is-struggling-to-deal-with-the-volume-of-real-time-social-data\/2\/<\/p>\n<p>CIA slides:<\/p>\n<p><iframe loading=\"lazy\" title=\"THE CIA\u2019S \u201cGRAND CHALLENGES\u201d WITH BIG DATA from Structure:Data 2013\" src=\"https:\/\/www.slideshare.net\/slideshow\/embed_code\/key\/4bGYqYtPlfcQ0J\" width=\"427\" height=\"356\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" style=\"border:1px solid #CCC; border-width:1px; margin-bottom:5px; max-width: 100%;\" allowfullscreen> <\/iframe> <\/p>\n<div style=\"margin-bottom:5px\"> <strong> <a href=\"https:\/\/www.slideshare.net\/gigaom\/the-cias-grand-challenges-with-big-data-from-structuredata-2013\" title=\"THE CIA\u2019S \u201cGRAND CHALLENGES\u201d WITH BIG DATA from Structure:Data 2013\" target=\"_blank\">THE CIA\u2019S \u201cGRAND CHALLENGES\u201d WITH BIG DATA from Structure:Data 2013<\/a> <\/strong> from <strong><a href=\"https:\/\/www.slideshare.net\/gigaom\" target=\"_blank\">Gigaom<\/a><\/strong> <\/div>\n<p><img loading=\"lazy\" decoding=\"async\" itemprop=\"thumbnailUrl\" alt=\"Ira &quot;Gus&quot; Hunt CIA Structure Data\" src=\"http:\/\/gigaom2.files.wordpress.com\/2013\/03\/9yxqiqwp0vlo1his_xvdpuzx4so52d5hzzjtw2hdfly.jpeg?w=300&amp;h=200&amp;crop=1\" width=\"300\" height=\"200\" \/><\/p>\n<p><strong>In fact, if you think about your mobile sensor platform, there\u2019s a really cool little app \u2013 Activity Tracker. It\u2019s a little Android app \u2013 have you guys seen this anywhere? What they\u2019ve discovered is fundamentally they take your 3-axis accelerometer on your phone \u2013 I actually carry a Fitbit. You guys know the Fitbit, right? It\u2019s just a simple 3-axis accelerometer. We like these things because they don\u2019t have any \u2013 well, I won\u2019t go into that [laughter]. What happens is, they discovered that just simply by looking at the data what they can find out is with pretty good accuracy what your gender is, whether you\u2019re tall or you\u2019re short, whether you\u2019re heavy or light, but what\u2019s really most intriguing is that you can be 100% guaranteed to be identified by simply your gait \u2013 how you walk.<\/strong><\/p>\n<p><strong>Now this could be a really good thing. Think about this as a security app. If you\u2019re walking along and you want to access your bank code, maybe it could become simplified because they can with absolute assurance know it\u2019s you by your gait trying to do something with your bank. On the other hand, if you don\u2019t want to be found or you want to protect yourself, maybe you don\u2019t want to have somebody know what your gait looks like so they can figure out where you are at all times.<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Awesome quote from th CIA re. gait identification: If there&#8217;s one entity that knows the value of the health data uploaded to these devices, it&#8217;s the CIA. Last year, at a data conference in New York, the CIA&#8217;s chief technology officer, Ira Hunt, gave a talk on big data. During the discussion, he\u00a0told the crowd &hellip; <a href=\"https:\/\/blog.panicola.com\/?p=1545\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">CIA on FitBit &#8211; wearable data security<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5,26,9,10,6,4,12,3],"tags":[],"class_list":["post-1545","post","type-post","status-publish","format-standard","hentry","category-data-saving-lives","category-facts-data-points","category-healthcare","category-healthy-habits","category-politics","category-quantified-self","category-power-aphorisms","category-rapid-learning-health-systems"],"_links":{"self":[{"href":"https:\/\/blog.panicola.com\/index.php?rest_route=\/wp\/v2\/posts\/1545","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.panicola.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.panicola.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.panicola.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.panicola.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1545"}],"version-history":[{"count":5,"href":"https:\/\/blog.panicola.com\/index.php?rest_route=\/wp\/v2\/posts\/1545\/revisions"}],"predecessor-version":[{"id":1550,"href":"https:\/\/blog.panicola.com\/index.php?rest_route=\/wp\/v2\/posts\/1545\/revisions\/1550"}],"wp:attachment":[{"href":"https:\/\/blog.panicola.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1545"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.panicola.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1545"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.panicola.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1545"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}