Sunday, March 13, 2016

Wearable Electronics, the Internet of Things and Their Threat to You

A few days ago, Dark Reading, an industry Newsletter targeting IT & Security, had an interesting little piece, A Warning for Wearables: Think Before You Emote.  It's a little speculative, but not very far fetched.  The question: what happens when your Fitbit or other wearable electronics starts spewing information to the Internet that could be used against you?  Author John C. Havens notes a similarity that resonates with me:
Wearable data devices are the modern equivalent of blogs broadcasting directly to the Internet of Things. ... While [users] may not realize their data could be interpreted as inappropriate or breaking corporate confidences, unless they’ve updated their settings accordingly, that choice is not theirs to make.
Instead of blogs, they're more like Facebook or Twitter, or one of those places people post about what they're eating.  The thing is, they're broadcasting very personal biometric data or are capable of doing so.  He presents a possible scenario in which a person's Fitbit gets them fired.
Recently appointed EVP of Social Media for his top-ten PR firm – let’s call him Tom Delancey – assumed he'd been called to see his CEO for a holiday bonus. Having secured a choice article in Fast Company describing the company's forward-thinking approach to wearable devices and innovation, Tom assumed CEO Cheryl would be praising him for positioning the firm as a market leader to their clients. But upon closing the door to her swanky 30th floor corner office, Tom was in for quite a shock:

“You’re fired, Tom. In your Fast Company article you mentioned your innovation meetings with our biggest client happen every week on Thursdays during lunch. One of our competitors went on LinkedIn, identified everyone on your marketing team and their Twitter handles, and followed every tweet generated by their wearable devices. Using a pretty simple algorithm, they were able to correlate what the increase of people's heart rates and other data meant in terms of their mood. Apparently during last week's session something pretty bad happened near the end of the meeting, because everyone's data registered a spike in negative emotion.”

Tom's jaw dropped as his stress-sensing watch registered a massive increase in tension. He gasped as Cheryl turned her laptop on her desk so he could read an Ad Age article headline written in large type: “Delancey Debunked: Our New Client Finds the Off Switch for Quantified Employees.”

“Our new client?” asked Tom. “You mean...”

“Correct,"” Cheryl interrupted. “Our biggest client just fired our agency because you unintentionally broadcast the emotional and quantified data of your team. They didn’t have to say a word. Their data essentially said our client's new product sucks.”
Sound feasible?  It does to me.  Perhaps someone gets a wearable of some kind and neglects to set the privacy options properly.  Perhaps the device isn't secure enough, or not secure at all.  With just a little bit of competitive intelligence, I can imagine this happening. 

It seems to me that an even more likely prospect is the data from your wearables being demanded by the company and used by them against you.  Does your employer have a wellness program?  My last employer had one (I write about wellness more than I thought).  It started out asking for you to visit your doctor once a year and get screened for the things they deemed risk factors.  This was mainly the usual: blood pressure, cholesterol, diabetes, but also included points for seeing your dentist regularly.  Then they introduced numerical goals for all these tests.  Then they started punishing employees for not reaching those goals.  The same company made the facility non-smoking, so that smokers had to go outside, but didn't enforce break time rules as long as the smokers got their work done.  Then they made the entire campus non-smoking, requiring workers to go past the parking lot to the city sidewalks to smoke, and watching time and attendance more carefully.  They specifically said that smoking in your own car violated the company rules, which seemed like an awfully gray area.  Your car is your property. 

How big a step is it to think that a company like this might issue some sort of activity tracker to employees and punish them if they aren't doing the required amount of exercise while not at work?   

Havens notes:
It’s also important to start slow when building employee wellness or other programs utilizing quantified self tools, as Ken Favaro and Ramesh Nair point out in their excellent article, The Quantified Self Goes Corporate. Rather than focus on quick hits or flashy results like my fictional Tom Delancey, the authors provide a great description of what they call, the “quantified core; it is the enterprise equivalent of the ‘quantified self’ movement, the tracking of individuals’ health and daily life patterns for the sake of improving both.” This process demands buy-in from the C-suite with a broad understanding of what it means to improve employee well-being, including physical, emotional, and cultural sensitivities at any program’s core.
I'm aware of the quantified self/biohacking movement and consider myself a biohacker to some degree (I stop short of implanting or injecting things in myself).  To really tell if you're making improvements, you need data, which puts you into the quantified self camp.  Frankly, the idea of an employer monitoring me, deciding I'm not improving my health enough and even just financially fining me (which is what my last employer did), not to mention firing me, is awfully Orwellian.  

It's a brave, new world, isn't it.


  1. What else would one expect from a company that would make Stingray?

    1. I'm not entirely sure I understand, but that's not the company I was talking about.

      But I wouldn't be surprised if they were doing the same things.

  2. I dislike systems that transmit my data (which includes my computers operating system). I would choose not to have a TV that listened to me or a remote that you speak to. Even my stupid coffee maker for some reason needs to have a electronic clock on it which never has the correct time. Am I the only person in the world that unplugs their coffee maker everyday? My stupid gas stove quit on me on Thanksgiving a few years back. Why? Because it is electronic! What is that all about. A gas stove that depends on electricity! The stupid thing locks up anytime there is the slightest fluctuation in the house AC. As far as I know it doesn't send messages or spy on my but why in the hell is it electronic? Has the marketing departments gone mad? Not every device needs to be "smart". I place a small piece of electrical tape over the camera lens on my laptop. I go through the operating system options and shut everything off. I do the same with the internet operating system. Sometimes a web site won't let me in telling me to turn cookies on or disable my ad blocker. As for wellness, my wife takes care of nagging me to make and keep my appointments.