Wearable Devices and Data Brokers: Consumer Boon or Privacy Threat?

Enterprise

MDM_EMM_Security

If you follow developments in personal security, particularly as related to personal information via the internet, then you’ve been reading about data brokers.

Data brokers are agencies that collect consumer data and sell it to a wide variety of companies, handling a large part of what is known as “big data.”

The collected information enables companies to sell to a targeted audience, and is what makes personalized – sometimes called ‘retargeted’ – ads like you see in Facebook and on other websites possible, such as when you’ve been looking up a product on Amazon and then see the same or similar items listed in the ads displayed on sites you subsequently visit.

The tools available to data brokers on the internet have resulted in a dramatic expansion in the amount of data held on individuals.

There are about 3,500 registered data brokers in the US alone, and one of them, Acxiom, claims to have files on 10% of the world’s population.

Individuals generally aren’t aware of what personal data a broker has, how they got it, or what will it be used for, although some sites do have hard-to-find opt-out pages.

According to Techrepublic The widespread adaption of wearable devices will accelerate the trend and allow a massive increase in the data available for collection.

How Will this Affect Businesses and Individuals?

In an article written for Intellectual Property.com Rachel Wenzel states “all of this new technology is collecting data on our most personal bodily functions” and goes on to say “While wearable technology seems to be a new commodity, the spread of data is not. We often do not know all of the places our data can end up.”

What Data is Being Collected?

Because of this mass collection of data from multiple sources, including wearables, the Federal Trade Commission released a report to Congress in May 2014 after an in-depth study of nine data brokers.

The FTC report, “Data Brokers, A Call for Transparency and Accountability,” says:

“Because these companies generally never interact with consumers, consumers are often unaware of their existence, much less the variety of data collecting (practices) in which they engage.”

It’s certainly a development to follow.

Profiling for Profit

The data is used to compile profiles about consumers, and they’re placed into categories based on their interests and habits: age, race, marital status, number of children and income.

Data can be used for purposes that consumers probably wouldn’t agree to. For example, a data broker could profile a consumer as belonging in the ‘Skiing Enthusiasts’ category. While a winter sports store might then offer the consumer coupons, an insurance company using that same info might infer that the consumer engages in risky behavior and offer higher insurance premiums.

Data_Bokers_MDM

Terms of Service in Wearables are Unclear

The language is vague in most Terms of Service agreements. Even the phrase “third party” is up for analysis, since it could mean practically anyone who is in contact with the company.

One of the other issues is that in many of these agreements you’ll find a paragraph that states something like, “In the event of the sale of our company, or if we’re in bankruptcy, we can sell your data.” People don’t realize that their data is an asset and there is value to knowing peoples likes and dislikes as well as buying habits. You may be okay having your medical data stored with your health care provider but if Google starts buying up these providers, are you okay with Google having full access to your medical history?

The $19 billion that Facebook paid for WhatsApp only begins to make sense when you understood that a) WhatsApp has 500 million users; b) every WhatsApp user offers a rich vein of totally transparent data that can be bought and sold.

It’s important to note that WhatsApp is a totally open service. Every user’s phone number, message, location and image shared can be used for profiling and resale.

Wearables in the Workplace

So, is there a business case for wearables in the workplace? The answer is a qualified “yes.

Because wearable computing devices let users go hands-free, there are a lot of ways they could be useful at work. For emergency personnel, search-and-rescue teams and surgeons, wearables can provide real-time critical information.

Smartglasses could be useful for technicians who need to consult a manual, take a picture or view a set of schematics while performing repairs.

Wearables can also remotely manage equipment on an assembly line. Workers who need to wear special suits, such as environmental disaster teams, could have hands-free access to data via smartglasses or a connected wrist device.

Any user who needs instant access to important data can benefit from using wearables in their workplace.

Notice I didn’t mention sales people or office staff. Although I am sure that many will make a case for smartglasses or smartwatches in the office, it’s difficult to think of a situation where a wearable device would improve the productivity of a mobile sales team or an office worker.

How does the Law Oversee Wearables in the Workplace?

In the UK, wearable devices worn at work must operate in line with the requirements of the Data Protection Act. This includes making sure that people are being informed about how their details are being collected and used, only collecting information that is relevant, adequate and not excessive and ensuring that any information that needs to be collected is kept securely and deleted once it is no longer required.

If the wearable technology is able to capture video or pictures, organisations must address the issues raised in (believe it or not) the CCTV Code of Practice. Mobile phones that take videos are not covered because it is deemed obvious if a person is using a phone to take pictures or videos

Information Security and Wearables in the Workplace

The current crop of wearables is based on Android, while the next generation will run on Google’s recently announced Android Wear operating system.

Android is an open source operating system given away freely by Google to smart device manufacturers. Its adaption has been phenomenal and the majority of smartphones and wearables produced today come with Android pre-installed.

Unfortunately, Android’s success has attracted a huge increase in Android malware. Security vendor Trend Micro rates Android an ”equal (if not greater) threatened platform to Microsoft Windows.”

Other experts say wearables are most vulnerable to malware or hacking when sending data to the cloud. This adds a fair amount of vulnerability in the workplace.

Still, research firm Gartner forecasts that Google Glass and other smart-glasses will help make employees more efficient, ultimately adding more than $1 billion per year to company profits by 2017. This report and others like it will probably convince many companies that they should introduce wearables regardless of the potential for malware or end point vulnerabilities.

So is there an Alternative?

There are several manufacturers of wearable computing devices for the workplace. These run on the BlackBerry secure QNX operating system.

One such manufacturer, Euro Tech, supplies wearable devices and systems to industry, logistic, healthcare, transportation and defense markets. The equipment isn’t cheap, and it won’t pass inspection by fashion-conscious tech reviewers, but it is secure and durable.

If companies want secure wearables in the workplace, BlackBerry’s QNX trumps the Android OS.

So what do wearables mean for CIOs? It’s another threat that needs to be risk-assessed from a legal and data security perspective, and systems should be proactively put in place to protect the company before they appear in the workforce.

 

About Frank O'Kelly

Frank is a Commercial Manager based in the UK. He has worked for many years in ICT and Telecoms and is passionate about Information Security especially in the mobile space. When not working or writing Frank is usually planning his a trip to a classic car show!

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus