Is The Biggest Risk To National Security The Apple Watch And Fitness Bands?
by Ian Skellern
Security breaches of company databases have been in the news recently, with hackers revealing nude photos of celebrities including Jennifer Lawrence; forcing Sony to cancel the launch of an at best mediocre film called The Interview; and now threatening to reveal the peccadilloes of adulterers on Ashley Madison.
And let’s not forget Edward Snowden‘s insider leak of sensitive − and often embarrassing – U.S. government data including private diplomatic communication.
Before that there was Chelsea (Bradley) Manning, who leaked classified information on the Iraq and Afghanistan wars.
But while many of us, depending on our views, might find these leaks interesting, justified, upsetting, or all of the above, the reality is that it’s likely to be more of an intellectual debate for most of us than something up close and personal.
The fact is that the majority of us do not lead lives that would cause us much concern if our governments did read our emails, embarrassment being another matter: most of us do not upload pictures of our genitals to the internet (though those who do are likely to be disappointed in how few care), and adulterers were getting caught long before Ashley Madison was hacked.
The view from the large, if not silent, majority is: I’m doing nothing wrong so this doesn’t really bother me.
But what if there was a spy who didn’t just film you when you were out and about in public places, but followed you everywhere?
What if there was a spy who knew everything you were doing, including when you slept, ate, had sex, exercised, and worked – at what and for how long.
A spy that monitored not just what you were doing, but how you were doing it, for how long, and how well.
That spy is the fitness bracelet
Have you really thought about what your fitness bracelet knows?
And who it tells?
My wife has been wearing a Jawbone Up fitness bracelet for a couple of years, a corporate gift. After borrowing it a couple of times, I decided to take the glued-to-the-stats-on-the-fitness-app-rather-than-take-a-walk-in-the-park-fitness-app plunge myself and bought a Fitbit Charge HR, mainly because I wanted to track my sleep habits.
What, no Apple Watch?
I have nothing against the Apple Watch, and while I don’t particularly like the design, I am a happy Apple fan boy and would probably wear one if I didn’t appreciate mechanical over electronic watches.
So I usually wear a mechanical watch on my left wrist and the fitness band on my right.
And while the fitness band is on my right wrist, it’s worth remembering that from the movements of my wrist, accelerometers in the band can deduce when I’m walking, running, climbing stairs, sleeping, and resting. While it doesn’t have GPS tracking like the Apple Watch, my Fitbit Charge HR does have a pulse monitor, so also knows my heart rate at all times of the day and night.
I’m now a month into wearing my new fitness band and have started to reflect on just how much it knows about me.
Or to be more accurate, just how much more it must know about me, because my guess is that it knows much more than it’s letting on.
I know you are busy, so to keep this as short as possible, I’ll restrict this to the simplest activity of them all: the activity involving the least motion.
The activity generating the least data.
The activity sharing the least data.
The main reason I am wearing my fitness tool in the first place: sleep.
Seriously, how much could our fitness bands track when we sleep?
Well, they know when we are sleeping.
They know how long we are sleeping. They know how well we are sleeping.
They know how long we are in light (REM) sleep.
They know when we are in deep sleep and for how long.
They know how often we get up.
They know how restless we are.
That we can all see from the app, too. But let’s look at just what else anyone with the data from our fitness bands can tell about us.
They know when we get up at night and for how long. Couple that with data on how our wrists are moving and it doesn’t take much to work out if we are going to the bathroom and exactly what we are doing there.
In the future, we might be getting messages from our fitness bands along the lines of: “Somebody had a hot curry for dinner,” or “It looked like you were up four times urinating last night, is it time to get your prostate checked?”
Then there’s sex
The accelerometers on our fitness bands are sensitive enough to discern between light and deep sleep, so they have little problem following our movements when we are awake in bed.
Perhaps awake and having sex.
And if you do decide to engage in something a bit more physical, then bear in mind that it would take very little to work out from the fitness band’s motion data:
That you are having sex.
In what position or positions you are having sex.
How many partners (if any).
The sex of your partner.
How long you have sex for.
How intense the sex is.
When you climax (yes, that heart rate monitor).
With all that data, who needs to hack Ashley Madison?
Guilty as charged
Then there’s the matter of the law: how long will it be before fitness band data provides the vital incriminating − or exonerating − evidence in a court case?
That data can indicate on a nicely mapped out timeline:
If the defendant was calm or agitated.
If the defendant’s movements were consistent with slapping, punching, or kicking.
If the defendant’s movements were consistent with stabbing, firing a pistol, firing a rifle, firing a bazooka, or even firing an anti-aircraft missile.
And your fitness tracker could also provide the power and the relative direction of these actions.
Of course you might think that nobody would be stupid enough to commit a crime with a fitness band tracking his or her every move, but if there is one thing that’s impossible to underestimate it’s people’s stupidity, including our own (for confirmation, please check out www.viralnova.com/stupid-criminals).
And it also says something about you as a suspect if you usually wear your fitness tracker but take it off just before a crime was committed.
And it isn’t just fitness trackers and Apple watches we should be aware of, the majority of smartphones and iPads can easily collect the same data, and they are even more ubiquitous than fitness bands.
So even when you think to put a bit of tape over your laptop camera to stop unwanted intrusion, bear in mind that an even sneakier spy is quietly collecting much more data then you ever thought possible: the fitness tracker.
And I know, you are a simple, law-abiding person with nothing to hide. But would you really be happy making your fitness band data public?
P.S.: despite all of this, I’m still wearing mine.
Soon after this article was published I’ve seen the following articles that shine more light on what a future of fitness bands might look like: From The Times in London, Wear this bracelet and get fit for work, bosses tell staff, and from Reditt, Wore my Fitbit heart rate monitor during sex. Beautiful.