Smart Watches and wristbands: who is watching the watches?

Over the last few weeks a number of stories have appeared about new “wearable” technology that has the means to track you and your children.  NBC News has a comparison of several “Smart Watches” that are either on the market or could soon be.  Think Dick Tracy.  Some have phones built in, while others can send and receive email.  These things don’t replace smartphones or other PDAs in general because their screen size is so small.  They’re likely not to have much of an Internet browser for that reason, and they may only support a few simultaneous applications on board.

Still, smart watches may find their own nitch.  For instance, a smart watch can carry an RFID that that could be used to control access to garage doors, or perhaps even your front door.  A smart watch might be ideal for certain types medical monitoring, because of its size.  In all likelihood these devices would have limited storage, and would take advantage of various cloud services.  It’s this point that concerns me.

Any time data about you is stored somewhere, you have to know what others are using it for, and what damage can be done if that data falls into the wrong hands.  And so, now let’s consider some of the examples we discussed above in that light:

  1. Voice communications: as one large vendor recently discovered, anything that can be used as a phone can be used as a bug, to listen into conversations.  Having access to a large aggregations of smart watches through the cloud would provide an entire market for attackers, especially if the information is linked to specific individuals.
  2. Medical monitoring: similarly, if you are using a smart watch or any other device for medical monitoring, consider who else might want to act on that information.  Insurance companies and employers immediately leap to mind, but then perhaps so do pharmaceutical companies who might want to market their wares directly to you.
  3. RFID and location-based services.  There have already been instances of people being tracked electronically and murdered.  Children wearing this or a similar device could be kidnapped if the cloud-based services associated with the device is broken into.

This is what concerns me about Disney’s MagicBand.  Disney makes a strong case that having such a band can actually improve service.  But should their information systems be broken into by a hacker, how much might a deranged estranged parent pay that criminal to find out where the child is?

It is the linkage of various attributes that must be considered.  Add location to a name and all of a sudden, a hacked cloud-based service can really do someone damage.  We give away a lot of this information already with many smartphone applications and other devices we carry.  Before we give away more, perhaps we should stop and think about our privacy in broader terms and what is necessary to protect it.  In Europe, the Data Privacy Directive covers a lot of this ground.  But America and other countries are far behind that level of protection.  Further, every new service on a smart device is going to want to monetize every last bit of data they can get.