By Will Richmond-Coggan, a partner and solicitor-advocate at Pitmans LLP
Once there lived a foolish emperor who was incredibly powerful and fabulously wealthy. Like many fabulously wealthy people, he was also an early adopter of new technology. He had a phone that monitored his heart rate; an RFID medallion that opened his doors automatically when he came near; glasses that enabled him to view emails without looking at a screen; and a smartwatch that… well, no one was quite sure what that was for, but it looked really cool.
Once upon a time…
One day, a new tech start up approached the emperor. The young and charismatic founder was extremely excited about what, he claimed, was the ultimate in wearable technology. It was a cranial chip that would enable him virtually to travel anywhere in the world in real time by way of a projected avatar, experiencing it all in perfect interactive 3D without leaving his sofa.
There were only two catches; one, the effect was so authentic that he had to return to his starting place before switching it back off, or the shock would cause fatal brain dislocation. And two, it was obscenely expensive.
By happy coincidence, the emperor had more than enough money to know what to do with it, so he paid over a sizeable chunk of it and the operation was booked for the following week…
We’ll come back to the emperor. Even without his incredible wealth or even more astounding gullibility I would pretty much guarantee that the majority of you reading this article have, in your pocket or your household, some piece of wearable technology through which you have paid (and are still paying,) for the privilege of reporting private aspects of your day to day lives to various commercial third parties. Moreover, you have contractually agreed that the data can be commercially exploited by those companies, without any further reference back to you.
Harvesting data
Astonishingly, consideration of this cost is almost entirely absent from reviews of new wearable technology. Perhaps it is because harvesting and resale of data is so ubiquitous that consumers are simply assumed to expect it. Maybe people imagine that data exploitation starts and ends with something as benign as targeted advertising based on activities, interests and location.
But as a result consumers are sleep walking into a world in which, for example, not only their biometric data, but also searches for certain medical conditions, or regular trips to the drive through takeaway, might end up part of a package of information which could be identified with them and sold on to health insurers looking to take decisions about their renewal premiums. Their name is unlikely to be connected with any of this data, but what does that matter in an environment where the multitude of different data gathering devices are all linked to one central terminal, be it smartphone, tablet or laptop, which is also the device used when the time comes to buy that insurance?
Let’s move on from data privacy, where there is at least an element of contractual, if not informed, consent to the data use being made, whether that is by insurers looking for targeted premiums or employers wishing to monitor their workforce more closely. Let’s think instead about data security and the implications for those same employers of ubiquitous web-connected technology, with surplus storage and computing capacity, not to mention operating systems which are probably less secure and updated less frequently than the main computers in their home or office.
Securing wearables
For those trying to breach data security the Holy Grail is always to be able to gain access as a trusted insider, often avoiding the many layers of firewall protection designed to keep outsiders out. How attractive it would be for them to be able to compromise a consumer electronics device with none of those protections, which will be carried unwittingly past all that security and may then be connected to the network via Wi-Fi, or even by being plugged in to charge using a USB cable attached to a desktop terminal?
The gullible emperor, post-operation, settled down in his pants on the sofa to try out his incredible and expensive new toy. Sure enough, he had the authentic experience of wandering through his realm observing and interacting with his citizens. As promised, it was indistinguishable from the real thing. But it took several hours before anyone had the nerve to point out to him that he really was wandering the streets of the capital city wearing nothing but his underwear.
Just like him, we could well find ourselves, or at least our data, far more naked and exposed than we might intend, in our quest to be clad in the latest and most fashionable piece of wearable technology.
Pitmans LLP is a commercial law firm specialising in data privacy and security disputes.
